Can an IT product and service level outage be treated as a natural phenomenon, handled in a crisis mode and then be forgotten? Are service level agreements of no value or is decorative in nature, when something really big hits? Who is responsible when the backend associate / vendor might land you in a devastating business crisis? What are the damages and penal provisions and how often are they put into operation? I don’t think these critical issues are even discussed and are generally digested in the normal scheme of things in the IT world.
Undeniably, the customer suffers, but the IT behemoths are not bothered and more often than not they are able to get away with it. All of you remember the SolarWinds hack in 2019 and 2020. Who faced the music? The customers; the business, reputation, and variety of losses and risks. Given the way huge business operations stoppage is normalised as an outage, one would certainly believe that the world would have forgotten of last July’s Microsoft Outage by now. CrowdStrike was guilty but both Microsoft and CrowdStrike got scot free.
Delta Air Lines, one of the majorly impacted customers has caught CrowdStrike by its legal tail. It can pursue much of its lawsuit seeking to hold cyber security company Crowdstrike liable for the massive computer outage last July. This forced the carrier to cancel 7,000 flights. This was ruled by a Georgia stage judge. Delta can now try to prove CrowdStrike was grossly negligent in pushing a defective update of its Falcon software to customers. What was the impact? It led to the crashing of more than 8 million Microsoft Windows based computers worldwide.
Somebody has to pay for it and it can be none other than CrowdStrike. Delta pleaded that if CrowdStrike had tested the July update on even one computer before its deployment, the programming error would have been detected. Even its President had accepted that the company did something “horribly wrong.” Delta is also legally pursuing a computer trespass claim that CrowdStrike fraudulently promised not to introduce an “unauthorised back door” into the carrier’s computers. While Delta claimed that the outage cost $550 million in lost revenue and added expenses, CrowdStrike lawyer feels that the judge will find no merit in it or will limit the damages to the “single-digit millions of dollars” under Georgia law.
WHICHEVER WAY DELTA CASE WILL DECIDE A MAJOR LEGAL ISSUE OF FINANCIAL ACCOUNTABILITY OF IT PRODUCT / SERVICE PROVIDER.
Sanjay Sahay
Have a nice evening.