Monoculture is the practice of planting only one variety of crop.

The term can also apply to other fields than agriculture; computer science being one of them.

"In computer science, a monoculture is a community of computers that all run identical software.

All the computer systems in the community thus have the same vulnerabilities, and, like

agricultural monocultures, are subject to catastrophic failure in the event of a successful attack.^[1]"

^{-Monoculture (computer science), Wikipedia}

In the case of the Potato Famine, in the 19th century a variety of factors led to over three million Irish people being completely dependent on the potato as their source of food, and of that single crop, the vast majority of the potatoes grown were of one single variety, the Irish Lumper.  The Lumper was very susceptible to a disease called blight, when it appeared, it spread like wildfire, destroying the crops again and again - contributing to a famine resulting in roughly a million deaths, political upheaval, and mass migration.

What does that have to do with computers?

As we have seen, with so many large global corporations using the same software (in this case, CrowdStrike and Windows) when a "blight" affected that software, it took EVERYTHING down. Millions of computers, airlines, hospitals, government offices, media, retail - all sorts of organizations around the world, hobbled, some for days. The sheer scale of it was astounding.

 Please don't think I am saying a computer glitch causing mostly delays and irritation compares to the devastation wrought by the Great Hunger. I am in no way minimizing the horrors of those years and the continuing impact they continue to have on Ireland and the descendants of those that fled.

I speak of it as one of the starkest examples of the effects of monoculture that one can imagine, but it is hardly the only one.   Consider the fate of the Gros Michel, the "standard" banana in the US until it was wiped out by Fusarium wilt in the 1950's. Or monoculture in industry - such as cities whose entire economy is based in a single company or industry - then that industry fails.  Think Detroit, or Pittsburgh.

Clearly, monoculture can be a dangerous situation whether in agriculture or computers or industry or media or forestry or or or...

So why do people continue creating monocultures?

Efficiency.  Optimization.  Economics of Scale.

In farming, planting a single crop allows you to use more mechanization. It is more efficient to plant, manage, and harvest, and larger bulk quantities of seed can be purchased at lower cost.  When all goes well, the farmer gets a larger, more profitable harvest.

It is much the same in computing.  Some companies become industry standards. Large companies trust and want to work with brands that other large companies work with. Fleets of computers and software are cheaper and more efficient to purchase in bulk, and managing them is more efficiently done en masse and remotely by a single offsite team.

On the surface, there's nothing wrong with that. It's good business management.  For a single farmer or corporation, problems like soil depletion or a software outage can be prepared for and managed around. 

The real problems arise when everyone is doing the same thing.

When everyone in several counties is planting the same corn, or when almost every large airline uses the same software.

When the one problem becomes everyone's problem, it becomes exponentially harder to deal with.

In the case of the CrowdStrike outage, remediation was hampered by the fact that the fix could not be performed en masse, by an offsite team.  Affected computers had to be rebooted in safe mode, in person, one by one.  There's simply no way to do that efficiently, to millions of workstations around the world, at the same time.

So how do we do this better?

Variety.  Unlike the 19th century Irish, we have the ability to choose something different.

Some monocultures are not easy to get away from for business applications - like Windows and the 365 apps.

But your cybersecurity doesn't have to be cookie-cutter.

Different cybersecurity companies prefer to use different products in their "stacks" (the portfolio of hardware and software solutions that we offer to our customers). While there is probably some overlap, I can guarantee you that Soteria doesn't use exactly the same stack as our competitor down the street, or the multinational company with an office downtown.

When outages happen - and they will - customers of different IT companies might not all be affected. 

As a society we have a tendency to want to put all our eggs in one basket, no matter how many times it proves disastrous.  It's not always in your best interest to work with the biggest, best known company. Especially if everyone else in your field or local area uses them. Try something different.

If you have concerns about your stack, or the impact that a monocultural system can have on your business;

give us a call, let's talk it over.

image credit: "Skibbereen" by James Mahony, 1847. The Illustrated London News, Public domain, via Wikimedia Commons