This is an unpopular opinion, and I get why – people crave a scapegoat. CrowdStrike undeniably pushed a faulty update demanding a low-level fix (booting into recovery). However, this incident lays bare the fragility of corporate IT, particularly for companies entrusted with vast amounts of sensitive personal information.

Robust disaster recovery plans, including automated processes to remotely reboot and remediate thousands of machines, aren’t revolutionary. They’re basic hygiene, especially when considering the potential consequences of a breach. Yet, this incident highlights a systemic failure across many organizations. While CrowdStrike erred, the real culprit is a culture of shortcuts and misplaced priorities within corporate IT.

Too often, companies throw millions at vendor contracts, lured by flashy promises and neglecting the due diligence necessary to ensure those solutions truly fit their needs. This is exacerbated by a corporate culture where CEOs, vice presidents, and managers are often more easily swayed by vendor kickbacks, gifts, and lavish trips than by investing in innovative ideas with measurable outcomes.

This misguided approach not only results in bloated IT budgets but also leaves companies vulnerable to precisely the kind of disruptions caused by the CrowdStrike incident. When decision-makers prioritize personal gain over the long-term health and security of their IT infrastructure, it’s ultimately the customers and their data that suffer.

  • John Richard@lemmy.worldOP
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    11
    ·
    3 months ago

    It was to elaborate that there is a bigger issue here with corporate IT culture that is broken. The CrowdStrike incident merely exposes it, but CrowdStrike isn’t the real problem. Remediation for an event like this, especially once the fix is known, should be 30 minutes… not weeks or months.

    • RaoulDook@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      7
      ·
      3 months ago

      The OS should be mature enough by now that it could automatically recover from crashing on the load of a bad 3rd party driver. But it was not, wtf.

      • catloaf@lemm.ee
        link
        fedilink
        English
        arrow-up
        5
        ·
        3 months ago

        It can, sort of. Safe mode will still boot just fine. But then what should it do? Just blacklist the driver and reboot? That’s not going to work too well if it’s the storage driver.

        • RaoulDook@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          3 months ago

          Well they could still just blacklist all 3rd party drivers except storage drivers. Many categories of 3rd party drivers could be excluded fully during a selective recovery boot process.

      • John Richard@lemmy.worldOP
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        2
        ·
        3 months ago

        Microsoft has been too busy building a new Outlook PWA with ads in your email, and AI laptops that capture screenshots of your desktop in unencrypted folders.