CrowdStrike chaos casts a long shadow on cybersecurity
As organizations recover from today’s outages, the cybersecurity industry will need to develop new security software evaluation criteria and requirements and learn to parlay risks.
Everyone in the security industry strives to reduce cyber-risk. When successful, we do so without adding the risk of operational disruption. The recent CrowdStrike-related service disruption reminds the world that cybersecurity tools can, themselves, cause catastrophic service disruption.
Despite years of focus and improvements in software design, development and testing practices, cybersecurity software faces the same potential for introducing software bugs as any other software. Depending on the software's architecture -- mainly, whether it uses an agent-based approach -- a software bug can cause a wide range of service disruptions, including one as catastrophic as what we saw today.
The CrowdStrike event is shining a bright light on this potential risk. IT and security leaders will need to explain to their leadership teams why this disruption occurred and how they will mitigate the risk of it happening again. This event will likely alter how IT organizations think about the purchase and deployment of security software moving forward.
With a high-profile event like this that interrupts much of the world's operating infrastructure, IT organizations will be called on to put risk mitigation plans in place to protect against possible future service disruptions. This will directly impact cybersecurity providers who will need to put buyers at ease in understanding how to mitigate this potential risk when they purchase future security software. Security software providers will need to come to the table prepared to help buyers understand potential risks and to help them develop associated mitigation plans. The long-tail effect of today's event could be that IT leaders delay security buying decisions as they take a stronger role in the security software purchase process.
The IT community will need to develop new risk mitigation plans as IT leaders work together with security leaders to assess the other potential risks associated with the security software stack already in place. As the IT world works diligently to clean up from this event, more work will emerge as cyber-resilience strategies expand to mitigate this new risk.
CrowdStrike is admired by many. Its software is widely deployed across much of the world's critical operating infrastructure, and the company has moved into a new category of software providers to become a critical piece of IT infrastructure. Other companies in this category are infrastructure providers, such as Microsoft, AWS, IBM, Dell and the Linux foundation. CrowdStrike is the first security company to participate at this level, pulling all other security companies into the equation.
This should remind us all: "With great power comes great responsibility." CrowdStrike, welcome to this elite new world.
Dave Gruber is principal analyst at TechTarget's Enterprise Strategy Group where he covers ransomware, SecOps and security services.
Enterprise Strategy Group is a division of TechTarget. Its analysts have business relationships with technology vendors.