In July, the CrowdStrike incident shed light on the dangers of giving extensive access to network infrastructure to a software vendor, prompting concerns about the dominance of digital services by a few key players in the industry. A prescient post on Reddit highlighted CrowdStrike as a potential threat vector for major corporations and a valuable source of data.
Following the worldwide computer shutdowns that resulted from CrowdStrike’s faulty update on July 19, many executives are now contemplating how to prevent similar incidents in the future. With major cloud providers like Amazon, Microsoft, and Google holding a significant share of the global market, the risk of another widespread outage remains a possibility due to the concentration of power in the hands of a few companies.
To mitigate the impact of potential software failures like the one experienced with CrowdStrike, two key strategies have been proposed: diversifying network infrastructure and preparing for failure. While advanced security software is essential for protecting data, companies must also consider the risks associated with granting third-party suppliers access to their systems, such as potential data breaches and loss of control over business operations.
One way to address these risks is to diversify suppliers and systems, moving away from a software monoculture that leaves companies vulnerable to large-scale failures. By purchasing core networking equipment from multiple vendors and utilizing a mix of operating systems, organizations can reduce the impact of potential system failures.
Additionally, preparing for failure by incorporating contingency planning and practicing response protocols can help companies better manage unexpected events. Embracing practices like chaos engineering, as demonstrated by companies like Netflix, can help test system resilience and adaptability in the face of disruptions.
The importance of diversifying suppliers and systems was underscored by the Rogers Communications outage in Canada in July 2022, where a lack of diversity in systems hindered recovery efforts and left millions of users without service for up to 26 hours.
In conclusion, while third-party software suppliers and cloud services play a crucial role in modern IT operations, it is essential for businesses to diversify their systems and suppliers to mitigate the risk of large-scale failures. The lessons learned from the CrowdStrike incident serve as a reminder for companies to prioritize resilience and preparedness in the face of potential disruptions.