Welcome to GRIP, Global Relay’s new digital information service on practical compliance and regulatory change.

Please enjoy this free trial of our subscription content service, for a limited time only.

  

Rules

Opinion: What can we learn from the CrowdStrike outage?

Photo: Nathan Howard/Getty Images

Alex Viall

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

Businesses exposed to technology and concentration risk tied to large vendors and ubiquitous systems is a sign of the times, says Alex Viall.

We are operating in challenging times – inflation, political division, war, climate, contagion (COVID) to name but a few.

Technology development is a positive and is advancing, in many cases exponentially. It can help to solve many of the key problems mentioned above, but our growing dependency on it can create more issues.

Cyber risk is the biggest type of risk facing governments, corporates and (to some extent) consumers now. Continuity of service is essential for efficient operations. What is within our control we need to insulate, test, and provide contingency for.

No corporate is an island and all must outsource to specialists where independent service provision is too complex or expensive. There is increasing concern related to concentration of provision to a market or to an individual corporate.

This has been compounded by the new business models being promoted by big cloud providers as they try to lock down larger shares of the market for lengthy periods with attractive ‘all you can eat’ packages in return for exclusive relationships.

As more risk systems are being hosted on central platforms, provision for alternatives needs to be made.

This model is appealing to larger corporates who can better forecast operating expenditure and amortize the cost over long periods. The end product made available to the corporate is not always fit for purpose, but is resorted to because it is essentially free (meaning it has been funded centrally).

A stakeholder who is not the end user has effectively made the purchasing decision, often because their remuneration is attached to budget observance.

This can result in significant liability to a corporate where the risk to the business is compromised because that executive was unaware of the monetary, legal and reputational costs related to a regulatory failure.

As more risk systems are being hosted on central platforms, provision for alternatives needs to be made to cover outage scenarios so corporates are not operating without critical risk system indicators and dashboards.

This all validates why operational resilience is so high on regulatory and state agendas currently as the dependence on mass digital connectivity becomes both fundamental as well as indispensable.

And it also demonstrates why everyone needs to insulate themselves from vendor concentration dependence.

, , , , ,

You may also like