The CrowdStrike-Microsoft Outage in 2024

The CrowdStrike-Microsoft Outage in 2024
Case Code: ITSY142
Case Length: 11 Pages
Period: 2024
Pub Date: 2024
Teaching Note: Available
 Price: Rs.400
Organization: CrowdStrike Holdings Inc.
Industry: Technology & Communications
Countries: United States
Themes: IT Infrastructure, Disruption
The CrowdStrike-Microsoft Outage in 2024
Abstract Case Intro 1 Case Intro 2 Excerpts

Excerpts

The Outage

CrowdStrike provided security content configuration updates to its sensors in two different ways – sensor content and rapid response content. Sensor content was delivered directly through the sensors. The rapid response content updates were small but frequent, enabling the Falcon platform to provide protection against new cyber security threats..

The Impact

The CrowdStrike IT outage caused disruption across several industries. Microsoft faced a massive impact with 8.5 million Windows systems being affected since the company’s cloud computing platform Azure and Office 365 were used worldwide by numerous businesses. The software update by CrowdStrike had the maximum impact on the Microsoft Windows operating system because it ran at the kernel level – which was the core part of the operating system. Hence, when the error occurred in the update, it did not just affect CrowdStrike’s software but also shut down the whole computer system, resulting in BSOD. Thus, Microsoft was looking at “reducing the need for kernel drivers to access important security data.” ..

Criticisms

CrowdStrike faced stringent criticism from several quarters for the IT outage. Some industry observers were quick to point out that Kurtz was not new to this IT outage controversy. In the past too, while working at McAfee, he had faced similar issues. In April 2010, McAfee had released an update to its software used by corporate clients. The update had led to the deletion of an important Windows file, which resulted in millions of computers worldwide crashing and having to be repeatedly rebooted. This required the issue to be fixed manually. The error had an impact on supermarket chains in Australia and the US and police departments..

Challenges

On July 22, 2024, Kurtz received a letter from the US House of Representatives Homeland Security Committee asking him to give a justification for what had led to the global IT outage. The letter stated, “While we appreciate CrowdStrike’s response and coordination with stakeholders, we cannot ignore the magnitude of this incident, which some have claimed is the largest IT outage in history. Recognizing that Americans will undoubtedly feel the lasting, real-world consequences of this incident, they deserve to know in detail how this incident happened and the mitigation steps CrowdStrike is taking.”.

Looking Ahead

By the end of July 2024, CrowdStrike suffered a US$20 billion loss in market valuation with its stock falling by 24% after the IT outage (See Exhibit III for CrowdStrike’s stock chart after the outage). Even as Kurtz and CrowdStrike were grappling with various problems, industry analysts raised doubts over the company’s Quality Assurance process. Responding to this, the company stated that it followed an extensive quality assurance process, which comprised manual testing, automated testing, validation, and then roll-out of the update. The company stated that it would take several measures to avoid anything so devastating from happening in future..

Exhibits

Exhibit I: Worldwide Corporate Endpoint Security Share 2022
Exhibit II: CrowdStrike Holdings, Inc. Five Year Consolidated Statements of Operations
Exhibit III: CrowdStrike’s Stock Chart after the Outage (July 2024)

Buy this case study (Please select any one of the payment options)

Price: Rs.400
 Price: Rs.400
 PayPal (9 USD)

Custom Search