Founded in 1999, Austin, Texas-based SolarWinds provides IT products that solve challenges related to networks, servers, applications, storage, virtualization, databases, security and more. The company is in a unique position to provide insight on the rapidly changing and increasingly important security landscape and what it means for IT professionals in government.
Chris LaPoint, vice president of product management at SolarWinds, recently spoke with WashingtonExec about a number of top-of-mind issues concerning government IT. Chris manages strategy across all of the company’s product lines pertaining to networks, applications and systems, databases, compliance and security, and MSP. He also oversees a team of 28 product managers.
Below you will find our conversation about IOT, virtualization, and the security concerns that keep even this experienced IT professional up at night.
WashingtonExec: Everyone is talking about the Internet of Things (IOT). What are the biggest security threats to the government as more devices connect to the network?
Chris LaPoint: The biggest challenge is the adoption of new security procedures to protect expanding networks. Whether you’re talking about mobile devices or smart devices that are embedded throughout the network, the government may really struggle with security processes because the firmware updates, in many cases, are manual. Or, if they’re automated, they don’t have the same level of control as other systems. Additionally, many of these IoT devices have their own proprietary operating systems that can’t be managed in the same way as traditional systems.
As we think about these things in a broader context, we aren’t looking at security first, but I think that’s evolving.
The government needs to take a different approach to how they look at IOT and its implications in terms of securing the network and the data as it traverses the network. Ensuring they have the tools in place to monitor and manage the underlying infrastructure is critical.
WashingtonExec: News of companies being hacked is increasingly making headlines. Has this affected your company’s priorities, and what can the government do specifically to better secure its networks?
Chris LaPoint: From a priority perspective, I think it’s important to take a more holistic view of security in general. As you look at traditional information security problems, the periodic checkpoints or audit processes that we’ve used in the past to solve these issues are no longer sustainable. Solutions like continuous monitoring that have been used for a long time within IT operations can now be used in information security.
In fact, at SolarWinds our viewpoint is that there needs to be a convergence of the operations and security disciplines in terms of how IT pros evaluate tools and solve problems. Agencies should determine whether there is already a system in place on the IT operations side that is gathering the needed data. If so, it’s time to become more pragmatic by combining those initiatives.
SolarWinds is prioritizing this need for convergence by building new technologies that allow our customers to cut across the disciplines to collect data in one place and easily report it out to as many IT functional teams (e.g. security, network, systems, virtualization, etc.) as needed.
WashingtonExec: How do you see the IT infrastructure management industry changing over the next 3-5 years?
Chris LaPoint: We conducted a survey within the public sector to specifically dig into the changing roles of IT and found three key highlights:
First, public sector IT professionals have multiple priorities, including keeping the network secure, maintaining compliance with government regulations, and ensuring operational efficiency. Within those efforts, there is a focus on cloud computing and bring your own device or application (BYOD or BYOA).
Second, the survey also asked about the future of IT automation. Respondents emphasized the need for server and system automation, virtualization and cloud.
Finally, in regards to the top skill sets that IT pros think will be in demand – information security was by far the number one response, followed by cloud and virtualization. But if information security is really the top skill set that the public sector views as an important asset to have in their IT environments, then why are they not looking at automation for that?
This is where the mindset needs to change. Considering information security and IT operations, is there a way that these two organizations can work together to actually converge continuous monitoring projects so we can solve for operational benefits and security simultaneously? Otherwise, keeping up with the changing dynamic of the environment is going to be incredibly complicated.
WashingtonExec: Other than the issues we just spoke about, what are some of the challenges your industry is facing?
Chris LaPoint: On the macro level, the biggest challenge is increasing network complexity. Government personnel need to connect to the network from multiple types of devices both from inside and outside the network. Many agency networks are becoming increasingly complex due to a coexistence of legacy physical and new virtual infrastructures.
Finally, the applications themselves are not all within the firewall. Parts of applications are managed by IT on premise and while other parts are hosted. This combination becomes a huge problem for IT organizations to manage as they evolve.
In order to maintain user connectivity and address any problems, IT organizations need a holistic view of the network and the application stack to perform a comprehensive root cause analysis and to reconcile outages or performance problems.
WashingtonExec: Personally, what aspects of cybersecurity keep you up at night?
Chris LaPoint: From an IT security perspective, there are two things to be concerned about:
First is the notion of IOT and what that will mean for my life. For example, could there be a point in my life where my identity is stolen because of my smart toaster or my smart refrigerator?
Another instance involves devices that are already connected to my network, such as IT cameras. I have a number of IT cameras to watch my kids and keep an eye on the house, but I don’t really have a good sense of what the security looks like for those devices and how well they are isolated from the rest of my network. That definitely keeps me up at night because I wonder what is actually going on within my home network.
I think that is a sort of microcosm of the problem on a broader scale, and I worry about that for our customers as well. As new devices access networks, what are we, SolarWinds, going to do as a vendor to help our end-users sort through that problem?
WashingtonExec: You mentioned in a recent interview the need for on-the-go training. What area of knowledge or specific tools do you see professionals lacking specifically and how do you couple this with the constant changing technology in our industry?
Chris LaPoint: The changing technology industry is driving the need for knowledge and tools. Server virtualization has brought software defined data centers, which have introduced more and more abstraction on top of the layers of the physical infrastructure that existed before.
Network teams, systems administrators, virtual administrators, and application administrators can no longer think individually because they’re all connected. IT is effectively converging.
As such, there really needs to be more cross-domain expertise. A network engineer really needs to understand what virtualized networking means to his or her role and responsibilities moving forward and to have access to the right training for those changes.
Similarly, application administrators can no longer just rely on their system administrators to tell them what’s going wrong. There are so many interconnected layers that have been abstracted by virtualization that they have to be trained on the interconnections among everything. I think that is how each specific domain of expertise gets trained on a virtual slant to their role and how virtualization will affect it moving forward.
WashingtonExec: When you aren’t working, how to you like to spend your free time? For example, do you have any hobbies or activities outside the office that you’d like to share with our readers?
Chris LaPoint: I would say the number one thing that takes up my time right now is my family. I don’t know if you call that a hobby. Maybe surviving, right?
My favorite hobby outside of work is golf. I find the ability to get away and reflect on things is what I need to refresh myself before I come back to technology, family and the rest of the world.