Back to Basics: The CrowdStrike Incident and Fundamental IT Security Principles

Aug 4, 2024

The recent CrowdStrike update that caused widespread computer outages offers a valuable opportunity to revisit the core principles of IT security and management. The incident, which affected millions of devices globally, including those at tech giants like Microsoft and Amazon, prompts us to strip away assumptions and examine the foundations of our IT strategies.

Understanding the Incident

Two weeks ago, a routine software update from CrowdStrike, a well-known cybersecurity company, unexpectedly caused Windows-based computers to malfunction. The update spread to about 8.5 million devices in just 80 minutes before it was halted. The malfunction led to flight cancellations, disrupted 911 services, and caused business problems across various industries.

The scale and speed of the incident underscore the complex, interconnected nature of modern IT systems. Additionally, the event highlights the potential risks associated with routine processes like software updates, which are often taken for granted.

First Principles Analysis

Let’s break down the incident and its implications using first principles thinking:

1. System Interconnectedness:

   At its core, modern IT infrastructure is a network of interdependent systems. The CrowdStrike incident shows that even a small change can cascade through this network, causing widespread effects.

 Question: How can we design systems that maintain necessary connections while limiting the spread of problems?

 Consideration: We must rethink how we segment networks or implement more robust isolation mechanisms between critical systems.

2. Update Verification:

 We often assume updates from trusted vendors are safe. The CrowdStrike incident challenges that assumption.

 Question: What’s the most basic, foolproof way to verify an update before widespread deployment?

Consideration: Should we implement a staged rollout process for all updates, regardless of the source? How can we create a robust testing environment that mimics our production systems?

3. Incident Response:

   Quick action limited the damage in the CrowdStrike case.

   Question: What’s the minimum necessary structure for effective incident response?

Consideration: How can we ensure our incident response team has the authority and tools to act swiftly? What communication channels need to be in place?

4. Dependency Management:

   Many businesses rely heavily on third-party software.

 Question: How can we balance the benefits of specialized tools with the risks of external dependencies?

 Consideration: Should we develop more in-house capabilities? How can we better assess and manage the risks associated with our software supply chain?

Rethinking IT Management

Given these fundamental considerations, here’s how IT management practices can evolve:

1. Continuous Oversight:

 Constant system monitoring can spot anomalies quickly, addressing the core need for rapid detection. The process goes beyond simple uptime monitoring – it involves understanding the expected behavior of systems and quickly identifying deviations.

2. Specialized Knowledge:

 A deep focus on specific technologies allows for understanding systems at a fundamental level. Such expertise can be crucial in navigating complex incidents and implementing best practices.

3. Rapid Response Capability:

 Established protocols and dedicated teams can react swiftly to issues, meeting the basic need for quick action. The response includes technical measures and communication strategies to keep stakeholders informed.

4. Proactive Risk Management:

 It is crucial to regularly identify and mitigate potential risks before they become issues. This process involves ongoing assessments, staying current with emerging threats, and making strategic IT decisions.

Building Resilience from the Ground Up

1. Regular System Analysis:

 Don’t just check for known issues. Regularly question and test your basic assumptions about how your systems work. The approach might involve scenario planning exercises or red team assessments to challenge your security assumptions.

2. Robust Data Protection:

 At its core, most IT is about managing data. Focus on the fundamentals of data storage, access, and recovery. The strategy includes backup plans, data classification, access controls, and encryption.

3. Human Factor:

 Technology is used by people. Invest in helping your team understand the basic principles of IT security, not just rules to follow. The investment could involve regular training sessions, simulated phishing exercises, and creating a culture of security awareness.

4. Adaptive Infrastructure:

 Build flexibility into your IT systems. The ability to quickly isolate affected systems or roll back changes can be crucial in minimizing the impact of incidents like the CrowdStrike update issue.

5. Vendor Management:

 Develop a strategy for assessing and managing your technology vendors. This strategy should include understanding their security practices, update processes, and incident response capabilities.

Conclusion

The CrowdStrike incident reminds us to look beyond complex solutions and focus on the fundamental principles of IT management. The event calls us to question our assumptions, reassess our dependencies, and build more resilient systems from the ground up.

By applying these principles, organizations can create IT strategies that are not just reactive but proactively aligned with business goals and prepared for the challenges of tomorrow’s technology landscape. The key lies in continuous learning, adaptation, and a commitment to understanding the core principles that underpin our increasingly complex IT ecosystems.

As we progress, the most successful organizations will be those that can balance technological advancement with a strong foundation in these fundamental IT principles. Such organizations will be better equipped to navigate the uncertainties and challenges of our rapidly evolving digital world.

Latest Articles on Connected Solutions

Microsoft Defender for Endpoint: Top Features and Benefits

Microsoft Defender for Endpoint: Top Features and Benefits

Cybersecurity threats are like mosquitoes in the summer—persistent, annoying, and always finding new ways to bite. They come at you and adapt. Why? Because the payoff is staggering. For mosquitoes, it’s quite literally their meal ticket—they can’t live without that...

A Complete Guide to ServiceNow and Microsoft Teams Integration

A Complete Guide to ServiceNow and Microsoft Teams Integration

Ever feel like your IT systems and collaboration tools are having their own communication breakdown? That you just want to snatch them by the ears, sit them down, and start screaming, “No fighting… No fighting,” and then pointing to one, “NO FIGHTING.” Integrating...

What Are IT Advisory Services? Everything You Need to Know

What Are IT Advisory Services? Everything You Need to Know

Ever wondered if your tech investments are truly paying off? Are all those subscriptions and other services you’re billed for monthly or annually actually being used? Or are you simply crossing your fingers and hoping for the best? The truth is that nowadays, some...