The WannaCry ransomware incident had an impact on 150 countries. Anyone impacted was left with one gnawing question: Was there anything we could have done to avoid this? Could our IT department have done something differently? Was there someone who saw this coming and knew how to avoid it?
But really, unless you actually wrote the program, there was little you could have done.
But is that true?
You theoretically could have hired white-hat consultants (you know, those “good guy” hackers) who might have been able to recognize your vulnerabilities. You then could have paid a lot of money to have repetitive penetration testing completed on your systems. These consultants could possibly have been able to detect the WannaCry problem before it hit, then your own IT team could have begun a patch on all your systems. After all, how many computers does one company actually have? It certainly can’t be that hard.
But wait a minute…that’s every single workstation and every single server. Now let’s add to this…it needs to happen over the course of a weekend. Yes, IT IS that hard.
Option two is to have the responsibility placed onto someone else…where it makes more sense. Here’s where Microsoft and the Cloud come in. This is never about finding a place for the blame; it is about making sure you have assigned an important job to the correct party. You are, quite simply, in the business doing business…not IT. You should not be expecting your internal IT team to have the technology, know-how, or resources to protect your organization completely. You should rely on people whose job is IT in order to prevent and/or manage breaches.
Governments, agencies, and other organizations already in the cloud have discovered an unexpected benefit: with patching SaaS (software-as-a-service like Office 365) and PaaS (Platform-as-a-service like Dynamics 365, this is no longer their problem. With the SLA (service level agreement), Microsoft delivers an assurance that their solutions will be available and operational, with specifically defined downtime and security. If there is an issue, it’s Microsoft’s responsibility to handle it. Additionally, when ransomware or other attacks do occur, Microsoft provides a dedicated team of professionals and the necessary technology to ensure that patches are utilized, often prior to the general public becoming aware of the issue.
Now, what happens if you don’t have Dynamics 365 or Office 365? What occurs with an older version? Even if this is the case, you are hosting your organization’s solution in IaaS (Infrastructure-as-a-service), which means host controllers in the data center have the ability to keep an eye on situations for you. However, you’re not entirely in the clear. Since you are running a VM (virtual machine), this operates within a Windows operating system. Microsoft cannot manage or monitor that for you—or notify you if a problems occurs. This is why you need a strong, qualified partner with the ability to run your Cloud infrastructure within a Managed Cloud Service. In the hands of the experts, guarded against cyber-attacks, is where it should be so you can go about the business of running your organization.
- Though we cannot eliminate every hacker and we know we will eventually deal with a data threat or breach, we can be prepared if we trust the task to the experts.
- Microsoft has invested heavily into their data centers. You can count on the fact that they will be there, fixing problems quickly and efficiently. If an issue gets past them, they know that they have thousands of customers relying on them to get it fixed fast.
- If you are an IaaS customer in the cloud, a strong partner will assure that everything is up to date and they will be watching out for hacks. They should have all the resources necessary to “follow the sun” and protect your organization around the clock.
Organizations in both the private and public sectors are reaping the benefits of moving to the Cloud:
If your company is concerned because of this attack, get out of the IT business and move to the Cloud.