When Recovery Takes Weeks: The Endpoint Problem With James Millington

[00:00:03] Welcome back to the Tech Talks Daily Podcast, where I'm in Miami at the iGel Now and Next event. And today we've got a conversation that really gets to the heart of what's changing in enterprise tech right now. Because beyond the big announcements and the buzz around zero trust and AI, there's a more uncomfortable question that is emerging. What actually happens when everything goes wrong?

[00:00:29] This is something that James Millington tackled on stage today. And it wasn't theory. It's a real-world conversation with organisations who suddenly realised that recovering their endpoints could take weeks, even months, not hours. So I wanted to sit down with James today while we're here in Miami, not just to talk about security, but to challenge some of the assumptions many businesses are still holding on to.

[00:00:56] And if your worst nightmare came true and so many different machines around your organisation were suddenly hit by something nasty, how useful would a big red button to halt that attack instantly? Well, good news for you. With a different mindset, you'd be able to do just that. But I don't want to give any spoilers away. So let me reintroduce you to my good friend James Millington right now. So a massive warm welcome back to the show. I think this is your hat trick of appearances on the podcast now.

[00:01:26] But can you remind everyone listening who hasn't seen our previous chats a little about who you are and what you do? Yes, and my name is James Millington, and I am responsible for product marketing and solution marketing here at iGel. There seems to be a real musical theme around the entire company that I don't know if you've picked up on here. But Mateusz come on today to, was it the Scorpions, Rock Me Like a Hurricane? I was talking to him about that. Templeton, he was talking about his love of the moody blues, as he does every year.

[00:01:54] And you spin the decks at this event every year. Are we going to expect the same this year? Indeed. So, yeah, I'm lucky enough to get the opportunity. We've got one of the most famous nightclubs in the world that we're throwing the party at. So it would be rude not to... Does that give you cool dad points or...? Probably not. Tell me a bit about what you were talking about today. Yeah, sure.

[00:02:22] So really, what was at the heart of my conversation was the conversations that we are having with customers, which is really showing just how far iGel has progressed from being just an endpoint operating system that gets you to maybe VDI.

[00:02:42] We've really gone becoming a platform that is central to how organizations are thinking about their zero trust. So as they're looking at technologies like Secure Service Edge and Secure Access Service Edge, technologies that link the user into the applications which have shifted from the endpoint, either into SaaS or into DaaS,

[00:03:07] those access technologies rely on and somewhat assume that the endpoint is also safe. And I kind of liken it to... It's like somebody's got the pass to the door short and they're scanning the badge, but they've got a backpack full of malware. IGEL, as a secure, immutable endpoint operating system, is now bringing the security to match SSE and to complement SSE and SASE,

[00:03:37] but bringing that endpoint along into that zero trust picture. And it is rising in importance. I think last year alone, we saw what happened with Land Rover, Marks and Spencers, the cost of failing to recover and recover quickly. And in your talk, you painted a pretty stark picture of recovery timelines, thousands of hours, weeks of efforts, even those that are well-prepared, those organisations that are well-prepared. Then we've got the rising cost of RAM as well, which is making things even more complicated.

[00:04:06] What surprised you most when you started digging into what endpoint recovery actually looks like in the real world? Yeah, so the shocking thing is just how little information there is actually out there and how little organisations have actually considered it. When we talk to them, we can spend hours talking about the data centre and all of the products that are in place, all of the active-active connections.

[00:04:36] Every customer can tell me the latency, the failover times, the recovery time objectives. In healthcare, we're seeing isolated recovery environments now becoming the norm, a completely separate set of information. So we can literally spend hours talking about that. And when you ask the question about, okay, so how's the user going to connect to that? It goes very quiet. And after a little while, somebody will say,

[00:05:05] well, we've got about 20 laptops in a cupboard. Or we're going to send somebody down to Best Buy or Curry's or whichever country you're in. It is that genuinely is a conversation. The organisations are not prepared. If you go to the analysts and you say, okay, show me your framework for business continuity and disaster recovery, it's all data centre. There is nothing about the endpoints. And we've asked the analyst, why is this? And we've been told, well, it's really difficult.

[00:05:35] And that just plays out with the organisation. So some of the conversations with customers, we've had this slightly awkward conversation. They've gone away and they've come back to us and said, okay, we've taken a look at this. It's going to take us two and a half hours per device. And the process here is that somebody has to manually visit because you can't turn on the machines or you can't boot them into Windows to try and remotely trigger something because malware. So they have to visit the machine, take it off the network,

[00:06:05] put it into a clean room, re-image the device, test it, put it back. And one customer told us that's a two and a half hour process. Okay, great. They had 2,000 endpoint devices. That was 5,000 person hours, 125 person weeks to get them recovered. Another conversation with a government agency, they went away, they came back and said, we can restore 1,000 endpoints a week,

[00:06:33] which we said, actually, that's really quite impressive. And they said, no, wait, we've got 40,000 endpoints. So 40 weeks to get back. So when you hear the news headlines about organisations being offline, rarely I think is it because of the data centre. It's because there isn't a process to recover the endpoints. They have been forgotten.

[00:07:00] And the solution that we have with IGEL Business Continuity and Disaster Recovery to enable organisations to either dual boot, install IGEL OS alongside Windows. If the company has a Windows strategy, that's where they're at. Fine. Install iGel OS alongside it. If Windows gets compromised, reboot the device, select iGel as the OS. And customers tell us, even if you just get my users back to Office 365,

[00:07:31] then that's a win because they're communicating then. We can organise. We can make sure everybody's got a response. We can get people reactive to customers. Ideally, though, they connect straight back into whatever their business continuity data centre solution is. So we get them straight back there. One of the things that we've announced, which is really exciting though, from a practical level, is called iGel Business Continuity and Disaster Recovery Emergency Mode.

[00:08:00] So in an emergency, up till now, there's been the challenge of, OK, well, we need the users to select iGel OS when it reboots. With emergency mode, the administrator will be able to hit a metaphorical big red button or big yellow button, as it should be. And they're able to send a message to every single endpoint, every single Windows endpoint, and tell it to reboot and lock it into iGel.

[00:08:27] So the user cannot accidentally reboot it back into Windows. So this is one of the pieces of feedback we heard. We don't want to have to rely on the users. You know, this is great, but we can't rely on the users. So with the emergency mode, on first report of something happening, it rarely does malware come in and then just immediately start locking devices.

[00:08:53] It sits there for ages and propagates around, waiting to do its thing. So if something gets discovered and there's a, we need to shut everything down, you can just reboot it into iGel OS, keep your users productive, and be able to keep everything safe. So this is one of the things I'm really excited about. Wow. And there'll be leaders listening all around the world that have been crying out for such a feature. Well, they can just hit that big red button, the get out of jail free call.

[00:09:23] Let's just halt everything straight away. So I know you've only just announced it, but obviously you're here with the big community at iGel. What kind of feedback have you had on this announcement? Everything that we hear around business continuity and disaster recovery. Like I said, the call to, I would say the call to action for your listeners is, have you actually thought about the endpoint recovery strategy? Yes, I know you've got your data center and you've probably done that. And that seems like all of the hard work.

[00:09:53] Actually consider, what are we going to do with the endpoints? Do we have a strategy? And is it beyond opening a cupboard with some old laptops in it? Have a serious think about it. The really interesting thing that's happened is when customers have gone away and looked at what the endpoint recovery process actually is, customers are coming back and saying, you know what? I think we should just run iGel by default anyway.

[00:10:23] So it's organizations looking at it and not thinking about designing for recovery, but instead designing for resilience. And the same question is, as I've probably said before, are you running Windows applications at the endpoint? If you're not running Windows applications at the endpoint, if you've moved to SaaS, if you've moved to a cloud-based workspace, if you've moved to DAS, even if you've moved to VDI,

[00:10:52] if you're not running Windows applications at the endpoint, you don't need to run Windows at the endpoint. Now, we understand it's never a one-size-fits-all. I've been in and around end-user compute long enough to know that. And there's always use cases. But look at those users that don't need to have Windows running. Look at the costs involved in running that Windows endpoint and have a conversation with iGel on how we can help.

[00:11:21] One of the really interesting developments for us over the last month was that Gartner published a paper just a month ago, which is centered around adopting immutable endpoints and replacing, as they say in the report, replacing mutable endpoints. Now, that terminology gets a little tricky, but if iGel is the immutable endpoint,

[00:11:49] we can all guess what the mutable endpoint is. So for us, it was a real validation of everything that we've been talking about. And having that third party, and iGel is named in the report, and it really does, it describes the enterprise endpoints as the most porous attack surface. So there's some really quite bold language in that report. It will be available very soon from the iGel website.

[00:12:18] So we'd definitely urge users, go take a look at the website, look for the Gartner report and download that. And for anybody that's been in end-user compute for a while, which is probably a lot of you, the listeners here, the only downside with the report is they've gotten a Lex to create their acronyms and their own terminology, and they came up with the Workspace Immutable Secure Endpoint, or WISE.

[00:12:47] I'd rather it hadn't been WISE, to be honest with you. Love's a good acronym. Well, yes, yes. And again, anybody listening with an EUC background is actually hopefully going to be having a giggle about that. But it's such an important conversation because most people, or a lot of people, not everyone, but work primarily in their browser. They don't need additional applications, etc. And also, I think there was a moment in your talk today

[00:13:14] where recovery almost feels like the wrong question entirely as you pivot to resilience. So at what point does an organisation realise that maybe they're asking the wrong question about recovery and what triggers that shift in mindset? Do you almost hear the penny drop as you get them to think differently? It's exactly what we're seeing. It's been really thoroughly fascinating of how when organisations are actually looking

[00:13:42] at solving the problem. And yeah, like you say, the answer here isn't a better recovery strategy. It's a better, more resilient endpoint strategy to begin with. And I put in my analogy into the keynote, which you can go to the iGel website and go watch the keynotes if you would like to, to get the full effect.

[00:14:10] But with everything that's happening in end-user compute, James Plouffe from Forrester talked about only about 20 odd percent of organisations are actually looking at zero trust and really understanding it. But we also have a lot of research that backs up that organisations are moving to SSE and SASE with solutions like Zscaler and Palo Alto who are here.

[00:14:39] And as they are doing that, as they are moving their apps to SaaS, as they're adopting Workspace ONE for the enterprise workspaces or Microsoft have a solution for that and Island have a solution for that in their secure browser. As they're doing it, I think that the end-user compute organisation is having somewhat of a eureka moment here at the endpoint that now we can do something different

[00:15:08] and we can make it better. You know, I jokingly gave the analogy in the keynote. You know, we've been, humans have been carrying heavy bags around for thousands of years and at the same time for 3,000 years we've had the wheel. Why did it take so long for somebody to put a wheel on a suitcase? It was that eureka moment. Well, I think with everything that we're seeing with the shift, the move to SASE, the move to SSE, the move to SAS,

[00:15:38] the move to DAS, now bringing along the secure endpoint OS, the immutable endpoint OS, is the end-user compute eureka moment where it's going to have this full transformation from the application deployment strategy of yesterday to a secure enterprise, SAS-based strategy for now and next. And there's also a strong link in your keynote between Zero Trust,

[00:16:06] SAS and immutable endpoints. Do you see immutable endpoints as almost the missing piece that finally makes Zero Trust practical rather than a framework on paper that's too complex or too confusing for many organizations? Yeah, 100%. And it's kind of like the, it's like the business continuity story and there's certain assumptions that are made, like we've seen, okay, I've done my data center, I'm good. And when you make people look again, it's like,

[00:16:36] oh yeah, I really do need the endpoint. With all of those changes, I think giving organizations that feeder of, oh yeah, we can do something different as well at the endpoint and there's a lot of benefits in doing that. That's what we're seeing. That's what we're seeing organizations making, looking at the endpoint differently, looking at a different solution, looking at actually, what is the endpoint doing?

[00:17:05] What does it need to do? And with the announcements that we've made on what you can now run securely, immutably on the iGel endpoint, of course, VDI and DAS connecting to that, the browsers, so and secure browsers, Palo Alto, Prisma, Island, anything that's Chromium-based essentially, with iGel native applications. Then we talked about the IMH,

[00:17:35] the IGEL managed hypervisor. We announced IGEL managed containers as well. So we're really growing the options that enterprises have to run secure workloads at the endpoint, whilst bringing a lot of benefits around security and ROI. So really reducing the cost of the endpoint, helping to take that budget and put it towards modernization. In your keynote, you also referenced some research

[00:18:04] that suggested by 2030, immutable workspaces could become the primary interface for a significant portion of the workforce. So looking ahead, what needs to happen between now and 2030 for that prediction to actually become a reality and what could slow it down? What are you seeing here or how do you see this evolving and unfolding? Yeah. Yeah. So it's arm in arm with the adoption of frameworks or technologies like SSE and SASE.

[00:18:34] They don't make sense if you're doing that still with an endpoint that's designed for the application deployment strategies of yesterday. Yeah. Hand in hand, and that's one of the great things that you see here at Now and Next is the partnerships that IGEL has. We've been talking about the preventative security model for the last couple of years and fundamental to that model is the IGEL-ready partnerships.

[00:19:02] So being able to run those core components of SSE and SASE as well that are needed on the endpoint, putting these together, working together with those partners so that we can take a joint solution, a fully baked solution to an organization and make it simple and obvious that this is the way to implement these new security strategies, application deployment strategies as we move forward. So I think that partnerships are key.

[00:19:32] Yeah, I'm glad you said that because I think looking around everything that I see and here, it's not just, hey, IGEL, everything. It is about the partnerships. Also about the community, I would say as well. And as you've immersed yourself in this environment for several days, what will you be taking away from the event on that long flight home? Anything you'll be thinking about or all the conversations and everything you've seen and heard? Yeah, I think community really is key to it.

[00:19:59] The expo that we've got here and all of the partners, the hum of the noise that's in there, the conversations that are happening, how everybody comes together, how things are, the expansion. So like organizations like Palo Alto are now in there. So we're really growing, growing the new application and deployment strategies, really growing that. And that's, yeah, that's what I'll take away

[00:20:28] is when you look at zero trust. So we're talking a lot about zero trust and people are trying to work that out. There's the key element of zero trust is it's not one product. It's not one company. It's bringing together everything to be able to secure those pillars of zero trust. And it really is coming together. Now and Next has really become that meeting point for all of these technologies to come together. And it is this community, I think, that'll be the thing

[00:20:58] that will make me smile on the plane on the way home. And I think that's a powerful moment to end on. I'll include links to everything you mentioned, including the research and everything. Wish you the best of luck in the Live Nightclub there. Any floor fillers that you're going to give us any hints on? Are you mixing it up? Any genres? Are you sticking with the Cuban and jazz theme? Or what are you going for? We're starting Cuban and jazz and we'll definitely end up in a big hands in the air house music. So it'll be great. I will speak to you then. Thanks, Neil.

[00:21:27] So a big thank you as always to James for joining me here in Miami and for bringing a conversation that I think a lot of organisations need to hear. One of the many things that stood out for me in our conversation is just how quickly the discussion shifts. Once you look at the reality, not the strategy documents or the plans on paper. Everyone's got a plan until they're punched in the face, as Mike Tyson famously said. But what actually happens

[00:21:56] when your systems go down and people need to get back to work? And thousands of people need to get back to work. So maybe the real takeaway from this episode is that the question isn't just how quickly you can recover, but whether you've designed your environment, your infrastructure, in a way that avoids that situation in the first place. As always, I'd love to hear your thoughts. Are you and your organisation still underestimating

[00:22:25] the role of the endpoint in resilience? Or are we finally seeing that shift happen? I like to think we are. So many big takeaways from listening to James today. I'd love to hear your thoughts. TechTalksNetwork.com There's over 4,000 interviews there. You can send me a message in so many different ways. And I am going to be very busy working overseas, tacking this podcast to as many show floors as I can over the next few months. So have a look

[00:22:55] at the events page. If you are attending any of these events, please let me know. We can have a hot coffee or a cold beer or a glass of water. Whatever works best for you. Let me know. It'd be great to meet up with you and hear your stories, your insights. But that's it for today. So I'll be back again tomorrow with another guest. But thank you for listening as always. And I'll speak to you tomorrow. Bye for now.