| I see discussion about who's at fault: Microsoft or Crowdstrike. But one thing I don't get about this: what was the role of the enterprise admins? Most administrators at large companies are cautious about rolling out new software versions to their employees. They (normally?) test before broad deployment. Seems like one of three things would have had to have happened for this to be missed: 1. Admins ignored testing this update prior to enterprise rollout. 2. Crowdstrike forced the update on unwilling users. 3. Crowdstrike does not provide a framework for such pre-rollout testing, and enterprises chose to use it anyway. Can anyone offer insight? [Disclosure: I'm a Microsoft employee, but not an enterprise admin] |
In my experience at both a 70,000 company and a 260,000 person company, both of which I can confirm have outages right now, this just isn't the case.
The security vendor says update and sysadmins say "right away", because the institution has learned that "right away" is the only acceptable answer from auditors, both internal and external.
This story is interesting because there's an entire chain of places you can pass the buck and absolve responsibility if you so choose. You could, if you so desired choose to blame:
1. The crowdstrike developer who pushed the change
2. The developer responsible for the kernel bug
3. crowdstrike as a company for not having better change management
4. microsoft for how they handle kernel access
5. system admins for not owning the update process of their entire body of devices
6. security teams / the CISO for operating on checklists that exist to please auditors rather than treating security as a living, breathing problem
7. Auditors for structuring security audits as a checklist rather than treating security as a living, breathing problem
8. Regulators for using one size fits all audits as the preferred method of determining security compliance