Published: July 30, 2020
ROOT CAUSE
The Cloud Authentication Services were affected because of high CPU load and latency on the database cluster deployed in the EU region. The high CPU/resource load was caused by Azure MSSQL selecting a poor query plan for a query used in all authentications due to outdated statistics.
RSA Engineering is working closely with our cloud service provider to determine why the database engine at the time choose a query plan different than normal. RSA SaaS Operations has dramatically increased the base processing power of the database cluster in the EU region to mitigate against this risk. We have been continuously monitoring for this event since that time, and there have been no further signs of excessive DB usage in this environment.
RSA Engineering continues to investigate the problem and will issue an update to this RCA if additional cause information is determined.
RECOVERY
RSA is continuously taking steps to improve the RSA SecurID Access service and our processes to help ensure such incidents do not occur in the future. In this case, steps include (but are not limited to):