CrowdStrike was not the only security vendor vulnerable to hasty testing
Other vendors aren’t immune
It would be naive to think of a world free of CrowdStrike-like scenarios, especially in the present day of interconnectivity and dependency. CrowdStrike, incidentally, happened to be the one with the slip-up but it could have been anyone, several believe.
“It’s important to note that this is not a security failure,” said Duncan Brown, group vice president of research at IDC. “SaaS-based vendors are making releases daily, so theoretically, this kind of incident could happen more often. It just happened to be CrowdStrike, so the security aspect – at least to some degree – is a red herring. But of course, there is a presumed urgency to security updates, which probably meant that the update was distributed and installed quickly and widely.”
Brown noted that while cloud-based updates are swift and beneficial for addressing security vulnerabilities, they come with an increased risk of incidents similar to the CrowdStrike issue. The alternative to cloud rollouts, an on-premises infrastructure, offers more control for companies but is slower and more costly, he added.