Consolidation and Integration of Big Tech
Not one day after my last post, snarking about AI, movies like Terminator and their unlearned lessons, and one of the most Skynet-esque global computer failures occurs. Weird how that happens. The global Microsoft Windows outage that has been on everyone’s minds this past week is such a glaring example.
Now, obviously the CrowdStrike software malfunction doesn’t qualify as a data breach. The real danger lies in the opportunities presented by the chaos for bad actors to exploit. Airlines, banks, health care, public transportation: the outage affected systems in all sectors. Keeping a heightened vigil in this situation can protect their customers’ valuable data. Strict access controls, employee training to avoid phishing and other types of social engineering, and of course data encryption for any breaches that occur.
Conspiratorial leanings aside (and there will be plenty of those), this incident is only unique in the sheer scale, not in its essential nature. Microsoft’s pervasive presence in organizations around the world ensured that when CrowdStrike’s error kicked in, everybody running a Microsoft operating system—which uses CrowdStrike’s cybersecurity software—was hit. But that’s just what I was referencing earlier. When a single feature is so utterly ingrained and interconnected with numerous vital operations, one hiccup can bring tumbling down the whole Jenga tower.
Microsoft has since released a Windows recovery tool for affected machines. Ironically, the outage came only two days after federal agencies expressed concerns about the consolidation and mass integration of big tech cloud services putting consumers at risk. As Federal Trade Commission chairwoman Lina Khan tweeted, “All too often these days, a single glitch results in a system-wide outage, affecting industries from healthcare and airlines to banks and auto-dealers,” for which “millions of people and businesses pay the price.” Furthermore, “these incidents reveal how concentration can create fragile systems.”
Three companies – Microsoft, Amazon and Google – control 65% of the cloud market, while Microsoft and CrowdStrike control more than 30% of the endpoint security market. Because of this egregious consolidation, “We had this cascading failure of all of these businesses, banks, the London Stock Exchange, all of these airlines had to be grounded, because of this one mistake,” says a University of Pennsylvania researcher. Left unchecked, this trend is likely to cause even more incidents like the CrowdStrike outage in the future.