> It is risk management 101, never put all your digital eggs in one (or even a few) baskets.
The fact it's widespread is because so many individual organisations individually chose to use CrowdStrike, not because they all got together and decided to crown CrowdStrike as king, surely?
I agree with you in principle, but the only solution I can think of would be to split up a company with reach like CrowdStrike's. The consequences of having to do that are up for debate.
It's never that simple. There is a strong herd mentality in the business space.
Just yesterday I've been in a presentation from the risk department and they described the motives around choosing a specific security product as `safe choice, because a lot of other companies use it in our space, so regulator can't complain`...the whole decision structure boiled down to: `I don't want to do extra work to check the other options, we go with whatever the herd chooses`. Its terrifying to hear this...
The whole point of software like this is a regulatory box-ticking exercise, no-one wants it to actually do anything except satisfy the regulator. Crowdstrike had less overhead and (until now) outages than its competitors, and the regulators were willing to tick the box, so of course people picked them. There are bad cases of people following the herd where there are other solutions with actually better functionality, but this isn't that.
OTOH... I remember an O365 outage in London a few years ago.
You're down? Great, so are your competitors, your customers, and your suppliers. Head to the pub. Actually, you'll probably get more real value there, as your competitors, customers and suppliers are at that same pub. Insurance multinationals have been founded from less.
That didn't affect any OT though, so it was more just proof that 90% of work carried out via O365 adds no real value. Knowing where the planes are probably is important.
> You're down? Great, so are your competitors, your customers, and your suppliers. Head to the pub. Actually, you'll probably get more real value there, as your competitors, customers and suppliers are at that same pub. Insurance multinationals have been founded from less.
I mean yeah, that's the other thing - the Keynesian sound banker aspect. But that's more for software that you're intentionally using for your business processes. I don't think anyone was thinking about Cloudstrike being down in the first place, unless they were worried about an outage in the webpage that lists all the security certifications they have.
You say that as it's some bad thing, but it's just other words for "use boring tech".
Yes, there could be reasons to choose a lesser-known product, but they better be really good reasons.
Because there are multiple general reasons in the other direction, and incidents like this are actually one of those reasons: they could happen with any product, but now you have a bigger community sharing heads-ups and workarounds, and vendor's incident response might also be better when the whole world is on fire, not only a couple of companies.
It's not just Crowdstrike, it's all up and down the software and hardware supply chain.
It's that so many people are on Azure - which is a defacto monopoly for people using Microsoft stack - which is a defacto monopoly for people using .Net
And if they're doing that, the clients are on Windows as well, and probably also running Crowdstrike. The AD servers that you need to get around Bitlocker to automatically restore a machine are on Azure, running Windows, running Crowdstrike. The VM image storage? Same. This is basically a "rebuild the world from scratch" exercise to some greater or lesser degree. I hope some of the admins have non-windows machines.
How come AWS sometimes has even better tooling for .NET than Azure, while JetBrains offers better IDE on Linux, macOS and, depending on your taste, Windows than Microsoft? Or, for some reason, the most popular deployment target is just a container that is vendor-agnostic? Surely I must be missing something you don't.
All of that is absolutely true and in no way affects the behavior at hand. Big companies go with whoever sells them the best, not any kind of actual technical evaluation.
Perhaps the organisations have a similar security posture. And that creates a market that will eventually result in a few large providers who have the resources to service larger corporations. You see something similar in VPN software where Fortinet and Palo become the linchpin of security. The deeper question is to wonder at the soundness of the security posture itself.
There's a strong drive for everyone to do things the same way in IT. Some of the same pressure that drives us towards open standards can also drive us towards using a standard vendor.
> I agree with you in principle, but the only solution I can think of would be to split up a company with reach like CrowdStrike's.
Changing corporate structures doesn't necessarily help. It's possible that if CrowdStrike were split up into to smaller companies, all the customers would go to the one with the "better" product and we'd be in a similar position.
Well, if they'd used a different vendor (or nothing) on the DR servers we could have done a failover and gotten on with our day. But alas nobody saw, an app that can download data from the internet, whenever it wants to update itself arbitrarily without user intervention, as a problem.
They choose because other have. "Look how many others choose us" is a common marketing cry. Perhaps instead too popular is a reason not to choose? Perhaps not parroting your competitors and industry is a reason not to choose?
When it comes to security products, the size of the customer base matters. More customers means more telemetry. More telemetry means better awareness of IOCs, better training sets to determine what's good and what's bad.
I wonder how many of those orgs were "independently" audited by security firms which made passing audit without Crowdstrike specifically a hell.
Most of crap security I met in big organisations was driven by checklist audits and compliance audits by a few "security" firms. Either you did it the dumb way or good luck fighting your org and their org to pass the audit.
The fact it's widespread is because so many individual organisations individually chose to use CrowdStrike, not because they all got together and decided to crown CrowdStrike as king, surely?
I agree with you in principle, but the only solution I can think of would be to split up a company with reach like CrowdStrike's. The consequences of having to do that are up for debate.