Global IT outages raise the question: who bears responsibility?

It took up to a week for most Microsoft Windows users to approach near-normal operations following the recent global IT outage, which was unprecedented in size and impact (see Global IT disruption highlights concentration, third-party risk). Having recovered from the two separate incidents (a failed security software update by CrowdStrike on Microsoft operating systems and a US availability zone (AZ) region failure by Microsoft Azure), businesses are now turning their attention to who bears responsibility — and what steps can be taken to reduce the likelihood of, and damage from, future outages.

Outages expose third-party dependency risks

Both outage events exposed the vulnerabilities and risks faced by operators and their customers, including an increasing dependency on third-party IT software and service providers. Third-party digital supply chains (that can include software suppliers, hosting companies, cloud companies and even colocation partners) consist of complex, opaque interdependencies, which can make it difficult to determine fault or accountability when something goes wrong.