Reducing Dependency on Large-Scale Tech Providers: Insights From Microsoft Service Failures

Reducing Dependency on Large-Scale Tech Providers: Insights From Microsoft Service Failures

Stephen Lv12

Reducing Dependency on Large-Scale Tech Providers: Insights From Microsoft Service Failures

  • Nightmares like Crowdstrike happen because of an unhealthy tech monoculture.
  • This kind of outage is going to keep happening.
  • Governments should use—and invest in—open-source software.

Windows 11 system crash due to security update from CrowdStrike affected bus stops

Oopsy daisy.

Shekai / Unsplash

Microsoft might not have been directly to blame forthe CrowdStrike outage , but it shows how much of the world relies on Windows and Microsoft’s infrastructure—and how dangerous that can be.

The tech world tends towards consolidation, with buyers and users settling on one or a few main options. YouTube for video, Amazon for shopping, Google for search, and so on. In those cases, the effective monopoly makes it easy to find what you’re looking for—it’s all in one place—but in the case of infrastructure, this kind of centralization is a liability, as we saw in the recent Crowdstrike outage, where one botched software updatecrashed millions of infrastructure-essential computers across the world. Shouldn’t companies—and governments—use more reliable, less centralized software?

“It is significantly easier to manage, monitor, and operate an organization that uses a standardized set of tools,” cybersecurity expert and white-hat hackerAndrew Plato told Lifewire via email. “Standardization is a key component in not only efficiency but also in security. Uniform, consistent environments are easier to secure since it becomes easier to identify things that are out of place.”

Monoculture

Security is boring, and not just for you and me. A large company is no more inclined to spend time and money on security than anyone else, which is why we keep hearing aboutmassive privacy breaches at companies whose business is to look after user data. Security is often just a checkbox on some compliance form, and so we end up with these companies buying the most obvious off-the-shelf solution so that they can check this box.

The result of these two factors—consolidation and compliance—is that many businesses run on Microsoft, and many of those use security products like Crowdstrike. Standardization makes things easier.

Frown face from blue screen of death

This is how I feel every time I have to use Windows.

Joshua Hoehne / Unsplash

But as with any monoculture, when disaster strikes, it strikes hard. A single disease can wipe out crops and entire species, like the Irish potato famine or the phylloxera grape blight. We got a taste of that with the Crowdstrike debacle, where a bad line of code in an automatic software update prevented Windows computers from even booting.

The fix was a straightforward update but one that had to be applied by hand, which meant sending technicians out to fix millions of machines. And if those machines also used Microsoft’s BitLocker drive encryption, the technicians would also need the passcodes for every computer.

We saw the results: everything from ad displays stuck on the Blue Screen of Death (good) to airlines all but closing down because their computers were offline (very bad).

“The Windows endpoint environment has reached the point of unmanageable complexity,”Jason Mafera , field CTO at cybersecurity and secure endpoint OS companyIGEL Technology , told Lifewire via email. “A steady stream of updates and layering of security features has created a web of complexity that is difficult to manage or fix and therefore promotes risk.”

Now, imagine a similar outage, only it shuts down the water plant, puts hospitals offline, or some other nightmare scenario.

TubeDigger - online video downloader from mostly any site

Open Source

For these exact reasons, governments should not rely on proprietary software that is outside of their control. Instead, they should look to another model: open-source, aka “free” software. Open source means that the source code, the part that humans write before a computer crunches it into executable software, is open for anyone to read, use, and modify.

Neon sign that reads 'Open.'

Open.

Viktor Forgacs / Unsplash

Most commercial software already includes open-source elements. The Webkit browser engine that powers Safari, for example, is open source, as is the Android operating system, which is itself based on Linux.

But the reason governments—and frankly, any company that relies on software that is critical to its infrastructure—should move to open source is that they can vet the code and modify it for their own purposes.

Governments should keep funding free software. In anopen letter published on Thursday , the founders of Mastodon called for exactly this. Specifically, they ask the European Commission not to shut down its Next Generation Internet (NGI) program, which funds many open-source projects.

Meanwhile,Switzerland now requires that the Swiss government release its own software as open source. This means that anyone can build on that software, but more importantly, in this case, independent security researchers can dig into it and find problems before they cause Crowdstrike-like disasters.

The fix is simple: Stop using proprietary and monolithic software and switch to open source. The problem is that this takes effort. Governments can justify this effort because their goals line up with those of open-source software. But big corporations are happy to just throw money at a vendor like Microsoft or CrowdStrike so they can check a box on a compliance sheet. After all, it’s not like an executive is going to get fired for buying Windows.

The 6 Best Linux Apps for Chromebooks in 2024

Was this page helpful?

Thanks for letting us know!

Get the Latest Tech News Delivered Every Day

Subscribe

Tell us why!

Other Not enough details Hard to understand

Submit

  • Title: Reducing Dependency on Large-Scale Tech Providers: Insights From Microsoft Service Failures
  • Author: Stephen
  • Created at : 2024-08-19 13:15:22
  • Updated at : 2024-08-20 13:15:22
  • Link: https://tech-recovery.techidaily.com/reducing-dependency-on-large-scale-tech-providers-insights-from-microsoft-service-failures/
  • License: This work is licensed under CC BY-NC-SA 4.0.
On this page
Reducing Dependency on Large-Scale Tech Providers: Insights From Microsoft Service Failures