In the last couple of days, many IT systems have been down due to the release of a new version of the Crowdstrike security software. I don’t personally use that software so the impact on me has been minimal but it is widely used in the NHS, in a few banks, by airlines (one of my neighbours had their holiday flights cancelled) by some retailers and others. It affected those running Windows software. For example it affected the EMIS software that my GP practice and many others use for appointment booking.
As a former IT manager, these are the questions I would be asking: 1) Was the new software version adequately tested on all the common environments before release? 2) Was a staged release done so that only a few organisations were affected before the fault was discovered? (It seems it was not). 3) Was there a roll-back plan in place to recover quickly when the fault was discovered? Apparently not! 4) Did all users of the software have disaster recovery plans to enable them to revert to back-up manual systems or alternative IT systems?
In essence this failure is due to incompetence by Crowdstrike and among their customers. This kind of failure arising from a new software release simply should not happen.
As a member of the British Computer Society, the professional body for IT staff, I think it is unfortunate that they have not taken a lead on establishing standards to avoid this kind of failure.
Roger Lawson (Twitter: https://twitter.com/RogerWLawson )
You can “follow” this blog by entering your email address in the box below. You will then receive an email alerting you to new posts as they are added.