Connectivity and Failure Modes (Domain 3)
In this episode, we’re diving into secure connectivity and failure modes—two architectural considerations that influence how systems communicate and how they behave under stress. Choosing the right connectivity model and understanding what happens when security systems fail are critical parts of building resilient, defensible infrastructure.
Let’s begin with secure connectivity. When systems exchange data—whether across internal networks or over the internet—that data must be protected from interception, tampering, and unauthorized access. Secure connectivity ensures that information in transit remains confidential and unaltered from source to destination.
There are several common methods for achieving this. Encrypted tunnels are one of the most effective. A virtual private network, or VPN, creates an encrypted connection between endpoints, shielding data from eavesdroppers. VPNs are often used to connect remote users to corporate resources, or to link office locations securely over public networks.
Secure protocols are another essential component. Protocols like HTTPS, SSH, and SFTP are encrypted by default, protecting everything from web sessions to remote administration and file transfers. These protocols replace insecure alternatives like HTTP, Telnet, and FTP, which transmit data—including credentials—in plain text.
Even internal traffic should be secured. While some organizations still assume the internal network is safe, attackers who breach a single device can use unprotected internal traffic to steal data or pivot deeper into the network. Encrypting internal communications helps contain these threats.
Let’s now shift to failure modes—specifically, the difference between fail-open and fail-closed designs. These concepts define what a system does when a security component fails, such as a firewall, an intrusion prevention system, or an access control device.
Fail-open means that if the system encounters a failure, it defaults to allowing traffic or access. This prioritizes availability over security. For example, if an access control system fails in fail-open mode, users may still be able to enter the building or access the network—ensuring business continuity, but at the cost of exposure.
Fail-closed is the opposite. When a system fails, it blocks traffic or access by default. This prioritizes security over availability. If the same access control system fails in fail-closed mode, no one gets in—including authorized users—until the problem is resolved.
Both approaches have pros and cons. Fail-open reduces the chance of downtime, but it creates an opportunity for unauthorized access during the failure window. Fail-closed preserves the integrity of the system, but it may disrupt operations, lock out users, or delay response efforts.
Let’s consider a few examples to put this into context. In a hospital, an electronic access system that fails-closed could prevent staff from reaching critical equipment during an emergency. In this case, availability might be more important than strict access enforcement. A fail-open mode—backed by monitoring and physical controls—might be more appropriate.
In contrast, a financial institution may prefer fail-closed behavior. If an intrusion prevention system fails, the bank would rather halt traffic than risk unauthorized transfers or data leaks. Even short disruptions are acceptable if they protect sensitive information and prevent fraud.
Another example involves firewalls. Some next-generation firewalls offer options to fail-open for established sessions but fail-closed for new connections. This hybrid model helps maintain ongoing business while reducing the chance of new attacks during a system failure.
Choosing between fail-open and fail-closed isn’t just about one system—it’s about the entire risk landscape. Criticality of the asset, potential impact of unauthorized access, and time to restore service all play a role in the decision.
Security teams should define failure behavior as part of their architecture and incident response plans. They should also test failure modes to ensure systems behave as expected under real-world conditions. Alerts and logging must remain functional, even during degraded service, to support monitoring and investigation.
As you prepare for the Security Plus exam, understand the importance of securing data in transit through encrypted tunnels and secure protocols. Be able to explain the difference between fail-open and fail-closed behaviors, and when each one might be appropriate. Expect questions that challenge you to balance availability and security—especially when critical systems fail or need to degrade gracefully. Focus on how architecture affects continuity, access control, and incident response.
