Vendor woes: How a perfect storm marred CrowdStrike’s reputation

Author

Kiruthika RAMANATHAN, Singapore Management UniversityFollow
Rafael J. Barros, Singapore Management UniversityFollow
Thomas LIM, Singapore Management UniversityFollow

Publication Type

Case

Publication Date

4-2025

Abstract

On July 19, 2024, CrowdStrike, a major endpoint detection and response (EDR) software provider, released a 40 KB configuration update for its Falcon Sensor program on Windows systems worldwide. This update contained a critical flaw that caused an out-of-bounds memory read error, resulting in system crashes across approximately 8.5 million Windows machines globally. The incident affected over 500 Fortune 1,000 companies and nearly 300 Fortune 500 firms, which incurred estimated losses of US$5.4 billion. The case examines how a seemingly minor configuration update led to a catastrophic global information technology (IT) outage, as a result of grave failures in service design and transition processes. Students are asked to put themselves in the shoes of the Director of Technical Support at CrowdStrike. They will need to apply Information Technology Infrastructure Library (ITIL) principles of Service Design and Service Transition, with a secondary focus on Service Operations to evaluate the Service Transition processes at CrowdStrike and suggest improvements to the processes.

This case is intended for use in an undergraduate enterprise solutions management course. Students should be able to achieve the following learning objectives: identify design flaws in critical software systems, evaluate Service Transition processes, analyse how Service Design decisions impact Service Operation outcomes, develop risk mitigation strategies for software update processes, and create effective design and transition frameworks for mission-critical systems.

Keyword(s)

Process management, disaster response and recovery, service management, risk management, cybersecurity, quality control

Discipline

Databases and Information Systems | Management Information Systems

Area of Excellence

Digital transformation

Research Areas

Information Systems and Management

Data Source

Published Sources

Industry

Cybersecurity Industry

Geographic Coverage

United States

Temporal Coverage

2024

Education Level

Executive Education; Postgraduate; Undergraduate

Publisher

Singapore Management University

Case ID

SMU-25-0001

Comments

For purchase of the case and supplementary materials via The CMP Shop, please access the following link:

• The Case (SMU-25-0001)

The links to purchase the case and supplementary materials on The Case Centre and Harvard Business Publishing is available via The CMP Shop.

SMU Faculty/Staff can download the case and supplementary materials on iNet with your SMU login ID and Password via The CMP Shop

Additional URL

https://cmp-shop.smu.edu.sg/products/vendor-woes-how-a-perfect-storm-marred-crowdstrike-s-reputation?variant=42706405523498