CSC World Spring/Summer 2013


Published on

Unser weltweites CSC-Kundenmagazin.

Published in: Health & Medicine, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

CSC World Spring/Summer 2013

  1. 1. Spring/Summer 2013 WORLD Intermountain Healthcare’s Cybersecurity Challenge INSIDE 5 Steps to Enterprise Cloud Why Data Is the “Next Big Thing” Your Driver’s License Is Obsolete 3D Printing and the Future Factory New Healthcare New Risks Intermountain’s Marc Probst, CIO
  2. 2. The old “do it yourself” approach to cybersecurity leaves you vulnerable to today’s sophisticated attacks. Attacks that can come from anywhere in the world and at any time day or night. Attacks that make you focus less on your business strategy and more on getting your reputation back. What you need is a partner that monitors the globe day and night looking out for you — armed with advanced abilities that can recognize a dangerous threat in the midst of the white noise. And, the capability to protect you before the attack gets to your doorstep. Change the model and run your business on your terms. Get CyberconfidenceTM , with integrated global cybersecurity solutions from CSC. Learn more at CSC.COM/CYBERSECURITY. ADVANCED THREATS DEMAND ADVANCED TECHNOLOGY
  3. 3. 1SPRING/SUMMER 2013 | CSC WORLD DIRECTOR, GLOBAL BRAND & DIGITAL MARKETING Nick Panayi EDITORIAL DIRECTOR Patricia Brown Senior managing editor Jeff Caruso Senior editor Chris Sapardanis Contributing Writers Jim Battey Dale Coyner Peter Krass Jenny Mangelsdorf Art director Deric Luong Design & production Creative Services CSC­­­ Global Headquarters 3170 Fairview Park Drive Falls Church, VA 22042 United States +1.703.876.1000 CSC WORLD (ISSN 1534-5831) is a publication of Computer Sciences Corporation. Copyright ©2013 Computer Sciences Corporation All rights reserved. Reproduction without permission is prohibited. Comment on what you’ve read in CSC WORLD at Or write: CSC WORLD 3170 Fairview Park Drive Falls Church, VA 22042 USA The IT transformation that will touch us all If you want to find a poster-child for an industry that has been fundamentally transformed because of the recent shifts in enterprise technologies, look no further than healthcare. IT professionals in healthcare often proclaim they are reluctant to be early adopters of new technologies due to privacy and security concerns. But the fact is many healthcare providers and payers are among the more mature adopters of business processes that leverage cloud, mobility and big data. In the U.S. alone, healthcare organizations are increasingly under pressure to do more with less while meeting new healthcare-reform legislation designed to improve information sharing, security and patient care. Similar scenarios are playing themselves out in other regions of the world in their own unique fashion. So let’s map the major technology trends to the healthcare sector’s new objectives: • Mobility, consumerization and healthcare providers. The introduction of tablet computing has been enthusiastically embraced by new physicians and veteran doctors alike. These physicians immediately grasped the advantages of using mobile computers to improve the way they track and share information with patients to optimize their bedside manner and also provide better patient care. The initial IT response was to push back because of concerns about governance, risk and compliance (GRC). But in the final analysis, the bring-your-own-device (BYOD) trend was too overwhelming. With some smart GRC adjustments from the IT organization, it is now recognized that healthcare provider productivity has improved, along with patient experience. Do risks remain? Yes. But it’s now taken as a given that the risks need to be understood and constantly managed. • Cloud and the extension of healthcare services. In an effort to get the most out of their systems, executives in the healthcare sector are investing in private cloud solutions to get the benefits of virtualization (which optimizes resource utilization) while streamlining operations, by creating service-delivery systems that can be self-provisioned. But cloud will do much more for healthcare than just improve infrastructure efficiency. Our friends at Cisco this year conducted a global survey of 1,547 consumers and healthcare decision makers across 10 countries. According to the study, 74% of consumers are open to virtual doctor visits. New technological capabilities, combined with new attitudes about how personal and medical information is managed by trusted parties are taking telemedicine to an entirely new level. • Big data and predictive analytics enhance quality of care. The proliferation of electronic patient records, and the increasing adoption of mobile and cloud-enabled remote healthcare delivery are just a few of the factors now contributing to the explosion of data (structured and unstructured) that can be mined to gain insight into the diagnostic, prognostic and prescriptive process. Many studies are available now that explore the opportunities associated with bringing massive amounts of data from a multitude of sources to buttress the decision- support systems in healthcare so that outcomes can be improved. We dive into these topics in this issue’s healthcare section. We also get real-world perspectives from Marc Probst, CIO of Intermountain Healthcare, Phil Fasano, CIO of Kaiser Permanente and David Guzmán, CIO of H. D. Smith on how their organizations are thriving in today’s connected world. Speaking of healthcare, big congrats to CSC, which was ranked #11 in Healthcare Informatics’ annual list of the top 100 healthcare IT vendors in the U.S. Don’t miss some of the other insightful perspectives and research in this issue on cloud computing, cybersecurity and big data. Enjoy your summer! Patricia Brown Editorial Director, CSC World Inside CSC WorldWORLD 1
  4. 4. 2 CSC WORLD | SPRING/SUMMER 2013 CSC WORLD | spring/summer 2013 | VOLUME 12 | NUMBER 2 4 NEWS CSC partners with SAP to offer next-gen banking solutions; Maruf Majed is named vice president and general manager for Asia, Middle East and Africa; and CSC agrees to sell its Applied Technology Division. 6 heard on Experts are coming to to make their voices heard, in CSC Town Halls, online communities and Ingenious Minds blogs. Executive Perspectives 8 Catering to a Connected World Mary Jo Morris, vice president and general manager of Diversified Industries at CSC, shares thoughts on the importance and prevalence of connectedness. 9 Exploring the Nordic and Baltic Regions John Walsh, vice president and general manager of the Baltic and Nordic regions at CSC, discusses the opportunities and challenges facing business leaders. cover story Intermountain Healthcare’s Cybersecurity Challenge The healthcare industry is entering a world of great opportunity and tremendous risk. Intermountain, a 22-hospital health system, is using innovative technology to improve care and secure systems. Healthcare 14 Kaiser Permanente CIO: ‘The Consumer Is in Charge’ There’s a revolution brewing in healthcare, and one of its chief insurrectionists is Phil Fasano. The executive VP and CIO of Kaiser Permanente discusses his new book. 17 A New Model for Medicine The practice of medicine is changing. Lisa Pettigrew, industry general manager for Global Healthcare at CSC, unveils three new models for care. 18 Medical Device Firm Grows Better Data With Salesforce Application Biomet Microfixation, an innovator in the medical industry, chooses enterprise cloud applications by to improve its ability to generate real-time, accurate data. 10 14 28 30 40 10
  5. 5. 3SPRING/SUMMER 2013 | CSC WORLD MANUFACTURING 36 Automotive Industry Goes Driving in the Cloud While flying cars may still be out of reach, cloud computing, mobile broadband, location-awareness and big data technologies are bringing the car of the future to market today. 40 How 3D Printing Will Turn Manufacturing on Its Head 3D printing sounds like something straight out of science fiction, but the idea that you can use a computer to quickly create complex objects seemingly out of thin air is a reality. PUBLIC SECTOR 42 Your Driver’s License Is Obsolete The Internet and mobile devices have brought us wonderful conveniences but also significant challenges. Paper-based IDs are no longer suited for this world. 43 Could a Smartphone Solve Immigration Reform? Many people dream of visiting the U.S. But new rules have made the travel visa process too difficult for some. Smartphone biometrics could help. Last Word 44 Four Waves to the Cloud At H. D. Smith, a pharmaceutical distributor, the cloud is not a choice, but an imperative. CIO David Guzman, discusses why cloud computing offers compelling economics and capabilities. financial services 20 Financial Regulations Sweep the Globe The U.S. government continues to look for ways to prevent anyone from not paying their fair share of taxes. A new law designed to improve reporting will affect everyone. 21 How Cloud Is Disrupting Financial Services Cloud-driven change is affecting how processes are managed, how IT investment is handled, and how costs are allocated. But the biggest changes are not related to IT. BIG DATA 22 5 ‘Must Haves’ for Every BI Dashboard The effective use of business intelligence gives companies a competitive advantage. Delivering timely information to decision makers can be accomplished with a well-designed BI dashboard. 24 Putting the ‘I’ Back in IT The growth of the IT industry has been driven by the “T” in IT. New technologies have captured most of the public’s imagination. That dynamic is changing. CYBERSECURITY 26 The Case for Managed Security Services Organizations face a dilemma: the number of cyberattacks continues to grow, while budgets continue to remain flat. Managed security services are often the best option. 28 Decoding the President’s Cybersecurity Mandate The growing frequency of cybercrime is top-of-mind for U.S. officials. Samuel Visner, executive vice president and general manager of cybersecurity at CSC, explains why. cloud computing 30 3 Reasons to Believe in Hybrid Clouds Cloud services come in different shapes and sizes. Lately, many organizations are turning to hybrid solutions and infrastructure models that can be tailored to specific needs. 32 Why Enterprise Clouds Rule Cloud computing has become a key part of an IT leader’s toolkit. Many organizations use cloud for various reasons. It’s critical to select the appropriate cloud model. 34 5 Steps to Enterprise Cloud Will the consumer cloud — the popular, low-cost service offered by Amazon and others — be to cloud what the iPhone was to mobile? Siki Giunta, vice president and general manager of cloud services at CSC, says no. New ON CSC.COM Infographics Central: Explore key trends and data in visual and interactive ways with a collection of CSC infographics on emerging technologies such as cloud computing, big data and mobile banking. CSC Town Halls: Join a continuing series of online conferences on IT topics that matter to you, featuring CSC experts and special guest speakers ready to answer your questions. Success Story Briefing Center: View video success stories featuring CSC subject matter experts, clients and global partners or search hundreds of stories that cover a wide range of solution areas.
  6. 6. 4 CSC WORLD | SPRING/SUMMER 2013 news CSC has reached a definitive agreement with PAE for the sale of its base operations, aviation and range services business unit, Applied Technology Division (ATD), for $175 million in cash. CSC acquired ATD with the 2003 purchase of DynCorp. Announced on May 29, this agreement is CSC’s sixth divestiture in seven months, furthering CSC’s transformation strategy to rebalance its portfolio of services by focusing on its core strength in next-generation technology solutions and services. CSC will sell the aviation maintenance, base operations and maintenance, test and training range, and space range businesses of ATD, while retaining the division’s training and simulation business. ATD currently performs work at more than 20 client locations in the continental United States. “The sale of ATD supports our realignment of company assets with our strategy of leading in the next generation of technology solutions and services, including cybersecurity, big data and cloud computing,” said CSC President and CEO Mike Lawrie. PAE’s dedicated focus providing mission-critical services to the U.S. government and its allied partners will ease the transition for clients and employees. ATD’s senior management team and its approximately 5,400 employees will transfer to PAE as part of the agreement. In fiscal year 2013, ATD revenue was approximately $760 million with low-to-mid single-digit operating margins. ATD revenue has been reported within CSC’s North American Public Sector (NPS) and will be recast as discontinued operations. The transaction is subject to customary closing conditions, including the receipt of various consents and an anti-trust clearance under the Hart-Scott-Rodino Act. CSC expects to close the transaction in the summer of 2013. Get the latest CSC news at CSC Agrees to Sell Its Applied Technology Division
  7. 7. 5SPRING/SUMMER 2013 | CSC WORLD In May, CSC announced an expanded partnership with SAP designed to accelerate the banking industry’s move to next-generation technology platforms. CSC and SAP have cooperated to define a new global go-to-market strategy for their banking software and services offerings to help reduce the risk, implementation time, and cost of modernizing business processes and IT environments. Under the expanded alliance, CSC will be an SAP global services partner for the banking industry and is expected to provide systems integration services for banks using SAP solutions. CSC is also now a global value-added reseller of SAP, authorized to resell SAP products, services and support. In addition, SAP and CSC will co-sell their banking software and solutions. The companies’ software and services address a wide spectrum of enterprise technology and business needs to help banks keep pace with evolving customer, market and regulatory demands. Banks that have delayed upgrading their infrastructure and applications can modernize them incrementally, which can help lead to both lower costs and risk. The companies can unify for customers a set of next-generation consulting, software, enterprise services and testing technology platforms that are designed to leverage both companies’ banking industry expertise and extensive offerings. “Modernization is both a costly and complex undertaking for banks around the globe,” said Robert Hunt, senior research director, CEB TowerGroup. “Because of this, many banks continue to operate on legacy systems developed decades ago. Choosing services and software from CSC and SAP makes perfect sense and offers a compelling proposition to banks that have pushed out or barely started their modernization projects to help meet customer demands or improve operating efficiency.” “Our vision for this software partnership is to help enable large global and mid-sized regional banks to drive profitable growth through cost savings, greater agility, more innovation and a superior customer experience,” added Thomas E. Hogan, executive vice president and general manager, CSC Global Business Services. “Banks will now have more choice when modernizing their technology systems.” “CSC and SAP have been partnering for 30 years, helping to bring value to customers around the world,” said Robert Enslin, president of Global Customer Operations and a member of Global Managing Board, SAP. “With this expanded relationship, we look forward to further accelerating our efforts in the banking industry.” As a long-time SAP global services partner, CSC implements and delivers SAP solutions to customers across many industries and is an SAP-certified provider of cloud services, hosting services and application management services. In addition, CSC has a successful practice in Central Europe focused on SAP solutions used in the banking industry and has collaborated with SAP on many complex implementation projects. Learn more at In April, CSC named Maruf Majed, vice president and general manager for Asia, Middle East and Africa. As the regional managing director, Majed will drive and coordinate all CSC operations across the region. “Asia, the Middle East and Africa represent an enormous opportunity for growth,” said Thomas E. Hogan, executive vice president and general manager for CSC’s Global Business Services & Regions. “CSC is committed to establishing a leadership position in these important regions, and we are delighted to add an executive with Maruf’s credentials to our team.” “I am thrilled to join CSC and look forward to leveraging CSC’s strengths in next-generation solutions, such as cloud computing, cybersecurity and big data, to enable improved business outcomes for our clients,” said Majed. Majed has a rich background in technology leadership roles, including senior assignments at IBM, Gulf Business Machines, Siebel Systems, webMethods, and, most recently, Misys. He holds a Bachelor of Science from the University of North Dakota and a Master of Business Administration from the University of Texas. Learn more about CSC at Maruf Majed Named Head of Asia, Middle East and Africa Changing the Way Banks Do Business CSC and SAP Align Banking Portfolios to Deliver Advanced Solutions
  8. 8. 6 CSC WORLD | SPRING/SUMMER 2013 Telecommuting: No going back Some will argue that telecommuting hurts productivity, but studies have shown that the opposite is true. With modest investments in technology, you can have the best of both worlds. Employees can see each other’s faces in meetings, and they can collaborate in ways that are both productive and creative. Telecommuting doesn’t have to be sacrificed, and we couldn’t go back if we wanted to. Dean Fernandes One of CSC’s Ingenious Minds Heard on CSC.comExperts inside and outside of CSC are coming to to make their voices heard, in CSC Town Hall webcasts, our online communities and our Ingenious Minds blogs. Here are some highlights. The promise of 3D Printing 3D printing can make objects with a complex internal structure that would be almost impossible using traditional methods. There’s no large factory and no retooling of an entire assembly line. The same printer that creates a piece of art can be used next to print a bike part. And that printer can be kept close to the point of consumption, which has implications for logistics. Vivek Srinivasan Regional Manager, Executive Programme, Leading Edge Forum Town Hall, “How 3D Printing Will Turn Manufacturing on Its Head” 6 CSC WORLD | SPRING/SUMMER 2013
  9. 9. 7SPRING/SUMMER 2013 | CSC WORLD The desktop’s meteor Sure, you still see them around the office, but make no mistake: Desktop computers are the equivalent of dinosaurs in the days after Earth was struck by a large meteor. They were still there, but they were the walking dead, doomed to eventually vanish. The desktop’s meteor is mobile computing. Chris Nerney Technology writer CIO Engage blog post, “The desktop is (pretty much) dead” the-desktop-is-pretty-much-dead Accountability in security Is the typical CIO’s performance rated on the effectiveness of the IT security and risk management pro- gram? Not really. They’re focused on keeping new IT running on time, keeping IT costs low, and getting new IT initiatives out quickly. In an effective security orga- nization, everyone is responsible for IT security, and they’re held to it. Whoever is reporting directly to corporate leadership, such as the chief executive or operating officer, needs be held accountable. George Hulme Technology writer CIO Engage blog post, “The 5 Keys of Effective Security Management” 04/08/the-five-keys-of-effective-security-management Taking stock of climate Not only is the National Climate Assessment a huge undertaking, the subject is a dynamic system that is changing while we study it. It’s like trying to give someone an exam while they’re running a marathon. We discover new variables, inputs, influencers and rhythms to our climate on a regular basis. But are those observations — say, for example, the recent spate of extreme weather events in the U.S. — an isolated incident? Part of a long cycle repeating pattern? Or representative of a genuinely new trend? Accurately characterizing such an intricate system takes a lot of thought and discussion. Sharon Hays One of CSC’s Ingenious Minds Avis Budget leverages big data There were a lot of automobile renters who were never engaged in any kind of campaign, communication, survey — anything except the rental. The name of the game these days is ‘engagement.’ You hear that over and over with mobile and social and everything out there now. It led to some thinking about the best way to engage with those customers. Alex Black Senior partner in CSC’s Big Data & Analytics group. Town Hall, “How Avis Budget Uses Big Data in Marketing” 7SPRING/SUMMER 2013 | CSC WORLD
  10. 10. 8 CSC WORLD | SPRING/SUMMER 2013 Getting connected has never been more important, or more valuable. That’s true whether you work in private industry or the public sector. It’s also true whether you’re connecting with co-workers, customers, partners or suppliers. The need to connect is the new requirement. Fortunately, today’s technologies can connect us as never before. Social media changes communications between suppliers and customers from monologues to conversations. Smart grids connect utilities with consumers by adding intelligence, smart metering and more. Cloud computing connects technology providers with users to enable new forms of IT as a service. CSC’s Diversified Industries group is making connections in three main sectors: Energy and Natural Resources; Communications and High-Tech; and Consumer and Transportation. While there is great diversity among these sectors, they are bound together by common market drivers, including aging infrastructure in need of modernization, increased security and intelligence, real-time information demands, and a growing velocity and volume of data. Three connections In Energy and Natural Resources, there’s a new focus on smart energy. These industries have, over time, built large infrastructures composed of heavy plant and equipment. Now they want to get more intelligence out of that infrastructure. They want to operate more efficiently from remote locations, with more safety, better security, fewer people and greater precision. Their goal is to build so-called smart grids: networks that connect providers with consumers and suppliers in an intelligent and automated way and provide access to the growing volumes of by Mary Jo Morris industry perspective data at the point of production. These smart grids empower energy providers to gather and act on information in new ways. In the Consumer and Transportation sector, we’ve seen entire companies transformed by the rise of the Constantly Connected Consumer and passenger. This new level of connectivity has inspired many consumer companies to rethink the very nature of how they go to market, and with whom. What’s considered “good service” has been transformed, too; by harvesting data from social media and customer databases, manufacturers and retailers can offer customized products based on predictive analytics. Similarly, in Transportation, we have solutions that extend the Connected Consumer to another client base — the Smart Traveler. By using data and analytics to detect traveler preferences, we can “automate the journey” for transportation companies that serve the traveler. We also enable those companies, through automation and modernization, to provide a more secure, reliable, efficient, and pleasant experience for their customers. Finally, in Communications and High-Tech, it’s these companies that provide the enabling infrastructures and products that connect us all. Mobility, cloud, social media, dynamic storage, virtual networks — are all technologies that underpin our solutions. Going east In addition to wanting greater connectivity, most of our clients share another desire, namely, to expand into Asia. Here especially, getting connected is vital. Social media, mobile technology, cloud and other IT innovations will be key enablers for these companies to do business globally. Application modernization is also important, as many expand geographically by offering cloud-based applications as a service. Agility is increasingly important, too. In today’s business environment, innovations appear at an ever-faster rate, and they are increasingly disruptive. Consider, for example, how the rise of mobility has transformed the entire telecom industry. Again, the cloud is helping, this time by allowing companies to dynamically allocate infrastructure resources. Security and privacy are important elements of these new ways of connecting. One unfortunate side effect of offering greater connectivity is that organizations also connect hackers, criminals and other “bad guys” with their systems. So as they extend their connections, they must also strengthen their protections. The ability to connect with suppliers, partners and customers — and to do so with high levels of privacy and security — will define the leaders of tomorrow. But the time to build the IT infrastructures that enable greater connectivity is today. Mary Jo Morris is VP and general manager of Diversified Industries at CSC. Catering to a Connected World
  11. 11. 9SPRING/SUMMER 2013 | CSC WORLD As an American working in the Nordic region, I’ve been impressed by the happiness. If you look at the latest worldwide indices, Norway ranks first, making it the happiest country on Earth. Right behind is Denmark at number two, Sweden at number three, and Finland, a close number seven. Perhaps they’re so happy about their countries’ strong social-welfare states. For example, Norway distributes all the profits from its oil business into a national pension plan, now worth more than $710 billion, that benefits every citizen in the country. I’m happy to be here, too, but for a different reason: for the opportunity to help local businesses and public sector agencies dramatically improve their competitiveness. That’s a top goal right now for many of the region’s enterprises, which — despite the region’s small population — include such large, well-known brands as Ikea, Lego, Maersk, Nokia and Saab. While their region’s citizens may be protected by the state, these Nordic businesses must compete in tough, fast-moving international markets, where it’s every company for itself. Fortunately, CSC has been able to help with a range of IT-powered business solutions. When Nordic businesses and government agencies need help with cybersecurity, cloud computing, data analytics, or utility-based computing and storage models, they know they can turn to CSC for solutions. Attacking hackers Take cybersecurity, a major concern in the Nordic region. When one of our clients was recently attacked by hackers affiliated with Russian organized crime, we helped the client identify the details of the attack, eliminate it, repair the damage, and bolster protections for future prevention. Other local enterprises face serious threats from rogue nations, organized criminals, spies and others, and we’re helping them detect attempted attacks and deter them. Another important tool for the region is cloud computing, and the related ability to offer IT capabilities as a service. The cloud helps enterprises gain agility, increase cycle times, improve service quality, mitigate risk, innovate, reduce waste and lower their costs. We recently implemented BizCloudTM , our private- cloud solution, for Telenor Group, a Norway-based mobile operator. Telenor, with 148 million subscribers in 11 national markets, is one of the largest telcos in the world, and it’s using Northern ExposureCSC sees big opportunities in the Nordic and Baltic regions. our service to gain high levels of both scalability and flexibility. Similarly, the cloud lets us offer Storage as a Service, a utility- model solution that lets our clients pay for only the storage capacity they actually need. Data analytics is another huge and growing opportunity. Companies with large amounts of data, such as insurers, are looking to transform those files into actionable information. To do this, they will need new tools and techniques that not only solve business problems, but also improve the customer experience and boost profitability. They will also need new data tools that can handle new forms of information — much of it unstructured — now being collected from social media, online videos and industry researchers. Public projects With Nordic governments playing such a large role in their economies, you may not be surprised to hear that we also work extensively with the local public sector organizations. For example, we’re helping the Danish government undertake an innovative e-business transformation. The project involves registering property, vehicles and other assets; operating major tax systems; and running significant components of the government’s IT infrastructure. The countries of the Nordic region, while sharing many cultural commonalities, also differ from one another in important ways. They speak different languages, take different approaches to decision making, and specialize in different industries. Yet they all share a large and growing business environment, a willingness to invest in IT and automation, and an intense desire to work faster, cheaper and simpler. John Walsh is VP and general manager of the Baltic and Nordic Regions at CSC. regional perspective Exploring the Nordic and Baltic Regions Hear more from John in the video: Applying Next-Gen Technology in the Nordic and Baltic Regions at by John Walsh
  12. 12. 10 CSC WORLD | SPRING/SUMMER 2013 While attacks on the healthcare industry aren’t as high-profile as those experienced by the financial services and energy sectors, security experts say cybercriminals have increased their assaults on critical medical systems to steal valuable patient data. Surveys show that most health organizations have suffered some kind of data breach or security incident. For example, Ponemon Institute’s Third Annual Study on Patient Privacy reveals 94% of the healthcare organizations it interviewed reported at least one data breach in the past two years, and 45% said they had more than five breaches during that time. With risks continuing to escalate, some organizations are taking a proactive approach, working to better protect patients’ data and fortify their systems before an attack or theft occurs. One organization keen on building greater resiliency and security is Intermountain Healthcare, a health system repeatedly honored for excellence and innovation both in healthcare and its use of technology. Last year, CSC began working with Intermountain to help strengthen its security. Along the way, the team has applied innovative approaches to better secure Intermountain’s network of systems and data. Managing risk with innovation Intermountain Healthcare is a nonprofit health system based in Salt Lake City, Utah, consisting of 22 hospitals, 185 physician clinics, an affiliated health insurance company and 33,000 employees that serve the state of Utah and southeastern Idaho. “Intermountain Healthcare has a long legacy of very high quality in healthcare and, from a cost perspective, we are one of the lowest-cost providers of healthcare in the country,” says Marc Probst, chief information officer and vice president of Information Systems at Intermountain Healthcare. “That comes from a focus on using systems and really smart people taking the data from these systems and making good decisions. In areas like privacy and security, though, we are looking to other industries.” Intermountain Healthcare’s Cybersecurity Challenge New Healthcare. New Risks. by Jenny Mangelsdorf The healthcare industry is venturing into a world of tremendous opportunity — and tremendous risk. By linking systems and medical devices to the Internet, adopting electronic health records and implementing regulatory reforms, the industry is drastically improving healthcare for all of us. But the changes are also creating a health IT landscape fraught with security challenges. Cover story 10 CSC WORLD | SPRING/SUMMER 2013
  13. 13. 11SPRING/SUMMER 2013 | CSC WORLD Client: Intermountain Healthcare Challenge • Growing use of vulnerable, complex medical technologies, mobile devices and medical diagnostic devices with IP addresses • Escalating healthcare focus by cybercriminals, partially due to increased black-market value of patient medical records • Evolving regulations carrying both legal and financial penalties Solution • Data classification, identification, encryption and enclaving • Audit preparedness • Revised security policies, procedures, guidelines and training Results • An innovative scalable, self-healing, controlled and managed network infrastructure design that protects data, applications and systems • Greater resiliency and security to protect patients and thwart current and emerging cyberthreats • Creative information security awareness, training content and delivery Read more CSC client success stories at Information systems security and privacy ranks a close second in the top challenges facing healthcare CIOs after attaining effective meaningful use of electronic medical records, adds Probst. “Regulation changes and the complex nature of medical services create a huge security and privacy challenge.” Cybercriminals’ increased focus on healthcare data compounds that challenge. Intermountain wanted to ensure that it was reducing the risk to its organization and that it stays current with the latest security controls. “The dynamic has changed substantially,” says Ashif Jiwani, CSC Global Cybersecurity partner, Healthcare. “A year ago, the financial services industry was attacked from everywhere in the world; now the healthcare industry has become the easiest target for commercial hackers.” For cybercriminals, stealing identities from sick people is fairly easy since they’re focused on getting well and many times let other responsibilities slip, such as ensuring that their identities haven’t been stolen. Healthcare records, which contain megabytes of valuable personal data ranging from Social Security numbers to blood types, have also become more valuable than simple credit card numbers, which financial industries have worked hard to protect with antifraud capabilities. “Through CSC’s global threat intelligence, we are constantly watching the black-market exchange boards to see what’s happening on behalf of our clients,” says Tom Patterson, CSC Global Cybersecurity Consulting general manager. “Currently, criminals are getting an average of $2 for a credit card record, whereas a medical record brings about $20.” An issue of reputation and regulation At $20 a record, criminals can quickly make a lot of money and simultaneously damage an organization’s reputation and budget. Take last year’s attack on the state of Utah’s Department of Technology Services computer server, which stores Medicaid and Children’s Health Insurance Program claims data. Cybercriminals stole 280,000 Social Security numbers and “less sensitive” personal information of another 500,000 people. The Utah department is still dealing with the fallout. 11SPRING/SUMMER 2013 | CSC WORLD
  14. 14. 12 CSC WORLD | SPRING/SUMMER 2013 “Until a breach occurs, security usually tends to be an afterthought,” says Jiwani. “Intermountain has decided that’s not where it wants to be. The system has made security a priority because it feels that the protection of its patients’ information and privacy as well as its reputation is as important as any of its other prime strategies.” State and federal regulators also have strong feelings about securing patient data and have set penalties, both penal and financial, for noncompliance and breaches. For example, under the U.S. Health Information Technology for Economic and Clinical Health Act, hospitals and other organizations can be fined up to $1.5 million per year for serious security incidents. Corporate officers can also go to jail for negligence. Intermountain, because of its scope, must follow health- related, banking and insurance regulations, all of which continue to evolve as cybersecurity gains importance. Evidence of this evolution can be seen in last year’s audits by the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR). The OCR, which audits and enforces regulations from HIPAA and the HITECH Act, randomly audited 20 healthcare organizations; 19 failed, says Jiwani. “We’re finding the OCR has interpreted the regulations differently [from] industry,” says Karl West, Intermountain Healthcare chief information security officer. “Because of this, we decided to innovate and partner with someone who could help us move into a new paradigm and a new interpretation of the regulations, and help us create a leadership position in the protection of patient information. That’s how we came to work with CSC.” Segmenting networks and data encryption A key area where CSC and Intermountain have teamed to set new benchmarks in the healthcare industry is a network approach that classifies data, encrypts data at rest and in transit, and then segments, or enclaves, data and systems — an approach that simultaneously protects data if stolen and protects data from being stolen. This approach, which CSC mainly uses in its public sector work, is a first for the healthcare industry, says Jiwani. “Few organizations have looked at developing a strategy where they can encrypt and enclave their enterprise storage networks,” he says. “We essentially took defense-level security and applied it to healthcare.” Under CSC’s security work with Intermountain, CSC is helping the healthcare organization apply cutting-edge technologies and equipment from leading vendors that is mapped and embedded into these network design solutions. Addressing BYOD, mobility and telemedicine The network design principles encompass separation of duties and separation of data access. The design allows for managed and controlled access to containerized data based on need-to-know and access rights. They also include the use of approaches that support the confidentiality, integrity and availability of data through controls, and management around data access, data at rest and data transport across the network. The end result provides Intermountain with a sound, scalable, self-healing, controlled and managed network infrastructure design that protects data, applications and systems containing electronic health information. “This innovative approach, which balances a ‘security everywhere’ focus with one of ‘security only where it’s required,’ allows us to be very agile and focus on those priorities that have the highest risk,” says Jiwani. “We can dynamically change the areas where we want the most impact and resources, and use tools in a much more efficient way. It also allows us to determine the right level of risk versus cost.” Karl West, CISO, Intermountain Marc Probst, CIO and VP of Information Systems, Intermountain
  15. 15. 13SPRING/SUMMER 2013 | CSC WORLD New Data Breach Rules Have Big Impact by Richard Staynings This January, the Department of Health and Human Services’ Office of Civil Rights published the Omnibus Final Rule on amendments to the Health Insurance Portability and Accountability Act’s Security Rule and the Health Information Technology for Economic and Clinical Health Act. The rule makes significant changes to requirements involving security incident response and the notification of data breaches for HIPAA “covered entities,” “business associates” and their subcontractors. Essentially it reverses the existing process, removes the “no harm, no foul” rule and requires CEs and BAs to conduct a comprehensive risk assessment to prove that no personal health information is compromised when a possible incident occurs. CEs and BAs are thus assumed guilty until they can prove themselves innocent — a fairly significant change in the fundamentals of U.S. law. What’s more notable is that the rule presumes that any unreasonable access, impermissible use or disclosure of PHI is a breach, irrespective of whether this caused, or was even likely to have caused, harm or damage to anyone. Thus if a nurse inadvertently sees the record of a patient not in her care, under the new rule, that action would constitute a breach and, at the very least, would require that a risk assessment be conducted. These changes place a heavy burden on CEs and BAs’ risk assessment resources and incident response teams, which need to rapidly investigate, document and report incidents as possible breaches to meet the new rule’s requirements. Other changes involve encryption, notices of privacy practices and breaches — even by organizations that do not have direct relationships with patients. The presumption is that organizations “know” collectively what their agents know and are liable for that knowledge as well as liable for acts or omissions of its business associates. Jenny Mangelsdorf is a writer for CSC’s digital marketing team. Richard Staynings is a global cybersecurity and privacy officer, Healthcare, CSC. Learn more at While increasing security was already in Intermountain’s five-year plan, because of rapidly escalating cyberthreats and evolving regulations, Intermountain decided to accelerate its security work. CSC helped the company leverage its discovery and monitoring tools to quickly and efficiently discover sensitive information without buying new technology. This effort, in turn, enabled the team to more quickly begin securing Intermountain’s data. “We normally see a program like this take three to four years to fully complete,” says Jiwani. “Through some innovative approaches to programs, and using a new and differentiating approach to setting up this program, we have accelerated our timetable by 50 percent with less than half the budget we’d normally [devote] to this kind of project.” This kind of speed and network approach becomes increasingly critical, especially as physicians, patients, staff and visitors want to use their own devices to access Intermountain’s systems. “Every physician, every clinician has a favorite device, a favorite phone, a favorite mobile technology, and for us to keep ahead of those devices is challenging,” says West. “We are working to develop strategies and technologies that enable them to safely and securely use these devices in their workflow and environment.” CSC is also helping the healthcare organization strengthen its administrative security controls, including updating existing policies, procedures and guidelines. With its extensive security training expertise, CSC is helping Intermountain develop a long-term training strategy and educational content that can be delivered through different forms of media to help its workforce better understand their security responsibilities. “Our ability to help Intermountain Healthcare spans three key areas: people, processes and technology,” says Jiwani. “We are bringing Intermountain an understanding of an industry-wide paradigm for security relevant to healthcare, while helping them understand the technology landscape and develop processes that are innovative and unique.” “I believe CSC is going to help us become a model healthcare system in the area of IS security,” adds Probst. “We’re not there today, but we have ground to move forward on. I’m very bullish on what we’re creating together.” Intermountain Healthcare’s Cybersecurity Challenge Watch our Intermountain Healthcare Success Story Videos at Ashif Jiwani, Partner, Healthcare Group, CSC
  16. 16. 14 CSC WORLD | SPRING/SUMMER 2013 In an interview, Phil Fasano, executive VP and CIO of Kaiser Permanente and the author of a new book, explains how technology- enabled care can make patients — and the industry — healthier. HEALTHCARE Kaiser Permanente CIO: “The Consumer Is in Charge” There’s a revolution brewing in healthcare, and one of its chief insurrectionists is Phil Fasano. In his role as executive VP and CIO of CSC client Kaiser Permanente, an integrated healthcare provider and not-for-profit health plan that serves more than 9 million patients, he oversees IT for one of the largest healthcare organizations in the United States. Fasano is also the author of a recent book, Transforming Health Care: The Financial Impact of Technology, Electronic Tools and Data Mining (Wiley, 2013). To learn more, I spoke recently with Fasano. The following is an edited version of our conversation. by Patricia Brown
  17. 17. 15SPRING/SUMMER 2013 | CSC WORLD Your job as a CIO must keep you extremely busy. So why also take the time to write a book? Because it seemed to me that the healthcare and information technology industries were coming together. And although the ability to leverage information technology in healthcare and transform the industry was beginning to happen, the pace wasn’t — and still isn’t — sufficiently fast. One reason I wrote the book was to instigate a conversation between the healthcare and IT industries. I also wanted to bring some of the venture community along. I wanted to present venture firms with new opportunities for investing in both health IT and other technologies that support the healthcare industry. I saw an opportunity to show them that they could truly make a difference in people’s lives. And to persuade them that transforming healthcare was where they should be spending their time and energy, and investing their money. Finally, it became clear to me that IT holds enormous promise for the future of healthcare in the United States. When you look at healthcare around the world, you realize that the United States is not first in quality. We do not have the best healthcare system in the world. In fact, we are No. 1 only in terms of having the highest cost. So, there is no greater opportunity in the world right now than being an American focused on improving healthcare with IT. In the foreword to your book, Dr. Jack Cochran writes that “the power has moved to the patient.” What does that mean for IT? And how has it affected your work at Kaiser Permanente? As health IT begins to alter the healthcare landscape, the consumer is increasingly in charge. Consumers have the ability to do everything — from deciding which health plans and systems they want to be part of, to making it clear to the health system and their physicians and other clinicians how they want to be interacted with. We already see this in other industries. For example, your bank lets you set your personal preferences for online banking. Elsewhere, you can indicate whether you’d like people to reach you by phone or by email. But in healthcare, if you want your physician to email you, that’s still seen as innovative. At Kaiser Permanente, that’s become a foundational part of how we operate. The power is tremendous, mainly because so many of our members are taking advantage of it. I also see this on the more individual level. Just the other night, I met a doctor who is a user of Fitbit [an app that tracks the user’s steps and calories burned], and he proudly told me that he had recently walked more than 20,000 steps in a single day. He was really proud of himself. So technology can also be a motivating factor, enhancing people’s ability to stay healthy. Before coming to healthcare, you worked in financial services. What are some of the key differences between these two industries? In healthcare, the stakes are so much higher. We’re talking about people’s lives, whether it’s a life-critical event or simply improving people’s lives. When I worked in financial services, everything was focused on improving the bottom line and increasing our profit. Whether it was making a process more efficient or enhancing a service, that’s what it all came down to. But in healthcare, we’re here to make people’s lives better. Kaiser Permanente is a not-for-profit organization. So while we do make money, we reinvest it, largely in capabilities that better serve our members. It gives us the freedom to invest for the long term, and to do the right thing for our patients and members. It’s a wonderful thing, and I say that proudly. The U.S. government is mandating compliance with electronic health records (EHRs) by next year. But in your book, you point out that many healthcare organizations are also moving toward electronic medical records (EMRs). What’s the difference, and why does it matter? EMR is a record of a patient’s basic medical reports. It’s essentially a foundational tool that will help us to reach the next level of healthcare. EHR, by contrast, is a more comprehensive record of your health; it includes EMR, but also more. If you had a lab test this afternoon, that’s in your EHR. If you ever visited a hospital emergency room, that’s in your EHR, too. Through several initiatives, the U.S. government is supporting the implementation of EMRs across the country. The next step will be expanding them into fully functional EHRs. But in my opinion, even that will not go far enough. To produce the outcomes our country can be proud of, we in the United States should have the best health system in the world. To achieve that, we will need to connect the EMR and the EHR systems across the country, much as the banking system was connected years ago. Today, you can use your bank card to withdraw cash from nearly any bank. Similarly, if I’m with my physician, having my EMR should be my right, not just a privilege. To get there, we’re going to have to implement EMRs, expand their use until they are EHRs, and then connect them nationally so that all EHRs in the country are seamlessly connected for the benefit of our citizens.
  18. 18. 16 CSC WORLD | SPRING/SUMMER 2013 HEALTHCARE But what about industry resistance? Some physicians, healthcare providers, insurers and others are opposed to these and other IT enhancements. Well, if it were easy, everybody would have done it already! Seriously, about half the physicians in the country already have EMRs, and a smaller share of hospitals do, too. So everyone is moving in this direction; most of the industry is now implementing these systems. That said, no matter the industry, any disruption involves a change, and any change is challenging. Change requires people to relearn how they do things. Some physicians view change as lost productivity, so it becomes a barrier to progress. To these doctors I would say, the payoff will greatly outweigh the loss in productivity. As for that productivity loss, it is only temporary. At Kaiser Permanente, we’ve had to go through this, too. For example, we had to help some of our physicians with additional training. But now, some 17,000 of our physicians have made the transition to electronic records. I’m sure that if you got any of them on the phone, they’d tell you that they’re never going back. The benefits are that remarkable. Now they have a full view of their patients’ histories, they are completely informed, and they can practice medicine to the best of their abilities. How about security? What’s being done to protect our healthcare information from thieves and other bad guys? Healthcare systems are life-critical, so that means two things. One, they have to be always on, always available. And two, there’s an embedded promise to our patients that we’re going to protect their personal information. If someone steals your credit card information, you just get a new card with a new number. But if someone steals your healthcare information, that’s forever. Of course, there are legal reasons for protecting security, such as HIPAA and other state and national laws. But there are ethical reasons, too. You want to do the right thing. So to fulfill both needs, the industry needs to invest in a security infrastructure that will make sure our data at rest is protected, and our data in motion is encrypted. How about healthcare and social media? How can Facebook, Twitter and other related services help? The healthcare industry is only beginning its adventure into social media. People are starting to create self-selected social networks of people who have the same disease. For example, you might have a group of cancer patients, or a group of those with heart conditions. These people can form social circles that reinforce the positive things they can do to enhance their health and wellness. The industry is just starting to embrace those capabilities, but the potential is quite significant. Patricia Brown is director of digital content strategy at CSC. Learn more at 16 CSC WORLD | SPRING/SUMMER 2013
  19. 19. 17SPRING/SUMMER 2013 | CSC WORLD FOR MEDICINEANEWMODEL The practice of medicine is changing, propelled largely by new models of care. These models replace the age-old practice of “going to the doctor” by bringing the doctor — and other healthcare providers — to the patient. And they do so with IT networks and systems. Several factors are driving this transformation. For one, the nature of disease has changed in the Western world; many people now suffer from chronic diseases. Fortunately, most chronic diseases are not life-threatening, but we have to live with them every day. For another, we’re seeing profound demographic changes as life spans increase. As a result, we’re living with diseases longer, and we’re vulnerable to a new range of neurodegenerative ailments that didn’t affect our shorter-lived ancestors. Another factor is patient preference. People have grown tired of the long waits common today, and they’re ready to try new forms of interacting with medics. Yet another factor is economics. In nearly every Western country, no matter its healthcare economic model, costs are rising so fast, they’re becoming unsustainable. Taken together, these factors have created a moment that’s ripe for change. And change is upon us, in the form of three new models of care: Telemedicine connects physicians and patients with high-speed videoconferencing. This is especially helpful for patients who live in remote areas, far from major healthcare centers. It’s also useful for patients for whom public transport or driving would be difficult or dangerous. Telehealth equips patients with portable devices that monitor their vital signs, then streams that information to healthcare providers for monitoring. This service can be supplemented by telephone coaching and support, and by clinician visits to the patient’s home. Telecare uses assisted-living technologies that alert care-givers when there may be a patient issue. For example, digital sensors could alert family members whenever the patient’s house lights have been off for 24 hours. by Lisa Pettigrew Blended models These three new models of care are often blended. This lets patients receive care from not only their physicians, but also nurses, therapists and other healthcare clinicians. Using these new teleservices, patients can better understand their treatments, monitor their medication use, get answers to questions, and receive assistance in navigating the system. These new models of care deliver other benefits, too. They help people living with chronic diseases stay on the favorable end of the wellness–sickness spectrum. IT-powered healthcare means more illnesses can be managed and treated while the patient remains at home. This also can prevent patients from ending up in the hospital, where they could be exposed to infections, viruses and other ailments. The new healthcare models also improve quality of life. Those with the appropriate capabilities, interest and social conditions can be helped to take greater control of their medical conditions, save time and, in many instances, stay employed and in their communities. CSC’s solutions empower healthcare organizations to offer their services in new ways — and they do so cost-effectively through innovative commercial models that are attractive to both payers and providers. Our 8,000 healthcare executives work across 30 countries, managing solutions that support more than 100 million electronic health records. We create solutions that help healthcare organizations mature from point-to- point telemedicine to networked models; these incorporate information from all consultations into the patient’s healthcare record, making it accessible to other clinicians. Also, CSC’s cloud and enterprise architecture capabilities underpin our solutions. And our analytics capabilities enable healthcare organizations to analyze trends for individuals and populations, learning which services are needed, where and when. Lisa Pettigrew is the industry general manager for Global Healthcare at CSC. Telemedicine, Telehealth and Telecare: Delivering Healthcare Directly to the Patient Learn more at
  20. 20. 18 CSC WORLD | SPRING/SUMMER 2013 HEALTHCARE Medical Device Firm Grows Better Data With Salesforce Application Data is the lifeblood of any business. In sales, access to high-quality information is crucial to closing deals. For global enterprises, however, the challenges of providing consistent data and real-time access to it can be daunting. by Jenny Mangelsdorf In the biotech field, innovative companies that use technology to create life-saving medical implants and devices also need constant innovation for their critical back-end sales and marketing processes to stay competitive. That’s why Biomet Microfixation, an innovator in the medical industry, chose enterprise cloud applications by Since 2011, Microfixation has used the applications to power its service and marketing organization. Recently, the company wanted to improve its ability to generate real-time, accurate data and build a stronger Salesforce foundation that it can leverage in the future. Real-time data and analytics CSC provided consulting, systems integration, and data architecture and modeling services. A key goal was to give Microfixation’s sales organization and upper management real- time data and analytics, such as sales trends related to budgets, forecasts and quotas. “Our sales force was consistently requesting real-time data,” says Kirk Brennan, Biomet Microfixation controller. “That fundamental information wasn’t available in our existing reporting structure. Today, users know they can rely on the accuracy of the data being presented whenever they log in to the system.” To ensure that Microfixation would have the talent it needed for the project, the medical innovator first looked at its alternatives. “We actually interviewed several consultants for a partnership to implement Salesforce and selected CSC because of the depth of its technical talent — both the scope of team members the company has globally and its technical competency,” Brennan says. CSC has deep expertise, including with the application’s foundational aspects, overall architecture and the operation of its data model. These skills were essential when helping Microfixation improve its data integration processes. For example, in the past, making minor changes to the integration process between Salesforce and Microfixation’s back-office system took a great deal of work. Now, adding fields and migrating new data takes only a few minutes. “A lot of the integration we performed was very complex,” says Jeff Selander, CSC’s North American Practice director. “Through the integration and data model work we did, we’ve now positioned Microfixation in a place where they can begin to realize the real return on investment that’s embedded in” Before CSC began the Salesforce project, when the sales team needed data, the team members would have to scroll through page after page of numbers, with subjects such as accounts, territory and region each having more than 150 fields. CSC has created custom visual pages that collapse lengthy data into a single view that shows salespeople the financial details they need. Because of custom visualization work like this, 90% of Microfixation’s salespeople now report that the system is easy to use — compared to 30% who thought so earlier. “They really like this capability, because instead of scrolling and scrolling through numbers, they can open an account and instantly see sales numbers in a way they want to see them,” says Selander. “It also performs a lot of the calculations they want that the standard application wouldn’t let them do.” Automating data entry CSC also provided systems integration services — transforming, for example, what was previously a manual process to upload data. Now Microfixation can automatically upload data covering the complete sales cycle, from the moment contact is made to the time a product is delivered to a customer. 18 CSC WORLD | SPRING/SUMMER 2013
  21. 21. 19SPRING/SUMMER 2013 | CSC WORLD Before the process was automated, data was uploaded daily. Today incremental data loads run hourly, with full loads consisting of a million rows of data running every three hours. By automating the data-transfer processes, Microfixation has been able to reduce the opportunity for potential errors and reassign IT staff to strategic projects. The sales team’s Salesforce adoption rate has also increased from 40% to 85%. In the past, Microfixation had to wait and process its full data loads during the weekend. Now, the medical innovator can process data whenever it wants without affecting user groups; if needed, it can even speed the hourly load processing to run every 15 minutes. has also enabled Microfixation’s sales to become more mobile. Previously, the sales team, which serves clients throughout the world, had to rely on PC-based email for data. With Salesforce, Microfixation’s staff can access data on tablets and smartphones. Transferring knowledge Microfixation aims to drive innovation in the medical industry, and is committed to its customers — a trait shared by CSC. “We want to make sure our customers have a solid understanding of the systems we’ve worked on before we leave so they can continue to excel going forward,” says Selander. “When a customer wants to take on the next set of complicated, intricate issues that require multiple disciplines, CSC will be ready to assist again.” “CSC very explicitly stated when we started this project that they prided themselves on transferring that knowledge,” says Brennan. “Our IT department has shown a significant increase in its ability to support our users’ needs.” Besides transferring technical knowledge and developing a stable, custom foundation, Microfixation also looked to CSC to provide consulting services and build a roadmap that the company could follow beyond the current project. “That vision that CSC helped provide was a big reason why we partnered with the company,” says Brennan. Through laying this new foundation and building a roadmap, Microfixation can take to the next level, and gain an even greater return on its investment by leveraging capabilities embedded in the application, such as opportunity management, campaigning, marketing and inventory control. “This foundation will allow Microfixation [to accomplish] really game-changing sales and marketing innovations in the future,” says Selander. “Already they can do a whole lot more, and later they’ll be able to leverage this platform for advances they’re not even contemplating yet.” Jenny Mangelsdorf is a writer for CSC’s digital marketing team. Client: Biomet Microfixation Challenge: • Provide sales team with convenient and current data • Give upper management and key stakeholders accurate sales-related information • Offer international sales team a real-time mobile interface capability Solution: • Deep expertise • Dedicated systems integration and consulting experts • Proven data modeling and architecture services Results: • A stable foundation and roadmap for future innovation • System scalability increased from 40% to 80% • User adoption increased from 40% to 85% • Real-time accurate sales data available on PCs and mobile devices • Automated data transfer, reducing potential errors and relieving personnel for strategic activities Learn more at
  22. 22. 20 CSC WORLD | SPRING/SUMMER 2013 FINANCIAL SERVICES Financial Regulations Sweep the Globe What’s more, FATCA — the Foreign Account Tax Compliance Act — may be just the tip of the iceberg. Governments around the world recognize the opportunity to secure tax revenue, and we could see FATCA-like legislation on a global scale. Financial institutions must be ready for a wave of regulations, and that requires having the systems and processes in place to deal with them. FATCA does have a tax withholding component, but it’s all about transparency, said Rob Limerick, managing director for global information reporting at PricewaterhouseCoopers, in a recent online CSC Town Hall. “Its real goal is to generate reportable information to the IRS, so that they can track U.S. taxpayers that may have accounts overseas.” “FATCA is really setting the trend for transparency in global tax reporting,” said Claudia Haberland, global FATCA program manager for financial services governance, risk and compliance at CSC. In the Town Hall, she pointed out that there are hundreds of related initiatives around the world. The efforts could lead to a multinational platform where different countries can exchange tax information. In fact, many countries want to take a step further: to not only exchange information, but also to help collect unpaid taxes — which means we could see a global enforcement regime. “That [possibility] should not be underestimated, as many countries are in need of tax money, as we know,” Haberland said. The U.S. government continues to look for ways to prevent anyone from not paying their fair share of taxes. A big piece of this effort is FATCA, a law designed to improve tax reporting on foreign financial assets and offshore accounts — and the burden of these regulations will affect every financial institution worldwide. by Jeff Caruso How to respond Financial institutions, already under pressure to comply with recent regulations, will have to look at systems to cope with FATCA — but will also have to look beyond. “Don’t just look at FATCA, but look at all of the things that are going to happen over the next couple of months,” said Christophe Lesieur, global practice lead for financial services governance, risk and compliance at CSC. “Anticipate those market moves coming up on you. You can define a target operating model — looking at business lines, looking at business structure and so on, and then elaborate a kind of strategic roadmap.” One approach would be to use a service provider in an as-a- service model. “For small companies to spend a whole lot of money, time and resources and build the functionality in their own environment may not actually be the best way,” said Shyamal Sen, partner and global lead for financial services consulting solutions and technologies at CSC. Meanwhile, large companies may have the resources, but “it is about cost and it is about time to market,” he said. Certainly, financial institutions that can stay on top of the regulations will have an edge — and they have to act fast, as FATCA goes into effect on Jan. 1, 2014. JEFF CARUSO is senior managing editor for CSC’s digital marketing team. Listen to the full 60-minute recorded Town Hall and a 5-minute sound bites version: The GATE Way To help financial institutions deal with FATCA in a way that minimizes disruptions and costs, CSC offers a comprehensive, long-term strategy through its Global Administration of Tax Enquiries (GATE) software and consulting services. CSC GATE’s scalable enterprise tax compliance framework provides a cost-effective way to meet FATCA regulations and rapidly adapt to future tax requirements. Compatible with major financial reporting platforms, the CSC GATE rule- and process-driven software bridges silos in your legacy estate to categorize affected customer accounts, both existing and new, and calculate the appropriate potential tax withholding. It also generates reporting for governmental, internal and customer stakeholders and is prepopulated with the rules for FATCA compliance. Additional countries’ reciprocal tax information exchange agreements can be added as required. Get more information on CSC’s FATCA-related IT offerings:
  23. 23. 21SPRING/SUMMER 2013 | CSC WORLD FINANCIAL SERVICES Cloud-driven change is affecting how processes are managed, how IT investment is handled, and how costs are allocated. The biggest changes are not those related to IT but to mind-set and behavior. The journey to an entirely virtualized, cloud-delivered IT environment may be long and complex, but it is possible to monetize benefits if a cloud strategy is executed with care. A new world of customer service First, the cloud enables new approaches to customer service. Banks and insurers need to become much more responsive. The key factor is building closer customer relationships, understanding customers more deeply and achieving maximum value from each relationship. Cloud is also changing the way financial services companies approach risk management. It is no longer appropriate to make complex risk calculations about future big bets when it is becoming easier to try new ideas in real time, and simply go with those that work. Cloud can help the most in these areas: • Rapid product development: Cloud-based test environments can be set up in minutes, making it possible to try out concepts at high speeds and low cost. • Mobile and multichannel services: Complex and real-time services can flourish in the cloud, such as transforming customer service environments to self-service. • Apps stores: In a world of customer mobility, once a virtualized service layer is embraced, it is much easier to add components. • Social media: This can include a peer group review of services, leading to better- informed customers and more proactive relationships with them. Banks and insurers have a wide range of operational issues to deal with, from capital adequacy to business continuity, and the cloud enables a new world of operational efficiency. By creating a cloud-based layer on top of the existing core infrastructure, it is possible to move faster in creating and implementing services, while continuing to push down costs. After five years of crisis, financial services companies have become used to dealing with a new operational reality. Major changes are happening in client-supplier relationships, and traditional business models are under intense pressure as a result of cloud-related strategies. by Brian Wallace Services on demand The move to purchasing services on demand represents one of the most important strategic changes the financial service industry has ever seen. Yet there is one more element of change that also plays its part in making cloud a practical tool for achieving performance breakthroughs in banking and insurance: commercial innovation. Cloud can drive innovation by enabling: • Global delivery models: Virtualized environments can be moved quickly to delivery centers around the world, making it easier to centralize business and gain access to the lower cost that offshoring offers. • Business-focused SLAs: The ability to flex and scale services to reflect user demand enables more accurate contractual arrangements, based on measurable results. • Flexible payment methods: It is natural for costs to reflect usage, leading to a move away from traditional, license fee payments for software, as well as standard maintenance costs for infrastructure. • Commoditization: Profit margins are thin in many key product areas, making it essential to find ways to reduce development and delivery costs. The ability to develop and deliver simple — yet targeted — products and services to millions of people on a semi- automated basis is a vital benefit. The tech- nology require- ments and issues related to a large-scale move to the cloud are significant and must be dealt with in a systematic way, but the business advantages to banks and insurers of embracing cloud are overwhelming. HOW CLOUD IS DISRUPTING Brian Wallace is a principal technologist in CSC’s Financial Services group. Learn more at
  24. 24. 22 CSC WORLD | SPRING/SUMMER 2013 5The effective use of business intelligence (BI) can give companies a distinct advantage over their competitors. Delivering timely information to key decision makers can be accomplished via the deployment of a well-designed and well- maintained BI dashboard. BI dashboards deliver numerous benefits to enterprises. Companies can achieve significant cost savings by adopting performance dashboards, because they allow for better decision making by giving management recent or even live information. Additionally, by consolidating disparate reports via a BI dashboard, companies save money by reducing or eliminating effort. by Sanjiv Koshal ‘Must Haves’ for Every BI Dashboard 1. Customer Value This dashboard displays the results of data ingested by an analytic model that assesses the value of the customer to the company, ranked against other customers. On this dashboard, customers are grouped based on income, age, product and other segments. The analytic model estimates a customer’s expected value in dollars over a period of time. 2. Churn Analysis This dashboard uses information about customers who have already left the company or who have dropped services. The underlying correlation model estimates the probability that a customer will churn or defect, using terms such as attrition (leaving), renewal (staying) and retention (retaining). Scores are attributed to customers to rank the need of business intervention. 3. Buying Analysis With this analysis companies can be guided about what products to offer to their prospective or existing clients, depending on the customer’s demographics and/or existing products owned. This dashboard’s results are driven by a model that features a data mining algorithm that provides association rules to estimate which products a customer may purchase, given past purchases. 3 Types of BI Dashboards big data
  25. 25. 23SPRING/SUMMER 2013 | CSC WORLD Identification Key performance indicators (KPIs) displayed on the dashboard need to reflect strategic and tactical value drivers. KPI selection is probably one of the most important aspects of a dashboard build-out. KPIs should reflect the strategic value drivers defined by the executives of the company and should be based on corporate standards, backed by valid, easy-to-comprehend data. KPIs are the link between strategy, its execution and performance management. CSC is convinced that an integrated enterprise intelligence framework should be supported by a well-defined set of KPIs. 1 2Integration An enterprise BI platform should be established that integrates disparate data sources to achieve consistent information. Those charged with maintaining the dashboard should streamline the processes for gathering and processing the data to ensure the timely display of critical information. 3Standardization Dashboards should employ a consistent user interface, with matching color schemes and summary information that is standardized across the enterprise. Standardization and consistency are important for user acceptance and the long-term sustainability of performance dashboards. Dashboards should also be interactive and designed to give users the ability to drill up and down, filter data and take a guided analysis path to access detailed reports. 4Visualization Dashboard designers should provide a rich visual interface and use proper design paradigms that enhance the end-user experience. In designing the dashboard, following the “rule of 7” for visualization is important. Cognitive research has shown that the average human can keep seven objects in memory at once, so no more than seven objects should be present on a single dashboard screen. 5Know Your Audience The typical audience for dashboards ranges from C-level executives to vice presidents of finance, human resources managers, and directors in compliance and supply chain departments. Constantly get feedback from your audience to keep improving the quality of metrics and the presentation of the information. Taking action Common uses of dashboards are to manage exceptions, reduce manual administration work, improve organizational alignment, respond to business changes faster, and enable rapid problem detection and escalation. A top priority is to build a dashboard that can be leveraged by executives so they can take quick action to achieve specific strategic goals. Additionally, with dashboards available on mobile devices, business executive and operations teams can improve their decision making and productivity when working remotely, by accessing strategic and operational information about financial figures, customer orders and product performance, etc. SANJIV KOSHAL is practice lead, Financial Services Big Data and Analytics at CSC. Learn more at Gaining competitive advantage Decision makers within an organization rely on BI dashboards to make strategic and tactical decisions. Above all, it is imperative that these dashboards provide them with timely and reliable information. Maintaining and enhancing a BI dashboard ensures that the decision makers can use them to make effective decisions that translate to a company’s competitive advantage in the marketplace. BI dashboards have been in existence for decades, and the recent explosion of big data and analytics has made them more indispensable than ever. Performance dashboards are used to synthesize information and present it in a way that is easy to digest. When deployed properly, BI dashboards can gauge a company’s performance and measure it against business objectives. For organizations to maximize their usefulness, BI dashboards should include the following:
  26. 26. 24 CSC WORLD | SPRING/SUMMER 2013 by David Moschella Putting the ‘I’Back into ITwith Data Strategies Big and Small Over the past 50 years, the growth of the IT industry has been driven by the relentless rise of the “next big thing” — mainframes, minis, PCs, LANs, Web, mobile, social, Software as a Service, cloud and so on. Each era has successfully established a new platform — a combination of hardware, software and communications that expands the foundations upon which useful information systems can be built. But curiously, in each era it has been the “T” in IT that has received top billing. New technologies and the suppliers behind them have captured most of the public’s imagination, with the implicit assumption that the “I” would eventually come along for the ride. It usually has. big data
  27. 27. 25SPRING/SUMMER 2013 | CSC WORLD Today, this dynamic is changing. The next big thing is now information itself. Whether we are talking about big data, unstructured data, open data, user-generated content, data sciences, data at the edge, or the data-driven corporation, the emphasis is shifting to the “I” in IT. This isn’t just happening in business, but in areas of high societal interest, such as the use of analytics in sports and last year’s U.S. presidential election; the computer models that accurately forecast Superstorm Sandy; and the role of Google in trying to track the spread of the flu and other epidemics. Our ability to use data to better see and understand the outside world is now improving rapidly. The future of data However, in the Leading Edge Forum’s latest report, on the evolving future of data, we found that while there is clearly great promise in being able to use technology to identify patterns in vast databases, track real-time conversations and trends, deploy smart devices, and develop new data-driven business models, not everyone is fully on board. We were struck by the schism within today’s IT community. The big data, open data and data science communities speak in revolutionary — even utopian — terms about the power of new and better information and algorithms to answer previously unanswerable questions. Companies such as Google, Amazon, Facebook, Netflix, Twitter, LinkedIn, Bitly, Intuit, Zillow, Kaggle and many others have access to unprecedented amounts and types of data that they will surely turn into important new forms of value. But many CIOs, well-versed in the history and challenges of customer relationship management (CRM), data warehouses and other business intelligence systems, tell us that long- standing information management concerns such as integration, architecture, governance, security and the high costs of enterprise resource planning (ERP) are still dominant in their firms. Interest in new data uses is typically of secondary importance, and these areas are often led by other parts of the firm. Developing a balanced data perspective Clearly, data is not the only path to business success. While Google — with PageRank, AdWords and Trends — is a great example of the power of new data-driven business approaches, Apple has flourished by eschewing traditional information- gathering practices, and relying on its own instincts, know-how and aesthetics. Less obviously, there are two additional patterns. First, while there are a great many interesting new data uses in the market, there seems to be a shortage of low-hanging fruit — the obvious early adoption examples. Previous eras of IT have all had core, driving applications, such as word processing, spreadsheets, email or search. The lack of these cross-industry applications in big data means that every firm will have to find its own way forward. This suggests steady, but less than revolutionary change. Second, perhaps because of the extraordinary progress in the Hadoop community, the IT industry may be confusing big data with the idea that data is big. In other words, the size of the database is often less important than the novelty of the use. Many advanced data applications — such as location-aware smartphone apps, linked and open data, specialized edge devices and the “Internet of Things” — do not necessarily rely on petabyte databases; they simply leverage data in innovative and useful ways. Such “small data” uses typically affect customers directly, and thus often have powerful market implications. Organizations should seek a balanced data strategy, experimenting with the potential of new big data systems, while realizing that novel uses of data at the edge — what we call small data — will often prove equally or even more important. By taking such an approach, firms can seek to put the “I” back into IT, and be leaders not just in technology deployment, but in using data — big and small — to make their firm both more competitive and better prepared for the data-driven customers, marketplaces and organizations of the future. David Moschella is global research director for CSC’s Leading Edge Forum, a global research and thought leadership community. This story was originally published by ComputerWeekly, on April 22, 2013. The IT industry may be confusing big data with the idea that data is big. In other words, the size of the database is often less important than the novelty of the use. Download the executive summary from our Future of Data report at
  28. 28. 26 CSC WORLD | SPRING/SUMMER 2013 $14.8 bil 2015 Many organizations face a dilemma: The number of cyberattacks against their IT assets continues to grow, while their IT budgets continue to remain flat. Unable to add significant resources to combat the attacks, they’re looking to managed security services as a way to get more bang for their buck. Companies in the United States lose about $114 billion a year from cybercrime — and that number is more like $338 billion when you factor in the costs of downtime caused by cybercrime, according to Gen. Keith Alexander, director of the National Security Agency and commander of the U.S. Cyber Command. As reported by Foreign Policy magazine last year, Alexander called the losses “the greatest transfer of wealth in history.” The incidents at U.S. federal agencies are staggering. The latest figures from the U.S. Government Accountability Office show that the number of cyber incidents reported by those agencies has swelled from 5,503 in fiscal year 2006 to 48,562 in fiscal year 2012, a 783% increase. Of the incidents reported in 2012, 20% were related to improper usage, 18% were malicious code, 17% involved unauthorized access, 7% consisted of scans and probes, and the remainder were still under investigation at the time of the March 2013 report. Meanwhile, organizations of all kinds are facing a range of security challenges. In a recent survey by IDG Research, 57% of IT executives named mobile clients and unmanaged devices as one of their top security challenges for the next 12 months. While that was the most common concern, other commonly cited challenges included the increasing sophistication of attacks, controlling access to end-user data, and securing virtual environments. The Case for ManagedSecurity Services by Jeff Caruso cybersecurity
  29. 29. 27SPRING/SUMMER 2013 | CSC WORLD 2100%increase in reported cyberattacks from 2009 to 2011 on companies that manage critical infrastructure. Budget battles Those same IT executives cited budget as a key concern, with 40% saying that controlling IT security costs would be a challenge for them over the next year. At the same time, 32% said that their organization didn’t have the security experts or skill sets necessary to handle security effectively. CIOs’ IT budgets have been flat to negative since 2002, according to Gartner. After a recent study of more than 2,000 CIOs, the research firm determined that CIO IT budgets will likely decline slightly in 2013, with a weighted global average decline of 0.5%. This has forced many organizations to get creative with their IT dollars, and in the realm of cybersecurity, this increasingly means looking at managed security services. Providers of these services are able to attain economies of scale and provide better security for the same cost. In the IDG Research survey, 67% of the IT executives cited cost reduction as a “critical” or “very important” benefit of using a managed security service provider (MSSP), and another 66% said the provider could drive operational efficiency. Skill sets Interestingly, however, cost reduction wasn’t the most-cited benefit. Instead, a full 76% thought that such a provider could offer improved security effectiveness, and 70% cited enhanced knowledge sharing as a critical or very important benefit. Another 68% said the providers would give them access to specialized skills, and 66% said they expected enhanced compliance capabilities. In other words, the bang is at least as important as the buck. And respondents to the IDG Research survey acknowledged that managed security service providers can do a lot of things better than internal security professionals. Three-quarters of the respondents rated their IT security organizations’ ability to secure the perimeter as excellent or good, but only about half would say the same about their ability to maintain real-time awareness of the changing threat landscape or to correlate security events in real time to compliance policy. As a result, about 30% of the respondents said they would be likely to start using a managed security provider within the next year. About 9% already do. As IT security continues to be a high priority for all organizations, the appeal of managed security services is bound to remain high as well. JEFF CARUSO is senior managing editor for CSC’s digital marketing team. OF RESPONDENTS CITED 57%MOBILE CLIENTS AND UNMANAGED DEVICES AS THE TOP I.T. SECURITY CHALLENGE. 1/3OF RESPONDENTS THINK THEY ARE LIKELY TO START USING AN MSSP THIS YEAR. E MSSPS PROVIDE THESE VERY IMPORTANT OR CR 70% Knowledge Share 68% Specialized Skills REspondents believe managed security services providers provide these very important or Critical benefits: Learn more at
  30. 30. 28 CSC WORLD | SPRING/SUMMER 2013 Until recently, when thinking about cybersecurity, nations primarily worried about theft — of data, identities and knowledge. Today, official concern has broadened as hackers increasingly attempt to disrupt and destroy critical infrastructure and foreign governments consider how cyberattacks can be used as part of their integrated approach to exercising power. In February, President Barack Obama issued an Executive Order and Presidential Policy Directive aimed at reducing the risk of cyberattacks on U.S. critical infrastructure. Although the public and private sectors have been working in recent years to strengthen cybersecurity, protecting today’s Internet-enabled and increasingly connected infrastructure and IT systems involves more than one entity, agency or organization. The President’s Order and Directive, which aim to improve system and network security and resiliency, encourages greater public-private collaboration. They also include deliverables and possible regulatory actions that, most importantly, apply to numerous private industry sectors that own and operate critical infrastructure. While the Order and Directive are linked in goals, each is different, and it’s important to understand how each affects owners and operators of critical infrastructure, as well as federal agencies. The Order directs increased federal distribution of cyberthreat information and the development of a Cybersecurity Framework that can be used to reduce cyber risks to critical infrastructure. The Order also mandates a review of existing regulation to determine what gaps, if any, exist, and what must be done to create useful standards to safeguard the cybersecurity of critical infrastructure. The Directive, which updates the previous Directive issued in 2003, establishes national policy on critical infrastructure security, expanding the previous policy’s definition of threats from solely physical to include cyber, specifically. Decoding the President’s Cybersecurity Mandateby Samuel Visner cybersecurity
  31. 31. 29SPRING/SUMMER 2013 | CSC WORLD Identifying critical sectors Because the Directive expands the definition of hazards, a number of initiatives will be updated. For example, the National Infrastructure Protection Plan Partnership Model, which describes critical infrastructure sectors and accompanying federal sector-specific agencies, is evaluating the existing partnership model to determine if it needs to be changed. The Directive has already identified 16 critical sectors and designated associated federal sector specific agencies for each of the sectors. These sectors themselves are broad and include: Chemical, Communications, Critical Manufacturing, Dams, Defense Industrial Base, Emergency Services, Energy, Financial Services, Food and Agriculture, Human Services, Healthcare and Public Health, Information Technology, Nuclear Reactors, Materials and Waste, Transportation Systems, and Water and Wastewater Systems. Owners and operators will be notified if they have been designated as part of the critical list and, for the first time, will have an opportunity to say if they think that decision is incorrect. Under the Directive, the Secretary of Homeland Security will lead the identification effort and work with owners and operators in regards to significant cyber or physical incidents. The Directive has three strategic goals aimed at improving functional relationships, information exchange and operations decisions. A guide to managing risk As the Secretary of Homeland Security focuses on the Directive, through the Executive Order, the National Institute of Standards and Technology is coordinating development of the Cybersecurity Framework. The final product, which is due no later than Feb. 12, 2014, will include a collection of standards and processes, and advice on how to use them in different circumstances, to help operators and owners better manage risk. Building secure ecosystems that go all the way from the mobile device in someone’s pocket to the programmable logical device that’s embedded in a power plant turbine, pipeline or air traffic control system is the next big challenge. The Cybersecurity Framework may be the launching point for meeting that challenge and the development of really secure architectures. Besides the Framework, the Order and Directive’s deliverables range from instructions to produce timely cyberthreat reports to reports on whether agencies have the authority to establish requirements based on the Framework. As CSC leaders provide input to the Framework’s development, we expect to understand who will be impacted, and how, so we can help our clients apply cybersecurity requirements that flow to them. Incentives and mandates Under the Order, the Secretary of Homeland Security, along with sector-specific agencies, will establish a voluntary program for critical infrastructure owners and operators to adopt the Framework. The Secretary will also coordinate the establishment of a set of incentives to promote participation. Agencies clearly anticipate wide adoption of the Framework and, as the Order talks about the possibility of further regulatory actions, the various critical infrastructure sectors are watching closely. For owners and operators of critical infrastructure, and the organizations that work with them, the Executive Order and Presidential Policy Directive’s deliverables may affect their industry or organization’s operations. The clock has started; agencies are already engaged, working with their sectors, and some deliverables will be due soon. The preliminary version of the Cybersecurity Framework is due by October; the list of “Critical Infrastructure at Greatest Risk” is due by July. Organizations should pay attention to these deadlines so they can prepare for new requirements and potential associated adoption costs, and can take advantage of more accessible threat information and new tools in the Framework to strengthen their infrastructure. They should also look for advice from cyber experts, like CSC, that have deep legacies in public-private partnerships and are involved in helping develop the new Cybersecurity Framework. Organizations should look closely at the various industrial control and related systems used to manage the infrastructures they own and operate; some of these are legacy systems designed before today’s more challenging cybersecurity environment. They should consider what enterprise-level strategies and approaches they need to meet these cybersecurity challenges. Through our long history of securing many of the world’s most important systems, we have insight into what works and what doesn’t. We have devoted our own R&D resources to deal with weapons-grade threats against which most commercial cybersecurity technology is largely ineffective. We also know more than most about the IT that’s used in public and private sectors, ranging all the way into industrial control and SCADA systems, and the threats to both. Just as NIST is looking to the private sector to help develop the new Framework, organizations are increasingly turning to trusted partners for cybersecurity support, evidenced by surveys, such as ASDReports, which says the global cybersecurity market will be worth more than $68 billion this year. Today, no one can safeguard their operations entirely on their own and organizations need to begin aligning themselves with partners who can help address current and future challenges and build resiliency. Samuel Visner is vice president and general manager, cybersecurity, at CSC. Download the Executive Order and Presidential Policy Directive white paper at Learn more about cyber threats and protection at
  32. 32. 30 CSC WORLD | SPRING/SUMMER 2013 CLOUD COMPUTING From public to private to community, clouds come in different shapes and sizes. Lately, many organizations are turning to hybrid solutions that can be tailored to meet the needs of any enterprise. Hybrid clouds give organizations the opportunity to meet unique requirements. Start with the privacy and security of a private cloud, which offers a dedicated compute environment for a single organization. Next, add the massive scalability of a public cloud, where the infrastructure is leveraged across many organizations. REASONS TO BELIEVE IN HYBRID CLOUDS 3by Jim Battey