My Final Set of Suggestions For CrowdStrike
What could have been done to prevent the incident on 19th July (Part 3 of 3)
Hey, fellow Leader 🚀,
I am Artur and welcome to my weekly newsletter. I am focusing on topics like Project Management, Innovation, Leadership, and a bit of Entrepreneurship. I am always open to suggestions for new topics. Feel free to reach me on Substack and share my newsletter if it helps you in any way.
This article is a continuation of the incident report related to Crowdstrike. We are already two articles in for the subject. You can access both using the links below. The goal of today’s article is to provide another set of suggestions that could be put in place to mitigate future incidents.
Set of suggestions for the future
My special take on the suggestions is to be aware that CrowdStrike’s software needs to be secure but also incredibly fast delivered. The goal of their software is to prevent risks linked to cyber security in a very dynamic environment. Malicious people would love it if Crowstrike’s systems took days to be updated. This means tactical software needs to be delivered fast. Very fast. Once an incident of this magnitude happens, is easy to see suggestions that potentially increase the lead time. In that light, my suggestions will consider the lead time as well.
Microsoft is not out of the woods: The European Commission is the entity that made it possible for third-party software could build upon the Operating System, at the same level of security as if the software vendors were Microsoft. The reason for this policy was to avoid the monopoly of companies like Microsoft in the Cyber Security world. However, this measure is not applied to Apple software since they walled off any software to go inside the Mac’s kernel. Because of this, we didn’t witness the same incident on Apple computers.
This means that Microsoft should have played a bigger role in the incident, or at the very least gateway the changes made by software that operates at the kernel level. The tricky part is that Microsoft should approve the changes, or at the very least, provide a mock environment where changes made on kernel-level applications are tested and pre-approved.
Would not be the responsibility of Microsoft to provide QA services on the features, but it should test the security and robustness of the applications which are allowed to operate on such a lower level. This might be especially tricky since Microsoft was pushed into this situation and was not their intention to open their OS at this level. Just look at Apple, which they don’t allow this level of operation on their Mac OS. However, does it mean that Windows systems are safer than Macs?
Test-Driven Development: Do they use it? Really? This might be a small drop in the ocean, however, the events have shown a lack of mentality about testing inside the company. Using a test-driven approach would benefit the situation by putting in place the test first, and then publishing them into distributed automatic testing procedures. However, this involves a culture change and depending on the company’s turnover rate, would take several months to settle through the different teams.
That’s it. If you find this post useful please share it with your friends or colleagues who might be interested in this topic. If you would like to see a different angle, suggest in the comments or send me a message on Substack.
Cheers,
Artur