Cloudhouse Head Talks Laws Incoming After Crowdstrike Outage

Share
The timing for introducing such legislation appears ripe
Cloudhouse Director Jonathan Dedman discusses what legislations tech companies may soon face as a result of the Crowdstrike Outage

In an increasingly interconnected digital landscape, the frequency and impact of major IT outages have become a pressing concern for businesses and consumers alike.

The recent CloudStrike outage, which caused widespread disruption across multiple sectors, has reignited discussions about the need for regulatory oversight in the tech industry. As organisations grapple with the fallout from such incidents, questions arise about accountability, resilience, and the potential role of legislation in preventing future crises.

The CloudStrike incident serves as a stark reminder of the vulnerabilities inherent in our digital infrastructure. With critical services and operations relying heavily on cloud-based solutions, the ripple effects of a single outage can be far-reaching and costly. This has prompted calls for a more robust framework to ensure accountability and promote best practices in the tech sector.

To find out more, we spoke with Jonathan Dedman, Director at Cloudhouse, about the potential for regulation in the wake of recent IT outages.

Jonathan Dedman is Director at Cloudhouse
Jonathan Dedman bio
  • Jon has been involved in software for over 20 years starting as a developer in the first versions of .NET through leading a development team, into performing business analysis, before moving into pre-sales activities

The case for regulation

Jonathan emphasises the growing need for regulatory measures, stating, "Our modern world has become more and more interconnected and interdependent and, as this continues, outages are only going to be more noticeable, inconvenient, and costly. You only have to look at the ongoing global chaos caused by the CloudStrike outage to know that we can't afford another repeat situation".

This perspective underscores the urgency of addressing the issue, as the consequences of inaction could be severe. Jonathan argues that while technology excels at rapid evolution, it requires appropriate governance to guide its direction. New legislation could play a crucial role in establishing this control.

The timing for introducing such legislation appears ripe, according to Jonathan. "There is plenty of discourse and hand-wringing when an outage occurs but arguably not enough decisive action. A failure to act now would simply see more outages pass us by with consumer trust disintegrating further", he explains. This sentiment reflects a growing impatience with the current reactive approach to IT failures.

Shaping effective regulation

When considering the form that potential regulation might take, Jonathan draws parallels with past legislative responses to crises. "After the 2007-2008 financial crisis, new laws were introduced to give regulators more teeth to tackle banking malpractice. This extended beyond financial services eventually and operational resilience legislation could extend beyond EU DORA in a similar way", he notes.

However, Jonathan cautions that striking the right balance is crucial: "It's essential any regulation is robust enough to deter poor practice but not stifle innovation in the sector. Of course, that's easier said than done, but it's important to get right". This highlights the delicate task lawmakers face in crafting effective yet flexible regulations.

Global implications and organisational strategies

The potential for legislation in the US could have far-reaching effects. Jonathan observes, "While new laws often take significant time progressing through Congress and coming into effect, there's no doubting the influence it will have on other territories". This suggests that any regulatory moves by the US could trigger a domino effect of similar measures worldwide.

In the meantime, organisations need not wait for legislation to improve their resilience. Jonathan offers practical advice: "Organisations should be aware of the impact of IT change on their operations. This applies to change driven by internal evolution but also to changes or updates driven by third parties".

He recommends following the ITIL framework for change management and emphasises the importance of regular checks on test environments. "The reality is that changes will often go through without proper checks, as modern agile practices are about moving fast. The checks to ensure these changes don't cause problems can be automated but regular checking of test environments, doing what they are actually meant to, is crucial", Jonathan explains.

By implementing robust change management strategies and prioritising operational resilience, organisations can take proactive steps to mitigate the risk of outages.

As the tech industry awaits potential regulatory developments, such measures may prove invaluable in safeguarding against the kind of disruption witnessed in the CloudStrike incident.

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand

Share

Featured Articles

BT's Security Chief: Why AI Poses Such a Risk to Security

BT’s security chief Tris Morgan says the telecommunications group logs 200 million potential cyber attacks daily as AI drives new security challenges

How Supply Chain Cyber Threats Cost The Global Economy

Interos.ai reports physical infrastructure attacks and AI system vulnerabilities emerging as primary concerns for security leaders

How Kroll and DORA Tackle Supply Chain Cybersecurity Risks

Kroll experts highlight critical measures IT providers must adopt to protect supply chains from cyber attacks and mitigate risks from AI-enabled threats

VCARB & Dynatrace Accelerate AI For F1 Racing Performance

Technology & AI

Apple's Siri: How The Most Private AI Assistant Works

Operational Security

How The UK’s AI Plan Will Impact The Cybersecurity Sector

Technology & AI