The Dog that didn’t bark: An Edge Story
Much has been written about the recent CrowdStrike incident. There's a “dog that didn’t bark” or “don’t put all your eggs in one basket” aspect to this worldwide event, which I'll explain after a brief recap of what happened.
CrowdStrike explained that the issue was a software update bug affecting only Windows systems, not a cyberattack. The outage caused widespread disruptions, including canceled flights and medical procedures. Some businesses managed to apply the fix within a few days, though the process wasn't straightforward for everyone.
The silver lining, if any, was that businesses rely on many more types of computing devices, often 100 times more, that are traditionally outside IT or central data center control—and these were not affected!!
Why?
These devices—several thousand in any enterprise (such as surveillance, manufacturing, or facilities infrastructure) and running into billions worldwide (Research Gate estimates 75 billion devices next year, with Forbes projecting growth to 200 billion, in the near future) - were all diverse in type, manufacturer, operating systems, and connectivity protocols – different baskets, if you will.? And in most instances, were not being automatically updated!
And there-in lies the savior - the sheer heterogeneity provided an inbuilt resiliency!!!
We didn't see the kind of widespread outage in our lives driven by these billions of tiny digital deployments because enterprises, in their distributed setups, deploy a mixed environment of edge devices - and they struggle to have visibility and keep them updated.
However, there are lessons to be learned from this entire episode, especially for edge and operational technology business units:
领英推荐
1.???? Visibility: Be aware of all your deployments, wherever they are and whoever the vendor is. Have an infrastructure that can highlight the state of the infrastructure, settings, OS versions, support state, etc. Your actions to manage operations and mitigate risks need to be based on this distribution.
2.???? Business Resiliency and Operations: This involves disaster recovery and business continuity planning. Have an infrastructure to test "tiny updates" and scale with automation.
3.???? Compliance: Automated documentation can help with task automation and provide continuous reports/action prompts to stay compliant.
4.???? Diversity: By design, don’t load all your eggs in one basket!!!
This episode, though not a planned cybersecurity attack, highlights the vulnerabilities of our edge systems, which are both numerous and widely distributed. However, there is inherent resiliency in these systems, enhanced by high-quality tools that can provide greater operational protection.
Comments? Insights?
#crowdstrike #incident #cybersecurity #supplychainmanagement #logistics #riskmanagement #operationsmanagement #avtech #physicalsecurity #edge
Operational Strategist & Business Scaler | Unique Perspective through Diverse, Cross-Functional Exposure | Solid Financial Acumen
7 个月Valuable and timely insights Niranjan Maka! I will add 2 more considerations for the world of technology at the Edge (IoT). 1. Architecture: While you correctly point out that the hetrogeneity at the Edge provides inbuilt resiliency in a way, it is important to keep in mind that this heterogeneity is usually accidental and not by design. The world of IoT needs a lot more focus on Enterprise Architecture so the right balance of standardization vs 'best of breed' can be thoughtfully implemented. Unplanned heterogeneity has other unintended consequences, some of which you have already pointed out. 2. Cybersecurity hygiene: The world of Edge / IoT also needs to get much more disciplined about basic cybersecurity practices like strong passwords, regular password rotation, patching, firmware updates, etc. This is a significant gap currently. A robust Edge infrastructure management platform can automate much of this and provide immense value. As you well know, we saw these benefits firsthand at VMware, in collaboration with you guys.
Security Executive with a focus on Governance, Risk and Compliance | Advisor | Former VMware, PayPal, Visa
7 个月Sound advice in general, Niranjan. Yes - know precisely what you have in your environment (not easy) and to what extent it’s compliant (harder). Have a comprehensive risk management plan and ops processes in place including Enterprise Resiliency to enable the best possible pivot when the unexpected happens.
Niranjan Maka - very informative! Strange that there was no adequate business continuity plan in place for most of the critical businesses that got impacted.. or maybe the continuity plan again depended on the same underlying platform which was impacted.