Commentary: Microsoft outages hold universal lessons
Microsoft will continue to be a favorite target for hacker attacks, but all e-businesses can learn from the company's problems.
By Neil MacDonald, Gartner Analyst For a variety of reasons, Microsoft will continue to be a favorite target for hacker attacks--on its commercial operating system and application products as well as its network.
Gartner expects major attacks against the Microsoft Network to continue to make headlines at the rate of one every six months. Rather than dismiss these incidents as Microsoft's problems alone, however, we believe there are lessons here for all e-businesses.
 | |||
|
| | |
| |||
• People and processes are critical to uptime of systems.
• Good network design principles for high availability incorporate dual paths to all critical components, including something seemingly as benign as DNS (domain name system) servers.
• Enterprises must consider more than the cost of downtime when deciding how much to spend to ensure uptime.
The three causes of downtime
Microsoft's original problem earlier in the week apparently stemmed from a router misconfiguration--an operational error. Gartner research indicates that the causes of downtime can be grouped into three categories:
• About 40 percent of downtime is caused by operational errors.
• Another 40 percent is caused by application errors (sometimes bugs, but more often misconfiguration).
• The remaining 20 percent is caused by actual platform problems, including the network, operating system or hardware.
That means 80 percent of downtime is caused by misconfiguration and mismanagement. Any effort to improve uptime should therefore focus on people and processes first. Enterprises must invest in well-defined change-management processes and training for network and server administrators.
The costs beyond downtime
Enterprises must consider factors beyond the cost of downtime in deciding how much to spend to ensure uptime. As a result of this week's woes, Microsoft has suffered adverse publicity and brought into question its ability to secure its own networks, a problem that was highlighted last year when hackers broke into Microsoft's network and may have gained access to source code.
In calculating the cost-benefit ratio to ensuring site uptime, Gartner recommends that organizations consider the following:
• The competitive environment: The greater the competitive environment, the greater the cost of downtime.
• Brand recognition and loyalty: The higher the customer loyalty, the lower the probability that the customer will switch to competitors.
• Switching costs: The greater the switching costs, the lower the cost of downtime.
• Availability and usability of alternative sales channels: If a company has an alternative channel, such as telephone or brick-and-mortar, and customers use it during a Web outage, downtime costs would be lower.
• Brick-and-mortar alternative channel: If a consumer is not able to buy something online, then he or she may use a brick-and-mortar alternative.
• Maturity or acceptance of channel in market: The costs of downtime are higher for accepted channels.
• Proportion of impulse buying: The greater the proportion of impulse buying, the greater the likelihood that the direct sale is lost during the downtime period.
High levels of Web site availability do not come free, and costs rise steeply as availability rises. Enterprises providing products or services over the Internet should calculate downtime costs to justify availability investments.
(For related commentary on protecting Web sites from denial of service attacks, see TechRepublic.com--free registration required.)
Entire contents, Copyright ? 2001 Gartner Group, Inc. All rights reserved. The information contained herein represents Gartner's initial commentary and analysis and has been obtained from sources believed to be reliable. Positions taken are subject to change as more information becomes available and further analysis is undertaken. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of the information. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof.