Designing the Network for Agility and Security with David Logan from Aruba
Episode 42414th July 2021 • This Week Health: Conference • This Week Health
00:00:00 00:50:18

Share Episode


This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

 Thanks for joining us on this week in Health it. This is a Solution showcase. My name is Bill Russell, former Healthcare CIO for a 16 hospital system and the creator of this week in Health. IT at channel dedicated to keeping health IT staff current and engaged. Today we are joined by David Logan, the CTO for Aruba Networks.

Special thanks to our solution showcase sponsor for today, Aruba Networks, for choosing to invest in our mission to develop the next generation of health IT leaders. If you wanna be a part of our mission, you can become a show sponsor as well. The first step. It's to send an email to partner at this week in health

Just a quick note before we get to our show. We launched a new podcast today in Health it. We look at one story every weekday morning and we break it down from an health IT perspective. You can subscribe wherever you listen to podcasts at Apple, Google, Spotify, Stitcher, overcast, you name it, we're out there.

You can also go to today in health And now onto today's show. Today we are joined by David Logan, the CTO for Aruba Networks. Good afternoon, David. Welcome to the show. Good day everyone. Thanks. I appreciate the opportunity to be here. Bill this, this will probably air in in two weeks, but as we sit here today, there has been so much activity in the area of security and those kind of things, and one of the topics I of us.

End users experience that sits on top of the network. It's not as easy as it sounds. I don't think it, it's not, it's a topic that we've talked about often in our almost 20 year existence, and it's, it's a topic of almost every conversation we have at ACIO level, CISO level on down into the, uh, IT infrastructure teams.

I was reviewing the Sky Lakes, uh, medical Center hack. They've put out some, some things, which I really applaud them for sharing, but one of the first recommendations to them from the outside firm that came in was implement a two factor authentication. And I remember back in the day when I tried to implement two factor authentication in healthcare and it was not well received.

Sure. Come on, man. It's simple. You got a phone, you just have everybody get an SMS message when they need to log in every time. Not a problem. . I, I felt like, I don't know, I, I felt like I was trying to get my kids to eat, eat broccoli again. It was really, it was really a challenging. Now we did it. We did it because, uh, really we had to, our internal auditor really set the groundwork for us to, to get that implemented.

tunate to be with Aruba since:

Role. I focus specifically on healthcare and higher education. 'cause I have a, I have a long background in, in both of those industries, so to speak. Wow. It's interesting. We could talk about higher ed too because, uh, I was ACIO in, in higher ed, but we won't do that today. That, by the way, a lot easier role that being ACIO in, in healthcare was, was my personal take.




Around, around the network. Yeah. 15 months ago, we were all in reactive mode to respond to the pandemic in, in whatever way that meant for our respective organizations. And CIO conversations at that time were pretty tough visibility into dramatically declining revenues, dramatically expanding healthcare requirements, especially in, in urgent healthcare, whether it was triage or or treatment.

Today. Fortunately is with Aruba as part of the greater HPE. Organization. We have phenomenally great conversations with CIOs because there is another wave of digital transformation taking place where the architectures that we put into place in the nineties and two thousands, which may have worked at the time, either don't scale or they're not secured, or they don't perform the way that we want them to, and, and so.

The CIOs that are undertaking new digital transformation initiatives are really coming to us to seek our assistance. Yeah, and the, the architecture that you lay down, I, I was talking to somebody about data architectures and they were talking about epochs and it was a professor, so he was just talking about a lot of epoch that he was looking at or a 20, 30 year epoch and.

You and I were just talking ass 400 prior to getting on the show. We were talking as 400 nos two, and that's where we were way back in the day. And, and those servers, in some cases they were in departments and whatnot. Then we moved to the data center. Now we're, uh, moving to the cloud and the, the architecture to support whatever the next.

Round of applications or next layer of technology is really important to lay down correctly. I mean, when you do it with first level thinking, when you really do it by design, it changes what you're going to be able to do a year from now, three years from now, five years from now, I would assume. Yeah, certainly.

And in fact, a lot of the conversations that I have. Uh, center around what, what are the experiences that you expect to deliver in, in your organization to your constituents on healthcare patients, providers, clinicians, service personnel, vendors, uh. Guests, whoever is coming into the facility, whoever's having to digitally interact with the organization or benefit from, from digital services.

There's a whole set of experiences that all those different constituents need. And you mentioned security and usability earlier. It, it has certainly been a general tenant that you couldn't have really . Effective security and have ease of use at the same time, or deliver on the experiences that are perhaps desired.

And I think, I think BYOD as a phenomenon starting 10, 11, 12 years ago is a really good example of that. I. Enterprise it's reaction to BYOD at the time was personal mobile devices. We don't control 'em. We don't know what's on them. We don't trust them. We're gonna put them on the guest network. But then different parts of the organization at a departmental level started to sponsor applications, started to sponsor use cases and experiences.

That required the use of personal devices, BYD devices. So how do you, from an IT perspective, how do you write a security policy for a personal device using an enterprise app? You couldn't do that 10 years ago. It just wasn't possible to mingle those two things together. And so from a reverses perspective, that's one of the problems that we set out to solve.

Well, that's an interesting one in healthcare today. Devices that we.

So many new applications that are coming online that require mobility devices that are moving through. And even some devices that we, as you sort of described, we don't even know what they are. We can't put in the Mac address and say, allow this Mac address 'cause we, we don't know what exists. How do you start to architect for a network where you don't necessarily know all those devices?

So really begins with. Understanding what, how a human would think about a security policy. For example, it's very clear that a radiologist or a radiology tech or somebody involved in, in imaging systems inside a healthcare organization are gonna need access to the, to the radiology system. Okay. That, that's, that's human definable.

We can understand that. We can also understand the physical systems that are involved in. The delivery of these, of these imaging solutions, whether it's the machines themselves like an MRI or a PET scanner, the tech workstation, the radiology reading station, that's perhaps in the radiology suite, or maybe that's in computer on wheels in the ed, all of these are involved in the, the practice, if you will, of of imaging and delivering images to providers.

That's all human understandable, and so that's really where it starts. You have to start with a human understandable concept. Map that into applications, map that into devices and users and, and, and, and then you find that there is a source of truth in the enterprise for users. It could be active directory, it could be something else.

There is a source of truth for at least in some enterprises for application access like Workday. Workday might define Dave. Logan gets access to these applications. It's really important then for the network to be able to take advantage of those sources of truth and say these professionals are involved in radiology, therefore they should have access to the radiology system, perhaps to the exclusion of any other user or perhaps to the exclusion of any other device.

And then you start to get some really interesting security concepts of, of allow lists for the devices and users that matter for radiology and. Block lists for the devices and users that don't. Those are, those are pretty simple concepts that now machines can understand, and you can have the network enforce that kind of policy.

We'll get back to our show in just one moment Every day, you're using your skills to help end substance use disorders within your community. The Health Resources and Services administration is here to help you with the new star LRP program, which is . Substance use disorder, treatment and recovery loan repayment program.

Pay off your school loan with up to $250,000 from the star LRP in exchange for six years of full-time service at an approved facility. Behavioral health clinicians, paraprofessionals, clinical sports staff, and many others trained in substance use disorder treatment are encouraged to apply. Applications are open until Thursday, July 22nd.

2021 at 7:30 PM Eastern Time, which is right around the corner. To learn more and apply, to join the star LRP, you can use the link in our show notes or visit b To learn more. That's BHW as in behavioral health Now back to our show. Let's walk through the pandemic. So we enter the pandemic.

What kind of things were you doing for your clients or talking to your clients about? So the immediate need that what was almost universally discussed was. Preparation activity for testing, triage, and patient treatment. And nobody really knew the scale that at, at a, at an individual organizational level or, or at a geographic level of what of the situation was going to be faced.

And so contingency planning modes went into effect and people said, you know what? We need to set up networks in gyms. We had organizations that set up. Triage and treatment environments on cruise ships. Our response as a networking vendor was to say, we have a, uh, a set of software defined network architecture tools available to you.

You can take and extend your network using our technology wherever it needs to go, and we're gonna help you do that. And so we. We marshaled our own resources in terms of our supply chain, providing, providing gear, providing expertise, consulting systems, engineers to help, help do implementations and, and also just serve as a sounding board for CIOs and, and their staff to, to prepare for the unexpected and then help 'em work through what actually happened.

Software defined network is a. Little while, I mean it.

What the alternative to a software defined network is? Sure. So you and I both having gray hair, we're, we're used to network concepts like VLANs and ethernet ports and segmentation, and those are static concepts. Those are, those are concepts where, for example, if you have a printer attached to an ethernet port.

In a wiring closet, if a user decides to move that printer, that's very easy for them to do. They move it and then all of a sudden the printer's not on the network anymore. 'cause the, the configuration associated with that port lent itself to providing connectivity to the printer. And so you move the printer and the printer port, and all of a sudden it's not connected anymore.

These really static concepts, a software defined network says. We need to be able to adapt to the changing conditions at the Edge. Mobile devices, fixed devices, known users, unknown users, shouldn't really matter, and we need to at connect time, allow those devices in those users to use some methods for identifying themselves.

Using security protocols and then connect them to the virtual network that they, that they should be attached to. And so, for example, if a, a healthcare organization has an in-building wifi network and they also use our. Access points to provide remote access for. For telehealth, the user experience looks exactly the same.

A doc will log in, a provider will log in from their laptop or from a mobile device, and their authentication credentials would be the same. Their I. Access to applications would be the same. And that's because the software-defined network concept says, you know what? This user has changed locations. But that's okay because policy says we can extend the network concept all the way to that remote location, to this remote access point, and we can use the internet as a back home mechanism to do that.

That's fine. Let's nail up a tunnel. Let's tunnel their traffic back to some control point in, in the middle of the healthcare network and let them get, let them get access. And so ultimately, a software-defined network architecture says, let's abstract away the the static concepts that we used to use.

Still use them. 'cause, you know, we need interoperability, but let's make them software programmable. Let's make them automatic. Let's make the user experience really easy. Let's make mobility a, a primary. A primary outcome, so, so that gives you a lot of flexibility. I remember back in the day, switches ports as you define them, we had simplified our network and then our security professionals came in and said, you know what, you simplified it too much.

And if somebody gets in here with a ransomware attack, they. Across the network a little too freely. And they wanted us to resegment the, the network and, and significantly do that. And we had one of those fixed architectures that you're talking about. And so we had to go in and put all the policies and things back into all the, the routers and the switches.

And it not that you can't manage those centrally because you can, but it's complex. There's a, to think about.

And, uh, and it doesn't really, it doesn't really grow with you. So you go into a pandemic and they say, Hey, do this, do this, do this. Now all of a sudden you bring in your network person and you say, all right, we need to extend this network over here and whatnot. And they're doing all sorts of policy changes to the, to the routers and switches.

Uh, a software defined architecture just sort of adapts as you move into that. Did you find that to be a significant benefit for your clients into pandemic? It really has been. You know, if you, if you look over the shoulder of a network administrator that is managing a network that, that, you know, professionals like you and I helped build 10 years ago, 20 years ago, and you ask them to create the ability for this remote location like a gymnasium to be, uh, connected up into the, into the healthcare primary network architecture so that, so that EMR access could be provided, or telemetry access could be provided.

They would. Pound away on various CLI systems from from their networking vendors to create new configuration concepts, new IP address schemes, new access control lists to provide security. And they would configure boxes and hand them to people and say, okay, when you get out there, you gotta do all these 18 steps.

What? What that really creates an opportunity for really creates a condition for is error. 'cause it's really easy to mess up this 500 lines of, of new CLI code, if you will. That was just created, it requires an expert to. Go out and actually deploy this network in this, in this facility. It's never, not, probably not even owned or physically controlled by an entity.

And so the challenges were very significant. In Aruba's architecture, some of the same concepts still exist, like an access control list. As an access control list, but, but it's possible to abstract that away and use again, human concepts like usernames and. Application names and device types like Apple iPhone and use those in policy definition so that a machine system, a piece of software, can actually build the access control list.

And when you have a machine system automate the process of building a configuration and pushing out a configuration, you get two things. You get humans removed from the tedium of creating these configurations, and you get the ability to. Deliver that configuration wherever it needs to go. And if it needs to go remote, it goes remote.

If it needs to stay local, it stays local and, and so you can automate the process of standing up a brand new network as long as it's got basic IP connectivity because the system can say, Hey, I just went live. Can you gimme my config? Yes. Here it is. Let me validate that. Yep, it's valid. Okay, go. That doesn't require humans, other than to plug them in and turn on.

I mention. And those, those command line interfaces that we use to build those things out. I mean, it's, it's amazing to me to think about having the, the network be smart enough to auto configure devices to pull across. I mean, we were able to do that before to auto configure devices and pull across access control lists and those kinds of things, but not to the level we are today.

I mean, when you talk about the pandemic, there was a lot of people going remote. There was a lot of. Locations describe what it's like to extend the network in, in the new era. So with, with software defined networks and, and specifically with Aruba's architecture, literally. When, when we revamped our supply chain, so to speak, and, and, and pivoted some of our manufacturing process to opt for, for physical products that are meant to be remote deployed or deployed in a, in a home for example.

That was the really the only major change that we needed to go through in order to then enable our customer base to be able to, um. To the pandemic and build remote networks of any kind of, any size in any location. And so literally what then happened, we had organizations. Come to us and say, Hey, we need to stand up all these remote sites.

's for our employees. We need:

They would give them out to their end users and say, go home, plug this into your internet connection at home. Or if you don't have one, here's this. Some U-S-B-L-T-E dongle. Plug it in from Verizon, plug it in from at t and, and then within five minutes or so, that device is going to connect up to Aruba's Cloud infrastructure, validate its basic customer configuration, and then it will connect up to our network.

And then you're gonna get a secured. Tunneled experience from your home back into our network. And so we, we talk about that as extending the enterprise network out to, out to the end user, just as if they were in their office. And, and so they can attach VoIP phones, they can attach printers, they can attach specialized devices like a Phillips telemetry monitoring system, whatever it is they can attach.

And literally the experience is plug it in, turn it on, give it five minutes, and you've got the hospital SSID running in your home. Wow. And the the other thing I liked about software defined networks was just the agility. I mean, literally you can come up with new capabilities, you can enable new capabilities, roll those things out pretty, pretty rapidly.

And I, I'd imagine the pandemic gave you some opportunities to do that as well, but it allowed us to solidify. Architectures that that will ultimately be even more strategic in the long term. Even more important in the long term, he, healthcare organizations have gone through cycles of, of merger and acquisition activity for, for decades, and we'll continue to see cycles of this and, and one of the common.

Sticking points slash challenges is the ability to integrate two different disparate IT networks together, you know? Organization A and organization B, they've been running for some period of time independently, and now there's an expectation from the CFO that they will be blended together and, and common services will be available from both locations and there'll be a common architectural approach.

Well, again, back to back to the discussions of legacy architectures versus software defined architectures. Legacy architectures don't really allow for a lot of flexibility in how those systems would be merged together. It really comes down to resetting how one organization's systems are configured from the bottoms up and reconfigure them to some master architecture that both organizations can agree on within a software defined architecture.

At least with the Aruba architecture, it's easy for. Some amount of the existing network to remain in place. Perhaps a lot of the existing network to remain in place, but new capabilities can be extended to that, that that acquired organization so that security can now be common and then you can move into having operating models of, you know, network performance management and application performance management be common as well, just, uh, because of software defined environments.

So you're doing that on Aruba and a, uh, third party network as well? Yes. Yeah. Frequently. In fact, 95% of the time, 99% of the time when, when an organization begins their journey to migrate some, or a lot of their network architecture to Aruba, they're starting with a third party already in place. And, and we knew who all the vendors are.

They're not going to replace everything. Day zero, number one, you can't do it operationally. And number two, the CFO won't allow it. I mean, there's a, there's assets that are in place that need to be taken advantage of and, and, and taken off the books over, over a period of time. And so it's very easy for us to go to a customer and say.

Yeah, actually that's not a problem. What you, what you want to do is take a strategic look at your environment, decide the area of reinvestment that's necessary, whether that's the data center network or the wireless edge, or the remote access network and the wan, whatever it is, and you start there. And you work over a period of time, but to augment your environment and Aruba architecture, but you leave everything in place.

And because of our attention to detail on interoperability 'cause of our, from founding intent and strategy to operate on top of third party environments seamlessly, our customers enjoy the ability to just come in and install our stuff and have it work really, really well on top of what already exists.

The other thing, when you abstract the hardware and the software layers. From each other. Do you get a longer, uh, device lifecycle if you'll a longer time until you get to end of life on those devices? Yeah, absolutely. It's a little counterintuitive. I mean, we, we, as IT professionals and generally speaking, IT professionals look at software as software and hardware as hardware.

Sometimes that's true. I mean, if you look at a competing platform, for example, it has a little bit of software and a little bit of firmware, but, but by and large. It's going to be configured and managed with a software tool, a set of software tools that would be augmented by whatever that compute platform is, but.

When you look at an ethernet switch or an access point or an SSD WAN gateway, these are systems that are not actually truly hardware. Sure, they're hardware based, but ultimately it's the software that runs on top of the hardware. That is what's important to the customer because it delivers a. The features that are necessary for the capabilities to be extended throughout the environment and, and it, and it contains the security and operations management features that are, that are required.

When we talk about hardware, what we're really talking about is a, as an entire hardware software system now, Aruba's strategy, going back, uh, a very long time and, and still, still present today, we continue to design and build our own hardware on purpose. Much like how Apple. Designs and builds their own phone platform.

It's because they want the user experience to be great, and it's because they want the software that they build to run exactly the way they want it to. On that piece of hardware, we do the same thing. We want our software to run exactly as intended on the hardware that we build. And so we're, we're doing all of our own designs still to this day because of that.

And to your point, we're fortunate that, and in our customer base is fortunate because they've been able to take advantage of. Our strategy in that regard. And they have products that they have installed from us that have lasted seven years, 10 years, 12 years, even 15 years. I mean, I, I've talked to customers that are still running access points that are 14, 15 years old from us.

Yeah. The lifecycle. So we had a, a framework where we determined how long each.

On wireless access and four life, just a foregone conclusion.

New devices every four years. Is that not the case anymore? The lifecycles have extended for sure. I, uh, uh, that was certainly true 15 years ago, even 10 years ago. But when, when you look at the rate of innovation. If you will, as a, as a mathematical curve, the rate of innovation 15 years ago was incredibly steep.

There was a ton of innovation taking place on the client endpoints for wifi connectivity. And the same thing for the access points. We went through the 11 ABG shift to 11 n. We went from the 11 n shift, 11 ac. We're in the midst of the shift to 11 AX and now we've added a whole new spectrum in, in the six gigahertz spectrum to 11 a.

So we definitely are seeing some pretty steep innovation curves, but.

It, it's, it's an interesting, it's an interesting three-dimensional problem or multi-dimensional problem. University environments are actually a really, a really good example of this. When, when a university allocates their IT budget for network refreshes in a given year, they have to make a choice between how much of their existing wifi infrastructure are they going to replace.

Enhance its performance. And while they do that, are they going to increase the density of access points in a certain area so they can not only increase coverage but increase capacity at the same time? Or, and, and or how do they juxtapose against. Increasing coverage across areas of of their campus that might not be covered well, like outdoor spaces or event venues or parking lots, parking garages.

And so the consideration of, okay, are we gonna extend our network? Are we gonna make it more connectivity friendly for low power devices for IoT? Are we going to. Dramatically increase performance because we're gonna have all these high performance workstations attached. These are really the, the, the choices that these types of organizations wrestle with.

And so the, the ability to choose a type of device, choose a type of access point is pretty easy today. You can standardize, but then you still have to wrestle with how much of my budget is gonna go towards which of these strategic choices. One of the things you mentioned to me earlier. Agreements or the work that you've done with the, the various carriers and, and, and I found that interesting, especially in a hospital setting.

We have so many people coming in, sitting in, waiting rooms, waiting for loved ones and those kind of things. Or even physicians that are bouncing around from location to location, they, they come in and they use their, their mobile phone. And you guys have a, a pretty unique and interesting way of authenticating those devices.

Can, can you give us a, a little, uh, a little background on that? And, and I'll apologize ahead of time. I, I, I might nerd out really, really heavy on this 'cause I've, I, I think it's, I think it's really fascinating at an organizational level and at a IT services and on a technology level, the, the basic premise is pretty simple.

It, it should be really easy for a patient or their family or a guest or a vendor to come into a healthcare facility and get easily connected up to the guest network, which we all are operating these days. eea easily and seamlessly. 99% of organizations today are using captive portals, or maybe they have an open guest network 'cause they're just tired.

Tired to dealing with it. Or, or maybe they have a, a mechanism where a guest will need to register and they'll get an email with some temporary credentials. They're gonna have some sort of guest management system. Putting aside some of the useful aspects of that, like security and, and safety and the like.

It's not a great user experience 'cause you've gotta go through a multi-step process to get temporary access to a resource. If, if the cellular coverage in a building is good enough, the, the users aren't gonna do it, they're just gonna use their cell provider because data, data plans are pretty cheap these days.

A lot of organizations don't have good cell coverage throughout their entire facility, and so getting easy access to a wifi network is a really nice benefit for these types of individuals. And so we've implemented a solution in, in partnership with. The cellular wireless industry, and it's based on an industry standard called PassPoint.

And basically what it says is if you have a PassPoint enabled phone, like an iPhone 10 or 11 or 12 or a, a similar. Android device, your device can authenticate using the PassPoint protocols. Okay, great. So now what you need is a wifi network that support supports being able to listen to the PassPoint protocol and authenticate to the carrier networks.

And so what Aruba did using Aruba Central, which is our cloud management platform and and our cloud services platform. We formed technical relationships with all of the carriers so that an end organization, a healthcare organization, can subscribe to this authentication service from Aruba that allows users to come in with their personal devices and.

And as long as they have a valid, a subscriber or relationship with Verizon or at and t or T-Mobile or whoever, they're gonna automatically and seamlessly authenticate to that carrier using their carrier's credentials to the local wifi network. And so what's interesting about this is, and, and this is the geeky organizational IT services part.

This means that we're actually Federating networks together. We are using the the Healthcare's wifi network. What we, we in the industry would call a radio network or a radio access network, but we're authenticating using a third party. We're authenticating using the carrier. The carrier trusts Dave Logan, the carrier Trust Bill Russell.

They trust our devices and they say, you know what? That is Dave Logan's device and he's trying to authenticate to UNC healthcare. Let's let him do it. And, and the process is instantaneous. And so this ability to federate user knowledge and subscriber knowledge and security policy knowledge from one party, but then allow access into another party's environment and that this federation process this, this is really what's gonna drive innovation over the next 10 years.

Think about IoT systems. Think about other vendors coming in and wanting to deploy their own tech inside a hospital. Federation is going to be, and orchestration are gonna be the two key words that make this all happen. Federation and orchestration. So federation, sharing those, those credentials and, and giving that the, the ability to work across networks.

Orchestration in what way? Orchestration. Well, it's, it's really necessary to ate and, and in this case, using Aruba Central as a services platform necessary to ate. Two different organizations systems at the same time. I walk into UNC healthcare, my device sees a PassPoint, SSID being advertised. My device requests PassPoint access.

It says it's a Verizon device. It. The system that's locally running in the, in the healthcare facility signals to Aruba Central. Hey, this device is trying to authenticate. Here's his credentials. Is it authentic? Oh, Aruba Central will go and communicate with Verizon. Is this device authentic? Yes, it is. So this is the orchestration in this case of authentication and access control, which traditionally has been an inside a single enterprise function only.

But now we're doing security orchestration amongst. Amongst organizations themselves. And so we come full circle back to the user experience. And it's interesting you, when you sit down with the the chief Information Security officer, they're gonna wanna know that the security is robust, that it's defined really well, that you have the capabilities to do at rest and.

The various frameworks are out there and whatnot, but to give them the ability also to the user experience to listen business requirements are, and build out those, those mechanisms have the ability for IoT devices. Rolled out as you were expanding your hospital at home kind of infrastructure, but to have them be rolled out by non-certified network professionals.

Just essentially have the network be smart enough to identify those devices to to authenticate those.

Opportunity or leg up for, for a lot of these changing business models in healthcare completely. When you can enable an environment where the CIO can say yes, can say no problem, I'm sure we can support that. We just need to answer these three questions when they can go to a vendor and say. We've, we've, uh, recently changed architectures and you no longer have to go through a strenuous in lab technology evaluation process.

You just need to give us a couple of days to profile a couple of things about your product and your devices when you can streamline the process for everybody, whether it's an end user or a vendor providing healthcare, tech, or. The CFO that wants to streamline operations or the CEO that wants to do acquisitions, when you can be in the position of being able to say yes most of the time and, and not be in the experience prevention business, it's ultimately it comes back down to.

Satisfaction all the way around and being personally satisfied, but, you know, so let's, let's talk about this, um, from a ransomware perspective. So ransomware has taken down three, four, maybe five hospitals at this point. Uh, the largest, lots of, lots of small regional facilities, lot, lots of small regional, and then you had Scripps, which is probably the largest.

And the CEO just did a, an article in the, uh, San Diego, uh, uh, union Tribune or San Diego Union newspaper about their lessons learned around that. And so that's probably the largest health system that was taken offline. I'm sure you're having these conversations. So how are we thinking about the network different?

How does your system enable us to, to be ready for those kinds of things? So. Let me reflect on a couple different angles. One's a risk management angle and one is a security architecture angle. From a risk management perspective, uh, obviously every organization has an operating culture that will be both digital and non-digital, and an organization's ability to fall back to a non-digital process.

May mitigate the concerns that they would have about their, their security architecture. And so it really does come down to first asking and answering the question of how critical are specific digital processes and digitally enabled functions to our day-to-Day practice? And be methodical about it, be analytical about it, and, and I'll point out one use case, which I scratch my head to, to.

Um, to be able to identify anything but a digital process. Think about home healthcare and hospital in the home and those kinds of initiatives. Unless there's a, a provider or, or a healthcare professional in the home or nearby in the community, home healthcare is all going to be about being digitally enabled telemetry.

Active control systems to ensure that, that all the, the activities taking place are, are within protocol. And so there are going to be plenty of environments where it's simply not possible from a risk management perspective to ignore a. The possibilities of the network being used to attack the infrastructure and deny service.

And so from a security architecture perspective, you can take as simple or as a complex view as as, as either warranted or as necessary as, as one one's human psyche would like. Our, our simplistic point of view is by applying segmentation as a strategy for the network and by applying finer grain, finer grained policies and getting more and more and more segmented, microsegmentation, if you will, the network is going to have less opportunities to.

Be permissive military talks about permissive and non permissive environments. You wanna create an environment that is non permissive to ransomware, and the only way to do that is to prevent its ability from executing reconnaissance in the environment and moving laterally. The only way to do that is through segmentation And Aruba's answer to this is don't use static designs.

Back to the software-defined architecture that we talked a lot about earlier. It is possible to automate the entire segmentation process from user experience all the way down to IT administration, and these capabilities should be taken advantage of in this regard. Interesting. I mean, that is one of the questions that I get often when I'm talking to people who maybe aren't in the field and they say, so let me get this straight.

One person on this network clicked on an email and it took down the entire system. And, and to be honest with you, the, the attacks, some of the attacks we're reading about aren't that much more sophisticated than that. They got into one system, one workstation, and then went, as you say, went laterally across that network and got really to the crown jewels of the entire health system.

That's a, a scary concept from where I sit. It's, it, it is a scary concept and, and we, we used to take . A position going back a few years that, uh, using concepts like role-based access control and escalating privilege management using multifactor authentication, those kinds of capabilities were, um.

Absolutely important to investigate, absolutely. To important to consider as part of a security architecture. But we weren't particularly forceful about the position or, or, or the point of view. It, it's, it's clear that the financial motivations to attack. Inadequately protected environments regardless of the financial cost or human cost to that organization are are.

So, the financial advantages to the attackers are so, so skewed. It's just so easy, and the potential rewards are so great that we really just don't have a choice anymore. As IT professionals. We have to create a multi-layered secured architecture network application endpoints detection response, and the like.

You know, I, um, I, I, I, I, I, I wanna thank you for this conversation. I love, I love mixing and bringing the, the idea of user experience and a security and software defined architecture together. I think it's great to, to look at all of those things. I, I closed a lot of these interviews with this question, which is, is there anything we haven't talked about that, that we should covered?

This would be a podcast in itself with the movement to BYOD and the movement to SA and cloud architecture. You, you as an IT professional, as a, as a leader, would recognize that we've removed. Instrumentation that we used to have access to to do performance management in the environment. We used to be able to instrument the endpoint.

We used to be able to instrument the server in the application. We don't control those anymore as it IT architects. The network is now the only place where you can actually instrument end-to-end what's taking place. And so the network is not only responsible and important to security, it's now responsible for end user application management and performance management.

Going back to experience. That was the age . The, the thing ACIO hates to hear is, uh, yeah, this workstation's slow because you, you're sitting there going, oh my gosh, the variables you just gave me are, are, are huge. I mean, it could be the, could be the works. It could be, uh, any number of applications. Could be firmware, could be the network, could be the server on the other.

But as you said, we, we had instrumented all those things, so a lot of times we would just go in and be able to go, okay, the slowdown is somewhere between here and here. And we'd be able to identify that pretty quickly. Are you, are you saying that because we're moving to the cloud and, and we're moving to a lot of different new types of architectures, that it's harder to identify those things?

Absolutely. About the, um, think about the radiologist. That is getting access to imagery on their iPad and maybe even a hospital issued iPad or healthcare issued iPad, and they are moving through the hospital from the radiology suite down to the emergency department to help the EDSS or the case. And they're doing a read while they're physically moving around, uh, just to get a, just to get a pre-read to see what's going on.

And they have a, they have a lag, they have a performance problem where the, where the images aren't coming through very well, they're gonna file a help desk ticket if it, if it, uh, reaches a certain, uh, escalation point. There's no instrumentation on that iPad that's available to it Staff. To help them, help them understand what's going on.

If the PAC system is running in a cloud hosted environment, there's no instrumentation in the PAC system to tell them what's taking place there on the servers in the application stack itself between all the application elements. So where is the IT staff gonna look? They're gonna have to use the network as a single point of instrumentation to look in both directions simultaneously.

When we used to hear that stuff, one the. The network. Network and I, and tried to identify what was going on, especially when it was, we knew it was a, a communication problem. Yep. And the, the people that could look at the packets, identify those things, they were, they were brilliant to me. I, it's it, they were like, they detectives, they'd be looking at some packets and, and essentially tell us.

There's a conflict here or there's a slowdown here and that kind stuff. It's, it was pretty amazing stuff. Aruba. Aruba has, I think, one of the most I identifiable logos in the industry with the bright orange. Do you consider those Halloween colors? Orange and, and black. They are bold, that's for sure.

Halloween is a certainly a fun time in the office. Not so much last year, but, but generally speaking, the naming of Aruba has an interesting origin. The founders came from other prominent networking vendors, and they wanted to choose a name thematically that meant. That our customers could go to a place of happiness to go to a place of comfort and support.

And in the brainstorming that apparently took place behind the, behind the walls of a venture capital firm during the founding of the company, Aruba and the Island of Aruba, and the experiences that one would expect to, to have when you're there. What was really what evoked that theme of comfort and, and

The happy place. And so that's where the name comes from. Yeah. Well it's uh, if you've been to Aruba, I, that is exactly, I've, I went there once. I took my family there once and, uh, yeah, it, it's a place you can hang out and really, really feel comfortable. That's that. That's for sure. Really.

We're not, we're not static anymore. We're constantly moving. So my guess is that by the time, next time we talk, uh, you're gonna have stories of how users have, have utilized this, this technology and the software defined architecture and moved it out into the home. And it, it'll be interesting to see that the flexibility that, that people are able to.

When you provide people flexibility, they come up with some really interesting solutions. Yeah, you're absolutely right. Bill. We really appreciate the opportunity to be here today too. We've both been doing this a while E Every now and then I have to stop myself from saying, yeah, I'm not sure if there's really any other problems to solve in this area.

The, to your point of flexibility, people find. Incredibly compelling uses for the capabilities like the vendors like that we're privileged to provide. And so, so I look forward to finding out what, what happens too. Yeah. And uh, I, I just finished an interview, uh, earlier this week and we were talking about hospital in the home and I was just thinking through that.

And yeah, we had some, some initial pilots and those kinds of things, but it was with all that static hardware. That's not gonna be doable with what some people are saying, which is essentially replacing 20% of your hospital room beds with beds that are out and out and about in the community. And those beds are gonna shift from that home to that home.

Mm-Hmm. , uh, over time. But 20% of your beds at any given one time that you're monitoring centrally are gonna be, are gonna.

Flexibility that.

All right, David, thanks for your time. Really appreciate it. Thank you, bill. Great to see you. What a great discussion. If you know of someone that might benefit from our channel, from these kinds of discussions, please forward them a note. Perhaps your team, your staff. I know if I were ACIO today, I would have every one of my team members listening to this show.

It's it's conference level value every week. They can subscribe on our website this week,, or they can go wherever you listen to podcasts. Apple, Google. Overcast, which is what I use, uh, Spotify, Stitcher, you name it. We're out there. They can find us. Go ahead, subscribe today. Send a note to someone and have them subscribe as well.

We want to thank our channel sponsors who are investing in our mission to develop the next generation of health IT leaders. Those are VMware, Hillrom, Starbridge advisors, Aruba and McAfee. Thanks for listening. That's all for.



More from YouTube