Upcoming Webinar
Understand How Your Peers Approach AD Forest Recovery
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
Unlocking the Secrets of App Security!
In this episode of UnplugIT, Stephen Rose talks to IT expert and technology engineer Sean Hurley about how to secure apps in the cloud.
Essential Eight + Microsoft 365 Backup Compliance
This download allows you to demonstrate exactly how the technology you use keeps customers covered and compliant.
UK Ransomware Guidelines + M365 Backup Compliance
This download allows you to demonstrate exactly how the technology you use keeps customers covered and compliant.

An Interview with Microsoft Azure CTO Mark Russinovich

Mark: [Another great Azure story] is Microsoft StorSimple, which is basically creating a bottomless storage appliance on prem. Basically using the cloud as a tier for storage but, again, it’s encrypted. You’re caching the local stuff on a local appliance. It’s not only serving as a tier for cache, basically cache with a bottomless storage, but also, then, serving as a backup for that data, as well.
I mentioned Azure Site Recovery. That’s another way you can orchestrate DR through the cloud. If you’re worried about ever pointing DR to the cloud you can, of course, just take Azure Site Recovery and DR between your own two on prem locations or you can DR to the cloud.
Again, it’s not putting your mainstream production workload at any more risk than it would be under already because you’re serving the primary off prem. If that primary fails, the options are: Go over to the cloud, where you’ll get service back, or be out of service if you don’t want to invest in a second on prem site.
Those are some of the great ways that people can get started and get familiar with the cloud.

Jeff: I’m going through all the stuff that you just mentioned. When you really step back and think about it, it’s amazing the level of technology development over the last 5 to 10 years, whether it’s how advanced virtualization has gotten and how much the cloud has come onto the scene. Maybe this is a great segue into a retrospective. You founded the company Sysinternals in 1996, correct?

Mark: Yeah.

Jeff: From the mid to late ’90s, from what IT was then to what it is now, you’ve seen the industry go rom Windows 95 all the way up to what we’re doing today. Do you have any thoughts on that evolution? Are there things that have surprised you, that you never really expected would happen? There’s been strong growth in some areas, more in the consumer and the general technology space. And years ago everyone thought we’d be flying around in jet packs, and flying cars, and that sort of thing….

Mark: [Laughter]

Jeff: It’s the same thing in IT. Maybe in the mid ’90s there were certain things people thought would happen in IT but never materialized, but things like the cloud that came up that maybe people weren’t expecting as much?

Mark: Yeah, the cloud…If you go back to what Larry Ellison was talking about, the network computer, you plug it in and IT is just a utility service, that was back in the mid ’90s. That was obviously way too ahead of its time, like some of the mobile devices that were being released in the late ’90s that were striving to be something like an iPhone but the technology wasn’t there to support it. Then, 10 years later, it was.
The ideas and the technology met to allow the creation of such a product, that were delivering on the promise that the ideas had. I think cloud is similar to that.
Cloud has been something people have been pushing or wishing that we could realize. It took that maturation of IT processes, software, hardware to get to the point to actually deliver.
One of the key aspects of what these clouds are built on, they’re all built on virtualization. If you look, virtualization really started to take off at the very end of the ’90s and into the 2000s.

It’s taken a while for it to mature to the point where it could really run massive enterprise grade clouds on virtualization. Not just physical machine virtualization, but network virtualizations also advanced a lot in the last 5 to 10 years, and that’s a key aspect of the cloud, as well.
Actually going back to the late mid ’90s, those are the days when people would walk around with floppy disks to recover their Windows NT systems. There are still a few people out there doing that for their really precious systems but for the most part that is not the way people manage their endpoints anymore, manage their servers or the client systems anymore.
Anybody knows that if you really want to have a highly managed IT environment that any particular workstation, there’s no data on that workstation that you care about and if you need to, if it starts to act funny you just reimage it. You don’t reimage it by walking around with CDs anymore. You reimage it by using remote reimaging capabilities.
It’s the same thing now with the role of IT, and [IT columnist and author] Mark Minasi (@mminasi) has really captured some of this really well because he talks about this very same point. In fact, in the ’90s IT pros were configuring servers and having to set jumpers on PCI ports to set interrupts so that the system would work at all. They were walking around with floppy disks and imaging servers that way.
They’re not doing that anymore. It’s not like the removal of those tasks has made their job any less busy. They’ve found other things to do. Obviously, they’re more valuable now than doing those things.

Related: Mark and Mark Discuss the Cloud and Other Matters of Importance [ Video – TechEd Europe 2014]

Jeff: Yeah, it’s funny. I remember. Years ago, I used to write for Computer Gaming World magazine in the days of MS DOS gaming. I remember writing a review of a PC game called Strike Commander that you needed the latest PC hardware to run. You also had to literally do this fine surgery on your autoexec.bat and config.sys files to make sure that you loaded the exact amount of memory so the thing would even boot, so the article had a sidebar showing you how to do that. It’s definitely come a long way.

Mark: I remember getting sound cards from CompUSA, Circuit City, whatever it was back then. Bringing them home and then having to play, let me try IRQ3. That’s not working. IRQ4. Now the sound card’s working but now the video card’s not working.

Jeff: Oh, yeah. Those were fun days, that’s for sure. So we’ve talked about some positive trends with the cloud and virtualization, and I know you’ve written quite a bit about security. You’ve also written some fiction novels about [IT security] as well. So now that we’ve discussed some history, maybe we could also discuss some of the negative trends we’ve seen in IT over the last 10 or 15 years?

Mark: [Security] is a negative trend just because IT hasn’t kept up with the negative aspect of security. That is what the world has been shifting over the last 10 or 15 years security-wise. IT has been slow to recognize and adapt to it.
The days of perimeter defense where IT saying: “I’m going to create the firewall and the DMZ and everything’s cool.” The effectiveness of that approach ended a long time ago, but you still are hearing people talk about it and see talks at security conferences [reminding people of that.] “The DMZ is dead. The perimeter is dead. The threats are now everywhere.”
The fact that that’s still a compelling title or abstract for a talk today shows just how slow the industry has been to adapt to that reality which has been there for a long time now.

Jeff: Yeah, that’s true. Shifting gears a little bit. There’s a lot of stuff that’s happened that we’ve talked about. There are all these great trends in virtualization and the cloud. There have been some amazing technological advances in IT over the last 10 or 15 years.
When it comes to the system administrator, the line IT professional who is implementing all this stuff and in the trenches making it all work, their role and responsibility has changed dramatically, also. Getting back to what we discussed a little bit earlier, if you had a friend or a family member who has just graduated from college, wants to go into IT and IT management, what two or three things would you tell them? What do you really need to focus on to advance your career and look at IT the way it is today rather than the way it was 10 years ago?

Mark: Obviously, I would tell them that they need to get familiar with the cloud. I think that the people that are going to be most valuable for IT and that companies are going to be looking for are the IT professionals that can help them get from on prem to the cloud or bridge on prem to the cloud.
The key aspect of that is networking. I think that network administrator, network engineers are going to be sought after as these complex connections between on prem and the cloud.

Another part of it is what you’re going to see more is this trend that people call shadow IT, which is the business going around IT and going to the cloud. IT needs to figure out how to not get in the way of going to the cloud but how to make sure that the business is doing it safely.

I think that really, when I fundamentally look at the role of IT, it’s shifting from infrastructure provider to governance and that focus happening. IT has always been about governance but the governance part has really been second seat to infrastructure management and deployment. Governance came riding along with that.
I think that the focus now will switch to governance, especially as you have the sprawl in the cloud. Keeping track of data and data classification. Making sure, especially as you’re moving and you’ve got policies around what data can be on prem versus the cloud. Data sovereignty issues, especially with global companies.
When you’re handling customer data where they’ve got their own requirements or your own business has requirements that are being regulated from the outside about where data can be.
If IT’s not figuring out how to play a helpful role in governance, one that is not interfering with the agility that the business is finding in IT then they’re just not going to be relevant.

Jeff: I’ve only got one more question. This is more related to the stuff you’ve been working on more on a personal basis. You’ve written three fiction novels to date, and I’ve heard that maybe one of those was optioned to be movie? Maybe if you could just give our readers a quick update on the latest in that area? I reviewed

Mark: I’ve written three now. Three novels. The first one was “Zero Day.” The second one “Trojan Horse” just came out in 2012. Then the third one just came out in May, called “Rogue Code.”
It’s actually, I think, the best one. It’s the one I’m most proud of. It’s, I believe, extremely timely. In this one, there’s a crime cartel that’s planted somebody inside of the IT system of the New York Stock Exchange. Over several years they’ve worked their way into a position where they’re able to deploy software into the training engine.
The crime cartel then uses that position to inject malware that is then skimming trades to make a lot of money. Of course, our protagonist Jeff Aiken, is called in to do a pen test on the exchange and discovers that malware sitting there. The story then unfolds as he is realizing the scope of what he’s found.
The crime cartel, they, of course, learn that he’s on to them. The race to stop a massive, final heist that they’re after as they decide to pull out.
High frequency trading has been in the news a lot. It’s very coincidentally, Michael Lewis’ book “Flash Boys” came out just a month before Rogue Code did where the book focuses on high frequency trading and how he believes that HFT, which is basically…I call it digital front running. It is actually enabled by, many times, the exchanged pumping the front running through special order types.

The simplest form of the front running is I make a trade on this exchange here. HFT systems see that. They run to another exchange using high speed algorithms and network connections to make trades on that other exchange in anticipation that my order’s not going to get filled or the price is going to change based on what I just did. Now they can take advantage of that in this second exchange.
Of course, there’s the order type aspect of it, which is they can place orders that sit in a queue that then, when those orders execute, they basically their detection of activity of a particular stock at a particular price. They can cancel then orders that are sitting in the queue or they can jump the queue using special order types to get ahead of other traders.
All of that is the background for Rogue Code and how the criminals can sit and hide in that gaming of HFT to go undetected.
Of course, some of the themes. There are insider threats. I also describe in some detail the security system that I would imagine players like the New York Stock Exchange have of jump boxes and segregated networks and show how the hackers and Jeff manage to get from one side to the other.