Realities of Ransomware Recovery
I wanted to start this month's conversation by welcoming Phillipa Winter to the OCTO team as our Chief Technologist for Health and Social care. Looking forward to leveraging her knowledge as a former NHS CIO and Clinician to ensure our capabilities are in lockstep with the needs of our NHS.
I had the pleasure of presenting at the VMUG UserCon in Birmingham on the topic of Ransomware. Rather than a big tech presentation (we did touch on how VMware Live Recovery can help) I thought it would be great to have an open discussion on some of the more operations and process areas that can get forgotten or not understood.
Having lived through several recovery incidents alongside customers, I think it can be hard to conceptualise the pressure and stress it can place on your internal teams. One customer expressed it as feeling like you are running around the data centre with your hair on fire! I thought it would interesting to see how Adobe Firefly would depict this as an AI-generated image… I think this does capture the feeling of most who have lived through a ransomware event :)
At UserCon I talked about 12 topics during the session, with some great experience being openly shared between all the organisations in the room.
While I don’t want to run through them all in detail here, I thought a couple could be interesting to explore and as always happy to discuss the rest offline, just drop me a line.
Minimum Viable Company (MVC)
When building your recovery plans consider the concept of a minimal viable company, what applications, data and systems do you need to restore critical functions? Then consider how that will change depending on when the attack happens, month end v mid-month could change the minimum viable application set, same for time of year or quarter. Ensuring this is clearly documented and understood as part of your recovery plan could significantly shorten recovery times and minimise the impact on revenue and or reputation.
How Do I Put You Out Of Business?
When thinking about our recovery plans, data protection strategies and internal processes one concept I put to the room was, "How would I put you out of business in 24 hours or less"? If you look at your own organisation through this lens you might uncover critical systems, processes, technologies, or people that would not normally have been considered from a technical protection perspective. This is the lens threat actors will be using and will have an outside viewpoint that could spot a weakness that you have not considered, this 'failure to imagine' is often the lesson learnt post-incident.
Don’t Think | Do
When the worst does happen, that is not the time to make decisions and come up with plans, your teams will be stressed, tired and in some level of panic mode. Any decisions made will likely be the wrong ones with the potential to either make things worse or at least extend recovery times. Please plan, prepare, and rehearse all aspects of your recovery processes before, include all departments, include your external support structures like incident response or forensic teams. Also don’t forget the mundane stuff like communication plans, liaisons with regulators, cyber insurance companies and your customers. Make it so you don’t have to think, and you can just Do!
Customer Conversations
Broadcom?
In the world of infrastructure and cloud, the big news over the last few weeks is for sure Broadcom completing its acquisition of VMware, for a mere $60+ Billion!
One worry I had leading up to the deadline was how quickly we would get a clear statement from Hock Tan on the future direction of the VMware portfolio. This was cleared up very quickly and that is great news for customers who can now make clear strategic decisions on future technology adoption.? Our conversations with customers over the last few weeks have, as you would expect, been wildly varied. From those looking to move away from VMware as quickly as possible to those doubling down on the technology strategy, they have been following for many years.
The announcement to separate the EUC and Carbon Black businesses was not a great surprise and something many quarters of the industry had suspected since the initial acquisition announcement in 2022. Speaking to the new EUC leadership team at Explore in Barcelona, there is a lot of positivity about the future R&D and innovation now they are not linked to the core VMware portfolio. Control of their own destiny was the view. I think it could be an exciting future for the WorkspaceONE and Horizon portfolio.
The simplification of the core portfolio into VMware Cloud Foundation and VMware vSphere Foundation (plus some addons) should make everyone's lives easier, as the previous 15,000 SKUs did make it hard work to get to the right offer and in the end, deliver outcomes not worrying about licencing. On the topic of 'how much will it cost' I think we have a double-edged sword that is going to take some time to understand on a customer-by-customer basis. On one hand, we have seen a significant reduction in the cost of VMware Cloud Foundation but on the other, the rapid move to a subscription model will not be positive for all. We must remember that this product and licencing trajectory was a VMware initiative and not specific to Broadcom, would it have happened so fast without the acquisition? Maybe not.
Helping customers make the right choices and not emotional ones based on rumour or FUD is our focus for the first half of next year.
More details on the portfolio changes can be found here:
2023 - The year of AI?
The conversations around AI have started to accelerate in the last month to 6 weeks as many organisations start to plan budgets and strategies over the next 12-24 months. While the super large organisation can unlock funding for new initiatives mid-budget cycle, the wider customer base doesn’t have that flexibility and will need to build strong business cases that will influence budget decisions.
At CDW we recognise the paradigm shift that Generative AI and Foundation Models are bringing to organisations with possibilities being almost endless. The challenge with such a game-changing technology shift is avoiding adoption without measurable organisational outcomes, i.e. ensuring a strategy is developed and backed by proven outcomes, not just being led to jump onto the next hype cycle. ?
AI is not a new technology and we must ensure the most appropriate use of the different AI options to meet desired outcomes, sometimes automation is a more relevant answer to a challenge. The image below captures how we look to leverage AI and Automation together delivering outcomes that can augment your best people, accelerate outcomes or automate the mundane (thanks to Tim Russell for the diagram)
On top of core AI expertise conversations around building strong ROI models or writing code to show proof of value our two main topics of conversation in the AI space have been, Data and how to operationalise initiatives.
No AI project is going to succeed without a robust and fine-tuned data strategy, moving away from the traditional data warehouse model to new Data Fabric and Data Lakehouse concepts, designed to simplify data access across the enterprise. Our conversations have been focused on key areas like data governance, data integration, and data observability. Depending on current levels of maturity this could start with core data discovery, mapping and roadmap sessions or more advanced data integration and accessibility needs. All completed without losing track of the need to protect this core asset against modern threats.
As you scale, your AI outcomes the governance and operations of the platform will become critical. AI governance and ML data management will require the correct tooling and processes to ensure you can track the data used to train each iteration of consumed models.?Consider how you will track back the answers your AI gives when a decision is made and it turns out to be based on a hallucination.
Finally, we need to bridge the gap between traditional IT operations requirements on the underlying platform and your data scientists who have no desire to ‘learn’ infrastructure (and you don’t want them to). Bringing a robust ML Operations practice to play will ensure these two teams can operate seamlessly. ?
The exciting part about AI is the endless possibilities and the ways it can optimise an organisation. We need to ensure we stay grounded and build in the guard rails, processes and controls to build a commercially sustainable and responsible AI practice.
OCTO Content Round-Up
The team continue to produce a wealth of content to help organisations understand how to accelerate outcomes through the use of technology, here is a snippet of the best bits.
Myself and Tim Russell had the pleasure of collaborating with two NHS trusts to pen an expert panel article for Health Business. We discuss the clinical, patient and staff benefits of mobile working solutions in the NHS.
Hybrid Platforms:
I continue to explore the world of VMware Software Defined Datacentre (SDDC) this time with a focus on Storage and HCI.
While reviewing all the announcements from Microsoft Ignite might take longer than the event, I did pick a couple of highlights that stood out to me.
The full 'Book of News' from Microsoft can be found at the link below, giving you the full brief on all announcements. I am happy to continue the conversation on any :)
?Modern Workspace
Tim Russell has been busy this month, with Microsoft Ignite, Teck UK Innovation roadshow and his thoughts on the lessons learnt from hybrid working.
?Security
Greg van der Gaast continues his insightful journey through the topic of 'Security Transformation', which is a move away from 'doing cybersecurity' to 'doing business securely'.
?Digital Enablement
Jaro Tomik continues 'Rons' story, exploring the world of Experience Level Agreements, you can catch part 2 here:
Random personal thought
We spend many hours at work, sometimes we need to get out and be reminded of the beauty we have on our own doorsteps. While wildlife photography is my normal escape from the hectic IT world, in Nov I managed to escape into the peak district and spend a couple of days walking the hills and experiencing the sunrise/sunsets. Sitting, and watching the sun rise over the hills around Mam Tor is a spectacular time and relative to many locations it is not hard to reach.
It gives you time to reflect on how lucky we are to work in the tech industry, one that has been quite well insulated from recent macro conditions, many other sectors have not had it as easy.
I believe we must all take time to reflect on the time we plough into our professional lives and not miss the opportunities to enjoy our families, the fantastic countryside we live in and the company of our friends.
Hope everyone has a great festive break and gets a chance to spend some quality time with loved ones and recharge those batteries before we start all over again in 2024!
Stay Safe and look out for next month’s recap and please reach out if you want to discuss anything in more detail.?
?
Rob Sims?
Chief Technologist (Hybrid Platforms)?
CDW UK?
Director - UK&I SEs at Pure Storage
1 年Nice sunset/sunrise pic to end the article! Happy walking!