USAabout provides insights into the profitability of commercial propertise and offers up-tp-date stock market news for informed investment decesion.

Facebook-f Twitter Instagram
Market Analysis

What’s Next For CrowdStrike, Competitors, And CISOs

eqed5
eqed5
10 Min Read


Contents
Predicting What’s Next For CrowdStrikeCISOs: Proceed With Caution And Seek Advantages

With the July 19th incident that impacted CrowdStrike Falcon® customers globally, CrowdStrike has significantly damaged customer trust. CrowdStrike’s initial Post Incident Review outlines a number of reasonable steps they plan to take to regain that trust including:

  1. Improved testing protocols
  2. Staged deployments
  3. External QA of both its code and its end-to-end processes.

It will, however, take more than better QA and content update controls to recover.

Competency, consistency, and dependability are the three most important levers of trust for global B2B buyers. They are also the three most important trust levers for IT and Tech services B2B buyers.

Predicting What’s Next For CrowdStrike

CISOs are no stranger to being scapegoated after an incident, and there’s plenty of speculation about whether CrowdStrike will do the same to one of its top executives. CrowdStrike’s rapid growth and ascent shows it was doing something right. Forrester suggests that the vendor avoids taking the blame game approach and, instead, takes a more effective path forward like Zoom did with increased transparency and accountability. We anticipate the following for CrowdStrike:

  • Expect George Kurtz to spend “big tech CEO” amounts of time testifying. Government bodies of all sorts will want the CEO to explain exactly what happened, why it happened, and how CrowdStrike will avoid it in the future. This will serve as a distraction for the CEO, who has driven the company since its founding. This could also put the vendor’s relationship with CISA at risk. CrowdStrike’s miscues unfortunately put into a position to be made a very public example of, and governments will use the opportunity to appear tough on the vendor and concerned about cybersecurity.
  • CrowdStrike will name a “Quality Assurance Czar” that reports into its CEO. This will be a highly public move to demonstrate a newfound commitment to software quality and a boost in transparency for all updates, an area where CrowdStrike has been notoriously closed off. It will likely be an external hire to provide credibility. Additionally, CrowdStrike’s Trust Center will go beyond regulatory compliance certifications and statements to include attestations of QA practices and regular communication related to its QA improvements.
  • CrowdStrike’s innovation roadmap and M&A activity will decelerate. This setback will give competitors it left in its rearview mirror long ago – and those that have kept pace – time to catch up and get ahead. This is a tradeoff CrowdStrike has to accept, but it does have an example of what to do. It can look to the steps Zoom took when its product security flaws were discovered as an example of what good can look like. This will happen because CrowdStrike:
    • Must show its commitment to software quality
    • Has to vet every aspect of its testing procedures to avoid a second (or fifth, depending on how you count) event like this
    • May need to make major architectural changes to its products to increase its reliability
  • Microsoft will threaten to repeal its WHQL certification and access to ELAM. Unless CrowdStrike re-architects its sensor, Microsoft will frame this incident in terms of reliability, and the risk to Microsoft and its customers. Microsoft’s blog here lays out alternative approaches and is a well done, subtle, rebuke of CrowdStrike’s design decisions. Serious action and negotiation will take place between CrowdStrike and Microsoft in the coming months that could have major implications for its software moving forward.
  • CrowdStrike will rearchitect its approach in Falcon. This will happen for two reasons: in part to reassure customers an outage won’t happen again, and partly to comply with Microsoft’s demands. This is dangerous ground for CrowdStrike, because:
    • It signals an accidental admission of poor design decisions. If the vendor can rearchitect Falcon in a way that doesn’t reduce its efficacy, it will be an admission of poor – or reckless – design decisions.
    • Changes could reduce efficacy. Rearchitecting Falcon in a way that reduces its efficacy forces any security leader that selected the platform due to its performance to re-think their choices, since it no longer functions in the same way as when it was purchased.

CISOs: Proceed With Caution And Seek Advantages

We’ve published a significant amount of prior art on immediate and middle-term steps about what CISOs and technology teams should do about the outage and what caused it. That advice ranges from avoiding concentration risk with cybersecurity tools through rethinking resilience and recovery based on how BitLocker is implemented.  Here are a few predictions of what will happen next for CISOs:

  • Anticipate litigation, lots of it. There will, obviously, be litigation. Customers (like Delta Airlines), vendors, and insurers will sue to hold CrowdStrike accountable and get compensation. As the cases move on, security leaders should:
    • Avoid joining class action suits too quickly. Use the guidance of internal and external counsel to decide whether it’s appropriate to participate in CrowdStrike litigation.
    • Work with your broker, insure tech, or carrier. New, crisper definitions of business interruption, security incident, security failure, and system failure will stem from litigation between insurance carriers and CrowdStrike. Understand coverage grants within cyber insurance and business owner’s insurance policies during the renewal underwriting process.
  • Expect features that mollify “experts”, not practitioners. CrowdStrike said it is introducing more granular control of updates. This is not necessarily the best feature to use in practice, because ultimately it defeats the purpose of the tool – fast, accurate real-time protection. This is a solution to the outage, but it is not the best solution, and certainly not the one that balances security and reliability. Intense market pressure, however, will force CrowdStrike’s hand. This will:
    • Drive confusion and complexity for customers. It will also drain resources away from the product team keeping ahead of competitors.
    • Force security leaders to examine alternative solutions. If competitors catch up to – or surpass CrowdStrike – due to its inability to keep up with the market, CISOs will have to look for alternatives. Keep an eye on CrowdStrike and its competitors. Watch The Forrester Wave: Extended Detection and Response Platforms to see how the market changes.
  • Prepare for the inevitable questions about purchase decisions. Security leaders often have to justify their purchase decisions, and now they’ll have to explain why they want to go with or continue with the vendor known for causing a global outage. You can:
    • Use CrowdStrike’s QA plan to rebut critics. You can say something like, “If anyone’s focused on QA right now, it’s CrowdStrike.”
    • Determine if CrowdStrike is worth the risk to you and your organization. Watch for the topics mentioned in this blog to identify if it’s worth the risk and political capital to keep or bring CrowdStrike into your environment or pivot to a competitor.
    • Take advantage of discounts while blood is in the water. Some competitors took days –or hours – after the incident to ambulance chase. Others waited a week, but still came out looking just as bad. CISOs can expect even more egregious vendor messages at Black Hat and beyond. While some vendors botched the response, others will take this as an opportunity to move aggressively on discounting. This is an opportunity for CISOs to:
      • Use the competition to get better prices from vendors looking to take them away from CrowdStrike.
      • Ask for extraordinary discounts in the short and medium term if they are on CrowdStrike or migrating to them.
      • Sign longer-term agreements to lock-in advantageous pricing while it’s available. These deals will evaporate in the future and prices at renewal time will increase.

Forrester analysts are available to help you navigate this crisis and its longer-term repercussions. Forrester clients can request an inquiry or guidance session to discuss the CrowdStrike incident, the XDR market, and how you can move your security program forward.

You Might Also Like

Forrester’s 2024 Technology Strategy Impact Award Winners For EMEA

Key Takeaways From The Forrester Wave™

DRÄXLMAIER Group Wins The 15th Annual Enterprise Architecture Award In EMEA

What Is Top Of Mind For B2B CMOs In Asia-Pacific

The Modern Echoes of the EIC In The AI Age

Share this Article
Previous Article Case Study—Visualizing Value for Top General Merchandise Retailers
Next Article 2024 Could Be A Good Year For B2B Agencies
Leave a comment

Stay Connected

Latest News

Forrester’s 2024 Technology Strategy Impact Award Winners For EMEA
Market Analysis
Key Takeaways From The Forrester Wave™
Market Analysis
DRÄXLMAIER Group Wins The 15th Annual Enterprise Architecture Award In EMEA
Market Analysis
What Is Top Of Mind For B2B CMOs In Asia-Pacific
Market Analysis
Lost your password?