Cloudhouse Head Talks Laws Incoming After Crowdstrike Outage

Share
The timing for introducing such legislation appears ripe
Cloudhouse Director Jonathan Dedman discusses what legislations tech companies may soon face as a result of the Crowdstrike Outage

In an increasingly interconnected digital landscape, the frequency and impact of major IT outages have become a pressing concern for businesses and consumers alike.

The recent CloudStrike outage, which caused widespread disruption across multiple sectors, has reignited discussions about the need for regulatory oversight in the tech industry. As organisations grapple with the fallout from such incidents, questions arise about accountability, resilience, and the potential role of legislation in preventing future crises.

The CloudStrike incident serves as a stark reminder of the vulnerabilities inherent in our digital infrastructure. With critical services and operations relying heavily on cloud-based solutions, the ripple effects of a single outage can be far-reaching and costly. This has prompted calls for a more robust framework to ensure accountability and promote best practices in the tech sector.

To find out more, we spoke with Jonathan Dedman, Director at Cloudhouse, about the potential for regulation in the wake of recent IT outages.

Jonathan Dedman is Director at Cloudhouse
Jonathan Dedman bio
  • Jon has been involved in software for over 20 years starting as a developer in the first versions of .NET through leading a development team, into performing business analysis, before moving into pre-sales activities

The case for regulation

Jonathan emphasises the growing need for regulatory measures, stating, "Our modern world has become more and more interconnected and interdependent and, as this continues, outages are only going to be more noticeable, inconvenient, and costly. You only have to look at the ongoing global chaos caused by the CloudStrike outage to know that we can't afford another repeat situation".

This perspective underscores the urgency of addressing the issue, as the consequences of inaction could be severe. Jonathan argues that while technology excels at rapid evolution, it requires appropriate governance to guide its direction. New legislation could play a crucial role in establishing this control.

The timing for introducing such legislation appears ripe, according to Jonathan. "There is plenty of discourse and hand-wringing when an outage occurs but arguably not enough decisive action. A failure to act now would simply see more outages pass us by with consumer trust disintegrating further", he explains. This sentiment reflects a growing impatience with the current reactive approach to IT failures.

Shaping effective regulation

When considering the form that potential regulation might take, Jonathan draws parallels with past legislative responses to crises. "After the 2007-2008 financial crisis, new laws were introduced to give regulators more teeth to tackle banking malpractice. This extended beyond financial services eventually and operational resilience legislation could extend beyond EU DORA in a similar way", he notes.

However, Jonathan cautions that striking the right balance is crucial: "It's essential any regulation is robust enough to deter poor practice but not stifle innovation in the sector. Of course, that's easier said than done, but it's important to get right". This highlights the delicate task lawmakers face in crafting effective yet flexible regulations.

Global implications and organisational strategies

The potential for legislation in the US could have far-reaching effects. Jonathan observes, "While new laws often take significant time progressing through Congress and coming into effect, there's no doubting the influence it will have on other territories". This suggests that any regulatory moves by the US could trigger a domino effect of similar measures worldwide.

In the meantime, organisations need not wait for legislation to improve their resilience. Jonathan offers practical advice: "Organisations should be aware of the impact of IT change on their operations. This applies to change driven by internal evolution but also to changes or updates driven by third parties".

He recommends following the ITIL framework for change management and emphasises the importance of regular checks on test environments. "The reality is that changes will often go through without proper checks, as modern agile practices are about moving fast. The checks to ensure these changes don't cause problems can be automated but regular checking of test environments, doing what they are actually meant to, is crucial", Jonathan explains.

By implementing robust change management strategies and prioritising operational resilience, organisations can take proactive steps to mitigate the risk of outages.

As the tech industry awaits potential regulatory developments, such measures may prove invaluable in safeguarding against the kind of disruption witnessed in the CloudStrike incident.

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand

Share

Featured Articles

Palo Alto Networks, Deloitte and The Push to Platformization

By expanding their partnership to EMEA, Palo Alto Networks is bringing to Deloitte the platformization needed in the modern cybersphere

Insurers Now Spotlighting Identity and Privilege Compromises

Delinea's latest survey reveals a sharp rise in cybersecurity insurance claims, pushing for advanced identity protection measures. Dive into how AI and met

Trend Micro Address AI Threat to Mobile Users with New App

Trend Micro Check is an all-in-one solution that recognises the threats that deepfakes are now posing to mobile users in elaborate scams

Solarwinds CISO Wants Global Cyber Laws After Winning Case

Cyber Security

Resurgence of Spam: Cisco Talos Sound Alarm on New Tactics

Hacking & Malware

Mastercard Bolsters AI for Banks to Combat Payment Fraud

Operational Security