Virtualization Technology News and Information
VMblog Expert Interview: SolarWinds Explores Findings From Its Eighth Annual IT Trends Report


SolarWinds recently released the findings of its eighth annual IT Trends Report.  This year's report, SolarWinds IT Trends Report 2021: Building a Secure Future, was released eight months after the broad and highly sophisticated SUNBURST cyberattack.  It examines how technology professionals perceive their organizations' risk management and mitigation readiness after a year of rapid transformation fueled by the global pandemic. 

To find out more, VMblog spoke with Thomas LaRock, Head Geek at SolarWinds.

VMblog:  Before we dive in, were there any findings in this year’s report that surprised you? Any data that immediately jumped out?

Thomas LaRock:  Not surprising, no, but noteworthy. More than 80% of tech pros responding "agreed" or "strongly agreed" technology is the best way for organizations to manage, mitigate, and resolve issues related to risk. I wish we had probed more deeply into the specific technology, but I suspect the answer would include SIEM tools or anything to help with the velocity and variety of data IT pros must analyze. I also believe we would see support for things like two-factor authentication, as well as zero-trust implementations.

VMblog:  This is the 8th year SolarWinds has been doing this survey.  Why is the survey important?  And with everything going on, is it even more important this year?

LaRock:  A year of unprecedented upheaval has ultimately served as a critical catalyst for a broader exploration of organizations' exposure to enterprise IT risk of all kinds-including risk introduced by the implications of remote, distributed work-and the degree to which organizations are prepared to manage, mitigate, and prevent risk in the future. 

The findings of the SolarWinds IT Trends Report 2021 uncover a reality in which exposure to enterprise IT risk is common across organizations-but perceptions of apathy and complacency surrounding risk preparedness are high as businesses exit a year of pandemic-driven "crisis mode." The report's aim is to facilitate a more transparent conversation by analyzing the state of enterprise IT risk within the industry today. The report has also revealed the immense opportunity ahead for tech pros and IT leadership to align and collaborate on priorities and policies to best position not only individual organizations but the industry at large to succeed in a future built for risk.

VMblog:  When it comes to risk mitigation, the report found that 73% of tech pro respondents "agree" or "strongly agree" that their IT organizations are prepared to manage, mitigate, and resolve risk factor-related issues due to the policies and/or procedures they already have in place, yet 46% of overall tech pro respondents state their organizations have had medium exposure to enterprise IT risk over the past 12 months, what's the disconnect here?

LaRock:  While almost half (46%) of respondents admit to having a medium exposure to enterprise risk, there's a sense of high or extremely high-risk exposure perceived more acutely by tech pros at enterprise organizations (19%) as compared to their small business (11%) and mid-size (7%) counterparts.  What's interesting was the perception of exposure and preparedness closely aligned despite the size of an organization.  

Although these respondents simultaneously felt their existing risk mitigation and management policies/procedures are sufficient, it's critical for organizations and tech pros to adopt a mentality in which even "medium" risk exposure is unacceptable. 

As an industry, we need to shift our threshold for what's an acceptable level for risk exposure. Tech pros must normalize a sense of risk aversion. This means beginning to evaluate and implement the principles of a secure enterprise and understanding security compromises will happen as cyber hackers deploy more sophisticated attacks. 

Tech pros should also implement detection, monitoring, alerts, and response along the kill chain, and engage in red team/tabletop exercises to measure effectiveness. These principles will help organizations more fully prepare to defend against any level of risk exposure as the threat landscape expands.

VMblog:  Although external security threats are the primary risk factor for tech pros, internal vulnerabilities as a result of remote working are also at play.  It looks like remote work is here to stay for some companies after COVID-19, so how can IT teams combat these internal vulnerabilities in a distributed work environment moving forward?

LaRock:  COVID-19 has amplified the hybrid IT reality, fragmented policy, configuration, and visibility from on-premises data centers to the public cloud and beyond. Most of the risk is produced by us humans, and we need to think of ourselves as part of the extended security team. It's important for IT teams to examine current processes from the outside in and deploy solutions to provide complete visibility into all systems to identify areas of risk and opportunity. Even small changes like faster upgrades and patches, the use of password managers, and MFA solutions can strengthen an organization's overall security posture. IT teams should build sufficient evaluation frameworks to help separate fact from fiction when it comes to a solution's ability to deliver on the capabilities as promised. Ultimately, tech pros should always be assessing their risk management, mitigation, and protocols to avoid falling into complacency and being "blind" to risk.

VMblog:  The survey's respondents are prioritizing investments in security and compliance, network infrastructure, and cloud computing as core technologies to help manage risk; however, implementation is hampered by dwindling resources and access to personnel training.  How can tech pros overcome these barriers?

LaRock:  Tech pros should feel empowered to push back on the business and ask how certain certifications or training initiatives map back to the organization's priorities. In the same vein, this underscores the importance of IT teams learning the "language of business," so tech pros can communicate what training can bring value to the organization and allow IT teams and business leaders to prioritize accordingly. Investment in upskilling and training is good, creating time for it is great, but truly prioritizing skills development is even better-and will have the most significant impact to an organization's bottom line.

VMblog:  According to the report, 62% of tech respondents perceive their organizations' senior leaders or decision-makers to have a heightened awareness of risk exposure, while 26% said their senior leaders have difficulty convincing other leaders of this reality, ultimately limiting resources to address risk.  What are ways tech teams can ensure they are aligned with business leaders on policies and risk procedures?

LaRock:  Investment takes time and needs guidance. Tech pros must present proof points and justifications to gather senior buy-in, so policies and technologies can be implemented effectively and at scale. Add facts and figures wherever possible to reinforce the recommendation. Strategic conversations between IT teams and senior business leaders are imperative, and making a strong case for these investments is equally critical after a year of cuts and restrictions for many companies-everyone is fighting for a slice of the budget. 

VMblog:  Where can VMblog readers get their hands on this report, is it available for download?

LaRock:  Readers can download the report through the SolarWinds website here.


Published Thursday, August 26, 2021 7:33 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<August 2021>