<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=1110556&amp;fmt=gif">
Skip to content
    September 6, 2024

    CrowdStrike: Are Regulations Failing to Ensure Continuity of Essential Services?

    Key Takeaways
    • Explore how regulations like DORA and NIS can help promote highly available services, but don’t provide 100% security.
    • Improve regulatory compliance and security by implementing monitoring and controls, even for outsourced services.
    • Employ Broadcom solutions to address regulatory requirements and establish service resilience and security.

    Total security is Utopia

    In recent years, regulations have been enacted that intend to ensure the continuity of essential services and mitigate security and availability risks. These regulations include the Digital Operational Resilience Act (DORA) and Network and Information Systems Regulations (NIS Regulations). In light of the recent incident involving CrowdStrike's Falcon system, it is legitimate to ask whether these regulations are truly effective. The chaos generated at airports and in payment systems could lead us to think that these regulations are failing. While it is true that the company acted in good faith, with full transparency, and did everything in its power to quickly repair the problems caused, the damage was enormous.

    The first thing we must understand is that there is no such thing as absolute security. This is something that those of us who have been involved in cybersecurity for many years are keenly aware of. It is impossible to protect anything 100%. Even the planet Earth can be destroyed by a meteorite, although the probability is remote. On average, every 10,000 years, there is a chance that asteroids larger than 100 meters can hit the Earth and cause local disasters or generate waves that flood coastal areas. NASA also estimates that every "several hundred thousand years," an asteroid larger than one kilometer could strike the Earth.

    The philosophy of regulations

    Beyond looking at each article and paragraph of the regulations enacted, we need to understand that, in general, the purpose of these regulations is to minimize, to the greatest extent  possible, the probability that a security incident will lead to the total or partial disruption of essential services or, if a disruption does occur, to ensure that the service is restored as quickly as possible. So, it is clear that yes, these regulations are not only useful but also absolutely necessary, even if we do not avoid 100% of potential incidents. Just imagine for a moment if they did not exist. How many serious incidents would occur then? It is true that there are many responsible companies committed to providing the best service to their customers. They implement controls and solutions with this objective in mind. But what about the rest?

    Interconnection of IT services

    One of DORA’s key areas of focus is on the evaluation of services provided by third parties, which is inherently what the CrowdStrike-related service outages were about. In an increasingly interconnected and interdependent IT world, this concept is especially relevant for regulatory purposes. These regulations make clear that, even if we outsource certain services, we still have the responsibility to control and monitor them.

    How Broadcom can help

    At Broadcom, we provide solutions capable of monitoring the status of services and detecting anomalies and potential failures before they occur. We identify the root cause and provide the relevant  information needed to restore availability as soon as possible. Details on our observability solutions can be found here.

    Regulations focused primarily on security objectives require not only monitoring but also the testing and validation of services. They also mandate the development of contingency plans and resilience testing, among other measures.

    At Broadcom, we are able to provide our customers with effective solutions to meet these requirements. Additionally, Broadcom's extensive range of security solutions deliver many of the controls required by the latest security regulations, making  us one of the best partners for compliance.

    Broadcom has published numerous articles detailing how we can assist in addressing regulations like DORA and NIS across various security disciplines to secure business services for our customers, and these publications are well worth reading.

    Broadcom has a long-standing history of serving financial institutions, banks, telecommunications companies, government agencies, and other providers of critical services. This extensive experience equips us with the products and expertise necessary to help our customers implement the controls and security measures mandated by these and other active safety and security regulations.

    Tag(s): AIOps , DX UIM

    Jordi Gascón

    Jordi Gascón is currently in charge of the EMEA team of Solution Engineers for Broadcom's IMS division. This team covers seven Value Streams: Identity & Access Management, Privileged Access Management, Enterprise Security, API Security, IT Operations Management, Application Development, and IT Services Management.

    Other Resources You might be interested In

    icon
    Blog September 2, 2025

    Your Network Disaster Recovery Plan is Only as Good as its Execution

    This post examines how network configuration management (NCM) plays an essential role in the execution of your disaster recovery plan (DRP).

    icon
    Office Hours August 29, 2025

    Rally Office Hours: August 21, 2025

    See how you can use AI to create a custom HTML widget in Rally, then follow the weekly Q&A session with Rally product experts.

    icon
    Blog August 22, 2025

    Handling Incomplete User Stories at the End of an Iteration

    When a team reaches the end of an iteration, some user stories may not be completed. This post details causes and options for managing these scenarios.

    icon
    Blog August 20, 2025

    What’s Hiding in Your Wiring Closets?

    See why you must move from periodic audits to a state of perpetual awareness. Track every change, validate it against policy, and understand its impact.

    icon
    Blog August 15, 2025

    All Network Monitoring Tools Are Created Equal, Right?

    See how observability platforms provide a unified view across multi-vendor environments and correlate network configuration changes with performance issues.

    icon
    Blog August 15, 2025

    Scale Observability, Streamline Operations with AppNeta Monitoring Policies

    This post reveals how, with AppNeta’s monitoring policies, you can leverage a powerful framework for scalable, flexible, and accurate network observability.

    icon
    Course August 14, 2025

    AppNeta: Current Network Violation Map Dashboard

    Learn how to configure and use the Current Network Violation Map dashboard in AppNeta to identify geographic regions impacted by WAN performance issues.

    icon
    Course August 14, 2025

    AppNeta On-Prem: Minimize Unplanned Downtime

    Learn how to configure the AppNeta On-Prem environment following best practices for high availability and disaster recovery to maintain service continuity and minimize unplanned downtime.

    icon
    Office Hours August 12, 2025

    Rally Office Hours: August 7, 2025

    Get tips on how to use the Capacity Planning feature in Rally, then follow the weekly Q&A session with Rally product experts.