Secure by Design | Helping Our Customers Get Back to Business — SolarWinds TechPod 037

Stream on:
Organizations were stopped in their tracks when the cyberattack occurred. When you’re focused on taking the right actions to protect your environment, your users, and your entire enterprise, solid counsel and assistance is critical. How do you get back to business? Join SolarWinds® President and CEO Sudhakar Ramakrishna, Head Geek™ Thomas LaRock, and our key partners Greg Fetterhoff (Monalytic) and Bill Fitzpatrick (Loop1) as they share stories from their engagements with SolarWinds customers answering the challenge of the cyberattack—and getting back to business. From U.S. governmental agencies, to the Fortune 500, and all around the globe, they’ve helped clarify the confusion and focus on the future. Sudhakar will share an overview of the Orion® Assistance Program SolarWinds created to:
  • Help customers get upgraded and updated
  • Get professional consulting help at no cost to them
  • Put our customers first
Greg will cover experiences from the federal government and enterprise level customers, and Bill will share stories from commercial customers around the globe. Both will address:
  • Considerations for companies responding to this cyberattack
  • What organizations have in common
  • The timeline to get back up and running
Related Links

Guest

We’re Geekbuilt.® Developed by network and systems engineers who know what it takes to manage today's dynamic IT environments, SolarWinds has a deep connection to… Read More

Guest

We’re Geekbuilt.® Developed by network and systems engineers who know what it takes to manage today's dynamic IT environments, SolarWinds has a deep connection to… Read More
Sudhakar Ramakrishna

Guest | President and Chief Executive Officer

Sudhakar Ramakrishna joined SolarWinds as President and Chief Executive Officer in January 2021. He is a global technology leader with nearly 25 years of experience… Read More
Thomas LaRock

Host

Thomas LaRock is a Head Geek™ at SolarWinds and a Microsoft® Certified Master, Microsoft Data Platform MVP, VMware® vExpert, and former Microsoft Certified Trainer. He has over… Read More

Episode Transcript

Thomas: Welcome to SolarWinds Secure by Design, Getting Our Customers Back to Business. My name is Thomas LaRock. I am a Head Geek here at SolarWinds. I wanna introduce my CEO, Sudhakar Ramakrishna. Sudhakar, could you introduce yourself? Say a little bit about yourself.

Sudhakar: Thank you, Tom. And welcome everyone. We are very excited today to be joined by our partners to highlight some of our joint activities and what we’re doing for our joint customers. My name is Sudhakar Ramakrishna, as Tom mentioned, and I joined the company SolarWinds on January 4th. So it is two months in your time zone at this point, if I look at it from that perspective. And these two months have been incredibly exciting to say the least, but I will also use this as an opportunity for us to really take heed of what customers are looking for, what we need to do for them, and drive our Secure By Design initiatives of which today is one significant milestone to come out to you with our partners, Bill and Greg. So, Tom, with that, I’ll pass it back to you.

Thomas: Sure. So next up on the list here, Greg Fetterhoff. Greg, could you please introduce yourself, tell us a little bit about yourself, and also tell us a little bit about your company Monalytic.

Greg: Sure, yep. So I’m Greg Fetterhoff. I’m the VP and general manager of Monalytic. I’ve been with the company for about six plus years now. Previously, we were generated out of a different company for which was called Atlantic Digital, which was kind of a two pillar engineering along with professional services for various network monitoring solutions. And about somewhere in there, about five years in, we quickly realized that SolarWinds was a front runner for basically being a market changer for network monitoring for its customers. So, we decided to go all in and create Monalytic, which is monitoring analytics, which is 100% professional services for SolarWinds. So it started back in 2018. So all in, we’re looking at 13 years of SolarWinds professional services experience between the two companies.

Thomas: Wow, that’s quite a lot. So, next up Bill Fitzpatrick. Bill, tell us a little bit about yourself and also a little bit about your company Loop1.

Bill: Thanks, Thomas, appreciate it. Thank you Sudhakar for the invitation. It’s a pleasure to be here with you. Thanks, Greg. It’s great to share the stage with you, and thank you to all of you that are attending across APJ. Good morning and good afternoon. My name is Bill Fitzpatrick, and I am the CEO for Loop1. We are a SolarWinds professional services company, and have been doing so for since about 2009. Personally, I’ve actually been using the SolarWinds solutions going back to 2000. First encountered the SolarWinds Engineer’s Toolset when I was working as a network engineer and data security engineer for a telecom company shortly after I left Microsoft where I had worked on products like Windows 2000 and systems management server. So a little brief tidbit on me. I consider myself a bit of an accidental CEO. I’m an engineer at heart, but I ended up a CEO of the organization, and it’s been a pleasure being a SolarWinds partner and happy to be on the call today. Thank you.

Thomas: All right, thanks. Thanks for everybody for making time to attend, including the attendees as well. We do appreciate your time. So, I’m gonna talk to you a little. We’ll review a little bit of our last webcast, and we’ll mention the Secure By Design resource center. Then we’ll go into the overview of the Orion Assistance Program. We will then spend some time on how our partners are involved. We will go back through Greg and Bill and how Monalytic and Loop1 are engaging with customers through the Orion Assistance Program. There’ll be a timeline of an OAP engagement. We will spend some time going through customer experiences. Again, Bill and Greg will be sharing those stories. Then will be time for Q&A, and we will wrap up from there. So first, this, you should understand, is part of a series of webcasts that we call Secure by Design. The first two webcasts, I believe, were three weeks ago. If you go to this link, or if you go to this URL, it’ll bring you to our Secure by Design resource center. You’ll get a recap of the first webcast, and you’ll get an idea and the understanding of how since the compromise in December prioritizing our customers has been our number one priority. And you can see that by us we are making every resource available that we can in order to help our customers get back to business. So you can find all of that information at the Secure by Design resource center. So a few words about the Orion Assistance Program, and I’ll have Sudhakar speak to it a little bit as well, but this is something that was created specifically as a result of the incident, and it’s a way for us to help our customers be back up and running. And as much as I could talk to it, I think Sudhakar is going to be able to explain it a little bit more. So, would you mind spending some time on that, Sudhakar?

Sudhakar: Definitely. Tom, as you mentioned, since the SUNBURST attacks, our first priority has been the safety and the security of our customers. So, our internal teams have done a tremendous amount of job providing remediations and software upgrades and updates to our teams, I should say to our customers. But in many cases, we also have seen customers have a need for technical resources, time, support for upgrades, and other activities to ensure their safety and security. So that’s how we created the Orion Assistant Program where we work hand in hand with our partners, such as the two that we have here on this call today and help our customers essentially locally providing technical support, upgrade assistance at no cost to the customers. These are customers who are part of active maintenance contracts with us who are going through this situation of having to upgrade at a time where they may not have otherwise upgraded. Because we are providing remediations, we are going a step beyond normal, so to speak, to work with them. The other advantage I see out of this is that by being a truly customer success-oriented organization and working with our partners, together we can become more strategic and more relevant to our customers, even though as I’d like to describe it, priority number one to 10 is to ensure the safety and security of the customers. It is with the belief system that do everything that a customer needs and wants and continue focusing on the right things, and good things will happen from the partnership.

Thomas: Absolutely, do the right things and good things follow. I believe that as well. Let’s spend some time, gonna come back to the partners, Greg and Bill here, and talk a little bit about their companies, what they do, and the partnership that they have with SolarWinds. But first, Sudhakar, If I understand correctly, your background is with channel-focus companies, I believe. And I thought you might wanna speak to that a little bit, focusing on the ands, not the or.

Sudhakar: Yeah, definitely, Tom. I have had the pleasure, I would say, of working with channel partners almost throughout my career. So last five and a half years at Pulse Secure, prior to that at Citrix, previous to that at Polycom, and then way back when at 3Com. And as many of you know, 3Com is a pioneer in the channel program, similar to how SolarWinds is a pioneer in the high velocity model that we’ve established from a go-to-market standpoint. And the way I look at the evolution is that much like products and services are becoming more and more hybrid, meaning cloud and premises, partnerships also will have to evolve. So while we continue the high velocity model that we have, it’s critically important for us to build a focus set of partnerships where partners such as Loop1 and Monalytic and others are extensions of SolarWinds as it relates to servicing customer needs, and we, therefore, are extensions of them. So building some very focused and targeted two way relationships, and that’s where we come up with the notion of and as opposed to an or with regards to how we go to market.

Thomas: That’s excellent. That is a great point as I come across companies that they do kind of treat you more like an or like what is it you can do for us? And I love the idea that we focus on the and like what can we do to help each other? That’s wonderful to hear. So let’s switch a little bit. Greg, if you could talk a little bit, maybe a high-level view of Monalytic, its relationship with SolarWinds, but also maybe compare and contrast how your relationship with SolarWinds compares to other vendors you’ve worked with in similar circumstances.

Greg: Sure. Yeah, as I mentioned earlier, we’ve been providing subject matter expert grade professional services for the better part of 12, 13 years now. Of that, a large portion of it has been within the federal markets, both domestic and abroad, three letter agencies, Department of Defense, public sector, basically along with on the tail end of the past previous years, the commercial enterprise. And at a certain point, that’s largely attributed to at a certain point, the customer base basically evolved with SolarWinds. SolarWinds started expanding its product portfolios, bolting everything on to its a Orion core, and the enterprise level commercial customers basically started investing in the brand and in the solution the same way that the federal government does, which is when it’s vetted and when it’s approved and when it’s trusted, they buy in. And so we started to see Fortune 500s and more the logo-esque customers really invest in SolarWinds. And so, what that basically did was level the playing field from an architectural standpoint, a usage of SolarWinds across both of those markets between federal and commercial enterprise. And so, we kind of had a natural cross-pollination between supporting deep fed and state and local organizations and that of healthcare institutions and that of financial institutions. So, SolarWinds really started to change its wings, if you will, if you use the butterfly analogy about five years ago. And we caught onto that really quickly. It was a natural evolution for us to, again, go all in, create a Monalytic, and just of keep the static out of the way and invest ourselves in a brand that we trust as a services provider, so that the customer feels the same experience whenever we interface with them. They’re pleased with the brand of SolarWinds, what it does, what it offers them from a business value and from a security value. And it’s easy for us to go to work on all day long from a services perspective.

Thomas: That’s wonderful to hear. So same questions to you, Bill, a high-level view of Loop1, your relationship to SolarWinds, and, again, how does that relationship compare and contrast with other vendors?

Bill: Sure. Thanks, Tom. So, for me, the journey with SolarWinds, as I mentioned a few minutes ago, has been one that’s covered a span of about 20 years. In 2008, I went to work for SolarWinds as a sales engineer on their Latin American sales team. And in 2009, I was fortunate enough to be able to co-found Loop1. Over the course of the history of Loop1 and SolarWinds working together, we learned very quickly that their audience was worldwide. In 2010, I was spearheading our first Orion courses that we taught here at Loop1, instructor-led, classroom-based courses that included hands-on lab servers. And at that point in time, there wasn’t a lot in the marketplace available to end users for SolarWinds training. And we had the pleasure of meeting people from all over the world. I worked with people from India, from Malaysia, from Australia, from Africa, and it reinforced the idea that there were opportunities for partners with SolarWinds around the globe. And so through 2017, I became sole owner and CEO of Loop1. And from that moment forward, I’ve really focused on expanding our global footprint, not only because of the clients that we’ve been fortunate enough to work with across the world, but also because of the clients that we work with in North America. We know that across the 4,000 or so clients that we’ve worked with since inception, many of them are global conglomerate organizations. They have operations in Shanghai. They have operations in Frankfurt. They have operations in India and other parts of the world. And so, we knew and I knew that there was an opportunity to serve those clients from within Loop1 around the globe. So I’ve been really, really proud of the growth that we’ve had putting Loopsters on the ground in these places. So we’ve got an office in Australia that is about 25 people strong, and we operate out of both Melbourne and Sydney. We have an office in Sri Lanka that’s about 30 people strong and includes the heart of our 24/7 knock. And, of course, we’re also operating in Singapore. I was fortunate enough last year to spend time in Bangkok at kind of an abbreviated partner summit and really had a chance to meet some clients in the region, as well as meet other partners. I’m just excited to be a part of that region. It’s an incredibly diverse and culturally rich part of the world to be active in. And I’m really, really pleased to be there. In terms of the experience with other vendors. I’m sad to say, while we are also a Cisco partner, I’ve been dealing in the world of SolarWinds for so long. I don’t have a lot to draw on, except to say that you can see from the outside in how businesses react to times like these. And I couldn’t be more proud to be part of an organization that’s reacted the way SolarWinds has and to be partnered with an organization like them with Secure by Design, with the message that Sudhakar has delivered, and with the way clients have responded to it. It’s been a terrific experience, despite the challenges.

Thomas: Well, thank you for the feedback, Bill. I’m sure that his music to Sudhakar’s ears right now.

Sudhakar: Thank you, Bill.

Thomas: So, let’s spend a couple of minutes just briefly high-level overview of what an Orion Assistance Program engagement looks like. I wanna call attention to the first part of the timeline over in the left where you see a SolarWinds active maintenance customer contacts SolarWinds sales support, renewals, or customer success. So many different ways for you to get engaged with SolarWinds with this OAP, but I wanna point out active maintenance. So if you are up to date, if there’s active maintenance, you should take part in this because it is free. It is of no cost to you to get into an OAP engagement with our partners in order to help you remediate as a result of the incident. So, Bill, when you look at this timeline, and I know it’s not gonna be the same for everybody. can you give us a range of how long a typical engagement may last? Like what’s the shortest, what’s the longest? Tell us a little bit more about the length of time.

Bill: Sure, a couple of comments I can make about the OAP engagement process. One, this isn’t the first time that SolarWinds has begun to engage with clients this way. If you’re familiar with the Smart Start Program run by Cal Smith and his team, it’s a program that’s been in place for a couple of years. It’s a program that includes partners. And so we were able to build on that strength in the implementation of the OAP. We already had the relationships for communication, for execution, and for connecting with clients. And so what we’ve seen through this process is some engagements are as short as a couple of hours, and we’re able to do upgrades or patches in that time, depending on the client environment. And others have gone as long as 24 hours due to complexities in their environment, or even just making sure we can accommodate clients’ maintenance windows.

Thomas: So, Greg, with your experience with the OAP engagements with regards to that timeline, is there any advice you would give to one of our customers? Like how can they shorten the timeframe, something that they could do maybe as a prerequisite before they get in contact?

Greg: Sure. I would say the only variable that’s able to be manipulated, if you will, because a lot of times there’s infrastructure, there’s engineering tasks that have to be accomplished that aren’t necessarily able to be condensed, but one thing that that really is at the benefit of the customer when engaging in the OAP program is having critical stakeholders ready to go. I know that’s difficult. It wasn’t something that customers were planning on having to do, but if they can have the right stakeholders who have the right access to the systems along with the the leadership involved to help expedite the program as it goes through, and as Bill alluded, a lot of these customers, because of their vast investment in SolarWinds, they need to do it during an authorized outage, because when you’re talking healthcare, or the finance industry, or defense, they can’t be offline, there’s residual impacts. So, having the critical stakeholders available during the times when the OAP is actually gonna be executed is far and beyond the most important aspect of what a customer can do to enable themselves to have a successful and seamless OAP experience.

Thomas: So, Greg, we’re gonna stay with you as we talk through some user stories here. And I think what the first one we wanna lead with is an example from say the federal size. Like can you give us an idea of maybe an overview of a customer, the impacts, and considerations, things like how did you get them on the path back to business?

Greg: Sure. It probably goes without saying that the federal government, specifically US-based, along with your commercial enterprise customers, even if this was a series that we talked about success and an award ceremony, they likely would not come forward and say, I’m that customer. So without being able to identify individual customers, within the federal market specifically, there’s different rollout periods that have occurred since the actual cyberattack, and your public sector and your civilian agencies have really kind of been the first ones to go back online after a few weeks. And so, within that kind of post-impact timeframe, we quickly identified the key federal government customers, ones that were already impacted by the actual attack itself, and then others that were more residual, running on the non-compliant versions and such, but we really wanted to reach out and get in contact with those agencies in the federal market who were directly impacted by the breach, and in doing so, we were able to quickly get them back on track to the latest version at the time. And then obviously when we had the additional 2022.4 release come out, we really stuck with them, evolved through the problem. You fortify those relationships in the trenches. I’m a former Marine of a veteran-owned business. We stick by our customers as does SolarWinds, and they really proved that during this endeavor that when we hit the trenches, we stuck with these critical customers in the federal market, got them back their business to at least an operating capacity. And then we’re able to level set them and say, okay, sustain here while still getting value from SolarWinds, and, more importantly, feeling secure with the solution itself. We’ve had a handful of federal government customers that have gone that route, and each one of them have not only been successful, but they’re borderline use cases for an example of what a vendor and a partner can accomplish when they show up to the fight immediately after an event like this. It’s been a challenging series of events, but on the back end of it, the customers we’ve interfaced with in the federal market that have been a part of the OAP have been much better because of it.

Thomas: I like hearing all that, because it really reinforces what Sudhakar said earlier about the partnership being more of an and. It’s how can we help each other. So, Bill, for you, same overview, but maybe for a commercial example.

Bill: Sure. Greg is spot on in his observations. And what I would add to that is what we’ve seen in the commercial space, and I’ve got two examples here that I’ll mention, one is from a healthcare provider, a large healthcare provider, the other one is an energy company. And so the reason I mentioned both of them is because they both had a similar experience. They both brought similar feedback. And the first was their reaction to the new way that SolarWinds is engaging, the client success approach that’s available to them, the fact that they’re able to connect with more parts of Solar Winds leadership than they have been able to before. And that was something that was really unexpected for clients based on their history and the way SolarWinds and approach them in the past. And they were really pleased with that. The other thing was that these two clients, one was an upgrade and one was a fresh install, one took a little bit longer than the other as you might imagine, but they were both really excited for what was going to be in place when we finished, and as we finished, and what they had once we did finish. And so, they were looking at new features, new capabilities, and they were coming back to us saying, Now that we have this, I see this capability over here. Can we spend some time on that? And so, whether through Smart Start, or whether through follow-on services, it has been a really great experience to see clients, both enjoying this new characteristic of the relationship to SolarWinds and with partners, as well as the features that they’re gaining by being on current releases. I would also mention just briefly, I’m thrilled that it’s Monalytic and Loop1 on this conversation today, but there are partners around the world that are a part of this program. And so it’s possible that you might work with a partner, another partner, in your region if you go through the OAP program. Obviously Loop1 is around the world as well, so we look forward to working with those of you that work with us, but there are more than just two partners involved.

Thomas: That is a good point. Thank you for mentioning that, Bill. We do have more partners than just two. So, let’s go back to Greg. And how about an overview, say, of an enterprise example?

Greg: Sure. So most notably, again, refraining from mentioning client names, as Bill alluded to the healthcare industry was really priority number one. We’ve we worked with healthcare providers that were truly enterprise-level customers. Their facilities spanned the better part of double-digit states within America. And so that impact really resonates further than, my network is down, or I have a risk about a server, or something. We’re talking about actual physical patients that are in beds or utilizing facilities. So, to be able to provide a program back to such a critical vertical such as healthcare and finance, it just became a program that was bigger than us. It became a program that was bigger than SolarWinds. To be able to help those, ironically, in a period where healthcare is is viewed as the most critical element of COVID-19 going on right now to be able to get their security back online and get them back to doing what they’re supposed to be doing, so that it takes care of their patients and their customers. We had nothing but success. And, again, just fostering a relationship and brand notoriety with SolarWinds and how they were able to take care of these enterprise-level customers through this program.

Thomas: Awesome. Last example that we have here is an international one. Bill, that’s gonna fall to you. And do you think maybe you could do it in Espanol, por favor?

Bill: [laughs] Muchas gracias, [speaks in Spanish] Yes, I do speak Spanish, but not as much as I wish I could. So, yeah, in this last example, we’re gonna look at a Chilean IT company that we worked with. And what I really love about this example is it was an opportunity for us to partner with a client in the way they needed us to through our global team. So this client, due to their maintenance windows and due to the complexity of their environment, it was about a 24-hour process to get them through the OAP. And we worked with them 24 hours straight. A lot like SolarWinds has a follow-this-on model for their support teams, and they deliver world-class support around the world 24/7, we were able to compliment that in our OAP offering, working not only with our North American team, but also our UK team, and, of course, our Australian team, handing off between each team and ensuring that the OAP was successful and accommodating those clients’ needs and their maintenance window. So it was really nice from an international perspective to be able to support them through their OAP process.

Thomas: So now, you both have worked on more than a handful, I would imagine at this point, of OAP engagements. I’m looking for customer experiences reactions at a very high level. What are some of the reactions that the customers participating in the OAP program have had. And Greg, we’ll just start with you. Just share some thoughts if you can. No names, but just general ideas of reactions.

Greg: Yeah, I mean, nothing but positive, to be honest with you. Obviously, the conversations initially took a level of maturity to be able to discuss with a customer and Sudhakar who was on many of these calls with senior-level stakeholders within all the markets. The conversations were difficult. We got them past that stage of feeling at risk to in the program, through the program, having an actual platform at the end to discuss where are they gonna go on their next investment stage in SolarWinds. And at the end of the day, it just became a seamless, seamless process to where they felt as if SolarWinds truly understood them just by way of a simple program of a marriage between an OEM and a partner base as a unified front to the customer base.

Thomas: That’s wonderful to hear. So, same question to you, Bill. Any reactions that you wanna share with us?

Bill: Yeah. I think, as Greg mentioned, it’s been an outstanding experience. Clients are really pleased with the way SolarWinds has approached this. As a partner, it’s been a pleasurable experience to be a part of. I think one of the heightened experiences that we had, and this was the adherence to best practices and clients really wanting to ensure that the way that we’re redeploying is going to be even more secure and, as SolarWinds tagline now says Secure by Design. And in that, we had an opportunity to really look at the way we address least privilege. And so least privilege can be complicated in Microsoft environments, especially. And so, we looked at the way that we teach. We’ve updated all of our curriculum to make sure that we’re emphasizing least privilege methodologies. And then we’re also looking at the way that we train, and the way that our engineers approach the problem. And we have terrific resources available from SolarWinds directly. Those resources are available at THWACK.com, the online community. And I know that it’s a part of this larger effort from SolarWinds to raise the standard of how you develop software securely and not just develop secure software.

Sudhakar: So, Tom, that’s a very good point that Bill reinforced, and it’s not just about the environment, but also about how the products themselves are delivered from their capability standpoint. So, least privilege access is a construct that even the products will start embedding, because ultimately what we need to do together as customers, partners, and us as software developers is not only reduce the attack surface, but actually reduce the attack window itself by ensuring that many of these techniques are implemented at which point threat actors will find it difficult, if not impossible, to penetrate through customer environments.

Thomas: So, Sudhakar, I’m gonna ask you to share. Tell us, do you have a customer experience, a reaction, from the OAP that maybe is your favorite today? I know you haven’t been here very long, but just is there something you’d like to share with the audience?

Sudhakar: Yeah, I would say, Tom, every customer interaction has been my favorite one. [laughs] I’ve had two just earlier today, and some fairly large customers at that. To me, it is less about the size of the customer as much as every customer is significant. And I’ve always believed in the notion of one dissatisfied customers is one too many. One dissatisfied employee is one too many. That’s really kind of how I’m wired. I mean, is that always possible? Is that always practical? Probably not. But every effort that I expand is towards those two goals of employees and customers. While I’ve been here two months, I can probably say that I’ve at least had 100 customer conversations, if not more, different segments like Greg was mentioning in the federal sector and the commercial sector, oftentimes three or four different conversations across CIOC, so et cetera. And what that has enabled me to do, in particular, is that not only do we share with them what has happened and what we are doing in the concept of Secure by Design, but we also get to learn from them what their aspirations, what their goals are. And my favorite interactions are those. And this may sound a little surprising to you. Favorite examples are those that do not involve a SolarWinds product specific issue, as much as a customer, their environment. And many of them are software developers themselves. Our customers build software for their customers. So they like to understand, okay, what does least privilege access mean from their standpoint? How could Secure by Design be used in their environment? And so, that’s how we become more relevant to those customers. And that’s how partnerships are built for the long run. So those have been my favorite without naming a specific customer.

Thomas: Wonderful. Thank you for sharing that. So, this brings us to the Q&A portion. Before I start with some questions for each of you, I do want to remind the audience that we have more Secure by Design webcasts coming in the coming weeks. I’ve forgotten now, but maybe next week, or the week after, but soon. We will do another round. You should look for those. And, again, check out the Secure by Design resource center where you can stay up to date on all of the materials that we will be providing you. Some links are being shown right now. Again, you’ll get the slides, we hope starting Friday. So you can see the links in there. Right at the top, the Orion Assistance Program, and then the Secure by Design resource center that I’ve been mentioning along with a handful of others. And we have a second page of those that we can get to after. So, let’s get into the questions for now. And I’m gonna stay with you, Sudhakar. And we’re gonna start with kind of an easy one, and it’s not really question, it was a comment. And the comment was, I suppose you will start your presentation with lessons learned. I would like to hear that. And I’m asking you, or giving you this statement, because I wanna know, the Secure by Design resource center, I think, is meant to be that lessons learned, is that correct?

Sudhakar: Absolutely right. And one thing we have pledged, not just for the benefit of our customers and partners, but the broader software community is that as we learn and iterate, we will continue to support the broader community. So, for instance, some of the things that we’re doing with regards to evolving from software development life cycles to secure development life cycles, as Bill even alluded to, those are all in part in a different world and time. People would consider those things to be proprietary to them. We are looking at it as what impact SolarWinds can apply broadly to anybody. And that’s not what we want to inflict upon our customers. And so we’re gonna continue sharing those. So, the resource center that you pointed out, Tom, will be a living, breathing resource center that people should look to from time to time.

Thomas: Thank you for that. So the next question, I’m gonna stay with you, Sudhakar, and I’ve another question for you here, and it’s one that I’ve been wanting to ask you for a while as well. Can you explain what happened with the solarwinds123 password?

Sudhakar: Sure, Tom. I think you’ve asked me that question twice today already, and putting me on the spot on that one. [laughs] So, in essence, it’s not something that we should be proud of. solarwinds123 is a weak password as opposed to a strong password, which is generally speaking our IT policy. This was a password that was set up on a server that resided on a third-party infrastructure that was posted on a third-party infrastructure. In other words, this particular server had no linkage to SolarWinds corporate IT. Using this password or any credentials associated with this account, you could not access SolarWinds IT. And, in essence, it was a call it a shadow IP construct. But it was unfortunate. Once we knew about it, we cleaned it up. I would also like to emphasize that it had nothing to do with any of the SUNBURST activity. Using those credentials, you cannot access our applications or ASOS code-controlled systems. However, it belonged to a server that sat on a third-party hosted service.

Thomas: Thank you for that answer. And I appreciate your efforts last week as well trying to get that message. And, unfortunately, I’m not sure that you were allowed the time. I’m really glad that I was here to be able to give you that time tonight. Much appreciated. Greg, I’m gonna go to you with this next one. They’re asking if SolarWinds will create any security best practice resource. And I think part of the Secure by Design will have some of that with it. But for Monolytic, will you also be looking to help with our customers to follow this security best practice resources? I’m imagining the answer is just yes. I was wondering if you could speak to how you want to make that happen.

Greg: Yeah, so a large part, again, of our core business is the actual federal government for America. So, when we’re talking about security, it doesn’t get much more secure than that. So we’ve had several round tables with the regulatory bodies from the civilian agency side to the DOD side really just hashing out, what does the way forward look like? And while that conversation changes, day by day, as we learn more about what happened and who the key players were in that, what’s gonna come out of this, the silver lining, if you will, is SolarWinds is being put through this methodic process of vetting, security, testing, retesting, the likes of which I’ve really never been seen. What that’s gonna mean is in the next few months, two to six months, once the storm clouds clear, SolarWinds is literally going to be the benchmark for a network monitoring solution. Every other vendor out there is going to have to start their process of where SolarWinds already is in it’s pillar or pedestal, if you will, at that time of being a infinitely secure solution. So, those best practices are real-time. We’re learning them really being at the table with the most secure stakeholders there are in the world at this point. So, trying to get those extracted and into a tangible document and process that we can deliver to the rest of our customers at large is gonna be the evolving task load. But, absolutely, it’s gonna get there. And, again, just to reiterate, SolarWinds is going to be that horse in the front here in relatively near future.

Thomas: Thank you for that. Last question for you, Bill. There’s one more here that has to talk about SolarWinds. We apparently have customers that wish to move their core SolarWinds instances to the cloud. Is that something that Loop1 is helping our customers get done?

Bill: Yeah, thanks, Thomas. It’s a really great question. The cloud is everywhere. We live in a hybrid world, and it’s foolish to think that applications like SolarWinds won’t be cloud-hosted. And the reality is, in a lot of cases, they already are. We work with clients that run their SolarWinds platform in Azure, in Amazon, in Oracle, in Google Clouds. And so, what we’re doing as a partner is we are working on our own partnerships with data centers, as well as cloud providers, where we can help to ensure that if you’re going to operate in a cloud environment, you know what the best practices are, you know what your footprint needs to look like with real… I laugh, because I think of the old school recommended hardware was never good enough. [laughs] Today, we wanna make sure that when we recommend the specs for a cloud environment that it’s going to support the platform as it should. And then also the best practices for connectivity, secure knocks, secure VPNs, and all of the different ways that we go to cloud and from cloud with all the multiprotocol demands of a monitoring system. So, yeah, absolutely. The platform works well in the cloud. There are new hosting options that Loop1 is working on in partnership with SolarWinds, and we look forward to being able to bring more of those to the market in the near future.

Thomas: That brings us to the end. Again, I wanna thank all of our guests here, Bill and Greg and Sudhakar. Thank you for your time. And thank you to the audience, again, for taking your time today to join us. Again, for SolarWinds, my name is Thomas LaRock, and I wanna thank you. And you guys, wanna say thanks as well?

Sudhakar: Thank you all. Thank you all. Thank you, Tom, for hosting us.

Bill: Thank you, Sudhakar, it’s a pleasure to be here. Thank you, Thomas. Thank you, Greg. Pleasure to share the stage with you. Thanks everybody for attending.