CrowdStrike outage prompts businesses to overhaul supply chains
The CrowdStrike outage of July 2024 has triggered a major rethink of tech supply chains, as businesses around the world look to build IT resilience and minimize risk.
New research from Adaptavist shows that in the wake of the incident, which affected 8.5 million devices worldwide, there's a decisive shift in vendor relationships and a loss of confidence in traditional single-vendor approaches, with only 16.25 percent of respondents expressing satisfaction with their current providers.
The survey of 400 people with software development responsibilities in organizations with $10 million or more in annual revenue in the UK, US and Germany, shows the outage has fueled fears of a supply chain incident, with 10 percent viewing over-reliance on single-vendor solutions as the biggest threat to their company's IT resilience.
In consequence some 27 percent are actively diversifying their software and service providers, while 57 percent are considering doing so. However, despite waning confidence, organizations aren't simply abandoning existing relationships. 37 percent say they are actively strengthening partnerships with current vendors, while 34.25 percent are increasing their reliance on open-source solutions, suggesting a sophisticated approach to risk management.
The incident has also catalyzed comprehensive reform of software management practices. 29.5 percent say they are much more cautious and delay updates, 30.75 percent are moving towards more in-house development, and around 20 percent plan to implement Continuous Integration/Continuous Delivery (CI/CD), stress testing (20.75 percent), and monitoring and visibility (19.75 percent) for the first time. Additionally, 74.5 percent of respondents report placing greater emphasis on vendor risk management, with 32.5 percent actively exploring multi-vendor solutions, and 29.75 percent implementing more rigorous testing protocols.
Jon Mort, chief technology ufficer of Adaptavist, says:
This research paints a complex picture of the challenges facing organizations as they work to strengthen their digital resilience. The data suggests a fundamental reshaping of the software industry's approach to vendor relationships, moving toward a model that balances the benefits of strong vendor partnerships with the resilience of diversified technology stacks. This isn't just diversification for diversification's sake -- it represents a mature evolution in how organizations approach technology partnerships and risk management.
However, this underscores a growing need for strong service management practices that provide greater visibility and insights. The next critical challenge is going to be finding the right equilibrium between people, processes, and technology. We need to empower IT teams to work with confidence -- safe in the knowledge that their processes can withstand scrutiny -- if we want to ensure long-term resilience and security.
The research shows that the incident has driven positive changes, with 74 percent reporting improved collaboration between IT and other departments, which may explain their enthusiasm for diversification. Meanwhile, 84 percent are investing more money into training for existing staff, bolstering training across cybersecurity (87.5 percent), incident response (86 percent), software testing (89 percent), Agile, and DevOps practices training (89.25 percent) to plug any remaining gaps.
You can get the full report on the Adaptavist site.
Image credit: ALLVISIONN/depositphotos.com