![solarwinds nable solarwinds nable](https://cdn.slidesharecdn.com/ss_thumbnails/n-able-thehowandwhyofpatchmanagement-140902073629-phpapp02-thumbnail-4.jpg)
In this case, Solar Winds disregarded industry standards and likely contract obligations and the result was that outside actors had damn near unfettered access to the infrastructure of hundreds of thousands of client networks for at least nine months, possibly longer.
#Solarwinds nable password#
If an outsider gained access to one of my clients because I disregarded the security protocols I have promised them (for example, if I made "solarwinds123" the password to a public-facing login that had access to those VPN connections) then I would absolutely be liable for the damages my client suffered because of my failure to comply with the standards I was contractually obligated to. If a flaw in OpenVPN is discovered that causes a breach, the resulting damage is not my responsibility. My clients' contracts stipulate the types of security that I must maintain in-house to protect my end of those connections. I use plenty of open-source products, including OpenVPN, which grants me access to client networks/data. The proprietary-ness and closed-source-ness of their product had nothing to do with this attack, SolarWind's failure to follow common sense (and likely contractually-mandated) procedures surrounding security had everything to do with it. If our contract obligates you to provide X and I suffer damages because you didn't provide that X, you owe me money to fix that damage. My (relatively) little clients have InfoSec policies as part of their contracts, so surely "The Federal Government" and "most of the Fortune 500" would, too." Regardless of the software/service provided, specifications for protection of "certificates and other means of authenticating provider access to customer networks" is something that can be, and absolutely should be, part of the scope of any contract that involves exposing customer data or access.Īnd this wasn't "a breach," this was inarguably "a failure of the company to provide reasonable or industry-standard care" and likely "a failure of the company to provide what it was contractually obligated to provide," both of which are which are absolutely reasonable and feasible - not to mention actionable in a court of law.
![solarwinds nable solarwinds nable](https://assets.website-files.com/5fd8dd491fed722bd1952bc8/60784e5f2d38474d07362a65_DNSFilter_Nable_JointLogo.png)
That's what I'm saying, surely many of their customers were not buying "a black box" when it came to information security procedures. The message said, "Prepare three envelopes."ĭon't put your eggs in a proprietary black-box and sign off at the dotted line if you aren't OK with whatever damages that company incurs as a result The CEO went to his office, closed the door and opened the third envelope. This he did, and the company quickly rebounded.Īfter several consecutive profitable quarters, the company once again fell on difficult times. Having learned from his previous experience, the CEO quickly opened the second envelope. Satisfied with his comments, the press - and Wall Street - responded positively, sales began to pick up and the problem was soon behind him.Ībout a year later, the company was again experiencing a slight dip in sales, combined with serious product problems.
![solarwinds nable solarwinds nable](https://www.crn.com/resources/0269-12531fa03e10-dee79b51768f-1000/n-able-security-officer.jpg)
The new CEO called a press conference and tactfully laid the blame at the feet of the previous CEO. The message read, "Blame your predecessor." He went to his drawer and took out the first envelope. About at his wit's end, he remembered the envelopes. Things went along pretty smoothly, but six months later, sales took a downturn and the CEO was really catching a lot of heat. "Open one of these if you run up against a problem you don't think you can solve," he said. The CEO who was stepping down met with him privately and presented him with three numbered envelopes. Here's one version taken from Ī fellow had just been hired as the new CEO of a large tech corporation.
![solarwinds nable solarwinds nable](https://www.channele2e.com/wp-content/uploads/2021/03/n-able-1024x294.jpg)
It's a joke about how CEOs deal with rough times, but it also has some truth.