Accelerating changes in the operating system and network security industry
Author | Huang Yu
Editor | Zhou Zhiyu
Microsoft's "Blue Screen" triggers a global "major crash", with nearly 8.5 million devices paralyzed, causing many global enterprises to shut down and flights to be grounded.
This cyberpunk scene occurred last Friday, becoming one of the largest crash events in IT history. The "culprit" behind it was quickly identified as the U.S. cybersecurity giant CrowdStrike, due to its erroneous content update pushed to Microsoft users worldwide.
The widespread "power outage" occurred because Microsoft Windows dominates the global desktop operating system market, and in the global endpoint protection software market, CrowdStrike is second only to Microsoft.
This IT disaster serves as a wake-up call for the development of human technology security: the operating system is the "foundation" of the entire IT industry, akin to water and electricity, and over-reliance on any company is dangerous.
Of course, breaking the global tech dependence on a few companies is not easy. This storm has exacerbated the situation, making more companies and countries realize how important it is to diversify and have independent control over operating systems and cybersecurity companies.
Such reflections have sparked a fire, and more operating systems and cybersecurity companies may seize a good opportunity to flourish.
Many competitors of Microsoft and CrowdStrike have already tasted the sweetness in their stock prices. In the A-share market, on July 22nd, cybersecurity concept stocks surged, with companies like National Technology, Renzixing, Guohua Network Security, Jida Zhengyuan, and Gersoft all hitting the limit up or rising by more than 10%; concepts such as Huawei Euler, Huawei Ascend, and Hongmeng also saw significant gains.
Crisis
Before this potentially historic IT failure, most ordinary people were probably unfamiliar with the U.S. company CrowdStrike.
In fact, this company is a genuine leader in U.S. cybersecurity, holding a significant share in the cybersecurity market, mainly serving enterprise users rather than individual PC users, which has led to its relatively low public awareness.
CrowdStrike has over 20,000 customers worldwide, including tech giants like Microsoft and Amazon. According to market research firm IDC, in the $12.6 billion global endpoint protection software market, CrowdStrike holds about 18% market share, second only to Microsoft's 25.8% market share.
According to CrowdStrike, on July 19th, they released a sensor configuration update to the Windows system, triggering a logic error that caused the affected systems to crash and display the blue screen.
For CrowdStrike, this was supposed to be a routine software update. Normally, such updates would quietly auto-update in the background without affecting users. However, due to a vulnerability in this update, it directly caused system crashes when running, ultimately leading to the global "major crash" Some IT industry insiders believe that as a security company, CrowdStrike's products should enhance system stability and security, rather than compromise it. This incident is likely to shake the confidence of some users and potential customers.
Due to the serious impact on the company, Tesla CEO Elon Musk stated that CrowdStrike has been removed from all systems.
In addition, risk, strategy, and human capital consulting firm Marsh & McLennan Cos Inc. (MMC) expects that over 75 clients may file network failure claims due to the global collapse of CrowdStrike.
Patrick Anderson, CEO of the American research firm Anderson Economic Group, estimates that the economic losses from this incident could exceed $1 billion.
CrowdStrike is bound to be affected. Despite its strong performance growth in the past, CrowdStrike's market value had more than doubled in the past year. However, due to this incident, its stock plummeted by 15% at the opening last Friday, ultimately closing down by 11.1%, marking the largest single-day drop in 2022 and evaporating approximately $9 billion in total market value to $74.215 billion.
As a company involved in the incident, Microsoft was also affected, with its stock price dropping nearly 2% at one point and ultimately closing down by 0.74%. In fact, this is not the first major outage for Microsoft. In January of this year, Microsoft's cloud experienced a global outage, affecting a range of services from Outlook to Teams. By May, Microsoft's Bing and Copilot services experienced a large-scale interruption lasting 24 hours.
Raymond, the Director of Operations for Tencent Security's iOA product, told Wall Street News that the recent Microsoft "blue screen" incident highlights the vulnerability risks of the global IT system, including the vulnerability of large organizations' high dependence on a single supplier, the vulnerability of the Windows system itself, and the vulnerability of network security product architecture.
Raymond pointed out that although the main cause of the blue screen was the CrowdStrike software kernel driver update, as the developer of the Windows operating system, Microsoft can provide a more robust Windows system protection mechanism. For example, in scenarios where the blue screen repeatedly occurs, it can automatically block the root module causing the blue screen, ensuring that the system can run normally and mitigate the impact of the failure.
The occurrence of the Microsoft "blue screen" incident serves as a warning that security is a critical issue in the digital age, and vulnerabilities in IT systems will inevitably be taken seriously, bringing about significant changes in related industries.
Outlook
When a fatal error occurs, humans tend to reflexively reflect on it. This incident undoubtedly exacerbates concerns about the high concentration risk in the operating system and network security industry.
Raymond, Director of Operations for Tencent Security's iOA product, told Wall Street News that the impact of the Microsoft "blue screen" incident is extensive and can serve as an opportunity to accelerate changes in the operating system and network security industry.
In the network security industry, only 15 companies globally hold over half of the market share of network security products and services. In the modern endpoint security field, which protects personal computers, laptops, and other devices, oligopoly is even more severe, with three companies controlling half of the market, among which Microsoft and CrowdStrike are the two largest companies In the most familiar desktop operating system for the public, Microsoft's Windows operating system has been dominant for many years. According to StatCounter data, by 2023, Windows' global desktop market share will exceed 70%, while other OS including macOS, Linux, etc., each have a market share of less than 10%.
The concentration of the market has undoubtedly had a negative impact on network security and fair competition. Diversification and self-controllability of operating systems and network security companies have long been imperative.
In Raymond's view, the global operating system software market will present a diversified development pattern. In the traditional terminal market, some enterprises will increase the share of MAC systems; meanwhile, open-source operating systems like Linux will become an important force in the market.
In recent years, China has been vigorously promoting the development of the information creation field, with the security of operating systems and domestic alternatives being one of the key focuses.
In May of this year, the results of a new round of national testing were officially released. Compared to the first round, there was an increase in server operating system products, with major players like Huawei Cloud, Alibaba Cloud, Tencent Cloud, as well as Qilin Security, and Ningsi entering the market. The kernel versions of desktop operating systems have all been upgraded, mainly including Qilin, Tongxin, and Fande three desktop operating systems.
China has achieved certain results in the localization of desktop and server-side OS. This year, Huawei also announced the launch of "pure-blood Hongmeng" on the mobile side, and Hongmeng OS for IoT and desktop is expected to accelerate.
In addition to the diversified development of operating systems, Raymond also believes that this event will accelerate enterprises' move to the cloud. Cloud providers typically offer self-developed network security software that is more compatible with cloud services, balancing performance and efficiency, and providing more comprehensive security mechanisms and responsibility allocation.
According to IDC's forecast, by 2025, the number of globally connected IoT devices will reach 51.9 billion, with China accounting for 8.5 billion. The proportion of enterprise remote work may exceed 97%, and 88% of enterprises may cooperate with more than two cloud service providers simultaneously.
Shen Meng, Executive Director of Hansong Capital, also believes that this event shows that even top system service providers may cause major information system security failures due to negligence, indicating that there is still significant room for development in related industries.
The cybersecurity sector has always been surrounded by fierce competition. On July 14th, there were reports that Google's parent company Alphabet is in talks to acquire Israeli startup Wiz for $230 billion. This would be the largest cybersecurity company acquisition in history and Alphabet's largest acquisition to date.
In addition, analysts at Debon Securities pointed out that with frequent global cloud security incidents and the promotion of China's information creation policies, a batch of cybersecurity companies with core competitive products are expected to emerge.
Raymond stated that after this event, the stability of security products (continuous stable working time, system resource utilization, whether it affects other software) and system coverage (deep support for Windows, Mac, Linux, information creation, and other operating systems and server versions) will become important parameters for enterprises when making purchases "Expected purchasing companies will require network security vendors to provide product architecture frameworks to explain stability and strong compatibility principles. Taking Tencent's iOA as an example, the product mechanism has placed the implementation logic as much as possible in the system application layer to avoid the system risks brought by complex logic and frequent updates at the kernel level," Raymond revealed.
Under the catalysis of AI, the global digitalization is accelerating rapidly. In the era of interconnected everything, network security must always be placed in the most important position, as any small error can be infinitely magnified, leading to irreparable losses.
The Microsoft "blue screen" incident has thrown a bomb into the industry that has always been monopolized by a few giants, and a new landscape is quietly brewing