@th3j35t3r
Serious question: Given this latest disaster from CrowdStrike and previous ones from SolarWinds and other such security providers, why are so many companies continuing to rely on them? I can appreciate the scope of managing a huge number of systems, but when one breach, poisoned update, or just plain bad patch takes down a huge chunk of national or international infrastructure, when will these orgs finally look to other solutions? #cososec
Risk transfer. Nothing to do with security - you can manage the risk yourself or you can offload it to someone else. In that sense, the Crowdstrikes of the world let you do that. And it's easier to sell to the C-Suite than Bucky the IT Guy.
@Cosmichomicide I think what Crowdstrike and similar really offer to their clients isn't freedom from outages, it is the freedom to say it wasn't their fault.
@voltronic @th3j35t3r
@AskTheDevil @voltronic @th3j35t3r
Reputational risk has a dollar value in most corporations. 🤷
@AskTheDevil @voltronic @th3j35t3r
Average cost of airline delay is $110/minute/plane.
Damned skippy that is coming out of someone's money, and it's not going to be the airlines nor the airports.
@AskTheDevil @voltronic @th3j35t3r
Not in this case - there are all sorts of penalties and fees associated with transit systems and delays built into the contracts. Crowdstrike's insurers are deeply deeply unhappy - and hopefully they are not self insured.
@AskTheDevil @voltronic @th3j35t3r
No argument here, just shining light on the chain.
@AskTheDevil @voltronic @th3j35t3r
Most amusing thing is that they took down the verticals most likely to be able to cost the loss by the minute and write it into contracts.
@Cosmichomicide @voltronic @th3j35t3r
And then the insurers will pass the expenses down to others.
There are _no_ ways that a company does a big fuckup like that where the rest of us don't end up paying the costs and enduring the consequences.
They are _always_ passed on to the public.