What is the comprehensive root cause of the CrowdStrike incident outage that we must thoroughly analyse?

The last global incident, often called the “largest outage in history”, has brought to light some significant questions about IT vendors' responsibility, resilience, and software quality. While the technical details of the incident are well known, the technical root cause is essential primarily for the CrowdStrike and IT departments.

There is another question about this issue that is deeper and more important from my point of view.

Who is responsible for the company's operations, IT vendors or company management?

Suppose the company production update directly by a third-party approach is inside the board risk appetite. That decision must be translated to policies, requirements, and solutions and appropriately governed.

How many impacted companies have up-to-date and relevant management policies and recovery solutions for incidents involving software like CrowdStrike? Implementing a simple and automated test, such as a restart of the test computer, could prevent production enrolment and outage.

CrowdStrike made a significant error, which is their fault, but that fact does not resolve the issue and reduce the risks of future incidents or malicious impacts.

The World is at the beginning of a much more complex technology disruption for AI integration into operation processes. Corporate and governance policies, architecture, designs and contractual relations with vendors and third parties must be ready and intelligent for that change.