Could technological crises like the Spanish blackout continue to occur?
Vulnerabilities in IT systems and the ability to address them sooner with open source software are available, allowing independent specialists and global communities to review, test, and continually improve their functionality.
We have recently experienced crises around the world due to IT infrastructure, both for companies and governments. The most recent and most high-profile case was the blackout in Spain, where there was a widespread interruption of power supply across the Iberian Peninsula, mainland Portugal, and Andorra, as well as parts of southern France. This affected more than 50 million people, with severe disruptions to telecommunications and the transportation system. While this event did not generate catastrophic components, events resulting from the blackout claimed the lives of eight people.
IT infrastructure refers to the set of physical and virtual resources that enable an organization to operate and manage its information systems; it includes hardware, software, and service networks necessary for data processing, storage, and transmission. Proper management is crucial to the efficiency and success of any business in the digital age.
Given this situation, El Economista spoke with Luciano Alves, CEO of Zabbix LATAM, an IT infrastructure expert who works with the National Energy Control Center in Mexico. Listening to his opinion on events of this nature is a guide to understanding how to prepare ourselves, both as major users and as individuals.
—What's behind system outages like those at Microsoft or massive blackouts like those in Spain and Portugal at the technological level?
Events such as global system outages or large-scale blackouts are often the result of a failure in one of the three fundamental pillars of technology: tools, processes, and people. In highly digitalized environments, having robust technology is not enough. Processes must be clearly defined, aligned with business objectives, and people must be trained to operate the tools and respond to crises. When one of these pillars fails—whether due to an outdated tool, an ineffective process, or human error—the system can collapse. Not everything is necessarily a failure attributable solely to technology. The challenge lies in effectively orchestrating these three elements to ensure operational resilience.
—Is it possible to protect IT infrastructure to prevent vulnerabilities that affect millions of people? How?
Yes, it is entirely possible to protect IT infrastructure and prevent most operational issues, provided there is a solid culture of real-time data monitoring and analysis. Every technological system constantly generates signals—logs, performance metrics, failure alerts. The question is: are we prepared to interpret these signals and act in advance? With the right tools, such as observability platforms and intelligent monitoring, it is possible not only to react quickly to failures, but also to anticipate them. The key is to build a solid database on normal infrastructure behavior and detect deviations that indicate potential anomalies. This is the difference between being reactive and being proactive.
—Is the complexity of IT infrastructure part of the vulnerability problem?
The growing complexity of IT infrastructure is not in itself a problem, but a natural feature of today's digital environment. The increase in systems, integrations, and platforms responds to the demand for greater agility, customization, and innovation. The challenge arises when this complexity is not properly managed. Without a clear strategy, it can translate into risks. However, with strategic planning and skilled teams, this complexity can be transformed into a competitive advantage. The use of specialized consulting, modular solutions, and ongoing training are key practices for safely navigating this environment.
—What is the difference between open source and licensed systems in technological infrastructure?
The main difference between open source and licensed software lies in the business model, not necessarily in the quality or security of the technology. Open source software, when developed and maintained by reputable companies—as is the case with Zabbix—can be as secure as, or even more so than, proprietary solutions. Its great advantage is transparency: the code is available for anyone to audit, which multiplies the ability to identify flaws or vulnerabilities. Furthermore, the open source community is generally broader and more active, which drives constant improvements and rapid incident responses. Proprietary software, on the other hand, relies exclusively on the vendor's internal team. In both cases, what truly determines security is the seriousness of the company that develops, maintains, and supports the solution.
—Is IT infrastructure monitoring widespread enough?
IT infrastructure monitoring is a key pillar in crisis prevention. However, it's still common to find superficial implementations, focused only on basic indicators such as network availability or server status. The true value of monitoring lies in its ability to correlate data from multiple sources to generate insights into system behavior.
It's crucial to cross-reference infrastructure information with user experience indicators, for example. Only then can the real impact of a failure be understood and action be taken accurately. Although its importance is clear, the advanced use of monitoring is still not widespread enough, especially in organizations without a consolidated IT culture. It's common to see companies that don't make the most of their tools, whether due to an excess of platforms, misuse, lack of training, or services contracted on the "gray market," offered by companies with no ties to the manufacturers, which compromises operational security and reliability.
—Given that CENACE in Mexico uses Zabbix to monitor part of its IT infrastructure, is a massive blackout like the one in Spain possible in Mexico?
No tool, no matter how powerful, can prevent incidents on its own. CENACE's use of Zabbix is an excellent example of how monitoring can be integrated into critical processes. But its effectiveness depends on how it is configured, monitored, and used within the context of the processes and by the right people. The key is to address incidents from their root cause, not just their symptoms. If a critical event is not properly analyzed and corrected, it can recur or combine with other minor events and escalate into a major crisis. What can and should be done is to work preventively, mitigating risks as much as possible through good IT governance.
—With the advancement of AI, are IT infrastructures becoming more vulnerable, or can this technology help detect risks early?
Artificial intelligence is a powerful ally in IT infrastructure management. It augments human capabilities by analyzing large volumes of data quickly and accurately, identifying patterns and anomalies before they cause impact. With AI, tasks that previously required hours of manual analysis can be performed in seconds. However, it is essential that its use be aligned with well-defined processes and that there be human oversight. AI offers recommendations based on probabilities, but the final decision must rest with the operator. Properly implemented, AI does not make systems more vulnerable; on the contrary, it strengthens their resilience, improves decision-making, and accelerates crisis response.
Eleconomista
