Digitization of Healthcare &Impacts on Multi-Cloud Security

,

vArmour and CMI Support Healthcare Technology

By Jeff Guenthner, CMI, & Dean Hickman-Smith, vArmour

CMI vArmour Logo StackLike many industries, healthcare is undergoing a full digitization – from actual services provided to electronic patient records. This trend is being driven by: customer expectations for digital healthcare services (75% of patients, according to McKinsey), new industry regulations (i.e. HITECH), the increasing competition in the healthcare marketplace to lower costs and the adoption of connected clinical devices – estimated to reach 59+ billion by 2020. While industry mandates (i.e. HIPAA Security) must be kept in mind, organizations need to adopt modern technologies in order to overcome these new security challenges – and avoid becoming the next Anthem or Premera. Let’s look at how vArmour DSS Distributed Security System can provide the security solution needed for today’s digital healthcare organizations.

vArmour DSS Distributed Security System provides broad and deep insight of workload-level traffic, putting customers in control to detect and remediate threats across multi-clouds. The broad nature of DSS exists because it works across multi-clouds (on-premises, or off-premises, bare metal, & hybrid models) and it is deep because it monitors and controls Layer 4-7 traffic, which is not seen by traditional perimeter security solutions. vArmour DSS captures workload traffic data and analyzes it to identify threats in real-time through a single, logical system versus managing and correlating across many different solutions to find one version of the truth. vArmour DSS is made up of a 100% API-driven fabric architecture, which fits into the scale-up cloud model of healthcare digitization, since 83% of IT executives report cloud utilization within their organization today. vArmour DSS also provides logical separation of PII vs. non-PII data via workload micro-segmentation at the hypervisor layer for compliance adherence, without the need to invest in or deploy a full blown software-defined networking (SDN) suite.

vArmour DSS fits very nicely into CMI’s Adaptable Data Center (ADC) framework when we consider security, monitoring and managing tenants. The vArmour solution is extremely agile and allows CMI to build in rock solid security solutions while transforming a client’s data center – instead of bolting on security as an afterthought. Healthcare is just one industry where we CMI and vArmour customers have found mutual solution success. CMI’s solution architects are able to listen to client’s needs, having the confidence that we can deliver on those needs leveraging our framework and security partners, like vArmour. Below is one client example:

When customers work with vArmour and CMI, they benefit from the joint efforts.

“Our number one priority is serving our patients with the best care possible, which means keeping their data safe with the most cutting-edge security solutions,” said Jon Russell, CIO at John Muir Health. “As healthcare is undergoing a massive digital transformation, with IT as the underpinning for this shift, we are forced to re-think our security architecture to protect patient information, without sacrificing speed of our service delivery.”

As mentioned previously, CMI and vArmour provide this new approach to workload-level security software, whether it is on-prem, off-prem of hybrid. Please take some time to immerse yourself on the ADC framework and contact us afterward to schedule a discussion on how vArmour and CMI can improve your security posture, starting with 12-months of free data center visibility from vArmour DSS-V.

Facilitating Communication Through Software

Integration Service Bus for Software Communication

People-Gears-Communicating-AdobeStock_90259576Ever find it difficult to communicate with someone? How about communicating with multiple people in multiple locations with disparate interests?  Wouldn’t it be nice to have a utility service that could ease communication between you and other parties regardless of who, what or where? An organization’s IT applications experience the same challenges and, for your enterprise’s data center to function at an optimal level, it needs a facilitator service.  While there currently is not software that can help ease your human communications, there is software for your data center to help the applications communicate in house and in the cloud. Integration Service Bus is a communication method between mutually interacting software applications and operating systems.

 

The analogy of a “service bus” is often used to describe the communication facilitation that is provided with integration service. It is a general purpose concept to help describe the implementation of software components. These services, through Integration services, seek to independently deploy and, run disparate information within your network.

 

There are many advantages to using an Integration Service Bus. Following are some key highlights for this service:

  • Provide transport of database activity.
  • Adjust for various database types and architectures.
  • Adhere to data validation and referential integrity.
  • Detect and respond to database collisions.
  • Support industry standardized application plug-ins.
  • Integrate Java based customizable extensions.
  • Queue transactions for planned and unplanned outages.
  • Able to consume application APIs and endpoints.
  • Subscribe to security compliancy.

 

CMI’s Adaptable Data Center framework positions the Integration Service Bus to link applications, data and devices in hybrid environments.  Environments that have historically been self-contained are able to respond, populate and interact with localized and remote events and activities. The Integration Service Bus interprets, translates and delivers informational activity beyond the localized environment to broaden the scope of reach within the Adaptable Data Center framework. Therefore providing on-premise and/or cloud-based applications with the information to keep the business processes up to date with activities as they occur.

 

While we cannot ease your communication with others, we can certainly ease your software applications communications. Whether they are communicating in the enterprises’ in-house data center or in the cloud, CMI has solutions to make each part of your data center communicate smoothly for highest efficiency for today and tomorrow.

Risk Management and theAdaptable Data Center®

,

How to Leverage Security in the Adaptable Data Center®

John Wondolowski, CTO at CMI, discussed in his recent blog how the CMI Adaptable Data Center® framework is based upon an Enterprise platform that fuses together legacy I.T. assets with future I.T. assets. It can also securely and seamlessly leverage cloud-based services. Taking into consideration the continued evolution and clearer definition of security roles and responsibilities, it is key to see how the Adaptable Data Center® can assist your enterprise with information security governance and good risk management practices.

COBIT and NIST frameworks define the basic desired state of security for most organizations as:

  • The assessment of risk is a standard procedure.
  • Responsibilities for security are clearly defined.
  • Responsibilities and standards for continuous service are enforced.

Find the Desired State Through the Adaptable Data Center®

A good security strategy is key to success but it is not the only success criteria. By using the CMI Adaptable Data Center® framework, organizations can focus attention on the desired state. This, in turn, drives attention to business critical functions that create the strategy needed to win by including the people, processes and technologies, organizational structures, culture, services, skills, competencies and regulations in the definition.

risk management_cycleRisk management can mean different things to different people. In this instance, we are working from the ISACA definition, which states:

“In practical business terms, risk management means risk is managed so that it does not materially impact process in an adverse way, and that an acceptable level of assurance and predictability to the desired outcomes of any important organizational activity are provided for.”

Risk Assessment

Given the above, once the desired state is agreed upon using the CMI Adaptable Data Center® framework, the next important task is conducting a risk assessment. A risk assessment helps identify known vulnerabilities and identify weaknesses in the people, processes and technology in the desired state. Once identified, the impact of these can be prioritized based on the importance and value of the affected assets (information assets and/or physical assets alike) and appropriate security controls and countermeasures can be designed to mitigate the identified weaknesses.

It is widely accepted that all organizations need to take steps to protect the Confidentiality, Integrity and Availability (CIA) of their information assets. Utilizing the CMI Adaptable Data Center® framework and following sound risk management practices will help lower the probability that a threat source will be able to exploit a vulnerability. Mitigating threats and vulnerabilities greatly reduces their negative impact to the organization which can include service level agreements (SLA) violations, and financial loss.

Feel free to comment below or ask a question – CMI can help with all aspects of your information security needs, from a full security review to a penetration test, gap analysis, vulnerability assessment or complete landscape redesign. We are your Adaptable Data Center® team.

IT for Business Driven Outcomes

Service Level Agreements in the Adaptable Data Center®

AdobeStock_57090090-[SLA-wordart]The CMI Adaptable Data Center® Framework is designed to help I.T. Executives successfully deal with today’s challenges in a way that sets the stage for solving tomorrow’s challenges. It helps I.T. Executives move into the role of “Brokers of Capabilities” in which they can leverage their base platform (of people, process and technology) to meet business needs quickly and effectively through Service Delivery in an “as a Service” model.

There, I have accomplished my first goal for this blog:  using “Brokers of Capabilities” and “as a Service” in the first two sentences. Now I move on to my second goal:  help our clients use their Information Technology assets (people, process and technology) to manage toward business-driven outcomes. The CMI Adaptable Data Center® Framework is fundamentally based upon an enterprise platform that will fuse together legacy I.T. assets with future I.T. assets in a manner that can securely and seamlessly leverage cloud-based services. This approach will enable I.T. Executives to make decisions on capacity expansion, application lifecycle management, and introduction of new technologies in a way that will greatly reduce risk of obsolescence. The platform provides the agility and scalability that can be the foundation for nearly any new business challenge.

Equally importantly, the Adaptable Data Center® Framework is designed to protect the I.T. Executive from unplanned issues with end user experience in the delivery of the services – both new and existing services. I.T. Executives have grown up with Service Level Agreements (SLA). SLA’s, for the most part, are used to set the end-user’s expectations for their experiences in the delivery of services from the Data Centers to their eyes and fingertips. While that is a difficult and complicated task for I.T. Executives, with many points of failure or delay outside of their control, their job has been to control what they can control and clearly define what is outside their control (and pray that what is outside their control does not fail). In today’s world the balance of “what they can control” vs. “what they cannot control” has shifted significantly. The use of various Cloud Services, Outside Providers and other Third Parties have made ownership of the traditional SLA enormously challenging.

We believe it is time to rethink the “traditional SLA” and expand it to the actual perception of the business stakeholders. I.T. Executives can point to 99.999% uptime last month but if their stakeholders do not have the applications that they need, or they do not have the computing power they need, or they are constantly finding limitations on data storage imposed on them, they will put the great availability metric at the bottom of their evaluation list. If the C-Suite is frustrated by the amount of time it takes for I.T. to integrate a recent acquisition, they will not care at all about the fantastic uptime of SAP (or any other system). If the Marketing V.P. is under tremendous pressure to match digital campaigns with sales but there is no integration between their Cloud Based Digital platform and the legacy e-commerce system … well you get the picture by now … “meeting traditional SLA’s will not matter.”

Unfortunately for the I.T. Executive the new world order does not mean that “traditional SLAs” are not important. For anyone who put all their attention on solving the other business challenges described above and as a result had two significant outages of the ERP system in the past month, those unlucky souls now know that the “New SLA” is not entirely new as the “Traditional SLA” is still vitally important. The New set of Service Level Agreements are much broader than Service Availability and include all of the business challenges outlined above and many more. The practical use of SLAs has always been to set expectations and manage expectations of stakeholders in the delivery of services. That practical use has not changed at all, but the number of dimensions that impact SLAs in today’s Enterprise I.T. has increased substantially. Today’s reality in Enterprise I.T. is that meeting expectations of your end users in terms of availability, reliability, resiliency, redundancy and agility would be impossible without a sound foundational approach to harmonizing all of the different service delivery mechanisms. The Adaptable Data Center® Framework is focused on providing that platform that can integrate the service delivery capabilities of Cloud, On-Premise and other Third Party providers. In addition to simply pulling the various service delivery sources together, the framework enables SLA visibility in the heterogeneous “as a Service” model by including application and data integration, application performance monitoring and management, and delivery cost visibility and predictability.

While the challenge of meeting the “new SLA” requirements in today’s Enterprise I.T. is daunting, I.T. Executives must find a way to build a platform that will allow them to become “Brokers of Capabilities.” This approach will help them build a full “as a Service” delivery ability that they can utilize to finally truly manage toward business outcomes. When it comes to managing expectations of stakeholders (the role that SLAs play), there is no better way to accomplish that then managing toward business-driven outcomes.