Security Staff Acquisition & Development, IT management, MSP, Content

New SolarWinds CEO Sudhakar Ramakrishna: Five First Priorities

Share
SolarWinds CEO Sudhakar Ramakrishna
New SolarWinds CEO Sudhakar Ramakrishna

New SolarWinds CEO Sudhakar Ramakrishna officially succeeds Kevin Thompson at the IT management software company on Monday, January 4, 2021.

Ramakrishna previously was CEO of Pulse Secure, a provider of Zero Trust Network Access and Unified Endpoint Management (UEM) solutions that Ivanti recently acquired.

Ramakrishna's executive experience spans cloud, mobility, networking, security and collaboration markets, according to his bio. Before leading Pulse Secure, he was senior VP and GM for Citrix Systems' Enterprise and Service Provider Division. Earlier, he held key posts at Polycom, Motorola, 3COM and US Robotics.

SolarWinds CEO Transition: Key Priorities

Ramakrishna arrives during a critical time for SolarWinds partners and customers.

Indeed, it has been roughly three weeks since SolarWinds disclosed the Orion vulnerabilities -- triggering questions from software supply chain partners, customers, government officials and the media. So what are Ramakrishna's first priorities as SolarWinds ($SWI) new CEO? Here are five recommendations from ChannelE2E.

1. Reinforce A Single, Centralized, Transparent Version of the Truth: Assess SolarWinds' internal information gathering about the Orion incident. If necessary, take updated steps to ensure the information gathering is rapid, accurate and transparent. Then, drive that information to the SolarWinds Security Advisory webpage -- which describes the vulnerabilities and corrective measures that partners and customers can take. The page is regularly updated about the so-called SUNBURST vulnerability and SUPERNOVA malware. A SolarWinds FAQ about the security advisory also is continually updated.

SolarWinds has worked overtime to drive partners and customers to the security advisory web page. But I can't recall if the software company has been telling media -- reporters, bloggers, etc. -- that the Security Advisory page is continually updated with SolarWinds' latest details about the Orion issues and fixes.

2. Reconfirm and Reinforce the Attack Timeline: SolarWinds disclosed the Orion attack and vulnerability in an SEC filing on December 14, 2020.  That vulnerability disclosure occurred less than one week after SolarWinds publicly named Ramakrishna as the incoming CEO. The vulnerability disclosure also occurred less than one week after various SolarWinds investors sold shares to the Canada Pension Plan Investment Board as part of a planned sale process.

Some media reports suggested the timing of the various events -- the stock sales and the vulnerability disclosure -- could trigger an insider trading investigation. SolarWinds, meanwhile, has firmly maintained that SolarWinds and its shareholders had no knowledge of the breach when $SWI shares were sold to the Canada Pension Plan Investment Board. Ramakrishna needs to reconfirm and reinforce SolarWinds' statements about the timeline.

John Pagliuca, CEO, N-able
Departing SolarWinds CEO Kevin Thompson

3. Reinforce the SolarWinds MSP (N-able) Spin-Off Plan: SolarWinds in August 2020 announced plans to potentially spin off its SolarWinds MSP software business in 2021. At the same time in August 2020:

  • SolarWinds CEO Kevin Thompson hinted that the SolarWinds MSP business could be called N-able if it was spun off.
  • Also, the plan called for SolarWinds MSP President John Pagliuca to continue leading the business spin-off (ultimately, N-able) once it becomes a standalone company.

Fast forward to December 30, 2020. Pagliuca confirmed SolarWinds MSP would be renamed N-able if the business is spun off from parent SolarWinds.

The key takeaway: All of those SolarWinds MSP spin-off plans were in place before the SolarWinds Orion vulnerability was discovered and disclosed. Thompson and Pagliuca have clearly communicated those timeline realities. Now Ramakrishna needs reinforce the spin-off timeline message, especially as SolarWinds MSP (to be called N-able) marches toward its likely independence by mid-2021 or so.

4. Reinforce that SolarWinds MSP (N-able) Was Not Victimized: When he confirmed the rebrand from SolarWinds MSP to N-able on December 30, 2020, Pagliuca also made the following points about SolarWinds MSP's management under SolarWinds' ownership:

  • "We have a separate and distinct executive leadership team.
  • We have independent technical support, partner success, and sales teams, who provide resources and best practices specifically designed to help you best protect and serve your customers.
  • Our product and R&D teams have their own leadership, standalone roadmaps, and separate repositories and build environments."

Referring to the Orion Platform security incidents, Pagliuca added:

“I am committed to communicating with you early and often, and as of now, there is no new news based on our investigations—SolarWinds MSP products were not impacted. For the latest information, please visit https://www.solarwindsmsp.com/solarwinds-orion-security-advisory.”

Ramakrishna needs to reinforce those points to help give MSP partners peace of mind.

5. Take Unlimited Questions: SolarWinds is expected to announce Q4 2020 earnings around February 2, 2021, MarketBeat predicts. During that call, Ramakrishna and the SolarWinds executive team should maintain an open, extended dialog with Wall Street analysts who dial into the call.

Even if Ramakrishna can't answer every question about the SUNBURST and SUPERNOVA issues, he should put his best foot forward and keep the phone lines upon until every analyst question is presented.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.