Tech stack uniformity has become a systemic vulnerability
In the past few years the cyber-security world has observed more threats that affect operations at a global scale, including the Log4J vulnerability of 2022, the MoveIt vulnerability of 2023, and the CrowdStrike update failure of this year. These kinds of bugs and zero-days are not new, but the scale of impact these kinds of events have on the industry is definitely new. Why does a single point of failure impact the entire global economy? The reason points to a systemic issue in the cyber environment: tech stack uniformity.
In many ways, tech stack uniformity is a way in which the technology sector is suffering from its own success. Much in the same way that a single strain of banana, favored for its taste, became grown everywhere, certain tech solutions, such as those provided by Windows, have become nearly universal. In both cases, a single flaw is capable of wiping out the entire strain. CrowdStrike, for instance, paralyzed a significant amount of the business world because so many people were relying on that single business for their cybersecurity needs.
How will the business world address the security risks of tech stack uniformity? Improving competition in the market would help, but in the short term, some effective solutions include having a fallback tech stack solution that an enterprise can utilize in emergency situations, and the practice of micro-segmentation, where different parts of the system make use of different technology stacks to ensure that something is always working. Organizations may be able to adopt hybrid systems, with redundant systems in an internal network and an external cloud, or employ multiple different cloud solutions. The important part is embracing a diversity of tech solutions in order to avoid dependency. Many organizations are now reviewing their options in this capacity, and hopefully we may be able to avoid future incidents as paralyzing as the CrowdStrike failure.
