SolarWinds CEO on Building Trust After Breach, Unifying IT and C-Suite, and GenAI Future
The company stands on solid financial ground even after a massive breach four years ago shook the tech community. SolarWinds CEO Sudhakar Ramakrishna tells InformationWeek that his “against the grain” approach helped rebuild trust.
Sudhakar Ramakrishna was just days into his new role as SolarWinds chief executive officer when news broke of a historic nation-state hack targeting his company.
During “SUNBURST, ” a cyberattack spanning nearly two years targeted SolarWinds’ flagship software platform, Orion. The attack struck several US government networks, including the Departments of Commerce, Energy, Homeland Security, State, and Treasury. The 2019 attacks were revealed in December 2020. The US suspected Russian state actors were behind the breach.
In the ensuing fallout, the US Securities and Exchange Commission (SEC) filed a civil suit in October 2023 alleging the company and its CISO, Timothy Brown, had committed fraud by failing to disclose the breach sooner. In July, a federal judge dismissed most of the charges in the lawsuit.
When Ramakrishna first walked into the SolarWinds offices in January 2021, he faced some tough decisions. The company in 2021 shed a large portion of its workforce in a spin-out of the N-able business, going from a headcount of 3,340 to 2,147. An observability and IT management software firm falling victim to one of the biggest cyberattacks in history took a toll on reputation and customer trust as well.
Rebuilding Trust After Catastrophe
Fast forward three years to the present date, and things are looking brighter for SolarWinds. The company’s most recent financials showed a strong third quarter 2024, with revenue of $200 million, a 6% year-over-year jump. Total annual recurring revenue for subscriptions leaped 36%. The company added to its headcount this year as well, bringing the total to 2,305.
“The trust of our customers and partners is something I would never take for granted,” Ramakrishna tells InformationWeek in a live interview. “I think the reason we won back trust is that today we are known for the company we have become, versus what happened to us in 2020. The reason I think we got to this point is based on transparency when the incident happened. While it could have happened to anyone, we took responsibility. We did not deflect blame on anyone.”
Despite best efforts to move forward, the Sunburst incident keeps drawing headlines. Just last month, the SEC fined four SolarWinds customers with penalties ranging from $990,000 to $4 million. The fresh actions dig up old wounds for SolarWinds as it continues to try to move forward.
Ramakrishna says it’s hard seeing SolarWinds grabbing headlines for SUNBURST again “because there is so much more positive stuff that’s going on with us -- on the business side, the product side, innovation, customers and results.”
As for maintaining trust, he says, “We earn the trust of our customers every day. SUNBURST almost never really comes up when I discuss things with customers. When it does, it’s in the context of how we can apply the lessons you learned in our environment.”
Ramakrishna says that the most recent quarter showed customer retention of 97%. “That is an indication of trust."
Standing Up for CISOs
The indictment and prosecution of former Uber CSO Joe Sullivan sent shockwaves through the security community. In 2022, a federal judge sentenced Sullivan to 3 months’ probation and a fine for his response to a 2016 cyberattack that exposed millions of Uber customers’ data. For the first time, the government was coming directly after IT executives.
When SolarWinds’ Brown was named in the SEC’s lawsuit, many CISOs saw it as a continued trend of scapegoating security executives. Instead of placating calls to fire Brown, SolarWinds shot back at the SEC publicly, denying the allegations and accusing the agency of victimizing victims.
“One of the very first decisions I had to make was, ‘What do we do with Tim,” Ramakrishna says of Brown. “The way I thought about it was it was not an incident caused by one person. That’s an incident that many attribute to a nation-state attack … so, it takes a village, as they say, to keep the company’s assets secure. I don’t think we should be in a world of scapegoating. We should be in the world of learning, iterating, and improving.”
Ramakrishna says his decision to back Brown went beyond SolarWinds.
“As much as I care about SolarWinds, I also care about the tone we set in the industry as a community … are we going to be in a world of scapegoating, or a world of progress? It was a little bit of a ‘go against the grain’ decision, because I could have taken the simple route. But I would still make the same decision today.”
He says he felt vindicated for his stance after the federal judge dropped most of the charges in the case. “I felt very strongly that we were trying to do the right things.”
Sullivan, who is now an independent consultant and speaker, applauded SolarWinds and Ramakrishna for standing by Brown.
"I think he is a role model for all CEOs," Sullivan says in an email interview. "CISOs do not operate in a vacuum -- they are part of an executive leadership team that should stand together on risk decisions that are shared decisions. It is all the more impressive that Mr. Ramakrishna was not the CEO when the incident happened but has operated with such integrity."
SolarWinds’ Effort to ‘De-Silo’ IT
Coming out of the SUNBURST incident, the company needed to focus its attention back on its business. Ramakrishna believes emerging technologies and strained budgets are causing IT departments to become siloed, hindering C-suite communication.
“No matter the size of the enterprise, there are far fewer people today … in terms of being able to manage their IT environments, which are exploding into the cloud. The number of applications that a common enterprise is managing is increasing, and complexity is increasing. And nobody is saying their IT budgets are increasing -- at best case, they are flat.”
SolarWinds’ IT tools aim to help bridge the gap and de-silo the IT department for more efficiency, Ramakrishna says. “We have discovered that it’s not sufficient to say that there is a problem. It is more useful if we can say not only that there is a problem, but there’s a way to solve it or even better, to predict it. That is the journey and continuum that we have put ourselves in and when you do that, you’re actually naturally de-siloing an organization. ”
GenAI and the Future
The ChatGPT-fueled generative artificial intelligence (GenAI) boom of the last two years has greatly impacted all aspects of the technology sector. Ramakrishna offered insights on how companies can home in on a return on investment that has been elusive for many.
“With any new, exciting technology with a lot of prospects, you have to go through the hype cycle,” he says. “We have taken a pragmatic approach to AI at large and also GenAI -- we’ve been investing in GenAI since about 2021 … Our focus has been on the observability space related to AIOps [artificial intelligence for IT operations] and how we help customers detect issues faster. How do we help them classify issues faster and how do we help them solve issues faster?”
He says the company is trying to boost ROI for clients by offering enhanced productivity and more efficient problem solving through observability. “You can classify it as a more deliberate approach to AI in general. I believe in 2025, there will be a lot more focus on tangible ROI from AI projects. It gets back to the fundamentals of running a business and our role is to help customers with this notion of AI observability. We manage and observe infrastructure … which can be traditional data center infrastructure, cloud infrastructure, and increasingly, data centers with AI-enabled infrastructure.”
Those solutions, he says, have increasing needs for observability to optimize and provide ROI.
Ramakrishna offers a sunny outlook for the tech industry.
“I’m very optimistic, not just about the industry’s future, because I think the industry continuously evolves … but I’m also very optimistic about the SolarWinds platform that we have built… Some of the things that have happened to us in the past have been used as a foundation to leapfrog into the future.”
Read more about:
RegulationAbout the Author
You May Also Like