The recent Crowdstrike – Falcon incident affected millions of Windows PC around the world. A content update triggered the Windows BSOD “Blue Screen Of Death” stopping tills, airport checking, internet banking, and more.
The causes are now known, and if you are still affected here are the solutions.
Still, this episode offers several valuable lessons. For example:
- One crucial takeaway is the importance of testing.
- Another best practice is to roll out patches and changes in a staged, phased manner. This approach limits the impact of issues that escape testing to a smaller user base.
Crowdstrike Falcon might have affected your PCs, and for that you might want to check the solutions linked above.
But if you are an e-commerce manager you can also draw a wider lesson from this whole episode.
Open Source vs SaaS
From an e-commerce perspective, it’s worth considering the implications of on-premise CMS security patches and updates versus SaaS solutions. For example, comparing Magento to Sho… SaaS solutions.
Control and Maintenance
Frequent Updates and Patching
A common argument for classic on-premise solutions is the necessity for constant and occasionally time-consuming updating and patching.
The latest Magento release at the time of writing illustrates this well. A scheduled update on June 11, 2024, was followed an immediate hotfix on June 18 and was followed by a proper security patch on June 28. Sure, the hotfix and patch were not related to the update – they were addressing an issue that was recently discovered. Yet, as an e-commerce manager, I will mainly thing that usually, after updating Magento, additional updates for its modules are also needed.
Developer Dependency
This frequent updating means relying on your web developers or agency to maintain the system. While this may seem burdensome, the Crowdstrike example demonstrates an advantage: you have control over your website updates and you can wait for other merchants to live test the updates. If you are an agency, you can update and patch just one client at the time, paying extra-extra-extraattention with the first one or two clients.
SaaS Convenience
Automatic Updates
One of the unique selling points of SaaS is that it alleviates this hassle. Updates are managed by the software provider and automatically pushed to all stores, requiring little to no maintenance from the merchant. They still happen, all the time. You still pay for them, with your subscription. But you don’t see them.
SaaS Vulnerabilities
However, transferring control of updates and patches to a third party means merchants can’t decide when to implement patches, relying instead on someone else for “in the wild” testing. This increases the likelihood of a Crowdstrike-like scenario.
No Solution is Perfect
This is not to say that SaaS solutions are inherently risky. They can be robust platforms with redundancies, managed by competent 24/7 teams capable of preventing and resolving incidents.
At the same time, on-premise CMS platforms that you manage yourself can face infrastructure issues affecting payment gateways, servers, or other components. Even a patch that works for 99% of merchants might fail for some.
Conclusion
Businesses must weigh the pros and cons of SaaS and on-premise CMS platforms, considering their specific needs for control, customization, and maintenance.
It’s also crucial to have access to e-commerce professionals and consultants who can offer sound advice, like us at Netsu. Check our services to see what we can do for you.
But remember, what seems like a downside (frequent CMS updates) can actually be an upside (you control when and how updates occur).