This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.
[00:00:00] (Intro) The benefits of this architecture operationally mean, once it's in place, You can do all these changes and new implementations and new projects in M& A and all the plumbing is already there. All the architecture is in place now.
So this framework works for you to make things a lot faster, smoother and simpler.
Welcome to This Week Health. Today, we're doing a continuing six part series. This is part two of the series, Zero Trust Hospital, the CXO Vision. It's a new book by Zscaler, and I'm lucky enough to have one of the authors, Tamer Baker, the healthcare CTO for Zscaler with me.
I'm Drex Ford, president of Cyber Risk at This Week Health and the 229 Project. And Tamer, welcome to the show.
Thanks for having me. I always love hanging out with you guys.
Yeah. Thanks. We love it too. We've spent a lot of time together. We commiserate a lot over our Air Force days and all of that too.
We covered in the book the reason for the book and how you got started how it all came together. We're going to get into a [00:01:00] little bit today about the benefit of zero trust. And let me start with, Zero trust, we think it's a lot about security, and of course it is about security, but there's other operational benefits that come from bringing zero trust into healthcare organizations.
Tell me about some of that.
Yeah, think we touched on it and hinted on it on the first episode, but of the strong benefits that we think about is being able to be adaptive and innovate faster, right? was mentioned in the first episode how you want to do something new, whether it's an M& A or a new project, and you talk about the broken glass, right?
This is, a lot of exceptions just to get something done ready. The benefits of this architecture operationally mean, once it's in place, You can do all these changes and new implementations and new projects in M& A and all the plumbing is already there. All the architecture is in place now.
So this framework works for you to make things a lot faster, smoother and simpler. Operationally speaking, because you [00:02:00] remove a lot of point products, you remove a lot of the appliances and heavy boxes that you have to constantly pay for and maintain. It takes a lot of human capital hours to manage.
All the 20 years of legacy systems that we're constantly trying to, small increments make better once all those headaches go away and you've revolutionized into something that's more of a sass security and more easier to implement . Those benefits pay dividends very quickly because now your team can focus on other things.
And you can have a lot less human capital hours spent doing things that are just, infrastructure related as well as security related.
I feel like a lot of this just we talked about change a little bit in the first episode too. So I would encourage to go back and watch the first episode and all the episodes obviously in the series.
We talk a lot about change and the pain of change and a lot of the benefit comes from getting off an architecture that is really Old and brittle and difficult to [00:03:00] use and maintain and run and moving to a new architecture that is the Agile architecture that lets you do all the things that your digital health leadership wants you to do.
And so tell me about the trauma or the challenge of the change and how you help folks think through that.
A great analogy our CEO has used multiple times that I think I'll bring into this conversation is, it's the difference between when you had a DVD player at your house and you wanted to start a Netflix streaming service, right?
Zero Trust is that Netflix streaming service now. It's simple, it's easy to use for your users, it's much faster to stand up, much faster to add movies to watch your next series, et cetera, whatever you want to do. Continually trying to update and upgrade and move my security appliances to the cloud, but I'm still managing and maintaining it.
That's the equivalent of putting a thousand DVD players in the cloud and your users are still managing DVD players trying to watch their next movie, hitting the chapters, [00:04:00] and this, that, and the other. The difference we're talking about here is instead of 1000 DVD players in the cloud from the ground up, you build a streaming service.
That's what zero trust looks like. That's what this architecture we're talking about. When we think about change and modernization, that kind of change is easy to pick up right when it becomes simplified instead of all those DVD players you're trying to manage.
\ and all those DVD players are also different brands and they all have different remote controls, right?
It's all that. I love that analogy. Definitely will be stealing that one from you. So we talk about risk management. And, managing risk, identifying risk, prioritizing risk. A lot of our decisions about our investments are made because of risk that we bear from the projects that we do, or changes that happen in the environment.
How does the work that you guys are doing, how does that? tie into this risk conversation and the benefits that can come from seeing and managing risk.
Yeah we talked about in the [00:05:00] last episode how, we've designed an infrastructure over the last 20, 30 years. That's, the data center is the center of your universe.
And everything has to revolve around that and the four walls, castle, etc. Once we've exploded into users being everywhere, data being everywhere, applications being everywhere, cloud, remote, et cetera, all that did was expand your footprint, right? So your attack surface now is like exponentially greater.
You're the bad actors can find you very easily, much easier because you have way more things to find. Now one of the huge. Risk benefits that we talk about from a zero trust perspective is that it removes that external attack surface. You hide anything externally exposed. So you hide applications that have an Internet address.
You hide your security points is even that have Internet IP addresses. Sometimes you just remove them altogether. Once you remove all that attack surface, your risk levels significantly decrease. The example I like to give here is Or one example, anyways, would be you think of a [00:06:00] CVE, it's a critical CVE has just come out on some application, whatever it may be, and that critical CVE has a high CVEsS score, exploited in the wild, it's got everything going wrong for it to make it super urgent.
But if I remove the attack vector to it, so that actor can't even see or find that application to exploit that vulnerability. Where's the risk really? So the risk dramatically gets reduced on patching that CVE now because I can't even access it as a bad actor, right? So that's one simple example of how we reduce risk with zero trust.
One of many, I should say.
Yeah the reality is to we see more of those critical CVEs come out every day, like with a score of 10, they've got to be done patch them right now, but you can make a different decision about no, that's not really important for us to patch because nobody actually can see it or nobody can get to it too.
the operational cost reduction that comes from not having to go into that frantic, Mode over the weekend [00:07:00] because a new patch comes out super valuable to a lot of customers.
Especially within the last year, the number of CVEs and vulnerabilities that are exploiting security appliances, which we'll talk about later in a future episode, but it's so much effort to constantly stay on top of these patches and operationally speaking, it gives your team a break.
I like it. It's a lot of patching. If you do it, I guess
if you do, it's a good point.
I was going to ask you a question about, doing more with less and how zero trust lets healthcare organizations do more with less. That's obviously one example. Are there other examples?
Yeah. When we think about the entirety platform more with less really is, Taking out a whole bunch of single one off type of platform or, pieces of software to do a job.
And once you eliminate all the redundancies you can encompass with a zero trust type of solution you actually are able to accomplish more because you're operationally more efficient as well as. [00:08:00] financially more efficient to do all that extra stuff with less money, only less money, but less resources and people.
So I talk to smaller healthcare organizations all the time as well, where they might only have a team of three or five or ten, whatever it may be. Being able to implement something like this, which modernizes the way you do infrastructure and security, means you can get a lot more done. With less vendors to deal with, less management of those tools and less people to do the work.
It makes it way simpler for those smaller organizations as well.
The beauty of it is that we usually talk about do more with less, and it just means work more hours. The Zscaler version, the Zero Trust version of do more with less is do more with less by taking out waste from the current architecture design you have, the current workflows that you have, operations that you have, which frees time for you to do the other things that you've always intended to do.
But you haven't been able to get around to it. Tell me a little bit about Say it again? Oh, patching [00:09:00] all those systems. Exactly. Tell me patient experience, clinician experience, what's the difference there? How does Zero Trust make that experience better?
Yeah, so this is a huge part of what we talk about in the book at some point, too, where we can't do anything.
Like digital modernization, while keeping in mind the clinician and the patient experience. This removal of all these old clunky systems, the thousand DVD players in the cloud, makes it so much more seamless and user friendly. So your clinicians can operate seamlessly and where security happens in the background and they don't even realize it happens.
One less agent, one less click, one less login. et cetera, because it all works seamlessly for them. They have more time with their patients because of this. Another great example, huge squeaky wheel oftentimes, especially since COVID is the remote radiologist, right? That's another big component that we think about and the pains that they go through.
This enables them to get more reads in per week, right? So [00:10:00] more reads in per week means more patients get seen and get results quicker as well as. more money generation from an operational perspective, right? When we think about an ROI and the benefits of zero trust, you can actually generate, it's a different color of money when you're spending, in your IT infrastructure versus generating income, but that is another operational benefit where those radiologists now become very happy.
The number of CTOs that have come up to me and told me how pleased they are because their squeaky wheel has been oiled that being the radiologist. that are out sitting on a beach in Maui are now happy customers of theirs. That's a big win from a zero trust architecture perspective.
I love that it scratches, the itch on both sides of the coin, right? , it makes it easier for. The end users, they're happier with it. It lets them be more productive. That's a good financial benefit to the organization, but it also just makes it easier from an operational perspective to run.
That's really cool. Hey, I appreciate you being here today.
Thank you. Yeah. I love doing this [00:11:00] with you and week health. This is always a great time. So thank you for having me.
Yeah, thanks tuning in to Episode 2 of our Zero Trust series. If you want to dive deeper, you can pick up a signed copy of the book at either VIVE or HIMSS.
Plus, you can get the accompanying Architect's Approach Guide for your team. And if you can't wait, if you're like Tamer and you're impatient, you can register. With the link that's provided in the video description, and you'll get the book automatically in your inbox. During VIVE, we have four more episodes in this series.
Don't miss our special webinar with industry experts on March 27th. And you can register for that at thisweekhealth. com slash zero trust. Thanks again, Tamer.
Thanks Drex.