This podcast discusses how Lake Health, a regional healthcare provider in Ohio, has matured its approach to information security. The Information Security Officer, Keith Duemling, explains that Lake Health initially took a technology-focused approach but has since transitioned to viewing security through the lens of information assurance and quality assurance. The goal is to ensure the integrity of patient information and protect availability so clinicians have accurate data to make care decisions. Duemling discusses how taking a holistic risk-based approach helps Lake Health address compliance requirements and be proactive on regulatory elements. The conversation explores the challenges of balancing security needs for a mid-sized organization and how automation can help a small team manage visibility and response.
Liberty Mutual Insurance Melds Regulatory Compliance with Security Awareness ...Dana Gardner
Transcript of a BriefingsDirect podcast on how Liberty Mutual Insurance has adopted a new, heightened security posture that permeates the development process.
Data Science Helps Hospitals Improve Patient Payments and Experiences While B...Dana Gardner
Transcript of a discussion on new approaches to healthcare revenue cycle management and outcomes that give patients more options and providers more revenue clarity.
How Financial Firms Blaze a Trail To New, More Predictive Operational Resilie...Dana Gardner
A transcript of a discussion on new ways that businesses in the financial sector are avoiding and mitigating the damage from today’s myriad business threats.
Business Readiness—The Key to Surviving and Thriving in Uncertain TimesDana Gardner
Transcript of a discussion on how companies and communities alike are adjusting to a variety of workplace threats using new ways of enabling enterprise-class access and distribution of vital data resources and applications.
Strengthening Operational Resilience in Financial Services by Migrating to Go...run_frictionless
Operational resilience is a key area of focus for financial services firms, and could be thought of as the next goal in addressing systemic risk in the financial services sector. Regulators are also increasingly focused on this risk: it is recognised that despite many years of bolstering financial stability by enhancing financial resilience following the financial crisis, the shocks that come from the operational side can be as significant as the shocks from the financial side.
https://runfrictionless.com/b2b-white-paper-service/
PatientCalls separates itself from the competition by evolving away from the old stigma of “just being the answering service” and morphs into becoming a Trusted HIPAA Business Associate and Expert Service Provider to all Covered Entities due to 3 unique reasons;
Liberty Mutual Insurance Melds Regulatory Compliance with Security Awareness ...Dana Gardner
Transcript of a BriefingsDirect podcast on how Liberty Mutual Insurance has adopted a new, heightened security posture that permeates the development process.
Data Science Helps Hospitals Improve Patient Payments and Experiences While B...Dana Gardner
Transcript of a discussion on new approaches to healthcare revenue cycle management and outcomes that give patients more options and providers more revenue clarity.
How Financial Firms Blaze a Trail To New, More Predictive Operational Resilie...Dana Gardner
A transcript of a discussion on new ways that businesses in the financial sector are avoiding and mitigating the damage from today’s myriad business threats.
Business Readiness—The Key to Surviving and Thriving in Uncertain TimesDana Gardner
Transcript of a discussion on how companies and communities alike are adjusting to a variety of workplace threats using new ways of enabling enterprise-class access and distribution of vital data resources and applications.
Strengthening Operational Resilience in Financial Services by Migrating to Go...run_frictionless
Operational resilience is a key area of focus for financial services firms, and could be thought of as the next goal in addressing systemic risk in the financial services sector. Regulators are also increasingly focused on this risk: it is recognised that despite many years of bolstering financial stability by enhancing financial resilience following the financial crisis, the shocks that come from the operational side can be as significant as the shocks from the financial side.
https://runfrictionless.com/b2b-white-paper-service/
PatientCalls separates itself from the competition by evolving away from the old stigma of “just being the answering service” and morphs into becoming a Trusted HIPAA Business Associate and Expert Service Provider to all Covered Entities due to 3 unique reasons;
HP Discover 2012 Case Study: McKesson Redirects IT to Become a Services Provi...Dana Gardner
Transcript of a BriefingDirect podcast from HP Discover 2012 on how health-care giant McKesson has revamped it's IT approach and instituted a cultural shift toward services.
VC Michael Skok on the State of Cloud Based on Latest North Bridge Annual Sur...Dana Gardner
The document summarizes the key findings from a survey on the state of cloud computing conducted by North Bridge Venture Partners. Some of the main results are that confidence in cloud computing has grown significantly over the past year, with 50% of respondents now having complete confidence compared to 13% previously. However, there remains a gap between vendor confidence (56% complete confidence) and customer confidence (37% complete confidence). Barriers to greater adoption include a need for more complete business cases and ROI analysis. Areas seen as big opportunities for cloud include Platform as a Service (PaaS), big data/analytics, and eCommerce.
Choice, Consistency, Confidence Keys to Improving Services' Performance throu...Dana Gardner
Transcript of a BriefingsDirect podcast from the HP Discover 2012 Conference on hybrid cloud and tying together the evolving elements of cloud computing.
Corporate Data, Supply Chains Vulnerable to Cyber Crime Attacks from Outside ...Dana Gardner
Transcript of a BriefingsDirect podcast in which cyber security expert Joel Brenner explains the risk to businesses from international electronic espionage.
The Open Group Trusted Technology Forum Leading the Way in Securing Global Su...Dana Gardner
Transcript of a BriefingsDirect podcast focusing on the upcoming Open Group Conference and the effort to develop standards to make supply chains secure, verified, and trusted.
Analysts Probe Future of Client Architectures as HTML 5 and Client Virtualiza...Dana Gardner
Edited transcript of BriefingsDirect Analyst Insights Edition podcast, Vol. 52 on client-side architectures and the prospect of heightened disruption in the PC and device software arenas.
Showing Value Early and Often Boosts Software Testing Overhaul Success at Pom...Dana Gardner
Transcript of a BriefingsDirect podcast on how a managed service provider is using HP tools to improve quality and speed modernization in application development.
Industry Moves to Fill Gap for Building Trusted Supply Chain Technology Accre...Dana Gardner
The document discusses the importance of establishing standards for security and reliability in technology supply chains. The Open Group Trusted Technology Forum is developing an accreditation process to help buyers ensure technology providers adhere to best practices. Panelists at a conference discussed progress made in developing the standards and accreditation program, with a draft specification expected soon. The goal is to provide confidence to technology buyers that accredited providers have secure engineering and supply chain practices.
Cloud Security Crosses the Chasm, How IT Now Goes to the Cloud for Better Sec...Dana Gardner
Transcript of a discussion on how cloud security is rapidly advancing and how enterprises can begin to innovate to prevail over digital disruption by increasingly using cloud-defined security.
Thought Leader Interview: HP's Global CISO Brett Wahlin on the Future of Secu...Dana Gardner
Transcript of a BriefingsDirect podcast on how increased and more sophisticated attacks are forcing enterprises to innovate and expand security practices to not only detect, but predict, system intrusions.
The document discusses using big data to analyze and reduce a company's total cost of risk. It summarizes a roundtable discussion between insurance and risk management experts on this topic. They define total cost of risk as including retained losses, insurance premiums, taxes, claims management costs, and other risk management expenses. The experts discuss how big data now allows for quicker identification of risk issues, improved forecasting abilities, and more customized risk mitigation approaches. They emphasize the importance of holistic thinking and continuous improvement when analyzing a company's total cost of risk over multiple years.
Table of Experts: Insights into Cyber SecurityAaron Lancaster
A special section in the August 26th, 2016 edition of the Nashville Business Journal, Nashville,TN addressing Cyber Security concerns and practices for business.
How Dashboard Analytics Bolster Security and Risk Management Across IT Supply...Dana Gardner
Transcript of a discussion on how Bruce Auto Group gained deep insights into their systems, apps, and data to manage and reduce risks across their entire IT and services supply chain.
The Open Group July Conference Emphasizes Value of Placing Structure and Agil...Dana Gardner
Transcript of a BriefingsDirect podcast about the how to achieve better risk management with better analysis of risk factors and presenting that in dollars-and-cents terms.
How a Widely Distributed Dental Firm Protects Sensitive Data While Making It ...Dana Gardner
Transcript of a discussion on how a rapidly growing dental services company combined hyperconverged infrastructure with advanced security products to efficiently gain data availability, privacy, and security.
Proactive information security michael Priyanka Aash
The document discusses how information security professionals can take a more proactive approach. It recommends developing a standard questionnaire to complete as part of the change process to identify security impacts early. This helps integrate security into processes. It also suggests implementing a Privacy and Security Impact Assessment tool to identify and mitigate risks associated with new systems before operationalization. Using these tools can help information security professionals address issues proactively before they become threats, build a culture of security, and provide assurance to executive teams.
Brunswick Intelligence - Building reputational resilience to cyber attackBrunswick Group
Cybersecurity is a business critical risk not just an IT issue. The reputational damage of a cyber breach is often less than the technical damage inflicted, the money lost, or the regulatory fines. With new threats proliferating at startling speed how companies respond to an attack can be more important than the attack itself. The good news is that companies can seize this challenge to differentiate themselves from the competition and earn a greater level of trust from stakeholders.
Learn more about the four steps companies can take to build their reputational resilience to cyber attack.
HP Discover 2012 Case Study: McKesson Redirects IT to Become a Services Provi...Dana Gardner
Transcript of a BriefingDirect podcast from HP Discover 2012 on how health-care giant McKesson has revamped it's IT approach and instituted a cultural shift toward services.
VC Michael Skok on the State of Cloud Based on Latest North Bridge Annual Sur...Dana Gardner
The document summarizes the key findings from a survey on the state of cloud computing conducted by North Bridge Venture Partners. Some of the main results are that confidence in cloud computing has grown significantly over the past year, with 50% of respondents now having complete confidence compared to 13% previously. However, there remains a gap between vendor confidence (56% complete confidence) and customer confidence (37% complete confidence). Barriers to greater adoption include a need for more complete business cases and ROI analysis. Areas seen as big opportunities for cloud include Platform as a Service (PaaS), big data/analytics, and eCommerce.
Choice, Consistency, Confidence Keys to Improving Services' Performance throu...Dana Gardner
Transcript of a BriefingsDirect podcast from the HP Discover 2012 Conference on hybrid cloud and tying together the evolving elements of cloud computing.
Corporate Data, Supply Chains Vulnerable to Cyber Crime Attacks from Outside ...Dana Gardner
Transcript of a BriefingsDirect podcast in which cyber security expert Joel Brenner explains the risk to businesses from international electronic espionage.
The Open Group Trusted Technology Forum Leading the Way in Securing Global Su...Dana Gardner
Transcript of a BriefingsDirect podcast focusing on the upcoming Open Group Conference and the effort to develop standards to make supply chains secure, verified, and trusted.
Analysts Probe Future of Client Architectures as HTML 5 and Client Virtualiza...Dana Gardner
Edited transcript of BriefingsDirect Analyst Insights Edition podcast, Vol. 52 on client-side architectures and the prospect of heightened disruption in the PC and device software arenas.
Showing Value Early and Often Boosts Software Testing Overhaul Success at Pom...Dana Gardner
Transcript of a BriefingsDirect podcast on how a managed service provider is using HP tools to improve quality and speed modernization in application development.
Industry Moves to Fill Gap for Building Trusted Supply Chain Technology Accre...Dana Gardner
The document discusses the importance of establishing standards for security and reliability in technology supply chains. The Open Group Trusted Technology Forum is developing an accreditation process to help buyers ensure technology providers adhere to best practices. Panelists at a conference discussed progress made in developing the standards and accreditation program, with a draft specification expected soon. The goal is to provide confidence to technology buyers that accredited providers have secure engineering and supply chain practices.
Cloud Security Crosses the Chasm, How IT Now Goes to the Cloud for Better Sec...Dana Gardner
Transcript of a discussion on how cloud security is rapidly advancing and how enterprises can begin to innovate to prevail over digital disruption by increasingly using cloud-defined security.
Thought Leader Interview: HP's Global CISO Brett Wahlin on the Future of Secu...Dana Gardner
Transcript of a BriefingsDirect podcast on how increased and more sophisticated attacks are forcing enterprises to innovate and expand security practices to not only detect, but predict, system intrusions.
The document discusses using big data to analyze and reduce a company's total cost of risk. It summarizes a roundtable discussion between insurance and risk management experts on this topic. They define total cost of risk as including retained losses, insurance premiums, taxes, claims management costs, and other risk management expenses. The experts discuss how big data now allows for quicker identification of risk issues, improved forecasting abilities, and more customized risk mitigation approaches. They emphasize the importance of holistic thinking and continuous improvement when analyzing a company's total cost of risk over multiple years.
Table of Experts: Insights into Cyber SecurityAaron Lancaster
A special section in the August 26th, 2016 edition of the Nashville Business Journal, Nashville,TN addressing Cyber Security concerns and practices for business.
How Dashboard Analytics Bolster Security and Risk Management Across IT Supply...Dana Gardner
Transcript of a discussion on how Bruce Auto Group gained deep insights into their systems, apps, and data to manage and reduce risks across their entire IT and services supply chain.
The Open Group July Conference Emphasizes Value of Placing Structure and Agil...Dana Gardner
Transcript of a BriefingsDirect podcast about the how to achieve better risk management with better analysis of risk factors and presenting that in dollars-and-cents terms.
How a Widely Distributed Dental Firm Protects Sensitive Data While Making It ...Dana Gardner
Transcript of a discussion on how a rapidly growing dental services company combined hyperconverged infrastructure with advanced security products to efficiently gain data availability, privacy, and security.
Proactive information security michael Priyanka Aash
The document discusses how information security professionals can take a more proactive approach. It recommends developing a standard questionnaire to complete as part of the change process to identify security impacts early. This helps integrate security into processes. It also suggests implementing a Privacy and Security Impact Assessment tool to identify and mitigate risks associated with new systems before operationalization. Using these tools can help information security professionals address issues proactively before they become threats, build a culture of security, and provide assurance to executive teams.
Brunswick Intelligence - Building reputational resilience to cyber attackBrunswick Group
Cybersecurity is a business critical risk not just an IT issue. The reputational damage of a cyber breach is often less than the technical damage inflicted, the money lost, or the regulatory fines. With new threats proliferating at startling speed how companies respond to an attack can be more important than the attack itself. The good news is that companies can seize this challenge to differentiate themselves from the competition and earn a greater level of trust from stakeholders.
Learn more about the four steps companies can take to build their reputational resilience to cyber attack.
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...Dana Gardner
The panel discussion focused on improving global cybersecurity and mitigating risks for enterprises. Key points discussed included:
- Continuous monitoring of user behavior and access controls is essential to detect attackers who have been on networks for months undetected. Rigorous detection, containment, and response processes are needed.
- Executive support and cross-departmental incident response processes are required to quickly address security issues.
- The growth of IoT devices introduces new risks if basic security practices from IT are not applied. A new architectural approach is needed for IoT security.
- Increased public-private collaboration and information sharing is important but will not be solved by government alone. Industry can lead through sector-specific partnerships and alliances
Privacy is on the minds of people everywhere, including your customers and users. Along with a flurry of new legislation that is already in place or in progress around the world or the US states you do operate in, having a formal privacy program in your company or organization is becoming mandatory. This webinar will cover the basics of how to start a privacy program for organizations of all sizes. Secratic's Managing Partner and Founder, Daniel Ayala, will also review how to build privacy into the products and services you sell to achieve a better competitive advantage and build the trust of your customers, employees and business partners.
Financial Stability, a Critical Factor For Choosing a Business Partner, Is E...Dana Gardner
Transcript of a discussion on new ways companies gain improved visibility, analytics, and predictive indicators to assess financial viability of partners across global supply chains.
Gaining Digital Business Strategic View Across More Data Gives AmeriPride Cul...Dana Gardner
Transcript of a discussion on how improved data allows for more types of work in an improved organization to become even more intelligent, and to find new efficiencies and benefits.
How More Industries Can Cultivate A Culture of Operational ResilienceDana Gardner
A transcript of a discussion on the many ways that businesses can reach a high level of assured business availability despite varied and persistent threats.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
20 Comprehensive Checklist of Designing and Developing a WebsitePixlogix Infotech
Dive into the world of Website Designing and Developing with Pixlogix! Looking to create a stunning online presence? Look no further! Our comprehensive checklist covers everything you need to know to craft a website that stands out. From user-friendly design to seamless functionality, we've got you covered. Don't miss out on this invaluable resource! Check out our checklist now at Pixlogix and start your journey towards a captivating online presence today.
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Presentation of the OECD Artificial Intelligence Review of Germany
Right-Sizing the Security and Information Assurance for Companies, a Core-versus-Context Journey
1. Right-Sizing the Security and Information Assurance for
Companies, a Core-versus-Context Journey
Transcript of a BriefingsDirect podcast on how healthcare provider Lake Health ensures that its
internal systems continue to serve patient care, while protecting against outside threats.
Listen to the podcast. Find it on iTunes. Sponsor: HP
Dana Gardner: Hello, and welcome to the next edition of the HP Discover Performance
Podcast Series. I'm Dana Gardner, Principal Analyst at Interarbor Solutions,
your moderator for this ongoing discussion of IT innovation and how it’s
making an impact on people’s lives.
Once again, we're focusing on how IT leaders are improving performance of
their services to deliver better experiences and payoffs for businesses and end-
users alike. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]
We're now joined by our co-host for this sponsored podcast series, Chief Software Evangelist at
HP, Paul Muller. Hello, Paul, welcome back.
Paul Muller: Dana, it's good to be back. How are you?
Gardner: I'm well. Are you still in San Francisco?
Muller: Still in San Francisco, and it’s another lovely day.
Gardner: Very good. We're also here with Raf Los. He is the Chief Security Evangelist at HP.
Welcome back, Raf, how are you?
Raf Los: I'm well. Thank you.
Gardner: And where are you joining us from today?
Los: I'm in Houston, Texas, today.
Gardner: We have a fascinating show today, because we're going to learn how regional
healthcare services provider Lake Health in Ohio has matured from deploying security
technologies to becoming more of a comprehensive risk-reduction practice provider internally
for its own consumers.
We're going to learn how Lake Health's Information Security Officer has been expanding the
breadth and depth of risk management there to a more holistic level, and we're even going to
Page 1
2. discuss how they've gone about deciding for which risk and compliance services to seek outside
providers and which to retain and keep inside, or on premises.
With that, please join me in welcoming our special guest, Keith Duemling. He is the Information
Security Officer at Lake Health. Welcome, Keith.
Keith Duemling: Hi. How are you guys doing today?
Gardner: We're doing very well.
Duemling: Good. Good to hear.
Gardner: Keith, let me begin our discussion with a high level, almost a philosophical, question
for you. Many people are practicing IT security and they're employing products and
technologies. They're putting in best practices and methods, of course, but it seems
to me that you have a different take.
You've almost abstracted this up to information assurance, even quality assurance,
for knowledge, information, and privacy. Tell me how that higher abstraction works,
and why you think it's more important or more successful than just IT security?
Duemling: If you look at the history of information security at Lake Health, we started like most
other organizations. We were very technology focused, implementing one or two point solutions
to address specific issues. As our program evolved, we started to change how we looked at it and
considered it less of a pure privacy issue and more of a privacy and quality issue.
Go back to the old tenets of security, with confidentiality, integrity, and availability. We started
thinking that, of those three, we really focused on the confidentiality, but as an industry, we
haven't focused that much on the integrity, and the integrity is closely tied to the quality.
Information assurance
So we wanted to transform our program into an information-assurance program, so that we
could allow our clinicians and other caregivers to have the highest level of assurance that the
information they're making decisions based on is accurate and is available, when it needs to be,
so that they feel comfortable in what they are doing.
So it's not just protecting information from being disclosed, but it's protecting information so that
it's the right information, at the right time, for the right patient, for the right plan of care. From a
high level, the program has evolved from simple origins to more of a holistic type of analysis,
where we look at the program and how it will impact patient care and the quality of that patient
care.
Page 2
3. Gardner: It sounds like what I used to hear -- and it shows how long I have been around -- in
the manufacturing sector. I covered that 20 years ago. They talked about a move towards quality,
and rather than just looking at minute or specific parts of a process, they had to look at it in total.
It was a maturity move on behalf of the manufacturers, at that time.
Raf Los, do you see this as sort of a catching up for IT and for security practices that are maybe
20 years behind where manufacturing was?
Los: More or less, Dana. Where Keith’s group is going, and where many organizations are
evolving to, is a practice that focuses less on “doing security” and more on
enabling the enterprise and keeping quality high. After all, security is simply a
function, one of the three pillars of quality. We look at does it perform, does it
function, and is it secure?
So it's a natural expansion of this, sort of a Six Sigma-esque approach to the
business, where IT is catching up, as you’ve aptly put it. So I tend to agree with it.
Gardner: Of course, compliance is really important in the healthcare field. Keith, tell us how
your approach may also be benefiting you, not just in the quality of the information, but helping
you with your regulatory and compliance requirements too?
Duemling: In the approach that we’ve taken, we haven’t tried to change the dynamics that
significantly. We've just tried to look at the other side of the coin, when it comes to security. We
find that a lot of the controls that we put in place for security benefit from an assurance
standpoint, and the same controls for assurance also benefit from a security standpoint.
As long as we align what we're doing to industry-accepted frameworks, whether it’d be NIST or
ISO, and then add the healthcare-specific elements on top of that, we find that that gives us a
good architecture to continue our program and be mindful of the assurance aspect as well as the
security side.
In doing so, we're able to implement controls that span multiple compliance elements, so that we
are not duplicating our efforts, missing something, or trying to reinvent the wheel. Obviously,
we're not the first healthcare provider, and we certainly won't be the last one, to go through the
challenges of compliance in the United States -- and how it's ever changing.
Add-on benefits
Gardner: Are there some other ancillary or add-on benefits from your approach? I am thinking
of being able to be proactive, rather than reactive, on certain elements of your requirements. Or
do you have an ability to compress the amount of time that you can react, so that you can be
more real time in how you adjust. What are the other benefits to your approach?
Page 3
4. Duemling: One of the other benefits of the approach is that we look at the data itself or the
business function and try to understand the risks associated with it and the importance of those
functions and the availability of the data. When we put the controls and the protective measures
around that, we typically find that if we're looking specifically at what the target is when we
implement the control, our controls will last better and they will defend from multiple threats.
So we're not putting in a point solution to protect against the buzzword of the day. We're trying to
put in technologies and practices that will improve the process and make it more resilient from
both what the threats are today and what they are in the future.
Gardner: Paul Muller, any thoughts about what you're hearing and how this might relate to the
larger marketplace that you're familiar with from some of the other clients and enterprises that
you're talking to?
Muller: A couple of observations. The first is that we need to be really careful when we think
about compliance. It's something of a security blanket, not so much for security
executives. I think InfoSec security executives understand the role of compliance,
but it can give business leaders a false sense of security to say, "Hey, we passed
our audit, so we're compliant."
There was a famous case of a very large financial-services institution that had
been through five separate audits, all of which gave them a very clear bill of
health. But it was very clear from some of the honey pots they put in place in terms of certain
data that they were leaking data through to a market-based adversary. In other words, somebody
was selling their data, and it wasn’t until the sixth audit that it uncovered the source of the
problem.
So we need to be really careful. Compliance is actually the low bar. We're dealing with a market-
based adversary. That is, someone will make money from your data. It's not the nation-state that
we need to worry about so much as the people who are looking to exploit the value of your
information.
Of course, once money and profit enter the equation, there are a lot of people very interested in
automating and mechanizing their attack against your defense, and that attack surface is
obviously constantly increasing.
The challenge, particularly in examples such as the one that Keith is talking about, comes in the
mid-sized organizations. They've got all of the compliance requirements, the complexity, and the
fascinating, or interesting, data from the point of view from a market-based adversary. They have
all of that great data, but don't necessarily have the scale and the people to be able to protect that.
Page 4
5. Balancing needs
It's a question of how you balance the needs of a large enterprise with the resources of a mid-
sized organization. I don't know, Keith, whether you've had any experience of that problem.
Duemling: I have all too many times experienced that problem that you’re defining right there.
We find that technology that helps us to automate our situational awareness is something that's
key for us. We can take the very small staff that we have and make it so that we can respond to
the threats and have the visibility that we need to answer those tough questions with confidence,
when we stand in front of the board or senior management. We're able to go home and sleep at
night and not be working 24×7.
Los: Keith, let me throw a question at you, if you don't mind. We mentioned automation, and
everybody that I have with this conversation with tends to -- I don't want to say oversimplify --
but can have an over-reliance on automation technology.
In an organization of your size, you’re right smack in the middle of that, too big not to be a
target, too small to have all the resources you've ever wanted to defend yourself. How do you
keep from being overrun by automation -- too many dashboards, too many red lights blinking at
you, so you can actually make sense of any of this?
Duemling: That's actually one of the reasons we selected ArcSight. We had too many dashboards
for our very small staff to manage, and we didn’t want Monday to be the dashboard for Product
A, Tuesday for Product B, and things of that nature.
So we figured we would aggregate them and create the master dashboard, which we could use to
have a very high-level, high-altitude view, drill down into the specific events, and then start
referring them to subject-matter experts. We wanted to have just those really sensitive events
bubble up to the surface, so that we could respond to them and they wouldn’t get lost in the maze
of dashboards.
Gardner: Keith, before we go any further, for the benefit of our listeners, please tell us a bit
about Lake Health, the size of your organization, the types of services you provide, and even the
nature of your organization. Are you non-profit, publicly-traded, that sort of thing?
Duemling: Sure. Lake Health is a not-for-profit healthcare system. We’re about 45 minutes
outside of Cleveland, Ohio. We have two freestanding hospitals and approximately 16 satellite
sites of different sizes that provide healthcare to the citizens of the county that we’re in and three
adjacent counties.
We have three freestanding 24×7 emergency rooms (ERs), which treat all kinds of injuries, from
the simple broken fingers to severe car accidents, heart-attacks, things of that nature.
Page 5
6. We also have partnerships with a number of very large healthcare systems in the region, and
organizations of that size. We send some of our more critically injured patients to those
providers, and they will send some of their patients to us for more localized, smaller care closer
to their place of residence.
We’ve grown from a single, small community hospital to the organization that we have now.
Career path
Gardner: And how about you? What's been your trajectory in terms of how long you've
worked there and the career path that you followed?
Duemling: I've been with Lake Health for a little under eight years now. I started as a systems
administrator, managing a set of Windows servers, and evolved to my current position over time.
Typically, when I started, an individual was assigned a set of projects to work on, and I was
assigned a series of security projects. I had a security background that I came to the organization
with. Over time, those projects congealed into the security program that we have now, and if I
am not mistaken, it's in its third iteration right now. We seem to be on a three-year run for our
security program, before it goes through a major retrofit.
Gardner: How did you unify all of these different elements under what you call a program for
security? What were some of the steps you needed to take? We heard a little bit about the
dashboard issue, but I'm trying to get a larger perspective on how you unified culture around this
notion of information assurance?
Duemling: We started within the information and technology department where we had to really
do an evaluation of what technologies we had in place? What are different individuals
responsible for, and who do they report to? Once we found that there was this sprinkling of
technology and responsibilities throughout the department, we had to put together a plan to unify
that all into one program that has one set of objectives, is under one central leadership, and has
its clear marching orders.
Then once we accomplished that, we started to do the same thing across the entire organization.
We improved our relationship within IT, not just with sub-departments within IT, but then we
also started to look outside and said, "We have to improve our relationship with compliance and
we have to improve our relationship with physical security."
So we’re unifying our security program under the mantra of risk, and that's bringing all the
different departments that are related to risk into the same camp, where we can exchange notes
and drive towards a bigger enterprise focused set of objectives.
Page 6
7. Gardner: Raf, this sounds a bit like the resiliency concepts that you've been talking about in the
past few months. Is what we're hearing from Keith enterprise resiliency or is there a difference
that we should appreciate?
Los: No, he's dead-on. At the end of the day, what security is chartered with, along with most of
the rest of IT, as I said earlier, is empowering the organization to do its work. Lake Health does
not exist for the sole purpose of security, and clearly they get that.
That's step one on this journey of understanding what the purpose of an IT security organization
is. Along the broader concept of resiliency, one of the things that we look at in terms of security
and its contribution to the business is, can the organization take a hit and continue, get back up to
speed, and continue working?
Not if, but when
Most organization technologists by now know it’s not a question of if you’re going to be
hacked or attacked, but a question of when, and how you’re going to respond to that by allowing
the intelligent use of automation, the aligning towards business goals, and understanding the
organization, and what's critical in the organization.
They rely on critical systems, critical patient-care system. That goes straight to the enterprise
resiliency angle. If you get hacked and your network goes down, IT security is going to be
fighting that hack. At the same time, we need to realize how we separate the bad guys from the
patient and the critical-care system, so that our doctors and nurses and support professionals can
go back to saving lives, and making people’s lives better, while we contain the issue and
eradicate it from our system.
So that's perfectly along those lines, and as you pointed out, I've been hearing a lot about that
lately. It's more than just about security, and that's a fantastic revelation to wake up to every
morning.
Gardner: Keith, before we go and learn more about how you examine all of the things that you
need to do in this program and then perhaps start thinking about what's core, what's context, and
how to best source those, I’d like to hear a little bit about the payoffs.
You've been doing this, as you pointed, out for several years. Are there some lessons that you can
point to in terms of payback? Clearly, if you are operating well and you've got good data and
privacy, that's a reward in its own. But, are there some other returns on investment (ROI), maybe
it's a softer return like an innovation benefit or being able to devote more staff to innovation.
Maybe you can line-up a few of the paybacks when this goes as it should?
Duemling: I'd probably put forward two paybacks. One is about some earlier comments I heard.
We, as an organization, did suffer a specific event in our history, where we were fighting a threat,
while it was expected that our facilities would continue operating. Because of the significant size
Page 7
8. of that threat, we had degraded services, but we were able to continue -- patients were able to
continue coming in, being treated, things of that nature.
That happened earlier in our program, but it didn’t happen to the point where we didn’t have a
program in place. So, as an organization, we were able to wage that war, for lack of a better term,
while the business continued to function.
Although those were some challenging times for us, and luckily there was no patient data
directly or indirectly involved with that, it was a good payoff that we were able to continue to
fight the battle while the operations of the organization continued. We didn't have to shut down
the facilities and inconvenience the patients or potentially jeopardize patient safety and/or care.
A second payoff is, if we fast forward to where we are now, lessons learned, technologies put in
place, and things of that nature. We have a greater ability to answer those questions, when people
put them to us, whether it's a middle manager, senior manager, or the board. What are some of
the threats we're seeing? How are we defending ourselves? What is the volume of the challenge?
We're able to answer those questions with actual answers as opposed to, "I don't know," or "I'll
get back to you."
So we can demonstrate more of an ROI through an improvement in situational awareness and
security intelligence that we didn't have three, four, or five years earlier in the program’s life.
And tools like ArcSight and some of the other technologies that we have, that aggregate that for
us, get rid of the noise, and just let us hone in on the crown jewels of the information are really
helpful for us to answer those questions.
System of record
Gardner: How about looking at this through the lens of a system of record perspective, an
architectural term perhaps, has that single view, that single pane of glass, allowed you to gain the
sense that you have a system of record or systems of record. Has that been your goal, or has that
been perhaps even an unintended consequence?
Duemling: It's actually kind of both. One, it retains information that sometimes you wish you
didn't retain, but that's the fact of what the device and the technology are in the solution and it’s
meeting its objective.
But it is nice to have that historical system of record, to use your term, where you can see the
historical events as they unfold and explain to someone, via one dashboard or one image, as a
situation evolves.
Then, you can use that for forensic analysis, documentation, presentation, or legal to show the
change in the threat landscape related to a specific incident, or from a higher level, a specific
technology that's providing its statistical information into ArcSight, but you can then do trending
and analysis on.
Page 8
9. It is also good to get towards a single unified dashboard where you can see all of the security
events that are occurring in the environment or outside the environment that you are pulling in,
like edit from a disaster recovery (DR) site. You have that single dashboard where if you think
there's a problem, you can go to that, start drilling down, and answer that question in a relatively
short period of time.
Muller: I'll go back to Keith’s opening comments as well. Let's not undervalue the value of
confidence -- not having to second guess not just the integrity of your systems and your
applications, but to second guess the value of information. It's one thing when we're talking
about the integrity of the bank balance of a customer. Let's be clear that that's important, but it
can also be corrected just as easily as it can be modified.
When you're talking about confidence in patient data, medical imaging, drug dispensations, and
so forth, that’s the sort of information you can't afford to lack confidence in, because you need to
make split-second decisions that will obviously have an impact on somebody’s life.
Duemling: I would add to that. Like you were saying, you can undo an incorrect or a fraudulent
bank transfer, but you cannot undo something such as the integrity of your blood bank. If your
blood bank has values that randomly change or if you put the wrong type of blood into a patient,
you cannot undo those without there being a definitely negative patient outcome.
Los: Keith, along those lines, do you have separate critical systems that you have different levels
of classifications for that are defended and held to a different standard of resilience, or do you
have a network wide classification? I am just curious how you figure out what gets the most
attention or what gets the highest concentration of security?
Duemling: The old model of security in healthcare environments was to have a very flat type of
architecture, from both networking, support, and a security standpoint. As healthcare continues to
modernize for multiple reasons, there's a need to build islands or castles. That’s the term we use
internally, "castles," to describe it. You put additional controls, monitoring, and integrity checks
in place around specific areas, where the data is the most valuable and the integrity is the most
critical, because there are systems in a healthcare environment that are more critical than others.
Obviously, as we talked about earlier, the ones that are used for clinical decision making are
technically more critical than the ones that are used for financial compensation as it results from
treating patients. So although it's important to get paid, it's more important that patient safety is
maintained at all times.
Limited tools
We can't necessarily defend all of our vast resources with the limited set of tools that we have.
So we've tried to pick the ones that are the most critical to us and that's where we've tried to put
all the hardening steps in place from the beginning, and we will continue to expand from there.
Page 9
10. Gardner: Keith, let's take this now to that question about managing your resources. Obviously,
because you are in that Goldilocks position, as Raf pointed out -- not too big, not too little -- you
have to be choosy. You don't have unlimited resources, but you have a very serious and
significant responsibility.
Have you been starting to look at what is core and what is context, what should be either
outsourced or provided through some managed services of some sort and what you would really
like to retain control over? How does that thought process about that problem pan out?
Duemling: Absolutely, we look at every security project with the mindset of how we can do this
the most effectively and with the least amount of resources that are diverted from the clinical
environment to the information security program.
That being said, security as a service, cloud-based technology, outsourcing, whatever term you
would like use, is definitely something that we consider on a regular basis, when it comes to
different types of controls or processes that we have to be responsible for. Or professional
services in the events of things like forensics, where you don’t do it on a regular basis, so you
may not consider yourself an expert.
We tend to do an evaluation of the likelihood of the threat materializing or dependence on the
technology, what offerings are out there, both as a service and premise-based, what it would take
from an internal resource standpoint to adequately support and use a technology. Then, we try
and articulate that into a high-level summary of the different options, with cost, pros and cons
related to each.
Then, typically our senior management will discuss all of those, and we'll try and come to the
decision that we think makes best for our organizations, not just for that point, but for the next
three to five years. So some initiatives have gone premise-based and some have gone security-as-
a-service based. We are kind of a mix.
Gardner: Paul Muller, as a cloud follower, a close follower, you've seen hybrid services delivery
arise in many different forms. I guess we're talking here about hybrid security delivery. How do
they come together in your mind?
Muller: Exactly the same way. It is about what Keith described as understanding particularly
where, for example, there is a high degree of specialization or skill required that is in short
supply, particularly in your geography.
It's particularly true of security professionals that the bigger targets -- the banking institutions,
defense, to a certain extent telecoms -- are able to offer a price premium to some of these people
and it can make it hard to find the best quality stuff, particularly in mid-sized organizations.
Therefore, it sometimes makes more sense to procure those staff and the services alongside them
from outside of the organization.
Page 10
11. Core intellectual property
Having said that, there are times when there is core intellectual property (IP) of your
organization, core capabilities, particularly around industry vertical processes, where that level of
expertise is not widely understood.
It's too generic to be of value. Healthcare is a great example, where the compliance requirement,
plus the particular or specific patient management systems, would be too specific for a general-
purpose service provider to add much value. It's a question of blending that right to the
capabilities.
I want to add that it's interesting that the security world tends to have a somewhat schizophrenic
view of software as a service (SaaS). They will typically be okay with the idea of putting all of
your sales pipeline and your customer data into a customer relationship management (CRM)
system in the cloud, but will often have a negative reaction if you say let's use security SaaS.
So often you will find that it's actually more palatable for the organization culturally, when
looked at maybe as a managed service, rather than treating it as a SaaS, knowing, in other words,
that there's people behind it as well as software. I don't know. Raf, what are your thoughts?
Los: Well, Paul, eloquently put. There's still that stigma of cloud somehow magically meaning
less secure, and I work with that trepidation almost daily, like you do.
The one aspect we need to make sure that we emphasize and understand is that there are people
behind all of this. This isn’t just some automated scan, script, or thing. There are people behind a
lot of this, and the broad sense of why security really matters is the human element of it.
So these hybrid types of services make sense, because there are a lot of things and -- going back
to that comment about the size of the organization -- you can't do it all yourselves. If you can,
you can't do it well, whether you're a massive company or a small one.
Knowing that fact, acknowledging that, and being able to consume security services intelligently
can be the difference between getting lost in "dashboard hell" and having the right information at
the right time to make the right decision, based on partnerships with the correct organizations.
I think you summed it up well, but I just felt like I would add a little bit of color to that, because
that's a little bit of what I have been seeing.
Gardner: It's interesting that a common thread for successful organizations is knowing yourself
well. It's also an indicator of maturity, of course. I know that Paul is talking about this, and Raf
as well, that those organizations that know themselves well can better plot their future
architecturally and across comprehensive services. But it also sounds as if this is really
important, when it comes to deciding what services to retain total control over or retain the
resources that deploy them and another set of choices.
Page 11
12. Back to you, Keith. It sounds like you have a good level of maturity. You have had a good
opportunity to know yourself and then to track your progress. Is that helping you make these
decisions about what's core or context in the design of your risk-mitigation activities?
What you do well
Duemling: Yes, it is. You have to know what you do well and also you have to know the areas
where you, as an organization, are not going to be able to invest the time or the resources to get
to a specific comfort level that you would feel would be adequate for what you are trying to
achieve. Those are some of the things where we look to use security as a service.
We don't want to necessarily become experts on spam filtering, so we know that there are
companies that specialize in that. We will leverage their investment, their technology, and their
IP to help defend us from email-borne threats and things of that nature.
We're not going to try and get into the business of having a program or to create an event-
correlation engine. That's why we're going to go out and look for the best-of-breed technologies
out there to do it for us.
We'll pick those different technologies, whether it's as a service or premise-based and we'll
implement those. That will allow us to invest in the people that know our environment the best
and intimately and who can make decisions based on what those tools and those managed
services tell them.
They can be the boots on the ground, for lack of a better term, making the decisions that are
effective at the time, with all the situational awareness that they need to resolve the problem right
then and there.
Gardner: Keith, you've got a little bit of 20/20 hindsight, having done this. For those of our
listeners who are perhaps at that level, where they are juggling quite a few security products or
technologies and they would like to move into this notion of a program and would like to have a
unified view, any thoughts about getting started, any lessons learned that you could share?
Duemling: I would say just a couple of bullet points. Security is more than just technology. It
really is the people, the process, and the technology. You have to understand the business that
you are trying to protect. You have to understand that security is there to support the business,
not to be the business.
Probably most importantly, when you want to evolve your security and set up projects into an
actual security program, you have to be able to talk the language of the business to the people
Page 12
13. who run the business, so that they understand that it’s a partnership and you are there to support
them, not to be a drain on their valuable resources.
Gardner: Raf, any thoughts to amplify or extend that?
Los: I think he has put it brilliantly just now. IT security is a resource and also a potential drain
on resources. So the less we can take away from anything else the organization is doing, while
enabling them to basically be better, deliver better, deliver smarter, and save more lives and make
people healthier, that is ultimately the goal.
If there's nothing else that anybody takes away from a conversation like this, IT security is just
another enabler in the business and we should really continue to treat it that way and work
towards that goal.
Lessons learned
Gardner: All right, last word to you today, Paul Muller. What sort of lessons learned or
perhaps perceptions from the example of Lake Health would you amplify or extend?
Muller: I will just go back to some of my earlier comments, which is, let’s remember that our
adversary is increasingly focused on the market opportunity of exploiting the data that we have
inside our organizations -- data in all of its forms. Where there is profit, as I said, there will be a
drive for automation and best practices. They are also competing to hire the best security people
in the world.
But as a result of that, and mixed in with the fact that we have this ever-increasing attack surface,
the vulnerabilities are increasing dramatically. The statistic I saw from just October is that the
cost of cyber crime has risen by 40 percent and the attack frequency has doubled in the last 12
months. This is very real proof that this market forces are at work.
The challenge that we have is educating our executives that compliance is important, but it is the
low bar. It is table stakes, when we think about information and security. And particularly in the
case of mid-sized enterprises, as Raf pointed out, they have all of the attractiveness as a target of
a large enterprise, but not necessarily the resources to be able to effectively detect and defend
against those sorts of attacks.
You need to find the right mix of services, whether we call it hybrid, whether we call it cloud or
managed services, combined with your own on-premises services to make sure that you're able to
defend yourself responsibly.
Gardner: Very good. I am afraid we'll have to leave it there. I want to thank our co-hosts today.
We have been joined by Paul Muller, the Chief Software Evangelist at HP. Thank you, Paul.
Muller: Great having been here again, Dana. Good to talk to you.
Page 13
14. Gardner: And also Raf Los. He is the Chief Security Evangelist at HP. Thank you so much, Raf.
Los: Thanks for having me, Dana. And Keith, it has been a pleasure having the conversation.
Gardner: And I'd like to thank our supporter for this series, HP Software, and remind our
audience to carry on the dialogue with Paul Muller through the Discover Performance Group on
LinkedIn, and also to follow Raf on his popular blog, Following the White Rabbit.
You can also gain more insights and information on the best of IT performance management at
http://www.hp.com/go/discoverperformance.
And you can always access this and other episodes in our HP Discover Performance Podcast
Series at hp.com and on iTunes under BriefingsDirect.
And of course I want to thank our very special guest today, with a very impressive story, Keith
Duemling; he is the Information Security Officer there at Lake Health. Thank you so much,
Keith.
Duemling: Thank you for the opportunity to share the information.
Gardner: And lastly, I would like to thank our audience for joining us for this special HP
Discover Performance Podcast discussion. I am Dana Gardner, Principal Analyst at Interarbor
Solutions, your host for this ongoing series of HP sponsored business success stories.
We appreciate your listening, and do come back next time.
Listen to the podcast. Find it on iTunes. Sponsor: HP
Transcript of a BriefingsDirect podcast on how healthcare provider Lake Health ensures that its
internal systems continue to serve patient care, while protecting against outside threats.
Copyright Interarbor Solutions, LLC, 2005-2012. All rights reserved.
You may also be interested in:
• HP Discover Performance Podcast: McKesson Redirects IT to Become a Services
Provider That Delivers Fuller Business Solutions
• Investing Well in IT With Emphasis on KPIs Separates Business Leaders from Business
Laggards, Survey Results Show
• Expert Chat with HP on How Better Understanding Security Makes it an Enabler, Rather
than Inhibitor, of Cloud Adoption
• Expert Chat with HP on How IT Can Enable Cloud While Maintaining Control and
Governance
• Expert Chat on How HP Ecosystem Provides Holistic Support for VMware Virtualized
IT Environments
Page 14