The CrowdStrike Global IT Apocalypse Part 1: Legacy Executives Exposed Over Failed Disaster Recovery Planning

I just posted an article about the Industrial era corporate executive being obsolete. The digital era requires leaders who are engaged enablers, not ivory tower, far removed executives. Industrial era executives are usually out of touch with the business realities faced by their workers in the trenches. Gartner Group and McKinsey & Co both released reports showing that most failed digital transformation initiatives are due to lack of leadership and vision that workers can rally behind.

Key pillars of digital transformations are disaster recovery (DR) and cybersecurity.

The global CrowdStrike IT outage, which started July 18 and is still causing problems, though to a lesser extent, is yet another major, catastrophic example of Industrial era executives being out of touch with the new realities (to borrow from late father of modern management Peter Drucker). Ironically, for a company that touts its cybersecurity prowess in protecting companies from major threats, the biggest threat event in history came from its own solution. The CEO of CrowdStrike was apologetic and announced a fix was deployed, though billions of dollars of damage to companies worldwide is still in the balance, with threats of lawsuits looking. The executives of these companies may point fingers at CrowdStrike, but their own disaster recovery and business continuity planning got exposed, too.

Nonetheless, as this catastrophe illustrates, disaster recovery planning must be, and has always been, a crucial part of digital transformation initiatives. A Digital Enabler (DE) knows this and would have ensured all sprint teams have no obstacles in implementing DR related tasks in their backlogs. In cloud computing, a key part of DR is geo-redundancy, where if servers go down in one geographic region, duplicate servers in another region can take over to ensure continuous business operations. No DR plans are 100% perfect.

The CrowdStrike scandal, however, exposed that DI planning was almost nonexistent not only for CrowdStrike, but for the organizations that got crippled by the outage. I wouldn’t be surprised if investors and customers launch class action lawsuits for giving the impression DR plans were in place, when in reality, they were negligently faulty at best, or nonexistent at worst. An effective DR plan would have avoided the unacceptable, widespread, persistent disaster that will forever be associated with CrowdStrike.

Nothing personal against CrowdStrike. Hopefully this can be a teachable moment for legacy executives to transform into digital enablers.

Here’s a recap of what happened with the CrowdStrike fiasco:

🚨 Breaking News: CrowdStrike Update Causes Global IT Disruption 🚨

In an ironic twist of fate, CrowdStrike, a leading cybersecurity firm, has found itself at the center of a massive IT catastrophe. A recent update to their Falcon Sensor software led to widespread system crashes, causing the infamous “blue screen of death” on Windows computers worldwide. 🖥️💥

The incident, which began in Australia and quickly spread globally, affected critical sectors including businesses, airports, banks, and healthcare. While some speculated about a potential cyberattack or an inside job, both CrowdStrike and CISA have confirmed that the disruption was due to a defect in the software update, not malicious activity. 🕵️‍♂️🔍

CrowdStrike has since isolated the issue and deployed a fix, but recovery has been slow for some systems. This event underscores the importance of rigorous testing and quality assurance in cybersecurity software updates. 🛡️🔧

The market reacted swiftly, with CrowdStrike’s stock price plunging by over 11%, reflecting the severity of the incident. Consequently, George Kurtz, the co-founder and CEO of CrowdStrike, saw his net worth decrease by approximately $105 million, bringing it to around $3.65 billion. 📉💼

Stay tuned for more updates as we continue to investigate this unprecedented event. #CyberSecurity #TechNews #CrowdStrike #ITDisruption

Feel free to share your thoughts or ask questions below! 👇

The executives of CrowdStrike, and the major corporations adversely impacted by this global outage, won’t admit full responsibility as we see. They’re pointing fingers mostly in other directions. CrowdStrike blamed a “Windows software update” but that’s not acceptable. An effective DR plan, with a quality assurance epic and thorough testing in a lower environment before going to production, would have identified the update as problematic. Pushing a critical update directly into production at the end of the business week is beyond incompetent and dysfunctional. There’s no legitimate excuse for this. Untold millions of people worldwide suffered tangible losses.

The legacy executives of the airlines, airports, banks, hospitals and other organizations, seriously disrupted by the CrowdStrike catastrophe, are not off the hook as I mentioned. A key part of disaster planning is mitigating the risk of vendors and their third-party software dependencies. These software apps should have been rated in terms of criticality, where Tier 0 apps are the most critical. Tier 0 apps should not be dependent on the lowest ranked Tier 4 apps because recovery time objectives (RTO) and recovery point objectives (RPO) will vary. If a Tier 0 app has to be back in action in, say, 5 minutes, but a Tier 4 app it’s dependent on is 8 hours, then that Tier 0 app is not going to be fully functioning.

Furthermore, when companies partner with vendors, a part of the service level agreement (SLA) is vendor risk assessment. The purpose of this assessment is to determine “what happens next if the product or service we’re relying on fails? How do we recover and continue our business?”

In my long experience, more than half of organizations have subpar disaster recovery plans in place to truly mitigate vendor risks. This is because legacy, Industrial executives (IE) are simply out of touch with employees and their business and technology processes. They speak the “strategy and value chain” language that investors and boards of directors like to hear but have little to no meaningful impact on the day-to-day productivity of workers.

The industrial era corporation is the tale of two cities: (a) the affluent city enclave of executives, and (b) the working class neighborhood of everyone else. There’s a virtual railroad track dividing the two, creating an unhealthy “us vs them” divide. This divide is one of the key reasons digital transformations fail, and is very anti agile.

The digital era corporation removes this divide. The enablers and workers execute together. The backlogs, from the portfolio all the way down to the sprint, are very familiar to the enabler as they help leaders remove obstacles and motivate sprint teams. There is no “us vs them” because it’s a “we” environment.

In part 2 of this two-part series, I will provide a legal and policy cautionary tale for IT organizations regarding such widespread, worldwide failures resulting from the CrowdStrike Controversy. Stay tuned.

Links:

CrowdStrike Update: Microsoft Releases Windows Tool To Fix 8.5 Million