Yesterday, 18 July 2024 around 6:00 PM Eastern; many started having major issues with the internet and their services offered to customers. This impacted airlines, banks, Microsoft Office 365 and many other companies. Complete systems had gone down facing a blue screen of death. Several airlines had to suspend flights, customers were unable to check the scheduling/reservation system, TSA required longer times to check passenger in; medical records went dark as online medical records were impacted. And this happened across the world.
What we witnessed was the inherent problem of not only software as a service but the problems we have since there are only a small number of major corporations servicing a majority of companies online services.
CrowdStrike is a service that is supposed to stop hackers and safeguard your data. Imagine a major company intended to protect your data is the company bringing the major issues companies are still trying to recover from this morning.
CrowdStrike indicates the issue occurred with “a defect found in a single content update for Windows hosts.” They went on to say “Mac and Linux hosts are not impacted.” This seems to support it was Windows only. Of course when companies experience security breeches it is released many months after the event and typically exposed by an independent who researched what happened.
The lesson here should be our current continued trend of putting everything in the cloud and depending on a handful of major companies to protect that data is not a viable solution and should not ever be considered an improvement in technology. Technology is NOT safe nor is it secure. We see far too many times personal data has been hacked leading to some lives being destroyed due to malicious use of this data.
Now imagine medical records. Hospitals that couldn’t access patients medical records for treatment details. Doctors couldn’t access patient files of those they may have been seeing. Clearly this is not acceptable and a mater of life and death. Yet we move more and more information into the cloud with this feeling it will remain there forever. It won’t.
Researching CrowdStrike it becomes apparent they have two layers of AI in their security model today. Another implementation that should never happen. AI is too young of a technology, it isn’t fully tested and no one is putting on requirements for implementing it.
All of this due to one update to Microsoft Windows Server. One update gone bad and boom millions of impacted lives. All allowed because so many services are dependent on this single source for daily operations.
Decades ago companies had their own internal servers. In these days CrowdStrike could still exist, but it would be installed on each companies server. Had an update taken place the major impact could have been avoided. Once one company hit the problem it would have gotten out about the issue; others would have heard about it prior to installing the update, preventing the massive outage experienced.
Technology for me is the perfect example how an industry completely forgot the K.I.S.S. principle. They dove into technology way too early. Technology even as cloud storage of everything. It as new, companies found they could save money and everyone dived right in. No one stopped to think of the very real risks a whole new industry was created to protect those vulnerabilities. AI comes along and soon more industries will be created to protect against that and the flaws out there. Then this they will wrap up in how great it is for you, you will buy it and even more problems will come in the future.
I know many disagree with me. In my opinion the only way forward with technology is backwards. Companies need to bring data back into their company operated and controlled servers. Software needs to go back to you buy the product and install it on your computers. No more cloud delivery. We even need to go back to installable discs for software. No more cloud delivery. That is only making companies more money and you and your data more vulnerable.
Imagine, every software as a service that is delivered to your computer via the internet is a doorway into both that companies and your personal computer. Safety measures can be taken but not even them can give you 100% security. Yes, back to the day my web browser and email client were the only software accessing the internet. Everything else was stored and installed on your machine.
Even backup isn’t a problem this way. I have drives to backup my data all the time in my computing environment. Raid drives so should one backup drive fail I switch to another drive; replace the bad one and keep on moving forward.
This is s tough conversation we need to have. We need to put down the money aspect, even the user needs to learn how to sync devices without passing that through a cloud.
You have a choice and more power than you can imagine. So stop depending on others to protect your data and become accountable for your data and protect it yourself. Demand companies change. Use a software that does sell you installable software without a subscription. If enough do this, companies will change.
