McDonald’s Global Outage: Configurations and Third-Party Risk
A technology outage at the golden arches serves as a reminder of the growing complexity of the supply chain.
If you wanted to order a Big Mac on March 15, you might have been out of luck. McDonald’s experienced a global technology outage, which it attributed to “a third-party provider during a configuration change,” according to an update from Brian Rice, its EVP and global CIO.
McDonald’s did not share the exact nature of that configuration change, but the widespread impact it had reflects how third-party changes can cascade on increasingly complex technical infrastructures.
What lessons can enterprise leaders take from the McDonald’s outage as they consider the growing complexity of their tech stacks?
Configuration Confusion
Configuration changes are a normal part of the day-to-day of improving a technical infrastructure’s functionality and performance. With so many moving parts and different parties involved, a seemingly minor issue can have a widespread impact.
“Something as simple as a typo in the address of a database server -- even if corrected immediately -- could trigger a cascade of failures that spread through the network,” Jaushin Lee, PhD, founder, president, and CEO of zero-trust solutions company Zentera Systems, explains in an email interview.
Who is making what changes and when isn’t always clear. Tracking down an error and fixing it can be akin to working your way through a maze. “For McDonald's, it's very likely that a lot of the information about the actual incident was not available in a timely fashion from the multiple of third parties that are part of the entire service offering,” Jim Routh, chief trust officer at Saviynt, a cloud identity and governance company, tells InformationWeek.
Whatever the configuration change was, it led to widespread issues at McDonald’s locations. Some restaurants couldn’t take orders or process payments; some attempted to work around the issue by writing orders down and taking cash, BleepingComputer reports.
On March 16, McDonald’s shared in its update that its restaurants around the world were back in action. But even hours of downtime have an obvious impact on revenue. “But that’s just direct losses -- damage to the brand and other factors could make such an outage even more painful,” says Lee.
Tech Stack Visibility
A third party inadvertently causing this widespread of an outage is a stark example of third-party risk. Technical supply chains are growing more complex, not less. “There'll be more enterprises that will have similar kinds of outages, unfortunately,” Routh says.