Third-Party Risk: Aftermath of CrowdStrike Agent Content Update IT Outage

Third-Party Risk: Aftermath of CrowdStrike Agent Content Update IT Outage

This IDC Perspective discusses the aftermath of the CrowdStrike agent content update IT outage. Organizations around the world are struggling in the aftermath of the Microsoft and CrowdStrike disruptions as these combined events disabled millions of systems in the wake of a failed update. There is even more concern today regarding third-party risks, especially for those third parties that have considerable access, coverage, and control over IT estates. There are five distinct areas that must be inspected related to the CrowdStrike event: critical infrastructure and software, change control, recovery, resiliency strategy, and third-party risk management. "While these types of catastrophic events do not occur on a frequent basis, vendors and customers tend to have short memories over time and fail to instill IT process and procedure rigor over time. Things like a deep inspection of vendor change management processes and procedures in combination with the customers' own processes and procedures to ensure there are no surprises, they are compatible, and they reduce the risk of IT disruptions," says Phil Harris, research director for Governance, Risk, and Compliance Services and Software at IDC. "This is where risk and compliance management processes and procedures can ensure this rigor continues ongoing into the future.