September 6, 2024
CrowdStrike: Are Regulations Failing to Ensure Continuity of Essential Services?
Written by: Jordi Gascón
Key Takeaways
|
|
Total security is Utopia
In recent years, regulations have been enacted that intend to ensure the continuity of essential services and mitigate security and availability risks. These regulations include the Digital Operational Resilience Act (DORA) and Network and Information Systems Regulations (NIS Regulations). In light of the recent incident involving CrowdStrike's Falcon system, it is legitimate to ask whether these regulations are truly effective. The chaos generated at airports and in payment systems could lead us to think that these regulations are failing. While it is true that the company acted in good faith, with full transparency, and did everything in its power to quickly repair the problems caused, the damage was enormous.
The first thing we must understand is that there is no such thing as absolute security. This is something that those of us who have been involved in cybersecurity for many years are keenly aware of. It is impossible to protect anything 100%. Even the planet Earth can be destroyed by a meteorite, although the probability is remote. On average, every 10,000 years, there is a chance that asteroids larger than 100 meters can hit the Earth and cause local disasters or generate waves that flood coastal areas. NASA also estimates that every "several hundred thousand years," an asteroid larger than one kilometer could strike the Earth.
The philosophy of regulations
Beyond looking at each article and paragraph of the regulations enacted, we need to understand that, in general, the purpose of these regulations is to minimize, to the greatest extent possible, the probability that a security incident will lead to the total or partial disruption of essential services or, if a disruption does occur, to ensure that the service is restored as quickly as possible. So, it is clear that yes, these regulations are not only useful but also absolutely necessary, even if we do not avoid 100% of potential incidents. Just imagine for a moment if they did not exist. How many serious incidents would occur then? It is true that there are many responsible companies committed to providing the best service to their customers. They implement controls and solutions with this objective in mind. But what about the rest?
Interconnection of IT services
One of DORA’s key areas of focus is on the evaluation of services provided by third parties, which is inherently what the CrowdStrike-related service outages were about. In an increasingly interconnected and interdependent IT world, this concept is especially relevant for regulatory purposes. These regulations make clear that, even if we outsource certain services, we still have the responsibility to control and monitor them.
How Broadcom can help
At Broadcom, we provide solutions capable of monitoring the status of services and detecting anomalies and potential failures before they occur. We identify the root cause and provide the relevant information needed to restore availability as soon as possible. Details on our observability solutions can be found here.
Regulations focused primarily on security objectives require not only monitoring but also the testing and validation of services. They also mandate the development of contingency plans and resilience testing, among other measures.
At Broadcom, we are able to provide our customers with effective solutions to meet these requirements. Additionally, Broadcom's extensive range of security solutions deliver many of the controls required by the latest security regulations, making us one of the best partners for compliance.
Broadcom has published numerous articles detailing how we can assist in addressing regulations like DORA and NIS across various security disciplines to secure business services for our customers, and these publications are well worth reading.
Broadcom has a long-standing history of serving financial institutions, banks, telecommunications companies, government agencies, and other providers of critical services. This extensive experience equips us with the products and expertise necessary to help our customers implement the controls and security measures mandated by these and other active safety and security regulations.
Jordi Gascón
Jordi Gascón is currently in charge of the EMEA team of Solution Engineers for Broadcom's IMS division. This team covers seven Value Streams: Identity & Access Management, Privileged Access Management, Enterprise Security, API Security, IT Operations Management, Application Development, and IT Services Management.
Other posts you might be interested in
Explore the Catalog
September 16, 2024
Streamline Your Maintenance Modes: Automate DX UIM with UIMAPI
Read More
August 28, 2024
Monitoring the Monitor: Achieving High Availability in DX Unified Infrastructure Management
Read More
August 23, 2024
Elevate Your Database Performance: The Power of Custom Query Monitoring With DX UIM
Read More
August 16, 2024
Enhancing IT Monitoring with DX UIM 23.4 Cumulative Update 2
Read More
July 26, 2024
Objective Monitors in the Context of Active Directory (AD) Servers
Read More
May 3, 2024
Infrastructure Observability Can Help Navigate Cloud Repatriation
Read More
April 16, 2024
DX UIM 23.4: Improved Zero-Touch Monitoring, Updated MCS Architecture
Read More
January 11, 2024
Upgrade to DX UIM 23.4 During Broadcom Support’s Designated Weekend Upgrade Program
Read More
January 9, 2024