Anne Baker Podcast Transcript
Anne Baker joins host Brian Thomas on The Digital Executive Podcast.
Welcome to Coruzant Technologies, Home of The Digital Executive podcast.
Brian Thomas: Welcome to The Digital Executive. Today’s guest is Anne Baker. Anne Baker is the Chief Marketing Officer of Adaptiva, a global leader in autonomous endpoint management. Adaptiva works with a majority of the Fortune 500 and is dedicated to delivering the fastest way to patch and manage endpoints at scale.
In her role, Anne heads up Adaptiva’s marketing initiatives worldwide, leading growth programs and driving market awareness of the company’s autonomous endpoint management products. This year alone, Adaptiva has partnered with CrowdStrike, Microsoft Defender, and Insight to fortify endpoint security through streamlined and automated patch management solutions.
This is a world and knows a lot about she spent more than 25 years of technology marketing experience at high growth companies. During her career, she was head of worldwide partner programs at multibillion dollar analytics and AI company Teradata, where she drove go to market activities with AWS, Google and Microsoft, as well as the hundreds of partners in the Teradata ecosystem.
Well, good afternoon, Anne, welcome to the show!
Anne Baker: Thanks. It’s great to be here, Brian!
Brian Thomas: Absolutely. I appreciate you making the time hailing out of the great state of Washington there in Seattle, beautiful city as I’m over here, eating some barbecue in Kansas city. So again, do appreciate you making the time let’s jump right into your first question and.
As chief marketing officer of endpoint management leader at Aptiva, can you talk about the importance of keeping organizations safe from cyber-attacks in the wake of July’s CrowdStrike outages? Sure. Yeah, it’s a scary time to be an IT and security operations these days. Brian, you know, it seems like every day we’re hearing about companies being breached or attacked and vulnerabilities and risks continuing to grow and the IT and security teams are faced with a mandate right now to reduce those risks.
Anne Baker: But with 90 percent of attacks starting on endpoints and devices. Unpatched devices still remain one of the greatest risks to an organization. So for many years, patching and patching aggressively has been one of the key ways for organizations to stay safe from cyber-attacks. But what we saw recently is that patches can cause some problems, too, right?
A bad patch can have pretty, Dire consequences as we saw with the July CrowdStrike outage, deploying one bad patch there led to, you know, a pretty significant, I think over 8 million devices going offline and that included banks, hospitals, and more. And so, when it comes to keeping organizations safe, we shouldn’t slow down.
We still need to patch, but we have to make sure that we’re striking that balance between patching aggressively and maintaining safety and security and the customer experience. Absolutely. And being in technology myself and being very well versed in change management, you can never over test, never over communicate.
Brian Thomas: There’s a lot of controls that should be in place for these sorts of things, but we all learn a lesson from it. And I think it’s great. And I appreciate what you’ve shared this evening. And, and business leaders want to do what’s best to protect their organization’s security posture. And there’s some discussion on whether manual or autonomous patching is the safest route to take.
Why is moving back to manual patching a bad idea and how does automation offer a better path forward? You know, I completely understand after things like the recent outage, the public has sort of a knee jerk reaction that maybe we should slow things down and wait for certainty before we patch, but there’s, you know, there’s no certainty in life, Brian, and, and we can’t wait for things to be perfect before we act.
Anne Baker: So, especially when last year, I think there were over 26, 000 new vulnerabilities disclosed and detected and 25 percent of the highest risk ones were exploited on the same day they were published. So. Manual patching just can’t keep up with that. The number of attack surfaces that organizations have to protect against now far outnumbers something that a, you know, humans can handle on their own without automation.
And, and that’s why we’re really seeing automation become a must. But automation with the necessary controls in place is key. Moving fast, but moving safe is the way that we really can keep up with today’s threats. Absolutely. There’s no way we can keep up doing the things we used to do in the past manually.
Brian Thomas: We have to start automating a lot of things. We just need to ensure there are those controls in place, as you mentioned. So I appreciate that. And then, and how can automated patching solutions help prevent widespread issues like the recent CrowdStrike related outages? If automated patching is done well, it can offer both speed with control.
Anne Baker: You know, we believe that you, organizations should be able to set their patching rules, and then let software really do the rest. And, you know, things like the CrowdStrike outage taught us that With automation, if you can roll things out in waves, that really helps minimize the risk of patching while still patching aggressively.
So, you know, for example, deploying a first wave of patches to a test group of non-critical machines first, and then waiting for those patches to be validated as safe before going to the next group. That kind of wave approach to a rollout can really help to allow you to patch with speed, but do it in a controlled way.
So, if patches break things, which they often do, you have a very limited number of devices that will be impacted. And you have the ability for human to intervene before it goes wide at scale across your enterprise. And that’s just very well spoken. Again, my background being a lot of change management, deploying patches and code and that sort of thing.
Brian Thomas: Again, you never can be too cautious and you never can plan too much, but obviously there’s ways to do that. You feel the pain of patching, Brian, I know. Absolutely. And what key lessons should organizations take from recent outages and how can these inform their approach to patch management? You know, I have three kind of key lessons I gleaned from some of these recent outages.
Anne Baker: The first is, you know, don’t slow down. Patching should remain a top priority for every organization. Just slow manual patching, reactive patching actually presents more risk than it does benefit. And so I believe it’s much riskier to patch too slowly than too aggressively. So, we shouldn’t let these outages make patching aggressively.
We still want to do that. Number two is get proactive about putting those guardrails in place to make automation work with control. My sons are just starting to drive right now and I tell them it’s okay to go fast but you never want to go out of control and I feel the same way about patching and so Selecting patch automation solutions that let you do things like the phase rollouts I was just talking about or having multi step approval workflows before you roll out a patch can help really reduce that risk tolerance.
And then perhaps most importantly, you know, the ability to pause, cancel, roll back patches when a bad patch happens that can really give you those Checks and balances to take a moment and repair or remediate an issue before it becomes a wide scale problem. The third and final lesson, it’s kind of interesting, but this recent CrowdStrike outage, you know, it shows you even some of the most secure companies in the world, bad things happen, right?
A quality control issue can happen and suddenly you find yourself in the news. And I think it’s about how you respond in those times that really counts. And we saw CrowdStrike be very transparent. Very quick to respond. And for me, that says a lot about how you’re able to retain trust with your customers and the people that you impact.
And so, learning again how to respond in a very authentic way and keeping customers top of mind in those bad times when things go wrong is a key lesson that we all can take from that whole outage. Absolutely. And this is really like a patch management one on one podcast, I feel, but it’s so needed.
Brian Thomas: And I do appreciate your insights. And last question of the evening, any final thoughts for our executive audience? Any key takeaways on how to stay safe in today’s digital landscape? The, you know, the events of the past month have been pretty unsettling for a lot of folks in the IT and security space, but it’s crucial for every organization and leaders in in organizations to make decisions based on logic rather than from a place of fear and uncertainty.
Anne Baker: So, while we know and we’ve witnessed that mistakes happen and patches can break things, business leaders just need to continue to execute, but in a way that just reduces risk. We’re never going to be able to eliminate it completely, but if you can prioritize measures that both reduce your chance of an attack, but also prepare proactively to constrain a bad patch from, you know, having a larger impact, that’s really going to be key.
We really want people to think about how automated patching with the necessary controls can be the right path forward. And I think during this time, every security and IT organization should be asking themselves, am I patching wrong? And what could I do to be better? Now’s the time to be bold and really look for new ways to maximize patching velocity, but do it with both speed and control.
Brian Thomas: Very well put and I appreciate that wrapping up a great little soundbite for our audience this evening and I just want to let you know, it’s been such a pleasure having you on today and I look forward to speaking with you real soon.
Anne Baker: You too, Brian. Great meeting.
Brian Thomas: Bye for now.
Anne Baker Podcast Transcript. Listen to the audio on the guest’s podcast page.
