The Importance of Reducing Government Dependence on Major Tech Firms: Lessons From Microsoft’s Recent Downtimes

• Nightmares like Crowdstrike happen because of an unhealthy tech monoculture.
• This kind of outage is going to keep happening.
• Governments should use—and invest in—open-source software.

Oopsy daisy.

Shekai / Unsplash

Microsoft might not have been directly to blame forthe CrowdStrike outage , but it shows how much of the world relies on Windows and Microsoft’s infrastructure—and how dangerous that can be.

The tech world tends towards consolidation, with buyers and users settling on one or a few main options. YouTube for video, Amazon for shopping, Google for search, and so on. In those cases, the effective monopoly makes it easy to find what you’re looking for—it’s all in one place—but in the case of infrastructure, this kind of centralization is a liability, as we saw in the recent Crowdstrike outage, where one botched software updatecrashed millions of infrastructure-essential computers across the world. Shouldn’t companies—and governments—use more reliable, less centralized software?

“It is significantly easier to manage, monitor, and operate an organization that uses a standardized set of tools,” cybersecurity expert and white-hat hackerAndrew Plato told Lifewire via email. “Standardization is a key component in not only efficiency but also in security. Uniform, consistent environments are easier to secure since it becomes easier to identify things that are out of place.”

Disclaimer: This post includes affiliate links

If you click on a link and make a purchase, I may receive a commission at no extra cost to you.

Monoculture

Security is boring, and not just for you and me. A large company is no more inclined to spend time and money on security than anyone else, which is why we keep hearing aboutmassive privacy breaches at companies whose business is to look after user data. Security is often just a checkbox on some compliance form, and so we end up with these companies buying the most obvious off-the-shelf solution so that they can check this box.

The result of these two factors—consolidation and compliance—is that many businesses run on Microsoft, and many of those use security products like Crowdstrike. Standardization makes things easier.

This is how I feel every time I have to use Windows.

Joshua Hoehne / Unsplash

But as with any monoculture, when disaster strikes, it strikes hard. A single disease can wipe out crops and entire species, like the Irish potato famine or the phylloxera grape blight. We got a taste of that with the Crowdstrike debacle, where a bad line of code in an automatic software update prevented Windows computers from even booting.

The fix was a straightforward update but one that had to be applied by hand, which meant sending technicians out to fix millions of machines. And if those machines also used Microsoft’s BitLocker drive encryption, the technicians would also need the passcodes for every computer.

We saw the results: everything from ad displays stuck on the Blue Screen of Death (good) to airlines all but closing down because their computers were offline (very bad).

“The Windows endpoint environment has reached the point of unmanageable complexity,”Jason Mafera , field CTO at cybersecurity and secure endpoint OS companyIGEL Technology , told Lifewire via email. “A steady stream of updates and layering of security features has created a web of complexity that is difficult to manage or fix and therefore promotes risk.”

Now, imagine a similar outage, only it shuts down the water plant, puts hospitals offline, or some other nightmare scenario.

Open Source

For these exact reasons, governments should not rely on proprietary software that is outside of their control. Instead, they should look to another model: open-source, aka “free” software. Open source means that the source code, the part that humans write before a computer crunches it into executable software, is open for anyone to read, use, and modify.

Open.

Viktor Forgacs / Unsplash

Most commercial software already includes open-source elements. The Webkit browser engine that powers Safari, for example, is open source, as is the Android operating system, which is itself based on Linux.

But the reason governments—and frankly, any company that relies on software that is critical to its infrastructure—should move to open source is that they can vet the code and modify it for their own purposes.

Governments should keep funding free software. In anopen letter published on Thursday , the founders of Mastodon called for exactly this. Specifically, they ask the European Commission not to shut down its Next Generation Internet (NGI) program, which funds many open-source projects.

Meanwhile,Switzerland now requires that the Swiss government release its own software as open source. This means that anyone can build on that software, but more importantly, in this case, independent security researchers can dig into it and find problems before they cause Crowdstrike-like disasters.

The fix is simple: Stop using proprietary and monolithic software and switch to open source. The problem is that this takes effort. Governments can justify this effort because their goals line up with those of open-source software. But big corporations are happy to just throw money at a vendor like Microsoft or CrowdStrike so they can check a box on a compliance sheet. After all, it’s not like an executive is going to get fired for buying Windows.

The 6 Best Linux Apps for Chromebooks in 2024

Was this page helpful?

Thanks for letting us know!

Get the Latest Tech News Delivered Every Day

Subscribe

Tell us why!

Other Not enough details Hard to understand

Submit

Also read: