I have watched with interest as the Crowdstrike and Microsoft saga unfolds. As a disclaimer I am not an expert in either product or field, but that seems to be the case with many of the most scathing commentators. I do have some learning from the events, perhaps not as much as those involved directly but still interesting to observe.
Crowdstrike is an anti-virus company?
As a (very small) shareholder, I was quite surprised to hear this as I believed they were an award winning end point protection and consultancy provider. Here is definitive proof that if you give people 2 + 2 they will definitely come up with 5 and happily beat your reputation with that stick.
Business and Finance are very different beasts
To read the ‘business’ articles, the world is currently burning, and Crowdstrike is the industrial equivalent of a comet that has just hit the Earth. To read the financial markets (who study actual business every second of every day) some shareholders have panic sold, including a significant inside sale days before the issue happened, but in the main this is appears a blip and with the price reduction the advice is to buy not sell – not so gloomy.
Our industry is full of fanatics
Lets be clear, this is bad in terms of impact and the full extent is yet to be realised however, maybe we should test the heavy hitting, negative commentators with the following:
- Has this ever happened in your organisation (same cause regardless of size)?
- Can you honestly say there is no chance it will?
- If it did would your BCP/ITSM plan be fully documented, tested, ready to go and fit for purpose?
- Are your opinions based on a sound understanding or are you wanting to sell something, a Crowdstrike competitor, a Windows hater or generally following the crowd?
Far be it from me to suggest that anyone commenting has an ulterior motive of course 🙂
Damage by association is a thing
I have lost count of the ‘Microsoft this’ and ‘Microsoft that’ posts I have seen. Unsurprisingly a large number have come from the Linux and Mac community who have come together to ignore their respective user interface and pricing issues to descend upon the situation. I did have to laugh at the story around an airline putting tin boxes of humans high in the sky, where they have no business being, using Windows 3.1 as a ‘thank goodness they didn’t upgrade’ moment. Oh IT, why you so crazy.
Rapid Distance is also a thing
Whilst talking about damage by association, I guess it is not unexpected that one half of the partnership was very quick to point out that it was the other half that caused the issue. I fully understand that the need to be clear about corporate integrity however I am sure somewhat of a sour taste will be left from being thrown to the wolves.
Conclusion
The response to this issue across our industry is expected, being something of a scatter gun, showing no proactivity and an awful lot of blamesplaining. It is no wonder that there are so many entities pedalling old ideas and best practice as ‘new’ and the ‘future’ when we do the same basics badly and then jump the fence into attack mode when someone falls foul of it.
The issue was of such magnitude due to the success of the organisations involved, not the size of the mistake. If you are the market leader and something goes wrong the blast radius is obviously higher. At its core its a small mistake (in terms of detail not impact) with a huge user base (never have I understood the Agile concept of relative complexity more).
There were however, some lights in the darkness with people working to create and socialise fixes and workarounds for the issue – they should be applauded as they are doing what we purport to do as an industry ‘leaning in and focussing on the fix / value’. Those are the examples we should learn from – whether we do or not is of course up for discussion.
Every day is a school day it seems even after all these years.