Businesses around the world — including in Houston — and across all industries are taking stock of operations after a software outage disabled critical functions.
The root of the outage was a defect found in an update provided by the Austin-based cybersecurity firm CrowdStrike Holdings Inc. (Nasdaq: CRWD).
The July 19 outage, which resulted in the so-called “blue screen of death” for computers across the world, rippled across systems in nearly every industry and even through government institutions like the Social Security Administration. According to a July 20 update from Microsoft Corp. (Nasdaq: MSFT), approximately 8.5 million Windows devices were affected.
While many businesses were able to get systems up and running after the initial 24-hour outage, local experts said that customers should be expecting better from their software providers when it comes to rolling out updates. The outage could also lead to stricter regulation for update rollouts, as is commonplace in jurisdictions like the European Union.
“The customer has no ability to know what’s happening from an update standpoint, and for the most part, they don’t care,” said Philip Dutton, CEO and founder of London-based Solidatus. “If you’re supplying the critical infrastructure space, there’s a level of expectation of what you must have. In the banking world, that comes from the regulator.”
Solidatus, which opened a Houston office in 2022, specializes in securing the chain of data at an organizational level and works with banking clients. When the Houston Business Journal reached out to banks during the July 19 outage, most reported that services were online or had minimal outages before the end of the day.
Dutton said that when software firms roll out updates, the amount of scrutiny given to those updates will vary depending on the scale of the update and where it is going.
“If it was a line of code that was affecting the space shuttle launch, where people are going to die if that line of code goes wrong, guess what? You apply a really rigorous testing framework,” he said.
Spring-based Hewlett Packard Enterprise Co. (NYSE: HPE), the Houston area’s largest public technology company by revenue, was also impacted by the outage. However, as the company prioritized restoring customer-facing applications from the outset, there were little to no escalations in customer downtime, according to Adam Bauer, senior director of corporate communications at HPE.
Chris Rogers, a senior technology evangelist at HPE subsidiary Zerto, said organizations wary of future outages or cyberattacks had a few questions to ask when considering turning to the market for solutions.
“I’d imagine many organizations will be eager to understand the full root cause analysis and lessons learned so this can’t happen again in the future,” Rogers said. “And many organizations will focus on their own internal systems and responses. How would they handle a cyberattack with similar outcomes? Would these organizations be able to recover promptly? Would they be able to determine the recovery steps? Would their business continuity and disaster recovery plans enable their businesses to quickly bounce back, or would they suffer from long outages and large amounts of data loss?”
Like Dutton, Rogers said that from a supplier standpoint, there could be significantly stricter protocols around pushing out updates. He suggested that “sandbox environments” where patches are tested prior to rollouts, could be a requirement for software firms in the future.
Sign up here for the Houston Business Journal’s free morning and afternoon daily newsletters to receive the latest business news impacting greater Houston.
