The CrowdStrike-Microsoft Outage Is Likely To Curtail Auto-Updates. That May Not Be A Good Thing.

If customers opt to forgo automatic security updates going forward to ensure greater testing, the ‘whole IT environment is exposed’ during that testing period, a CrowdStrike partner tells CRN.

The massively disruptive CrowdStrike-Microsoft outage will undoubtedly lead more customers to forgo automatic updates to reduce the chances of a similar event occurring again.

But this could create risks of its own, solution provider partners of CrowdStrike told CRN this week.

This is particularly the case when it comes to security-related updates, which vendors such as CrowdStrike deploy rapidly—and frequently—as part of protecting customers from cyberattacks. It was an update of exactly this type that crashed Windows systems worldwide on Friday, leading to widespread disruptions to air travel, health care and banking that continued into this week.

While more testing is certainly warranted after the catastrophe, that should be balanced with the need to proactively stay ahead of hackers, according to Kiran Bhujle, managing director at SVAM International, a CrowdStrike partner based in Great Neck, N.Y.

“During those few minutes or hours [of testing], my devices and my whole IT environment [are] exposed,” Bhujle said. Ultimately, “automated updates should be followed going forward.”

Bhujle makes this point with full awareness of the consequences of CrowdStrike’s widely felt updating snafu: SVAM had more than a dozen staff members involved in responding directly to customer sites to get their Windows devices fixed and operational again. Microsoft and CrowdStrike have said more than 8.5 million devices were hobbled worldwide by the defective update.

By Saturday morning, the vast majority of SVAM’s key customers were back up and running, Bhujle said.

Even with that experience, however, Bhujle said he recognizes that some form of automated updates will still be crucial in the future. He also questioned whether Microsoft’s Windows operating system should have been more resilient after CrowdStrike deployed its faulty update.

“Our operating systems shouldn’t be that weak,” Bhujle said. “How can one file being corrupt bring the whole operating system down?”

Microsoft declined to comment in response to questions from CRN.

More Control For Customers?

In a blog post Wednesday, CrowdStrike said a bug in its validation process for security configuration updates resulted in the widespread Windows outage.

The company also said it plans to provide customers with “greater control over the delivery” of such updates going forward.

It remains to be seen how customers will react—although it’s almost certain that more organizations will be opting out of automated updates that haven’t been thoroughly tested, solution provider executives told CRN.

“I think this event will [lead to] more scrutiny from customers on any kind of auto-update mechanism,” said Kin Mitra, president and CEO of Mission Critical Systems, a Fort Lauderdale, Fla.-based CrowdStrike partner.

At the same time, these will be tough decisions to make for customers that also are increasingly concerned about intensifying cyberthreats, Mitra noted.

CRN has reached out to CrowdStrike for comment.

There is also a concern over the perception of the outage as a software feature update, rather than the security-related update that it actually was, said Heath Renfrow, co-founder of Fenix24, a CrowdStrike partner based in Chattanooga, Tenn. As a result, automated updates for other types of software might also come under greater scrutiny going forward.

The bottom line, however, is that CrowdStrike was trying to protect customers against increasingly sophisticated hackers when it rolled out the fateful update to Falcon, Renfrow said.

Attackers are “always evolving,” he said. “CrowdStrike was trying to do the right thing.”