Could You Have Avoided WannaCry with the Cloud?
The WannaCry ransomware attack has affected 150 countries. In the wake of this most recent cyber-attack, many are left wondering one thing: What could we have done to avoid this? Or at a minimum: What could our IT department have done to reduce our exposure from this attack? Surely, there must be someone out there who knew this was coming and how to avoid it.
The honest answer is, unless you were one of the people who wrote the program (or arguably are part of the NSA, which may or may not have known about the security hole), there is not a lot you could have done.
Or is there?
Sure – you could hire a set of ace white-hat consultants (hackers on the side of good) who could have told you about your vulnerabilities (if they even knew) and paid a small fortune in repetitive penetration testing on your own systems. Perhaps they would have identified this ahead of time, and you could have had your crack-team of IT professionals patch every single system in your entire network. I mean, how many total computers does your company actually have, after all? It can’t be that many.
But wait. That’s…Every. Single. Workstation. And. Server. (Oh yeah, and it needs to be done over the weekend.)
Or perhaps you could have offloaded this task onto someone else…someone who was in a much better position. Enter Microsoft, and welcome to the Cloud. What I am advocating for here is not finger-pointing, but placing responsibility where it belongs. You’re likely not in the IT business, so why are you relying on your internal IT team to protect you against outside threats?
Companies that have been living in the cloud for the last few years have experienced this I-never-thought-about-that benefit: Patching these SaaS (software-as-a-service like Office 365) and PaaS (Platform-as-a-service like Dynamics 365) solutions are NOT THEIR PROBLEM. Microsoft provides these software products with a SLA guarantee. That means Microsoft promises your solutions will be operational, with prescribed/defined downtime and defined security guarantees. If it leaks or creaks, it’s their problem. What it also means is that when something like a ransomware attack happens, Microsoft has fleets of professionals and technology that ensure their patches are applied before even the general public knows about them.
Now, I know what you are thinking: I don’t have Dynamics 365 or Office 365; I’m on an old version (Why is that, by the way?). If that’s the case, you might be hosting your solution in IaaS (Infrastructure-as-a-service). You’re still in good shape because the host controllers in the data center have your back. However, you’re not out of the woods completely. That is a VM (virtual machine) you’re running. It has a Windows operating system, and Microsoft isn’t managing that operating system for you. They aren’t monitoring it for you. And they certainly aren’t going to let you know that you have a problem because they cannot. You need a strong partner running your Cloud infrastructure as a Managed Cloud Service. Then, once again, it’s not your problem.
Here’s the point…
1. We cannot completely eradicate hackers. They want to play and wreak havoc on all of us. Unless you have a PhD in Computer Science and can foretell the future, you will at some point deal with breaches or threats. It’s best to be fully prepared, and the best way to do that is to put it into the hands of the experts. You are not in the IT business; managing operating systems is not core for you, so don’t put yourself into that position.
2. Microsoft has invested billions in their data centers. They are going to be on top of fixing any problem that comes their way ahead of you. And if something does slip past, they have thousands of customers screaming – not just you! Fix it for one, fix it for all.
3. If you took the leap to the Cloud as an IaaS customer, a strong partner will work the weekends for you, recognize when a hack is coming (or has already happened), and fix it. They should have the resources to “follow the sun” to protect your investment and your assets. And they can only do that in the Cloud unless they drink Red Bull like its water.
Organizations in even the most regulated, conservative industries—like financial services—are taking advantage of these benefits:
So, if this latest attack has you concerned for your business and your customers, get out of the IT business and move to the Cloud. Talk to the Cloud experts at AKA Enterprise Solutions. We can help you make and execute a plan to make a smooth transition, so you can avoid all this nightmare and sleep better at night.