The Colour of Chaos is Blue

Large swathes of the global IT landscape broke down on Friday 19th July when a faulty update from cybersecurity firm CrowdStrike triggered a widespread outage. This unprecedented event sent shockwaves through businesses and governments worldwide, disrupting critical services and operations, impacting everything from healthcare to transportation and finance.

The incident serves as a stark reminder of the vulnerabilities inherent in complex IT infrastructures, especially in organisations that have built on existing systems over many years. As the public sector increasingly relies on technology to deliver essential services, ensuring system resilience and business continuity has never been more critical.

The CrowdStrike Incident

A “logic error” caused by a faulty update from cybersecurity firm CrowdStrike that was intended to enhance threat detection on Windows devices, inadvertently caused widespread system crashes that impacted millions of computers around the world. Flights were grounded, people couldn’t withdraw cash, card payments went down and worst of all, NHS, GP and cancer-treatment appointments were cancelled, dealing another blow to our already beleaguered health service.

Furthermore, the National Cyber Security Centre has observed an increase in phishing attacks referencing the outage, with opportunistic malicious actors seeking to take advantage of organisations troubled by the incident. Their guidance on multi-layer mitigations is helpful, but can only do so much for users working within the vulnerable confines of Office 365. In contrast, Google Workspace uses market-leading machine learning to eliminate over 99.9% of phishing attempts before ever hitting an inbox.

Although many machines are now back online and CrowdStrike has offered a $10 gift card to companies that lost an estimated $15 billion in the chaos, organisations that don’t hear the wakeup call should expect another Blue Screen of Death (BSOD) in the future.

The Need for Resilience

The incident underscored the critical importance of IT resilience in today's interconnected world, but it wasn’t an isolated event. Business continuity and disaster recovery plans are essential for organisations to withstand such disruptions, but are increasingly more costly as more services move towards online delivery.

The cost for local authorities, both financially and in terms of lost confidence from citizens who rely on service availability cannot be understated, therefore the ability to maintain operations in the face of unexpected challenges is paramount and failure to invest reveals vulnerabilities to further outages and disruptions.

The Limitations of Traditional Operating Systems

Traditional operating systems, such as Windows, have complex architectures that can be susceptible to system-wide failures. These systems often rely heavily on software updates and patches from a whole suite of third party companies that can and have introduced new issues. The interconnectedness of components within these operating systems means that a single point of failure can have far-reaching consequences as we have experienced.

ChromeOS as a Solution

ChromeOS offers a compelling alternative to traditional operating systems. Its cloud-based architecture leverages the same benefits that Google enjoys to deliver its own services including Search, Gmail and YouTube, in addition to built-in on-device resilience and security features such as Verified Boot that checks the operating system against a known safe version before booting up, promises access to technology and services when you need it. By shifting core functionalities to the cloud, ChromeOS reduces the risk of system-wide failures caused by local hardware or software issues.

Moreover, ChromeOS is renowned for its frequent, automatic updates for up to 10 years that happen in the background to eliminate disruptive maintenance, which not only introduce new features that improve user and admin experience, but continue to bolster security. This proactive approach to device security helps protect users and data from emerging threats and ensures optimal performance over the lifetime of the device.

Was there any impact on ChromeOS devices?

No, CrowdStrike's implementation on ChromeOS was not impacted by the recent update that reportedly caused the BSOD. In fact, it’s not even possible to cause disruption, as CrowdStrike's solution on ChromeOS is agentless so no software is installed locally. This design, combined with inherent security measures that restrict third-party access to low-level system functions, reinforces ChromeOS’ robust defence against disruptions and ensures that devices remain unaffected by vulnerabilities that plague other operating systems.

Funding Support for Local Authorities & NHS Trusts

There are lessons to be learned from this recent incident, least of which should be a review of the technologies in use throughout the estate, an evaluation of the ongoing costs of maintaining legacy systems and the potential for leveraging new solutions that promote current best practices without increasing expenditure and workloads for already strained departments.

For any organisation interested in resolving existing IT issues and reducing exposure to future events such as the recent CrowdStrike fiasco or data loss and ransomware attacks that have impacted the NHS on several occasions over recent years, there is support available. Google’s #1 Premier Partner in the UK & Ireland and distributor for Tier 1 IT vendors, Getech, in partnership with ChromeOS, has secured funding for UK Local Authorities and NHS Trusts to undertake a managed Proof of Concept to identify use cases within your environment that can be better served and managed using ChromeOS.

Contact our team of Google specialists today on 01473 240470 or email team@getechenterprise.com.