Single Point of Failure (SPOF)
What is Single Point of Failure (SPOF)?
Single Point of Failure (SPOF)Component whose individual failure causes the entire system to stop working, undermining availability, resilience, and recovery objectives.
A single point of failure is any node whose loss takes the whole service down: a primary database, a sole DNS provider, one cloud region, a single hardware load balancer, an unduplicated cryptographic key, or one employee with exclusive admin rights. SPOFs violate the availability leg of the CIA triad and undermine ISO 22301 business-continuity objectives. Engineers eliminate them through redundancy (active-active clusters), multi-region deployments, multi-vendor DNS, replicated secrets, documented runbooks, succession planning, and chaos engineering to surface hidden SPOFs. Detection of remaining SPOFs is a core activity in disaster recovery and BCP exercises.
● Examples
- 01
The 2021 Fastly CDN outage took many global sites offline because they depended on a single CDN vendor.
- 02
An on-call rota with only one person carries an organizational SPOF risk.
● Frequently asked questions
What is Single Point of Failure (SPOF)?
Component whose individual failure causes the entire system to stop working, undermining availability, resilience, and recovery objectives. It belongs to the Compliance & Frameworks category of cybersecurity.
What does Single Point of Failure (SPOF) mean?
Component whose individual failure causes the entire system to stop working, undermining availability, resilience, and recovery objectives.
How does Single Point of Failure (SPOF) work?
A single point of failure is any node whose loss takes the whole service down: a primary database, a sole DNS provider, one cloud region, a single hardware load balancer, an unduplicated cryptographic key, or one employee with exclusive admin rights. SPOFs violate the availability leg of the CIA triad and undermine ISO 22301 business-continuity objectives. Engineers eliminate them through redundancy (active-active clusters), multi-region deployments, multi-vendor DNS, replicated secrets, documented runbooks, succession planning, and chaos engineering to surface hidden SPOFs. Detection of remaining SPOFs is a core activity in disaster recovery and BCP exercises.
How do you defend against Single Point of Failure (SPOF)?
Defences for Single Point of Failure (SPOF) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Single Point of Failure (SPOF)?
Common alternative names include: SPOF.
● Related terms
- compliance№ 299
Defense in Depth
Security strategy that layers independent controls so that if any single control fails, others continue to prevent, detect, or contain an attack.
- compliance№ 167
CIA Triad
Foundational information-security model that groups objectives into Confidentiality, Integrity, and Availability.
- compliance№ 936
Risk Management
The coordinated process of identifying, analyzing, evaluating, treating, monitoring, and communicating risks to keep them within an organization's defined tolerance.