The CrowdStrike outage underscored two critical issues: the potential fallout from technology failures and the risks associated with excessive reliance on technology.
This incident serves as a stark reminder of the severe consequences that can arise from outages or other technology disruptions, particularly when they impact essential services like logistics, transportation, infrastructure, or healthcare facilities. For proptech companies, property owners, developers, and users of proptech solutions, this event is an opportunity to reassess and enhance their legal and operational protections.
A key takeaway from the CrowdStrike incident is the importance of conducting comprehensive due diligence and maintaining a detailed inventory of your ICT environment. It is crucial to understand which technologies are essential for your operations and customer interactions. This means identifying the technologies in use, their functions, the vendors providing them, and the specifics of contracts, including maintenance agreements and warranties. Regular stocktaking and thorough due diligence are also necessary.
– Evaluating the risks and potential disruptions that could arise from technology outages, such as whether a failure could trap someone in an elevator.
– Identifying alternative technologies or manual processes that can swiftly restore and maintain operations in the event of primary system failures.
These measures assist in identifying technology dependencies and vulnerabilities, which in turn allows for improved readiness for unexpected failures.
The CrowdStrike incident also underscored the critical need for robust business continuity and effective contingency plans. Regular “fire drills” should be performed to verify that backup strategies function correctly during technology disruptions. For those acquiring proptech solutions, it is prudent to include contractual clauses requiring vendors to maintain their own business continuity and contingency plans. Regular reviews and updates of these plans are essential to ensure their continued effectiveness.
Since the CrowdStrike outage was reportedly due to a configuration update that caused a logic error and system crash, it’s evident that thorough testing and validation of technology updates and new releases are crucial. Contracts should outline the terms for software updates and new releases, specifying the responsibilities for maintenance and updates, particularly when involving third-party vendors. Vendors must ensure that updates are extensively tested to prevent bugs or defects that could jeopardize the system or result in outages.
Additionally, contracts should incorporate performance accountability measures, such as clearly defined service levels, to drive performance and ensure timely responses to ICT incidents. Contracts should explicitly address liability and accountability for outages and technology failures. Customers and users of proptech and ICT solutions should assess the potential impacts of technology failures to mitigate risks and prevent negative outcomes.
Ultimately, property owners and developers who depend on technology should seek guidance from experts in technical, insurance, and legal fields. Given the serious implications of technology outages, it is essential to understand and mitigate potential risks.
The CrowdStrike incident, despite its unexpected nature, provides important lessons for proptech businesses and other technology-dependent industries. It highlights the necessity for thorough preparation, effective contingency planning, and strong contractual agreements to manage technology risks efficiently. As technology evolves and becomes more integrated into business operations, these lessons become increasingly pertinent.