Contact Us

News and Insights

The Delta-CrowdStrike Incident: A Cautionary Tale of Shared Responsibility in IT Security

Phil Lees

Nowadays, businesses rely more than ever on complex IT infrastructures and the cybersecurity solutions and services that protect them. This reliance is coupled with an increasing demand for seamless operations, especially for critical services like those provided by healthcare providers, financial services, airlines etc. where infrasrtucture downtime can have a global impact.

The recent CrowdStike failure and the resulting dispute between Delta Air Lines and CrowdStrike has brought to the forefront the complex and often contentious issue of shared responsibility between vendors, their clients, and Managed Service Providers (MSPs).

The Delta-CrowdStrike Dispute: A Brief Overview 

In late July this year, Delta Air Lines was one of 1,000s of organisations affected by a catastrophic IT outage. Globally the impact was over $5bn, with Delta Air Lines alone having to cancel 5,000 flight leaving thousands of passengers were stranded or suffering delays. Their resulting financial hit is estimated at $500 million. The incident was tied to an integration failure involving CrowdStrike and Microsoft, which, according to Delta, was not adequately tested before deployment into their mission-critical environment.

Delta’s response to this incident has been to threaten legal action against CrowdStrike, accusing the cybersecurity firm of negligence and breach of contract. The airline contends that CrowdStrike’s insufficient testing and subsequent failure to prevent the outage were the direct causes of their operational and financial losses. 

CrowdStrike has, however, refuted these claims, maintaining that it fulfilled its contractual obligations and that the incident highlights the broader issue of unrealistic expectations placed on software vendors and, more specifically, cybersecurity vendors. As this case potentially heads towards the courtroom, it raises key questions about the responsibilities of vendors, their customers and MSPs in maintaining secure and reliable IT environments. 

The Role of MSPs: Supporting, Not Controlling 

Many organisations engage managed services providers to support their business operations. There can be many reasons for this, but broadly the most common relate to one the following:

  1. Scalability and flexibility: Access to additional skills and resources can help organisations as they grow and change.
  2. Reliability and security: Providing ongoing visibility into infrastructure improves resilience. 
  3. Cost control: MSPs can help organisations reduce and control costs 

Whilst some organisations still opt to outsource the entire responsibility of IT to MSPs, this is becoming rarer, as this model rarely delivers on the above goals. More typically MSPs work closely with their customers, each having responsibilities and areas of ownership. it is crucial to acknowledge the boundaries of responsibilities, particularly in areas where the client may wish to retain control and ownership of vendor products.

The Delta-CrowdStrike incident is a stark reminder that no MSP can effectively manage an unsupported, outdated, or otherwise compromised environment. For instance, if a client chooses not to patch critical systems, continues to use end-of-life (EoL) or end-of-support (EoS) hardware, or fails to invest in the necessary IT upgrades, the risks of system failures and security breaches increase exponentially. In such cases, the MSP's ability to ensure smooth operations and security is severely hampered by the apparent professional negligence of the end customer. 

Customer Responsibility: A Critical Component of IT Security 

In any IT service relationship, there is a shared responsibility model where both the provider and the customer play vital roles in maintaining system integrity and security. Where an MSP is engaged to provide expertise and tools to manage and secure the environment, the customer must meet its obligations by ensuring that systems are up-to-date, adequately supported, and configured according to best practices. 

This shared responsibility is particularly important when considering the rapidly evolving nature of cybersecurity threats. Vendors like CrowdStrike can only do so much to secure an environment if the underlying infrastructure is not properly maintained. The recent incident underscores this point: while Delta expected CrowdStrike to catch every potential issue during testing, the reality is that even the best cybersecurity solutions cannot compensate for inadequate customer-side IT management. 

The Importance of a Trusted Partnership 

At WhiteSpider, our relationship with our clients goes beyond a simple service contract. It is a trusted partnership, where we both understand the respective responsibilities and work collaboratively to identify and mitigate risks. This partnership requires open dialogue and a mutual understanding of where risks exist and who manages them. 

When outages or security incidents occur, it is not just about pointing fingers but assessing whether both parties have met their responsibilities. Did WhiteSpider provide the necessary support and guidance? Did the customer follow through on recommended actions, such as patching systems or upgrading outdated hardware? These questions must be answered to determine where accountability and ownership lie, but it's important to state that this isn’t blame; it’s a partnership. 

A Shared Responsibility Model 

The Delta-CrowdStrike incident may be the catalyst for developing a more formalised shared responsibility model. For example, our service contracts clarify each party's roles and responsibilities, helping to ensure that all stakeholders are aligned in their efforts to maintain secure and reliable IT environments. 

At WhiteSpider, we believe that minimising risk requires more than just deploying the latest cybersecurity tools. It requires a holistic approach that includes regular communication, mutual accountability, and a shared commitment to maintaining a robust IT infrastructure. By working together, MSPs, customers, and vendors can better protect against the complex and ever-evolving threats that characterise today's digital landscape. 

In conclusion, while MSPs play a critical role in supporting and securing customer infrastructure, the ultimate success of these efforts depends on the active participation of the customer. By recognising and embracing their responsibilities, customers can ensure that their IT environments are not only secure but also resilient in the face of unexpected challenges. The Delta-CrowdStrike incident serves as a powerful reminder that in the world of IT security, collaboration and shared responsibility are not just important—they are essential. 

Read more

Article
Building Networks Like Homes: Why Customisation is Key to Success
When it comes to designing and building a network for your business, we think of it like constructing a house.  Every house starts with a basic...
WhiteSpider managed the transition smoothly, allowing us to significantly save time, money and resources. Now we can really focus on making IT lead digital change in our organisation
Craig Reynolds
Polaris Community. Head of IT

Why WhiteSpider?

WhiteSpider is an advanced technology services company, specialising in the provision of consultancy, strategic advice, and practical support in enterprise service architectures. As experts in software-defined architectures, we help organisations across the world to standardise their IT and communications infrastructures as they transition to digital.

Articles
and Information

Article
Building Networks Like Homes: Why Customisation is Key to Success
When it comes to designing and building a network for your business, we think of it like constructing a house.  Every house starts with a basic...
Article
Outdoor Adventures: WhiteSpider’s Wellbeing Weekends
When was the last time you truly escaped the hustle and bustle of everyday life and immersed yourself in the beauty of the UK countryside?   At...
Article
Q&A with Leon Akkin – Level 4 Network Engineer Apprentice at WhiteSpider
After joining the WhiteSpider team earlier this year, Leon has been getting stuck into his role as a Level 4 Network Engineer Apprentice. With a mix of...
Article
The Delta-CrowdStrike Incident: A Cautionary Tale of Shared Responsibility in IT Security
Nowadays, businesses rely more than ever on complex IT infrastructures and the cybersecurity solutions and services that protect them. This reliance is...
Article
Unlocking Arista: Why are Enterprises Adopting Arista in the Data Centre in 2024
This new blog series 'Unlocking Arista' and the following accompanying blogs aim to dive into Arista's solution for Data Centre (DC) Networking...
Article
A Man Walks into the Pub: The Wi-Fi Experience
One of the biggest complaints IT leaders and teams will hear, and have to deal with, is poor user Wi-Fi experience; whether from internally by the team or...
Enquire