On May 16, 2022, authentication services hosted in the North American region were degraded for 2 hours and 45 minutes (from 8:00AM ET to 10:45AM ET). Customers who relied on our web-based authentication UI were impacted while others, such as RADIUS, API or agent-initiated authentication, continued functioning. The incident occurred due to a defect in our April release, which went live to customers in North American on May 14th. In the April release, we made updates to the infrastructure that handles authentication session data. The session management infrastructure became overwhelmed and degraded due to a defect in the way connections to these components are managed. This defect caused excessive delays in web-based authentications.
During the incident SecurID SaaS Operations rolled customers back to the March release.
Secondary contributing factors in the outage:
The following mitigations have already been implemented:
The following mitigations are being implemented for our next release:
Adding additional performance tests constructed specifically to target the cause of this outage.
Additional mitigations are also being investigated:
The SecurID team would like to apologize for the inconvenience caused by this outage. We understand the disruption that incidents like this cause and are taking the necessary steps to help avoid similar incidents in the future.
Thank you, The SecurID Team