<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=1110556&amp;fmt=gif">
Skip to content
    September 6, 2024

    CrowdStrike: Are Regulations Failing to Ensure Continuity of Essential Services?

    Key Takeaways
    • Explore how regulations like DORA and NIS can help promote highly available services, but don’t provide 100% security.
    • Improve regulatory compliance and security by implementing monitoring and controls, even for outsourced services.
    • Employ Broadcom solutions to address regulatory requirements and establish service resilience and security.

    Total security is Utopia

    In recent years, regulations have been enacted that intend to ensure the continuity of essential services and mitigate security and availability risks. These regulations include the Digital Operational Resilience Act (DORA) and Network and Information Systems Regulations (NIS Regulations). In light of the recent incident involving CrowdStrike's Falcon system, it is legitimate to ask whether these regulations are truly effective. The chaos generated at airports and in payment systems could lead us to think that these regulations are failing. While it is true that the company acted in good faith, with full transparency, and did everything in its power to quickly repair the problems caused, the damage was enormous.

    The first thing we must understand is that there is no such thing as absolute security. This is something that those of us who have been involved in cybersecurity for many years are keenly aware of. It is impossible to protect anything 100%. Even the planet Earth can be destroyed by a meteorite, although the probability is remote. On average, every 10,000 years, there is a chance that asteroids larger than 100 meters can hit the Earth and cause local disasters or generate waves that flood coastal areas. NASA also estimates that every "several hundred thousand years," an asteroid larger than one kilometer could strike the Earth.

    The philosophy of regulations

    Beyond looking at each article and paragraph of the regulations enacted, we need to understand that, in general, the purpose of these regulations is to minimize, to the greatest extent  possible, the probability that a security incident will lead to the total or partial disruption of essential services or, if a disruption does occur, to ensure that the service is restored as quickly as possible. So, it is clear that yes, these regulations are not only useful but also absolutely necessary, even if we do not avoid 100% of potential incidents. Just imagine for a moment if they did not exist. How many serious incidents would occur then? It is true that there are many responsible companies committed to providing the best service to their customers. They implement controls and solutions with this objective in mind. But what about the rest?

    Interconnection of IT services

    One of DORA’s key areas of focus is on the evaluation of services provided by third parties, which is inherently what the CrowdStrike-related service outages were about. In an increasingly interconnected and interdependent IT world, this concept is especially relevant for regulatory purposes. These regulations make clear that, even if we outsource certain services, we still have the responsibility to control and monitor them.

    How Broadcom can help

    At Broadcom, we provide solutions capable of monitoring the status of services and detecting anomalies and potential failures before they occur. We identify the root cause and provide the relevant  information needed to restore availability as soon as possible. Details on our observability solutions can be found here.

    Regulations focused primarily on security objectives require not only monitoring but also the testing and validation of services. They also mandate the development of contingency plans and resilience testing, among other measures.

    At Broadcom, we are able to provide our customers with effective solutions to meet these requirements. Additionally, Broadcom's extensive range of security solutions deliver many of the controls required by the latest security regulations, making  us one of the best partners for compliance.

    Broadcom has published numerous articles detailing how we can assist in addressing regulations like DORA and NIS across various security disciplines to secure business services for our customers, and these publications are well worth reading.

    Broadcom has a long-standing history of serving financial institutions, banks, telecommunications companies, government agencies, and other providers of critical services. This extensive experience equips us with the products and expertise necessary to help our customers implement the controls and security measures mandated by these and other active safety and security regulations.

    Tag(s): AIOps , DX UIM

    Jordi Gascón

    Jordi Gascón is currently in charge of the EMEA team of Solution Engineers for Broadcom's IMS division. This team covers seven Value Streams: Identity & Access Management, Privileged Access Management, Enterprise Security, API Security, IT Operations Management, Application Development, and IT Services Management.

    Other posts you might be interested in

    Explore the Catalog
    icon
    Blog December 6, 2024

    Power Up Your Alarms! Enriched UIM Alarms for Added Intelligence

    Read More
    icon
    Blog November 4, 2024

    Unlocking the Power of UIMAPI: Automating Probe Configuration

    Read More
    icon
    Blog September 16, 2024

    Streamline Your Maintenance Modes: Automate DX UIM with UIMAPI

    Read More
    icon
    Blog August 28, 2024

    Monitoring the Monitor: Achieving High Availability in DX Unified Infrastructure Management

    Read More
    icon
    Blog August 23, 2024

    Elevate Your Database Performance: The Power of Custom Query Monitoring With DX UIM

    Read More
    icon
    Blog August 16, 2024

    Enhancing IT Monitoring with DX UIM 23.4 Cumulative Update 2

    Read More
    icon
    Blog July 26, 2024

    Objective Monitors in the Context of Active Directory (AD) Servers

    Read More
    icon
    Blog May 3, 2024

    Infrastructure Observability Can Help Navigate Cloud Repatriation

    Read More
    icon
    Blog April 16, 2024

    DX UIM 23.4: Improved Zero-Touch Monitoring, Updated MCS Architecture

    Read More