cure for the common cloud: how healthcare can safely enable the cloud
TRANSCRIPT
![Page 1: Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022030305/5875da3d1a28ab8f438b731b/html5/thumbnails/1.jpg)
CURE FOR THE COMMON CLOUD:
HOW HEALTHCARE CAN SAFELY ENABLE THE CLOUD
Craig GuinassoGenomic HealthCISO
Krishna NarayanaswamyNetskopeChief Scientist
![Page 2: Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022030305/5875da3d1a28ab8f438b731b/html5/thumbnails/2.jpg)
2
![Page 3: Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022030305/5875da3d1a28ab8f438b731b/html5/thumbnails/3.jpg)
• Established in 2000 and is the world’s leading provider of genetic cancer diagnostic tests
• Corporate HQ – Redwood City, CA• Company’s lead product, the Oncotype Dx breast cancer test has been
shown to predict the likelihood of chemotherapy benefits as well as recurrence of invasive breast cancers
• 600,000 patient tests to date conducted by more than 1,400 physicians in 70 countries
• 800+ employees globally, $275M revenue in 2014
![Page 4: Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022030305/5875da3d1a28ab8f438b731b/html5/thumbnails/4.jpg)
4
‣ Strong technology and services partnerships
‣ Discover cloud apps and assess risk‣ Govern all apps and data‣ Safely enable sanctioned cloud apps
‣ $131.4M from top Silicon Valley VCs‣Accel, Lightspeed, Iconiq,
Social+Capital‣Customers include
‣ 250+ employees globally, including North America, throughout Europe, and Asia-Pacific
‣ Early architects/executives from Palo Alto Networks, NetScreen, Cisco, McAfee, VMware
‣ First comprehensive CASB patent, 40+ additional patent claims across four categories
![Page 5: Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022030305/5875da3d1a28ab8f438b731b/html5/thumbnails/5.jpg)
Let’s talk about the cloud…
![Page 6: Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022030305/5875da3d1a28ab8f438b731b/html5/thumbnails/6.jpg)
There are 22,000+enterprise cloud apps today (and
growing)
![Page 7: Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022030305/5875da3d1a28ab8f438b731b/html5/thumbnails/7.jpg)
7
Most IT departments underestimate
cloud app usage by 90%
![Page 8: Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022030305/5875da3d1a28ab8f438b731b/html5/thumbnails/8.jpg)
Average number of cloud apps per enterprise
94% of these are not enterprise-ready
![Page 9: Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022030305/5875da3d1a28ab8f438b731b/html5/thumbnails/9.jpg)
Cloud: Now playing on a mobile device near you
![Page 10: Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022030305/5875da3d1a28ab8f438b731b/html5/thumbnails/10.jpg)
10
Nearly HALF of all cloud app activities originate from a mobile device
ONE THIRD of all DLP violations occur
on mobile devices
![Page 11: Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022030305/5875da3d1a28ab8f438b731b/html5/thumbnails/11.jpg)
76.2% Of Cloud DLP Violations occur in healthcare and life sciences
68.5% Of DLP violations are protected health information (PHI)
![Page 12: Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022030305/5875da3d1a28ab8f438b731b/html5/thumbnails/12.jpg)
Business vs. Mission Critical
Information Technology is not Genomic Health’s core business; however information delivery is fundamental to our unique science and patient value.
HistoryGenomic Health had “purpose built” systems maintained by “in-house” resources. This model wasn’t going to scale or support growing business needs.
IT CharterAgilityIntegrated & InnovativeScalable & Secure
![Page 13: Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022030305/5875da3d1a28ab8f438b731b/html5/thumbnails/13.jpg)
Cloud storageData & analytics
Collaboration
Payor and pricing management
Line of business apps
Order management
Sample management
![Page 14: Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022030305/5875da3d1a28ab8f438b731b/html5/thumbnails/14.jpg)
Genomic Health’s Data & Analytics Requirements vs. Twitter’s
!
![Page 15: Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022030305/5875da3d1a28ab8f438b731b/html5/thumbnails/15.jpg)
FIND UNDERSTAND SECURE
![Page 16: Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022030305/5875da3d1a28ab8f438b731b/html5/thumbnails/16.jpg)
FIND
Bob Jones in IT
Ashok Kumar in Marketing
Amy Bishop in Finance
Pierre Bonaparte in Research
Side-by-sidecomparisons
![Page 17: Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022030305/5875da3d1a28ab8f438b731b/html5/thumbnails/17.jpg)
17
Risk assessment and discovery of unsanctioned app usage
![Page 18: Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022030305/5875da3d1a28ab8f438b731b/html5/thumbnails/18.jpg)
UNDERSTAND
✔ Who? What group/OU? Where?
✔ What app/category? From what device?
✔ To whom? What content?A contract CRO clinician sent a
patient’s MRI to a counterpart via Box
![Page 19: Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022030305/5875da3d1a28ab8f438b731b/html5/thumbnails/19.jpg)
…to which content…
See what users did…
…and see the who, what, when, where, and with whom
![Page 20: Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022030305/5875da3d1a28ab8f438b731b/html5/thumbnails/20.jpg)
20
8% of data in cloud storage would violate DLP policy if the enterprise knew about it
![Page 21: Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022030305/5875da3d1a28ab8f438b731b/html5/thumbnails/21.jpg)
SECURE✔ Block and coach
✔ Encrypt
✔ Prevent sharing outside of co.
✔ Require justification
✔ Perform “quiet” legal hold
Activity- and data-level
policies
✔ Quarantine and alert users
![Page 22: Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022030305/5875da3d1a28ab8f438b731b/html5/thumbnails/22.jpg)
Standardize on enterprise-approved apps
![Page 23: Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022030305/5875da3d1a28ab8f438b731b/html5/thumbnails/23.jpg)
• Too risky• Unacceptable
terms
Block Speed Bump Block/Coach Context-Driven• Unsanctioned app• Alert/guidance/
justification• “Data may be
made public”
• Sanctioned app/ activity
• DLP• Data = PHI
• If-then context• Person/group• Activity• Data residency
Enforce granular policies
![Page 24: Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022030305/5875da3d1a28ab8f438b731b/html5/thumbnails/24.jpg)
24
Help people do the right thing
Your organization has standardized on Box. Would you like an account?
![Page 25: Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud](https://reader031.vdocuments.mx/reader031/viewer/2022030305/5875da3d1a28ab8f438b731b/html5/thumbnails/25.jpg)
25
Dr. No
CIO, CISO and Sys Admins alike must broker new conversationswithin institutions.
Find ways to say “YES” while also maintaining appropriate control.