A massive IT outage precipitated by a software update from cybersecurity software firm Crowdstrike is impacting Microsoft systems globally and a wide range of vertical industries. This special report features CIO Kenny Mullican describing how customers could be impacted even if they don’t use Crowdstrike, and the potential impact of a near-concurrent Microsoft Azure outage.
Highlights
01:12 — In the cloud, customers often don’t know all the companies and products that are in use. They may find another service they use, or one of their customers, relies on Crowdstrike software, so they can still be impacted. Many different companies are affected because Crowdstrike is so widely used.
02:45 — Many times software is pushed out before being adequately tested. For most users, that results in a small outage that can be corrected quickly. Crowdstrike probably made a simple mistake but it appears this is going to cost many companies millions of dollars as well as losing the confidence of their customers over it.
03:31 — This is an opportunity to take inventory of plans for when something like this does happen. Are disaster recovery plans good enough? Do you have alternate ways of getting work done? Or do you have a single point of failure that can, for example, force airlines to ground flights?
04:31 — Mullican’s company has put plans in place but a complete outage can cause unique challenges. If a cloud provider loses connectivity or has some problem in one place, they can often immediately fail over to a different region. If it affects their entire service, there’s not much customers can do. Sometimes the plan might focus on doing work manually. His company needs to keep manufacturing its products even if one of its services is completely out.
06:57 — When a big outage (such as Crowdstrike or the Azure outage) happens, IT will get pressure from executives and possibly board members asking what IT could have done to mitigate the impact. Or they may ask if the firm is prepared for an outage, even if it wasn’t impacted.
08:01 — While this incident wasn’t caused by a malicious actor, those actors will use it to try to find weak points that they’ll try to take advantage of. Crowdstrike and Microsoft have a real opportunity to address whatever caused the problem.
The AI Ecosystem Q2 2024 Report compiles the innovations, funding, and products highlighted in AI Ecosystem Reports from the second quarter of 2024. Download now for perspectives on the companies, innovations, and solutions shaping the future of AI.