As the world recovers from the largest IT outage in history, the risks of a single point of failure in IT infrastructure are evident
On Friday, a global IT outage brought about widespread disorder causing planes to be grounded as well as disruptions to government and hospital operations. In the midst of the chaos, an important query surfaced: how did a faulty Microsoft Windows upgrade cause widespread social unrest?.
The problem started with Austin, Texas-based cybersecurity company CrowdStrike, which is largely dependent on the global technology industry—including Microsoft—for its Falcon programme. Falcon secures access to numerous internal systems, updates its defences automatically, and thwarts viruses and cyberattacks. Because of this degree of connectivity, the computer is quickly impacted in the event that Falcon malfunctions. Microsoft systems and Windows PCs encountered a “blue screen of death” after an upgrade to Falcon on Thursday night, rendering them inoperable due to a recovery boot loop.
Cloud computing infrastructure in the US and Europe is dominated by Microsoft, a dominant player in the market. As a result, servers and several other systems were also affected in addition to PCs. A deluge of demands from consumers, gadgets, services, and enterprises set off a chain reaction of malfunctions in Microsoft products, especially Microsoft 365 and Azure Cloud. Azure malfunctions led to further, independent interruptions in 365 services, creating a large-scale disturbance.
This clarifies how CrowdStrike’s flawed update led to the greatest IT disruption in history, but it leaves out the reason why there appears to be a single point of failure in the world’s computational infrastructure. An executive from CrowdStrike questioned this as well.
According to Drew Bagley, vice president of CrowdStrike, “their IT stack might rely on a single provider for the operating system, cloud, productivity, email, chat, collaboration, video conferencing, browser, identity, generative AI, and increasingly security.” “This implies that the supply chain, the building inspector, and the building materials are all the same.”
The past two days’ events have been centred around this. The problem lies not just in the fact that many businesses rely on CrowdStrike, but also in the fact that massively dominant corporations such as Microsoft control most of the cloud infrastructure. These businesses restrict the variety of services and products that are available by enforcing exclusionary and anticompetitive tactics.
The Federal Trade Commission asked for public feedback on cloud computing business practices in June 2023. Leaders in this industry Microsoft and Amazon responded by saying that the competition was “thriving” and “highly dynamic and competitive.” Google, a lesser competitor, on the other hand, filed an 11-page dossier charging Microsoft with suppressing competition.
Google said in its lawsuit that “customers, especially current on-premises enterprise clients, are hindered by Microsoft’s complex network of licencing restrictions from selecting alternative cloud providers during migration and are ultimately trapped within its Azure ecosystem.”
Although Google is right to accuse, it itself engages in such behaviour. Due to strong technological barriers that discourage vendors from changing, essentially locking them in, these three businesses control two-thirds of the global market for cloud infrastructure services.
US Federal Trade Commission Chair Lina Khan tweeted, “Today, a single glitch can lead to a system-wide outage, impacting industries from healthcare and airlines to banks and auto dealers,” as the blue screen of death flashed at airports worldwide. As a result, millions of people as well as businesses suffer. These examples demonstrate how systems that are unstable can result from concentration.
Why does concentration, consolidation, and monopolization put us at risk? It’s not just about homogenizing a market, which exposes everyone to what should be isolated disruptions. Concentration grants the power to reshape markets. Monopolists can push firms out and alter the competitive landscape so that rivals don’t challenge established giants. A vendor ecosystem’s reliance on Microsoft might be justified as cost-saving, just as Microsoft’s dependency on companies like CrowdStrike can be framed as a cost-cutting measure.
The true cost is externalised; who really pays the price when these services break down? George Kurtz, the CEO of CrowdStrike, has lost hundreds of millions from his wealth, but the company will probably make a comeback. Although Microsoft and CrowdStrike have lost some customers and business, they will most likely win more in the coming months or years. This is a consistent trend that applies to all outages, not just this one.
Does this also apply to people who required government agencies, hospitals, airports, or emergency services but couldn’t get them? Is this also the case for the rest of society, which has become largely dependent on computation and digital technologies because these processes are managed by powerful corporations rather than by democratic political actors?
Similar breakdowns have happened before, but not much has changed—partially due to the IT sector’s adeptness at assigning blame elsewhere. Monopolists will act as they please if this keeps up, and everyone will pay the price.
