It’s not like the world needed a wake-up call about the fragile nature of global infrastructure, but the recent Microsoft/CrowdStrike incident served as a salient reminder that IT services may have become dependent upon too small a number of monoculture technologies.
The “blue screen of death” offered up by a flawed update to the Falcon Sensor security software is reported to have brought down 15% of the world’s IT infrastructure in one fell swoop. Operations were disrupted worldwide, with outages experienced across critical industries such as financial services, healthcare, and transport. The financial impact was enormous, with Fortune 500 companies said to be facing losses of more than $5 billion.
Obviously, this emphasises the importance of quality assurance when it comes to patching and the release of code updates, but it also highlights the problem with monoculture systems. A single point of weakness within a pervasive system has the demonstrable potential to wreak havoc. This is a strong argument for greater diversity within global infrastructure, and less reliance on a shortlist of two or three vendors. Greater competition within the industry will lead to less conformation and more innovation.
Senetas’ perspective
As a global leader in cybersecurity, we often get asked by the media to comment on industry stories. Following a spate of recent enquiries, we thought you might like some insight into our view.
Our high-speed encryption (HSE) solutions are used to enable the secure transport of data across network infrastructure. HSE products do not involve end-user devices, they are autonomous and not tied to Microsoft products (or any other operating system).
Our customer base is comprised of “security first” organisations; like government departments, defence agencies and cloud service providers. Multiple redundancy and robust disaster recovery processes are just part of strict cybersecurity governance.
The Microsoft/CrowdStrike software update is not something specifically relevant to our network security solutions. CrowdStrike is an end-point security solution used by Microsoft and the “blue screen of death” appears to have been the result of a faulty code update.
Code updates are part and parcel of any cybersecurity solution. While they are designed to ensure long-term protection in an evolving threat landscape, change always involves an element of risk. However, the nature of our HSE solutions is such that they do not require frequent patching. Any code changes are typically tied to new feature releases only, and subject to incredibly rigorous QA. When we do release updates, we adopt a 3-phase process:
- Our HSE products hold multiple, independent cybersecurity certifications (FIPS 140-2 Level 3, Common Criteria EAL4+, NATO and ANSSI), so every code change must go through the same exhaustive testing to maintain its “suitable for government and defence” certification.
- Before and after certification of any new product software release, we run closed environment testing to ensure optimum security and performance.
- When the new code is rolled out, a code signing and checksum process is used for validation.
Continuous innovation
Innovation has always been a driving force behind the evolution of our HSE solutions portfolio. For 25 years we have been delivering industry firsts – check out our History of Innovation for details.
Our commitment to security without compromise has been with us from the beginning, and continues to shape the next generation of cybersecurity solutions. From the latest CypherNET encryption products to SureDrop (our encrypted filesharing platform), and Votiro (zero-trust malware protection); Senetas solutions protect sensitive data from the boardroom to the battlefield.
