Express Computer
Home  »  Guest Blogs  »  Friday, the 19th – Strike by Clou(w?)d

Friday, the 19th – Strike by Clou(w?)d

0 346

By Mandar Sahasrabudhe, Group CTO, Kirloskar Management Services

For all C-Suite folks (CIO/CTO/CISO specifically) the classic “Friday the 13th Omen got changed to Friday, the 19th “as the global outage of Microsoft “Strike “co-powered by Crowdstrike. “GOD” – Generate, Operate, destroy (Disrupt -in this case) is so true in technology! Analogy of Brahma, Vishnu, Mahesh works here too, and technology fails, and we say it’s God’s hand for this outage??

Being a Friday, most of the IT folks were either preparing for Planned shutdowns on weekend or for Weekend Celebrations …and their mobile alarm woke them up with this news of strike, disruption in US, Australia. Few got alerted while few chose to be ignorant until their inbox started pouring in with messages from stakeholders with blue dump screens (reminded me of these screens during Windows NT time !!) from business stakeholders.

The day for their higher ups started with questions from management about DR availability, BCP. Strategy (business continuity planning), plans and strategies. It was suddenly a chaos with businesses, airports, hotels becoming nonfunctional and employees already starting to celebrate the “paid day -off”!!

We Indians being gifted with “Jugaad” we could still manage to run the business with manual turnaround, like issuing manual boarding passes to passengers on airports, or disabling the CS agents etc., however other countries had to face the business downtime due to stringent role and process decisions. See the irony of the situation ..Systems which people had bought to cover up the risk , had now itself generated a risk for business continuity impacting some third party systems ( Good input for Risk managers )!! .

All this happening at background, there was yet another community who was looking at this as an opportunity to dig gold mines !! yes they looked at it as honey pots working in reverse way .. Panicked users and IT experts advising them based on rumors and fake solutions of quick turnaround was opening a flood gate of information to opportunists waiting to grab access to all these end points!!

This blackout time till the solution advisory was announced was also used by many to create hundreds of fake domains (like crowdstrike.bluedump, crowdstrike.fix etc) to lure users to enter this unidirectional information highway!! While the competition used this opportunity to tell customers to onboard their solutions to prove their metal to help businesses sail through this Strike.

Let’s look at what really happened in layman’s terms and probably some lessons learnt before we move towards the sweet end where all fixes were done, and businesses returned to normal.

Crowdstrike as part of product updates, released a security patch , which was supposed to land at particular path in directory /destination once it is deployed , however it got deployed in windows service folder affecting the MS Windows OS rebooting functionality /corruption of OS resulting into BSOD (Blue screen of Death). This actual issue then turned into word of mouth causing multiple versions with people gossiping from zero day attack to Bug in MS OS ..Crowdstrike immediately gave a fix to resolve this and slowly businesses started returning to normal. This was an unusual impact and probability which occurred catalyzing the RPN (risk priority number ), which no risk manager would have thought of ever except labelling it as unforeseen or gods hand issue.

End of this episode resulted in lots of learnings (relevant or irrelevant?) across the net with everyone suddenly talking about best practices and people hosting panel discussions on it!! However in my limited knowledge and opinion it was all about having alternative solutions in your kitty to kick start your critical applications (at least) , say for e.g. having some devices running on Chrome or equivalent OS or having alternative collaboration and EDR solution for deployment etc.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image