When we look back–in six months, 12 months, or even several years–at the global IT outage that severely disrupted major industries around the world, I don’t think that it will be hyperbole to say that July’s global outage is a watershed moment for IT. Just as the SolarWinds breach was security’s watershed moment, this will end up being IT’s. And, just like with security’s wake-up call, things will get better, we will build more resilient systems, and teams will think differently. We have to. The world is more reliant on technology and more interconnected than ever–there isn’t another option.
This note is not about casting blame or pushing products. It’s about realizing the depth of criticality and impact of IT and security in every organization around the world. CrowdStrike and Microsoft are excellent companies, run by amazingly talented people. The truth is that these events can and do happen. But July’s events are at a radically different scale. JumpCloud, too, has had its past issues and our customers and partners have been amazing supporters as we have worked to resolve and correct defects. When critical IT and security infrastructure and tooling hiccup, the effects are dramatic. It’s the responsibility we bear every day.
We will hear from pundits and analysts that it is too early to make changes or deviate strategies or not rely on key partners. That all may be true, but there is also another school of thought–never waste a crisis. This is absolutely the time to set the right (perhaps entirely new) course for an organization. CEOs and Senior Leadership Teams (and at this point, even global leaders and heads of state) are acutely aware of the impact IT has on their organizations. As IT professionals, we must revise our strategies around IT systems and update our playbooks–playbooks that will take our organizations to the next level, where these types of events will be painful, but not catastrophic.
In line with this proactive mindset, my co-founder Greg Keller and I spent the better part of the last few days in deep discussion with our teams on this topic. First, every team member at JumpCloud is dedicated to supporting our customers. We have been called by many customers and partners for assistance, and our answer is always yes. We are eager to help and see how our platform can aid in mitigations and recovery steps.
Second, there are immediate steps that organizations should take once they’ve fully brought all of their systems online.
1. Give IT and Security seats at the C-suite table. IT and security are two of the most critical teams in an organization. They need to be elevated to C-suite functions if they aren’t already. Now is the time to ensure that every organization is focused on digital experience, security, and reliability. No organization can run without those now. Elevate these roles to have a real seat at the decision-making table.
2. Question homogeneous infrastructure and being Microsoft/Google/AWS/[fill in a company name] “shops”. We have gotten so used to talking about our “allegiances” in this way. Many IT professionals align themselves with these “platforms” and that alignment becomes part of their identity. If this event doesn’t prove monocultures fail, nothing will. Each one of these large organizations should be opening up their platforms and inviting their customers to work with their competitors. If your vendors won’t do that for you, then you should either find a new vendor or work on creating internal mechanisms to make sure you have those options. We cannot afford to have governments fail, airlines grounded, hospitals shut down, and emergency services unresponsive.
3. Create redundancy through mixed-platform environments–now! Since the beginning of IT, our jobs have been to systematize, regiment, and automate services. We wanted everything the same because it was easier to manage and monitor. It was easier for us to hire people and easier for them to learn and excel. The day when it would eventually backfire was inevitable. With so much focus on having single platforms, single vendors, single OSs, etc. for all of the many good reasons, we just created the perfect storm for organizational collapse. Yes, no doubt, having a mixed-platform environment will initially cost more in IT outlays and people expenses. But the return over time – and the added resilience, uptime, and security – will cover those expenses.If you want to run a digital infrastructure now, a mixed-platform environment is about the only way to do it. M365 needs to have Google Workspace as a backup that can be turned on instantly. AWS will need GCP for a multi-cloud, redundant solution. Every group in the organization should have a mixture of device types. Data should be stored in multiple places. As soon as your organization is stable, this should be the top priority, or as we say in tech, P0, and nothing comes before it.
So where do businesses go from here? It all starts with senior leadership getting involved and understanding the risks of being dependent on homogeneous IT architectures. These leaders must come to realize that single points of failure in people, in process and, in this case, technology, can have a catastrophic impact when there is no redundancy baked into their plans. We have witnessed how severe the consequences are due to the reliance on single forms of technology, like an operating system, which in a matter of hours brought critical infrastructure, travel, and governments to their knees. Technology is not foolproof and these types of incidents can happen to any vendor. If we switch the perspective of this incident, however, from “accident” to “cyberattack”, will that be the appropriate wake-up call for leaders to rethink and adjust their plans? We cannot take that risk and wait for that to occur.
We welcome any feedback and would be more than happy to spend time discussing these steps with your senior leadership teams. Join the discussion on this thread in our community, or feel free to contact us directly. Take action now to future-proof your organization against the inevitable challenges of tomorrow.