Tag: Service Level Agreements

CrowdStrike Outage Learnings – Contractual Implications and Enterprise Expectations | Blog

What are the consequences of the CrowdStrike outage, and how is it affecting licensing negotiations and other key enterprise concerns? Read on for an exploration of the evolving demands enterprises are making to protect themselves from similar future events, or get in touch if you’d like to speak to an analyst on this subject.

The CrowdStrike outage: What happened, and how it impacted the enterprises

In July 2024, a faulty update to CrowdStrike’s Falcon endpoint security software caused a global IT outage, impacting 8.5 million Windows devices with Blue Screen of Death (BSOD) errors and boot loops. Though less than 1% of Windows systems were affected, the disruption significantly impacted critical services, with Fortune 500 companies alone facing estimated losses of $5.4 billion.

Both CrowdStrike and Microsoft responded swiftly by rolling back the update and deploying teams for customer assistance. Microsoft engaged hundreds of engineers and worked with cloud providers such as AWS and Google Cloud to restore systems, while CrowdStrike provided immediate workarounds. This incident highlighted the inherent risks of software updates in interconnected environments and prompted many organizations to reassess their disaster recovery and incident response plans. The fallout has reinforced the need for more rigorous safeguards in managing system updates.

Picture1

How have enterprise expectations and demands changed post-outage?

The outage has shifted the dynamics in CrowdStrike’s enterprise relationships, with organizations now pressing for more stringent terms in their contracts. Affected businesses, especially those in critical sectors such as finance and healthcare, are demanding stronger guarantees and more transparent SLAs (Service-Level Agreements) from CrowdStrike and other security vendors. These demands include:

  1. Performance Guarantees and Penalty Clauses: Enterprises are increasingly requiring financial penalties for service disruptions. These clauses tie vendor compensation directly to the extent of operational impact caused by an outage, providing more robust protection for enterprises.
  2. Greater Transparency and Accountability: Enterprises are insisting on clearer reporting mechanisms, with requirements for vendors to provide detailed logs and real-time insights into their systems’ status. This push for transparency allows businesses to better assess potential vulnerabilities and ensure quick remediation when issues arise.
  3. Stronger Backup and Disaster Recovery Provisions: In response to the scale of the July outage, enterprises are seeking enhanced disaster recovery protocols. This includes ensuring that updates are thoroughly tested, and backout strategies are in place should something go wrong. Vendors may be required to offer more robust failover systems, ensuring minimal downtime in case of future issues.
  4. More Customization in Contract Terms: The one-size-fits-all approach to security services is no longer sufficient for many enterprises. Businesses are now demanding tailored SLAs, where service commitments and penalties are aligned with the specific needs of the company. For example, highly regulated industries such as healthcare and finance are negotiating stricter SLAs with faster response and/or resolution times, along with higher penalties for non-compliance.

Contractual implications and licensing pricing: The expected changes

The July outage will likely lead to significant revisions in CrowdStrike’s contractual terms, specifically regarding licensing costs and service guarantees.

  1. Price Reductions and Incentives: To retain clients, CrowdStrike has already offered discounts and incentives post-outage. This strategy, though temporarily cushioning the immediate impact, could lead to long-term pressures on its pricing structure. CrowdStrike is extending a Special Benefit Program, including complimentary add-on services such as an 18-month Diamond Support package at no additional cost, for select enterprises. These benefits, offered in collaboration with its technology partners, are designed to enhance enterprise retention and ensure continued customer satisfaction.
  2. Stricter Liability Clauses and Indemnification Terms: Another major aspect of the fallout involves liability clauses within the contracts. Post-outage, many enterprises are scrutinizing the “limitation of liability” clauses in their agreements, seeking revisions that better protect them from revenue loss, brand damage, and operational disruptions. Businesses want CrowdStrike to assume greater responsibility for any future outages, particularly those affecting mission-critical systems.
  3. Enhanced Service Level Agreements (SLAs): Enterprises are now seeking more robust SLAs that prioritize incident response along with uptime guarantees, as the July outage highlighted the need for more than just availability assurances. Enterprises are demanding SLAs with explicit performance metrics, faster incident resolution, and clear reporting of service health. To mitigate risks of future service disruptions, businesses are pushing for defined timelines for response and recovery, ensuring faster and more transparent action during critical service outages.

Near-future changes from CrowdStrike: Our predictions

  1. Enhanced Testing and Certification of Updates: To restore confidence, CrowdStrike will likely invest more in the testing and certification of its updates. Enterprises will want reassurance that any future patches are thoroughly vetted, particularly those rolled out to critical infrastructure sectors.
  2. Expansion of Cybersecurity Insurance Requirements: With the potential for future outages to trigger massive business interruption claims, companies may push for more comprehensive cyber insurance coverage as part of their vendor agreements. CrowdStrike could see an increase in the number of enterprises mandating cyber insurance coverage as a prerequisite for engagement.
  3. Proactive Enterprise Communication and Real-Time Monitoring: Expect to see CrowdStrike rolling out more proactive monitoring and communication tools, allowing enterprises to track real-time status updates during any future incidents. This will enable enterprises to better assess their risk in real-time and take necessary precautions.

Conclusion: A significant shift in the vendor-customer dynamic

The July 2024 outage at CrowdStrike has been a wake-up call for both the company and its enterprises. For CrowdStrike, it underscored the need to enhance its operational resilience and communication with customers. For enterprises, it reinforced the importance of robust contract terms that protect their business interests in the event of a service failure. While some clients might explore alternatives, most are not immediately leaving CrowdStrike. Instead, they are demanding stronger Service Level Agreements (SLAs) with a focus on faster incident response, improved communication, and transparent service health reporting.

As a result, we expect contract negotiations to become more stringent, with customers demanding greater transparency, stringent SLAs, and real financial compensation in the event of future disruptions. This will reshape the cybersecurity industry, with greater emphasis on vendor accountability and operational resilience.

For questions about the consequences of the CrowdStrike incident for your business, contact Varnit Tyagi or Prahadeesh S. For insights into other contractual and enterprise impacts to expect in 2025, join our webinar Mapping the Next: Key Priorities for 2025.

SLAs Constrain Improving Productivity | Blog

Three years ago, I wrote some blogs stating that Service Level Agreements (SLAs) are dead. Unfortunately for businesses, SLAs are still around – they’re like zombies. Companies realized for many years that SLAs don’t work. They are not just ineffective; they constrain companies from getting to their goals for services. But, like zombies, they did not die. Why? Because there was nothing better to use in governing service agreements. Until now. In this blog, I will explain what works better than SLAs, and why.

In digital service models, companies need to move to a new set of metrics. Metrics that focus on productivity. Metrics that focus on velocity. Fluid metrics that allow companies to adjust the target to a changing reality. Metrics that accurately affect pricing. Metrics that do not lock companies into old contractual vehicles that no longer work.

Read more in my blog on Forbes

Why Service Level Agreements are Dead | Sherpas in Blue Shirts

Service-level agreement (SLA) contracts can drive the wrong business outcomes. Some technology leaders want to move away from those SLA-driven contracts.

If you’re like many CIOs, the chances are your company compensates third-party IT service providers for something they didn’t do or pays them twice for something. Technology leader Nipa Chakravarti realized that’s what was happening at TransAlta (Canada’s largest publicly traded power generator and provider of renewable energy). I recently talked with Nipa, and she made an interesting comment: “I want to move away from SLA-driven contracts.”

As Nipa explained in a prior blog post, she successfully restructured TransAlta’s IT group to be more responsive to business needs, doing the things that the business users care about and doing them in a reasonable time frame and cost point. As detailed in that blog, she dramatically changed the value equation for IT at the company, making it much more cost-effective, achieving results much faster and at the same time delivering higher quality and more reliable work. That’s quite a formidable set of accomplishments. So it’s worth paying attention to her strategies for taking the organization to the next level.

Read more at CIO online.

How can we engage?

Please let us know how we can help you on your journey.

Contact Us

"*" indicates required fields

Please review our Privacy Notice and check the box below to consent to the use of Personal Data that you provide.
This field is for validation purposes and should be left unchanged.