You all have heard the old joke, told in numerous permutations, starting with the simple task of screwing in a lightbulb. If you’ve been following business and government news over the weekend, you probably heard about the security breach at SolarWinds, an IT company that services clients from Government Agencies to Fortune 500 companies. I want to talk today about how these two things, an absurd generalization turned into a joke, and a serious security threat to the stability of our society.
Let’s first get some preliminaries and disclosure out of the way. SolarWinds is a Managed Services Provider for IT products and services. I also work for an MSP company, and have worked in the Technology sector for over a decade. That said, the connections stop there. Vermont Panurgy does not function in the same ways as SolarWinds, does not service the same types of clients, does not offer the same types of services.
That all said, with the background that I have, I am in a good position to provide a bit of perspective, so I wanted to write this article to point out a commonly misunderstood aspect of the particular product that was compromised, why it is potentially dangerous and what you, as a business owner with valuable and irreplaceable IP, can do about it.
According to news reports and filings by SolarWinds, the specific product that was compromised was something called The Orion Platform. I did some cursory research on this product and it claims to solve a lot of headaches by giving you one single point for all of a company’s IT-related needs. It bundles together several of SolarWinds’ proprietary products into a “single pane of glass,” dangling a tempting carrot of simplicity and streamlined efficiency. Hard to resist, especially for the less-than-technically-minded of us.
How many times have you had trouble with some piece of technology in your office, only to have various Help Desks pass the buck between each other, always saying it was the other company’s fault? How many times have you called one help desk only to be told that you need to call a different one? Who makes what, and how easy are they to get ahold of? What is my warranty on this product, and what does that entitle me to? The headaches of having to deal with multiple IT companies is entirely understandable, but is the right solution to just find some giant that claims to do it all and put all your eggs in their basket?
The problem with bundled, proprietary services is that if there is only one point of access for you, there need be only one point of access for a hacker to get in and crash the party. Decentralizing, especially when it comes to cloud-based and networked IT solutions, helps you be confident that if one company gets hacked, maybe one of your systems will go down but it won’t bring down the whole house. Switching from a complex VOIP phone network back to calling each other on cell phones for a few days is much less catastrophic than your phones, your financial systems, your production lines, everything going down at once.
At Vermont Panurgy, we do our due diligence in researching and carefully considering all the factors that go into making a decision on which provider to choose for a particular service. The services we recommend are all highly commended in their field, and they all come from companies that specialize in the particular area that they service. Need good network security? We’ve got recommendations. Need good Wi-Fi access points? We’ve got recommendations. Need a cloud-based backup system? We’ve got you. And no, they’re not all the same company!
If you are a business owner or manager and this recent SolarWinds hack has got you reconsidering whether or not an MSP is really a good idea, keep in mind that there are a wide variety of MSP types out there, we are not one-size-fits-all! And if you are now concerned about companies that will try and steer you to their own sub-par in-house solutions instead of making honest recommendations about what is best for your business’s success, then give us a call!