Featuring:

Amy DeMartine, VP, Research Director and Allie Mellen, Principal Analyst

Show Notes:

Flights canceled. Surgeries rescheduled. More than 8.5 million Windows systems just … down. The massive CrowdStrike outage on July 19 caused chaos and anxiety for a wide range of businesses and industries. But what lessons did business and technology leaders really learn? In this episode, Vice President and Research Director Amy DeMartine and Principal Analyst Allie Mellen bring some answers to this question and discuss how the CrowdStrike outage has shaped views on resilience planning and security practices in the enterprise.

At the very least, says DeMartine, organizations should use the outage as an excuse to review and better understand their critical services and map them back to specific servers and databases. She points out that the traditional playbooks and runbooks many resilience teams had created were useless in this instance, so it’s high time to take a fresh approach to them. Along those lines, she also points out the challenges of maintaining a complete and up-to-date CMDB (configuration management database) in today’s environment and the need for effective communication and contact strategies with employees during outages.

Mellen looks at the issue from a security administrator’s point of view and emphasizes the importance of understanding how security vendors and tools operate in the kernel, particularly for endpoint security tools. Scrutinizing updates and ensuring control over the testing and deployment process are crucial for managing security effectively. The discussion touches on the dilemma when it comes to rolling out vital security updates: balancing the need for rapid deployment for threat detection with thorough testing. “Ideally, you’ll be updating along with the rest of the world as these updates become available,” she says. “But in some cases, you have to prioritize the business need more than the security need.”

The conversation also dives into the issue of concentration risk and the possibility of using alternative operating systems, which has gained more attention in the wake of the outage.

Later in the episode, Mellen shares some of the insights gleaned from the recent Fal.Con event, CrowdStrike’s annual user conference. “Most of the customers we talked to have no intention of moving off of CrowdStrike as a result of this,” she says. “[The outage] definitely eroded a lot of trust with their customer base, but customers are surprisingly willing to forgive this time, in part because they view CrowdStrike as having saved them through a lot of different security incidents over the years.” That said, she did hear of a lot of users who were looking to negotiate discounts with CrowdStrike or competitors looking to capitalize on the situation in the wake of the outage.

The episode wraps up with a preview of the upcoming Forrester Security & Risk Summit, with DeMartine highlighting sessions on the software supply chain, AI for IT operations (AIOps), and the use of generative AI in security. Mellen also provides details on a certification workshop she’ll be hosting on the use of genAI tools in security, so be sure to stick around for that.