The WannaCry ransomware situation involved 150 countries. Anyone who was affected is wondering one thing: Is there anything we could have done differently to avoid this? How could our IT department have been more proactive? Someone surely saw this coming and should have known what to do to avoid it.
But the truth is that, unless you actually wrote this program, there was little you could have done to prevent it.
But is that really the truth?
White-hat consultants (those hackers that are on the “good” side) would have potentially been able to identify your vulnerabilities, then would have paid a significant amount of money to perform repetitive penetration testing for your systems. Your white-hat consultants may have been able to pick up on the WannaCry problem before it hit, then your IT team would have been able to patch all your systems. And really, how many computers does your company actually have? It cannot be that big of a job. Right?
Wait…that means every single workstation and every single server. Plus, this needs to be executed over a weekend. Okay, maybe it IS that big of a job.
A second option is to have the responsibility placed on someone else, someone outside your organization…where it makes sense. This is where Microsoft and the Cloud come in. This is not about placing blame, it’s about assigning a crucial task to the right party. You’re in the business of taking care of your customers, you are not in the IT business. You should not expect your IT department to have the knowledge, technology, and the resources to protect you fully. You should, however, rely on people who are in the IT business that know how to prevent and manage breaches.
Organizations that are working in the cloud have already been exposed to a Wow-I-never-imagined-this benefit: patching SaaS (software-as-a-service like Office 365) along with PaaS (Platform-as-a-service like Dynamics 365) solutions are no longer their problem. With the SLA (service level agreement) from Microsoft, a promise is in place that solutions will be operational, with defined amounts of downtime and security. If a problem occurs, it’s Microsoft’s job to address it. In addition, when a ransomware or other attack happens, Microsoft provides a dedicated staff of technology professionals to ensure that patches are applied, most often before your general public even knows about the issue.
Now, what if you do not utilize Dynamics 365 or Office 365? What if you’re using an older version? Even if that’s the case, you are still hosting your solution in IaaS (Infrastructure-as-a-service), so this means host controllers within the data center are keeping an eye on potential issues for you. But this means you are not completely in the clear. You are running a VM (virtual machine), which means you have a Windows operating system, and Microsoft cannot manage this or monitor it on your behalf—or notify you when there is a problem. You require a strong, highly qualified partner that can operate your Cloud infrastructure within a Managed Cloud Service. Guarding your organization against cyber-attacks should be in the hands of the experts, leaving you to go about the business of serving your clients.
1. There will always be hackers, so you will eventually have to deal with a data threat and/or a breach. So to be prepared, trust the task to the experts.
2. Microsoft has invested, literally, billions into their own data centers. Microsoft will be there, fixing those problems that arise, quickly and efficiently—before they come to you. If, by chance, something does get past them, their thousands of customers are depending on them to get it fixed fast.
3. If you are a cloud IaaS customer, a strong, dedicated partner will deal with keeping everything current and will be watching out for hacks. They will have resources in place to “follow the sun” in order to protect you 24/7.
Companies across industries are taking advantage of the benefits of moving their IT to the Cloud:
If this attack has you concerned, get out of the IT business and move on over to the Cloud.