Cloudhouse Head Talks Laws Incoming After Crowdstrike Outage
In an increasingly interconnected digital landscape, the frequency and impact of major IT outages have become a pressing concern for businesses and consumers alike.
The recent CloudStrike outage, which caused widespread disruption across multiple sectors, has reignited discussions about the need for regulatory oversight in the tech industry. As organisations grapple with the fallout from such incidents, questions arise about accountability, resilience, and the potential role of legislation in preventing future crises.
The CloudStrike incident serves as a stark reminder of the vulnerabilities inherent in our digital infrastructure. With critical services and operations relying heavily on cloud-based solutions, the ripple effects of a single outage can be far-reaching and costly. This has prompted calls for a more robust framework to ensure accountability and promote best practices in the tech sector.
To find out more, we spoke with Jonathan Dedman, Director at Cloudhouse, about the potential for regulation in the wake of recent IT outages.
- Jon has been involved in software for over 20 years starting as a developer in the first versions of .NET through leading a development team, into performing business analysis, before moving into pre-sales activities
The case for regulation
Jonathan emphasises the growing need for regulatory measures, stating, "Our modern world has become more and more interconnected and interdependent and, as this continues, outages are only going to be more noticeable, inconvenient, and costly. You only have to look at the ongoing global chaos caused by the CloudStrike outage to know that we can't afford another repeat situation".
This perspective underscores the urgency of addressing the issue, as the consequences of inaction could be severe. Jonathan argues that while technology excels at rapid evolution, it requires appropriate governance to guide its direction. New legislation could play a crucial role in establishing this control.
The timing for introducing such legislation appears ripe, according to Jonathan. "There is plenty of discourse and hand-wringing when an outage occurs but arguably not enough decisive action. A failure to act now would simply see more outages pass us by with consumer trust disintegrating further", he explains. This sentiment reflects a growing impatience with the current reactive approach to IT failures.
Shaping effective regulation
When considering the form that potential regulation might take, Jonathan draws parallels with past legislative responses to crises. "After the 2007-2008 financial crisis, new laws were introduced to give regulators more teeth to tackle banking malpractice. This extended beyond financial services eventually and operational resilience legislation could extend beyond EU DORA in a similar way", he notes.
However, Jonathan cautions that striking the right balance is crucial: "It's essential any regulation is robust enough to deter poor practice but not stifle innovation in the sector. Of course, that's easier said than done, but it's important to get right". This highlights the delicate task lawmakers face in crafting effective yet flexible regulations.
Global implications and organisational strategies
The potential for legislation in the US could have far-reaching effects. Jonathan observes, "While new laws often take significant time progressing through Congress and coming into effect, there's no doubting the influence it will have on other territories". This suggests that any regulatory moves by the US could trigger a domino effect of similar measures worldwide.
In the meantime, organisations need not wait for legislation to improve their resilience. Jonathan offers practical advice: "Organisations should be aware of the impact of IT change on their operations. This applies to change driven by internal evolution but also to changes or updates driven by third parties".
He recommends following the ITIL framework for change management and emphasises the importance of regular checks on test environments. "The reality is that changes will often go through without proper checks, as modern agile practices are about moving fast. The checks to ensure these changes don't cause problems can be automated but regular checking of test environments, doing what they are actually meant to, is crucial", Jonathan explains.
By implementing robust change management strategies and prioritising operational resilience, organisations can take proactive steps to mitigate the risk of outages.
As the tech industry awaits potential regulatory developments, such measures may prove invaluable in safeguarding against the kind of disruption witnessed in the CloudStrike incident.
******
Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024
******
Cyber Magazine is a BizClik brand
- TCS and Google Cloud Join for Solution to Secure the CloudTechnology & AI
- Aon Points to Area Diversification as Cloud Risk StrategyCloud Security
- Tenable: Security Expertise Gap Threatening Cloud ExpansionOperational Security
- Zscaler Races to Control Narrative Amid Rumours of HackCloud Security