In today's fast-paced technological world, the priority for any business is to ensure that its daily operations run smoothly and securely. One of the key essential practices in achieving that is having strong change management with integrated, automated testing in continuous integration, development, and testing (CI/CD/CT) processes.
Per a statement from the CEO of CrowdStrike, customers were “impacted by a defect found in a single content update for Windows hosts.” Critical software updates and security patches coming from third-party vendors are necessary to combat the ever-changing IT network and threat landscape. However, this incident highlights the importance of averting situations like the patch update from CrowdStrike, which literally wreaked worldwide IT havoc across major industries.
This incident highlights the importance of averting situations like the patch update from CrowdStrike, which literally wreaked worldwide IT havoc across major industries.
Continuous testing is the process of executing automated tests as part of the software delivery pipeline in order to obtain immediate feedback on the risks associated with a software update or version release. Embedding continuous testing in the CI/CD pipeline is important for a number of reasons:
Early Issue Detection: Continuous testing enables early issue detection even before they make their way into production. The CrowdStrike outage was not a malicious act but a preventable error; these types of issues can come from third-party suppliers or IT engineer misconfiguration or policy changes. Proactive testing as an integral part of the CI/CD/CT or change management process, reduces the possible risks of failed updates, similar to what occurred with the CrowdStrike patch.
Stability and Security: Testing continuously guarantees that any updates or changes will not adversely affect the stability, performance, or security of the IT systems. It enables organizations to demonstrate how they are maintaining or improving their security postures and network performance over time and manage drifts in comparison to the baseline KPIs.
Efficiency and Speed: Automated testing and testbed/lab management reduces the time to test new software releases and network upgrades. Enabling organizations to keep pace with the rate of change, manage compliance requirements, and avoid costly penalties and overhead due to security breaches and business continuity impacts.
Patch Update Issue Prevention
The CrowdStrike patch update issue is a prime example of the need for robust change management and constant testing via CI/CD/CT processes. With this, businesses can lessen risk or prevent the same through:
Comprehensive Testing: Patches should be rigorously tested before deployment to ensure that there are no potential issues to be fixed. As an example, with Spirent Velocity, vendors can quickly spin up various OSes that a patch may be designed for and validate its quality and impact. It also highlights the importance of organizations having their own testing and validation processes to manage their supply chain risks.
Controlled Deployment: The changes are to be deployed under sufficient control to ensure that the changes are authorized and intentional.
Continuous Monitoring and Feedback: Active testing enables organizations to monitor the IT networks continuously with feedback to resolve issues in the post-implementation phase as early as possible without having to wait for customers and users to be impacted.
In conclusion, with robust and appropriate implementations of automated testing with CI/CD/CT processes, such update issues can be reduced or avoided. This will help business operators ensure stability, security, and performance so updates improve systems, not break them.
At Spirent, we are committed to helping customers understand how improvements in testing practices with solutions and services allow them to sail through the complexities of modern network development and deployments smoothly and with confidence.
To learn more about continuous testing the CI/CD/CT process, read the white paper The Criticality of Continuous Test for CI/CD Success.