Preparing for the Next Worldwide Tech Outage
CIOs can take steps now to reduce risks associated with today’s IT landscape
3 min
As tech leaders race to bring Windows systems back online after Friday’s software update by cybersecurity company CrowdStrike crashed around 8.5 million machines worldwide, experts share with CIO Journal their takeaways for preparing for the next major information technology outage.
Be familiar with how vendors develop, test and release their software
IT leaders should hold vendors deeply integrated within IT systems, such as CrowdStrike , to a “very high standard” of development, release quality and assurance, said Neil MacDonald , a Gartner vice president.
“Any security vendor has a responsibility to do extensive regression testing on all versions of Windows before an update is rolled out,” he said.
That involves asking existing vendors to explain how they write software, what testing they do and whether customers may choose how quickly to roll out an update.
“Incidents like this remind all of us in the CIO community of the importance of ensuring availability, reliability and security by prioritizing guardrails such as deployment and testing procedures and practices,” said Amy Farrow, chief information officer of IT automation and security company Infoblox.
Re-evaluate how your firm accepts software updates from ‘trusted’ vendors
While automatically accepting software updates has become the norm—and a recommended security practice—the CrowdStrike outage is a reminder to take a pause, some CIOs said.
“We still should be doing the full testing of packages and upgrades and new features,” said Paul Davis, a field chief information security officer at software development platform maker JFrog . undefined undefined Though it’s not feasible to test every update, especially for as many as hundreds of software vendors, Davis said he makes it a priority to test software patches according to their potential severity and size.
Automation, and maybe even artificial intelligence-based IT tools, can help.
“Humans are not very good at catching errors in thousands of lines of code,” said Jack Hidary, chief executive of AI and quantum company SandboxAQ. “We need AI trained to look for the interdependence of new software updates with the existing stack of software.”
Develop a disaster recovery plan
An incident rendering Windows computers unusable is similar to a natural disaster with systems knocked offline, said Gartner’s MacDonald. That’s why businesses should consider natural disaster recovery plans for maintaining the resiliency of their operations.
One way to do that is to set up a “clean room,” or an environment isolated from other systems, to use to bring critical systems back online, according to Chirag Mehta, a cybersecurity analyst at Constellation Research.
Businesses should also hold tabletop exercises to simulate risk scenarios, including IT outages and potential cyber threats, Mehta said.
Companies that back up data regularly were likely less impacted by the CrowdStrike outage, according to Victor Zyamzin, chief business officer of security company Qrator Labs. “Another suggestion for companies, and we’ve been saying that again and again for decades, is that you should have some backup procedure applied, running and regularly tested,” he said.
Review vendor and insurance contracts
For any vendor with a significant impact on company operations , MacDonald said companies can review their contracts and look for clauses indicating the vendors must provide reliable and stable software.
“That’s where you may have an advantage to say, if an update causes an outage, is there a clause in the contract that would cover that?” he said.
If it doesn’t, tech leaders can aim to negotiate a discount serving as a form of compensation at renewal time, MacDonald added.
The outage also highlights the importance of insurance in providing companies with bottom-line protection against cyber risks, said Peter Halprin, a partner with law firm Haynes Boone focused on cyber insurance.
This coverage can include protection against business income losses, such as those associated with an outage, whether caused by the insured company or a service provider, Halprin said.
Weigh the advantages and disadvantages of the various platforms
The CrowdStrike update affected only devices running Microsoft Windows-based systems , prompting fresh questions over whether enterprises should rely on Windows computers.
CrowdStrike runs on Windows devices through access to the kernel, the part of an operating system containing a computer’s core functions. That’s not the same for Apple ’s Mac operating system and Linux, which don’t allow the same level of access, said Mehta.
Some businesses have converted to Chromebooks , simple laptops developed by Alphabet -owned Google that run on the Chrome operating system . “Not all of them require deeper access to things,” Mehta said. “What are you doing on your laptop that actually requires Windows?”
Copyright 2020, Dow Jones & Company, Inc. All Rights Reserved Worldwide. LEARN MORE
A resurgence in high-end travel to Egypt is being driven by museum openings, private river journeys and renewed long-term investment along the Nile.
In the lead-up to the country’s biggest dog show, a third-generation handler prepares a gaggle of premier canines vying for the top prize.
Parts for iPhones to cost more owing to surging demand from AI companies.
4 min
Apple has dominated the electronics supply chain for years. No more.
Artificial-intelligence companies are writing huge checks for chips, memory, specialised glass fibre and more, and they have begun to out-duel Apple in the race to secure components.
Suppliers accustomed to catering to Apple’s every whim are gaining the leverage to demand that the iPhone maker pay more.
Apple’s normally generous profit margins will face pressure this year, analysts say, and consumers could eventually feel the hit.
Chief Executive Tim Cook mentioned the problem in a Thursday earnings call, saying Apple was seeing constraints in its chip supplies and that memory prices were increasing significantly.
Those comments appeared to weigh on Apple shares, which traded flat despite blowout iPhone sales and record company profit.
“Apple is getting squeezed for sure,” said Sravan Kundojjala, who analyses the industry for research firm SemiAnalysis.
AI chip leader Nvidia recently became the largest customer of Taiwan Semiconductor Manufacturing , or TSMC, Nvidia Chief Executive Jensen Huang said on a podcast.
Apple had been TSMC’s biggest customer by a wide margin for years. TSMC is the world’s leading manufacturer of advanced chips for AI servers, smartphones and other computing devices.
Spokesmen for Apple and TSMC declined to comment.
The big computers that handle AI tasks don’t look like the smartphones consumers own, but many companies supply components for both. In particular, memory chips are in short supply as companies such as OpenAI, Alphabet’s Google, Meta , Microsoft and others collectively spend hundreds of billions of dollars to build AI computing capacity.
“The rate of increase in the price of memory is unprecedented,” said Mike Howard , an analyst for research firm TechInsights.
That applies both to the flash memory chips that store photos and videos, called NAND, as well as the memory used to run apps quickly, called DRAM.
By the end of this year, the price of DRAM will quadruple from 2023 levels, and NAND will more than triple, estimates TechInsights.
Howard estimates that Apple could pay $57 more for the two types of memory that go into the base-model iPhone 18 due this fall compared with the base model iPhone 17 currently on sale. For a device that retails for $799, that would be a big hit to profit margins.
Apple’s purchasing power and expertise in designing advanced electronics long made it an unrivaled Goliath among the Asian companies that make most of the iPhone’s parts and assemble the device.
Apple spends billions of dollars a year on NAND, for instance, according to people familiar with the figures, likely making it the single biggest buyer globally. Suppliers flocked to win Apple’s business, hoping to leverage its know-how and prestige to attract other customers.
These days, however, “the companies now pushing the boundaries of human‑scale engineering are the ones like Nvidia,” said Ming-chi Kuo, an analyst with TF International Securities.
Demand for AI hardware is poised to keep growing rapidly. Apple’s spending growth is modest in comparison with what is being spent to fill up AI data centers, even though it is breaking records with huge sales of the iPhone 17.
Samsung Electronics and SK Hynix are raising the price of a type of DRAM chip for Apple, according to people familiar with Apple’s supply chain.
Big AI companies pay generously and are willing to lock in supply and make upfront payments, giving the South Korean chip makers leverage against the iPhone maker.
Apple signs long-term contracts for memory, but it has used its heft to squeeze suppliers.
Its contracts have empowered it to negotiate prices as often as weekly, and to even refuse to buy any memory from a supplier if Apple didn’t view the price as favorable, according to people familiar with its memory purchases.
To boost leverage with suppliers, Apple even began stocking more inventory of memory. That was atypical for Cook, who normally cuts inventory to the bone to maximize Apple’s cash flow.
Apple is fighting not only for current deliveries but also for the attention of engineers at suppliers.
Glass scientists who worked on developing the smoothest and lightest smartphone displays are now also spending time on specialised glass for packaging advanced AI processing chips, according to industry executives.
Makers of sensors and other gizmos inside the iPhone are winning new business from AI companies such as OpenAI that are developing their own hardware.
Still, suppliers said they were far from giving up on business with Apple. Working with Apple is a form of education, they said, because it remains one of the most demanding and disciplined customers in the industry.
TSMC, the Taiwanese chip manufacturer, has built successive generations of its most advanced chips with Apple as its lead customer, relying on the big predictable demand for iPhones.
Now that TSMC is doing more business with Nvidia and other AI companies, people with knowledge of the chip supply chain said Apple was exploring whether some lower-end processors could be made by someone other than TSMC.
One of Apple’s biggest profit-spinners is selling extra memory for far more than the memory chips cost the company.
Last fall Apple discontinued the iPhone Pro model with 128 gigabytes of storage.
Customers who want that model must now start at 256 gigabytes and pay $100 more—the type of move that could be repeated this year to help Apple offset higher costs, wrote Craig Moffett, an analyst at Moffett Nathanson, in an investor note.
However, Apple isn’t expected to raise the price of its next iPhone models over similarly equipped iPhone 17s, said Kuo, the analyst.
News Corp, owner of The Wall Street Journal, has a commercial agreement to supply news through Apple services.
A 30-metre masterpiece unveiled in Monaco brings Lamborghini’s supercar drama to the high seas, powered by 7,600 horsepower and unmistakable Italian design.
On October 2, acclaimed chef Dan Arnold will host an exclusive evening, unveiling a Michelin-inspired menu in a rare masterclass of food, storytelling and flavour.
