Skip to content

Archive for

Dec 27

How To Protect Healthcare Records In A Zero Trust World

  • There’s been a staggering 298.4% growth in the reported number of patient records breached as a result of insider-wrongdoing this year alone according to Protenus.
  • The total disclosed number of breached patient records has soared from 1.1M in Q1 2018 to 4.4M in Q3 2018 alone, 680K of which were breached by insiders.
  • There were 117 disclosed health breaches in the last 90 days alone.
  • On average it’s taking 402 days to discover a healthcare provider has been breached.

Diagnosing Healthcare’s Breach Epidemic

Using access credentials stolen from co-workers or stolen laptops, unethical healthcare insiders are among the most prolific at stealing and selling patient data of any insider threat across any industry. Accenture’s study, “Losing the Cyber Culture War in Healthcare: Accenture 2018 Healthcare Workforce Survey on Cybersecurity,” found that the most common ways healthcare employees financially gain from stealing medical records is to commit tax return and credit card fraud.

Treating healthcare’s breach epidemic needs to start by viewing every threat surface, access point, identity, and login attempt as the new security perimeter. Healthcare providers urgently need to take a “never trust, always verify” approach, adopting  Zero Trust Security to protect every threat surface using Next-Gen Access for end-user credentials and Privileged Access Management (PAM) for privileged credentials. One of the leaders in Next-Gen Access is Idaptive, a newly created spin-off of Centrify. Centrify itself is offering Zero Trust Privilege Services helping over half of the Fortune 100 to eliminate privileged access abuse, the leading cause of breaches today. Centrify Zero Trust Privilege grants least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment.

18% of healthcare employees are willing to sell confidential data to unauthorized parties for as little as $500 to $1,000, according to a recent Accenture study. 24% of employees know of someone who has sold access to patient data to outsiders. 58% of all healthcare breaches are initiated by insiders. Confidential patient diagnosis, treatment, payment histories, and medical records are the most valuable on the Dark Web, selling for as much as $1,000 per record according to Experian.

Key insights from Protenus’ Breach Barometer illustrate how healthcare’s breach epidemic is growing exponentially:

  • There’s been a staggering 298.4% growth in the number of patient records breached as a result of insider-wrongdoing this year alone. In Q1 of this year, there were 4,597 patient records exfiltrated by insider wrong-doing, jumping to 70,562 in Q2 and soaring to 290,689 in Q3. Healthcare insiders can easily thwart healthcare systems’ legacy security approaches today by using compromised access credentials. Zero Trust Security, either in the form of Next-Gen Access for end-user credentials or Zero Trust Privilege for privileged access credentials has the potential to stop this

  • The total number of breached patient records has soared from 1.1M in Q1 of this year to 4.4M in Q3, a 58.7% jump in less than a year. Protenus found a total of 117 incidents were disclosed to U.S. Department of Health and Human Services (HHS) or the media in Q3 2018 alone. Details were disclosed for 100 of these incidents, affecting 4,390,512 patient records, the highest level ever recorded. Jumping from 1.1M medical records in Q1 to 4.4M in Q3, healthcare providers could easily see over 6.5M records breached in Q4 2018 alone.

  • Hackers targeted healthcare systems aggressively in Q3 of this year, exfiltrating 3.6M patient records in just 90 days. Compromised access credentials are hackers’ favorite technique for exfiltrating massive quantities of medical records they resell on the Dark Web or use to commit tax and credit card fraud. Healthcare providers need to minimize their attack surfaces, improve audit and compliance visibility, reduce risk, complexity, and costs across their modern, hybrid enterprises with Zero Trust. Healthcare providers need to shut down hackers now, taking away the opportunities they’re capitalizing on to exfiltrate medical records almost at will.
  • It takes 71 days on average for healthcare providers to realize their data is breached with one breach lasting over 15 years. Protenus found a wide variation in the length of time it takes healthcare providers to realize they’ve been breached and one didn’t know until 15 years after the initial successful breach. All breaches tracked by Protenus found that the insiders and/or hackers were successful in gaining access to a wealth of patient information including addresses, dates of birth, medical record numbers, healthcare providers, visit date, health insurance information, financial histories, and payment information.

Conclusion

Zero Trust is the antidote healthcare needs to treat its raging breach epidemic.  It’s exponentially growing as insiders’ intent on wrongdoing turn to exfiltrating patients’ data for personal gain. Hackers also find healthcare providers’ legacy systems among the easiest to access using stolen access credentials, exfiltrating millions of records in months. With every new employee and device being a new security perimeter on their networks, the time is now for healthcare providers to discard the old model of “trust but verify” which relied on well-defined boundaries. Zero Trust mandates a “never trust, always verify” approach to access, from inside or outside healthcare providers’ networks.

Dec 16

CPQ Needs To Scale And Support Smarter, More Connected Products

  • For smart, connected product strategies to succeed they require a product lifecycle view of configurations, best attained by integrating PLM, CAD, CRM, and ERP systems.
  • Capgemini estimates that the size of the connected products market will be $519B to $685B by 2020.
  • In 2018, $985B will be spent on IoT-enabled smart consumer devices, soaring to $1.49B in 2020, attaining a 23.1% compound annual growth rate (CAGR) according to Statista.
  • Industrial manufacturers will spend on average $121M a year on smart, connected products according to Statista.

Succeeding with a smart, connected product strategy is requiring manufacturers to accelerate their IoT & software development expertise faster than they expected. By 2020, 50% of manufacturers will generate the majority of their revenues from smart, connected products according to Capgemini’s recent study. Manufacturers see 2019 as the breakout year for smart, connected products and the new revenue opportunities they provide.

Industrial Internet of Things (IIoT) platforms has the potential of providing a single, unified data model across an entire manufacturing operation, giving manufacturers a single unified view of product configurations across their lifecycles. Producing smart, connected products at scale also requires a system capable of presenting a unified view of configurations in the linguistics each department can understand. Engineering, production, marketing, sales, and service all need a unique view of product configurations to keep producing new products. Leaders in this field include Configit and their Configuration Lifecycle Management approach to CPQ and product configuration.

Please see McKinsey’s article IIoT platforms: The technology stack as a value driver in industrial equipment and machinery which explores how the Industrial Internet of things (IIoT) is redefining industrial equipment and machinery manufacturing. The following graphic from the McKinsey explains why smart, connected product strategies are accelerating across all industries. Please click on the graphic to expand it for easier reading.

CPQ Needs To Scale Further To Sell Smart, Connected Products

Smart, connected products are redefining the principles of product design, manufacturing, sales, marketing, and service. CPQ systems need to grow beyond their current limitations by capitalizing on these new principles while scaling to support new business models that are services and subscription-based.

The following are the key areas where CPQ systems are innovating today, making progress towards enabling the custom configuration of smart, connected products:

  • For smart, connected product strategies to succeed they require a product lifecycle view of configurations, best attained by integrating PLM, CAD, CRM, and ERP systems. Smart, connected product strategies require real-time integration between front-end and back-end systems to optimize production performance. And they also require advanced visualization that provides prospects with an accurate, 3D-rendered view that can be accurately translated to a Bill of Materials (BOM) and into production. The following graphic is based on conversations with Configit customers, illustrating how they are combining PLM, CAD, CRM and ERP systems to support smart, connected products related to automotive manufacturing. Please click on the graphic to expand it for easier reading.

  • CPQ and product configuration systems need to reflect the products they’re specifying are part of a broader ecosystem, not stand-alone. The essence of smart, connected products is their contributions to broader, more complex networks and ecosystems. CPQ systems need to flex and support much greater system interoperability of products than they do today. Additional design principles include designing in connected service options, evergreen or long-term focus on the product-as-a-platform and designed in support for entirely new pricing models.
  • Smart, connected products need CPQ systems to reduce physical complexity while scaling device intelligence through cross-sells, up-sells and upgrades. Minimizing the physical options to allow for greater scale and support for device intelligence-based ones are needed in CPQ systems today. For many CPQ providers, that’s going to require different data models and taxonomies of product definitions. Smart, connected products will be modified after purchase as well, evolving to customers’ unique requirements.
  • After-sales service for smart, connected products will redefine pricing and profit models for the better in 2019, and CPQ needs to keep up to make it happen. Giving products the ability to send back their usage rates and patterns, reliability and performance data along with their current condition opens up lucrative pricing and services models. CPQ applications need to be able to provide quotes for remote diagnostics, price breaks on subscriptions for sharing data, product-as-a-service and subscription-based options for additional services. Many CPQ systems will need to be updated to support entirely new services-driven business models manufacturers are quickly adopting today.

Dec 12

Using Machine Learning To Find Employees Who Can Scale With Your Business

  • Eightfold’s analysis of hiring data has found the half-life of technical, marketable skills is 5 to 7 years, making the ability to unlearn and learn new concepts essential for career survival.
  • Applicant Tracking Systems (ATS) don’t capture applicants’ drive and intensity to unlearn and learn or their innate capabilities for growth.
  • Artificial Intelligence (AI) and machine learning are proving adept at discovering candidates’ innate capabilities to unlearn, learn and reinvent themselves throughout their careers.

Hiring managers in search of qualified job candidates who can scale with and contribute to their growing businesses are facing a crisis today. They’re not finding the right or in many cases, any candidates at all using resumes alone, Applicant Tracking Systems (ATS) or online job recruitment sites designed for employers’ convenience first and candidates last. These outmoded approaches to recruiting aren’t designed to find those candidates with the strongest capabilities. Add to this dynamic the fact that machine learning is making resumes obsolete by enabling employers to find candidates with precisely the right balance of capabilities needed and its unbiased data-driven approach selecting candidates works. Resumes, job recruitment sites and ATS platforms force hiring managers to bet on the probability they make a great hire instead of being completely certain they are by basing their decisions on solid data.

Playing The Probability Hiring Game Versus Making Data-Driven Decisions

Many hiring managers and HR recruiters are playing the probability hiring game. It’s betting that the new hire chosen using imprecise methods will work out. And like any bet, it gets expensive quickly when a wrong choice is made. There’s a 30% chance the new hire will make it through one year, and if they don’t, it will cost at least 1.5 times their salary to replace them. When the median salary for a cloud computing professional is $146,350, and it takes the best case 46 days to find them, the cost and time loss of losing just one recruited cloud computing professional can derail a project for months. It will cost at least $219,000 or more to replace just that one engineer. The average size of an engineering team is ten people so only three will remain in 12 months. These are the high costs of playing the probability hiring game, fueled by unconscious and conscious biases and systems that game recruiters into believing they are making progress when they’re automating mediocre or worse decisions. Hiring managers will have better luck betting in Las Vegas or playing Powerball than hiring the best possible candidate if they rely on systems that only deliver a marginal probability of success at best.

Betting on solid data and personalization at scale, on the other hand, delivers real results. Real data slices through the probabilities and is the best equalizer there is at eradicating conscious and unconscious biases from hiring decisions. Hiring managers, HR recruiters, directors and Chief Human Resource Officers (CHROs) vow they are strong believers in diversity. Many are abandoning the probability hiring game for AI- and machine learning-based approaches to talent management that strip away any extraneous data that could lead to bias-driven hiring decisions. Now candidates get evaluated on their capabilities and innate strengths and how strong a match they are to ideal candidates for specific roles.

A Data-Driven Approach To Finding Employees Who Can Scale

Personalization at scale is more than just a recruiting strategy; it’s a talent management strategy intended to flex across the longevity of every employees’ tenure. Attaining personalization at scale is essential if any growing business is going to succeed in attracting, acquiring and growing talent that can support their growth goals and strategies. Eightfold’s approach makes it possible to scale personalized responses to specific candidates in a company’s candidate community while defining the ideal candidate for each open position. Personalization at scale has succeeded in helping companies find the right person to the right role at the right time and, for the first time, personalize every phase of recruitment, retention and talent management at scale.

Eightfold is pioneering the use of a self-updating corporate candidate database. Profiles in the system are now continually updated using external data gathering, without applicants reapplying or submitting updated profiles. The taxonomies supported in the corporate candidate database make it possible for hiring managers to define the optimal set of capabilities, innate skills, and strengths they need to fill open positions.

Lessons Learned at PARC
Russell Williams, former Vice President of Human Resources at PARC, says the best strategy he has found is to define the ideal attributes of high performers and look to match those profiles with potential candidates. “We’re finding that there are many more attributes that define a successful employee in our most in-demand positions including data scientist that are evident from just reviewing a resume and with AI, I want to do it at scale,” Russell said. Ashutosh Garg, Eightfold founder, added: “that’s one of the greatest paradoxes that HR departments face, which is the need to know the contextual intelligence of a given candidate far beyond what a resume and existing recruiting systems can provide.”  One of the most valuable lessons learned from PARC is that it’s possible to find the find candidates who excel at unlearning, learning, defining and diligently pursuing their learning roadmaps that lead to reinventing their skills, strengths, and marketability.

Conclusion

Machine learning algorithms capable of completing millions of pattern matching comparisons per second provides valuable new insights, enabling companies to find those who excel at reinventing themselves. The most valuable employees who can scale any business see themselves as learning entrepreneurs and have an inner drive to master new knowledge and skills. And that select group of candidates is the catalyst most often responsible for making the greatest contributions to a company’s growth.

Dec 10

High-Tech’s Greatest Challenge Will Be Securing Supply Chains In 2019

Bottom Line: High-tech manufacturers need to urgently solve the paradox of improving supply chain security while attaining greater visibility across supplier networks if they’re going make the most of smart, connected products’ many growth opportunities in 2019.

The era of smart, connected products is revolutionizing every aspect of manufacturing today, from suppliers to distribution networks. Capgemini estimates that the size of the connected products market will be $519B to $685B by 2020. Manufacturers expect close to 50 percent of their products to be smart, connected products by 2020, according to Capgemini’s Digital Engineering: The new growth engine for discrete manufacturers. The study is downloadable here (PDF, 40 pp., no opt-in).

Smart, connected products free manufacturers and their supply chains from having to rely on transactions and the price wars they create. The smarter the product, the greater the services revenue opportunities. And the more connected a smart product is using IoT and Wi-Fi sensors the more security has to be designed into every potential supplier evaluation, onboarding, quality plan, and ongoing suppliers’ audits. High-tech manufacturers are undertaking all of these strategies today, fueling them with real-time monitoring using barcoding, RFID and IoT sensors to improve visibility across their supply chains.

Gaining even greater visibility into their supply chains using cloud-based track-and-trace systems capable of reporting back the condition of components in transit to the lot and serialized pack level, high-tech suppliers are setting the gold standard for supply chain transparency and visibility. High-tech supply chains dominate many other industries’ supplier networks on accuracy, speed, and scale metrics on a consistent basis, yet the industry is behind on securing its vast supplier network. Every supplier identity and endpoint is a new security perimeter and taking a Zero Trust approach to securing them is the future of complex supply chains. With Zero Trust Privilege, high-tech manufacturers can secure privileged access to infrastructure, DevOps, cloud, containers, Big Data, production, logistics and shipping facilities, systems and teams.

High-Tech Needs to Confront Its Supply Chain Security Problem, Not Dismiss It

It’s ironic that high-tech supply chains are making rapid advances in accuracy and visibility yet still aren’t vetting suppliers thoroughly enough to stop counterfeiting, or worse. Bloomberg’s controversial recent article,The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies, explains how Amazon Web Services (AWS) was considering buying Portland, Oregon-based Elemental Technologies for its video streaming technology, known today as Amazon Prime Video. As part of the due diligence, AWS hired a third-party company to scrutinize Elemental’s security all the way up to the board level. The Elemental servers that handle the video compression were assembled by Super Micro Computer Inc., a San Jose-based company in China. Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design that could create a stealth doorway into any network the machines were attached to. Apple (who is also an important Super Micro customer) and AWS deny this ever happened, yet 17 people have confirmed Supermicro had altered hardware, corroborating Bloomberg’s findings.

The hard reality is that the scenario Bloomberg writes about could happen to any high-tech manufacturer today. When it comes to security and 3rd party vendor risk management, many high-tech supply chains are stuck in the 90s while foreign governments, their militaries and the terrorist organizations they support are attempting to design in the ability to breach any network at will. How bad is it?  81% of senior executives involved in overseeing their companies’ global supply chains say 3rd party vendor management including recruiting suppliers is riskiest in China, India, Africa, Russia, and South America according to a recent survey by Baker & McKenzie.

PriceWaterhouseCoopers (PwC) and the MIT Forum for Supply Chain Innovation collaborated on a study of 209 companies’ supply chain operations and approaches to 3rd party vendor risk management. The study, PwC and the MIT Forum for Supply Chain Innovation: Making the right risk decisions to strengthen operations performance, quantifies the quick-changing nature of supply chains. 94% say there are changes in the extended supply chain network configuration happening frequently. Relying on trusted and untrusted domain controllers from server operating systems that are decades old can’t keep up with the mercurial pace of supply chains today.

Getting in Control of Security Risks in High-Tech Supply Chains

It’s time for high-tech supply chains to go with a least privilege-based approach to verifying who or what is requesting access to any confidential data across the supply chains. Further, high-tech manufacturers need to extend access request verification to include the context of the request and the risk of the access environment. Today it’s rare to find any high-tech manufacturer going to this level of least-privilege access approach, yet it’s the most viable approach to securing the most critical parts of their supply chains.

By taking a least-privilege access approach, high-tech manufacturers and their suppliers can minimize attack surfaces, improve audit and compliance visibility, and reduce risk, complexity, and operating costs across their hybrid manufacturing ecosystem.

Key actions that high-tech manufacturers can take to secure their supply chain and ensure they don’t end up in an investigative story of hacked supply chains include the following:

  • Taking a Zero Trust approach to securing every endpoint provides high-tech manufacturers with the scale they need to grow. High-tech supply chains are mercurial and fast-moving by nature, guaranteeing they will quickly scale faster than any legacy approaches enterprise security management. Vetting and then onboarding new suppliers needs to start by protecting every endpoint to the production and sourcing level, especially for next-generation smart, connected products.
  • Smart, connected products and the product-as-a-service business models they create are all based on real-time, rich, secured data streams that aren’t being eavesdropped on with components no one knows about. Taking a Zero Trust Privilege-based approach to securing access to diverse supply chains is needed if high-tech manufacturers are going to extend beyond legacy Privileged Access Management (PAM) to secure data being generated from real-time monitoring and data feeds from their smart, connected products today and in the future.
  • Quality management, compliance, and quality audits are all areas high-tech manufacturers excel in today and provide a great foundation to scale to Zero Trust Privilege. High-tech manufacturers have the most advanced quality management, inbound inspection and supplier quality audit techniques in the world. It’s time for the industry to step up on the security side too. By only granting least-privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment, high-tech manufacturers can make rapid strides to improve supply chain security.
  • Rethink the new product development cycles for smart, connected products and the sensors they rely on, so they’re protected as threat surfaces when built. Designing in security to the new product development process level and further advancing security scrutiny to the schematic and board design level is a must-do. In an era of where we have to assume bad actors are everywhere, every producer of high-tech products needs to realize their designs, product plans, and roadmaps are at risk. Ensuring the IOT and Wi-Fi sensors in smart, connected products aren’t designed to be hackable starts with a Zero Trust approach to defining security for supplier, design, and development networks.

Conclusion

The era of smart, connected products is here, and supply chains are already reverberating with the increased emphasis on components that are easily integrated and have high-speed connectivity. Manufacturing CEOs say it’s exactly what their companies need to grow beyond transaction revenue and the price wars they create. While high-tech manufacturers excel at accuracy, speed, and scale, they are falling short on security. It’s time for the industry to re-evaluate how Zero Trust can stabilize and secure every identity and threat surface across their supply chains with the same precision and intensity quality is today.

Dec 5

Where Cloud Computing Jobs Will Be In 2019

  • $146,350 is the median salary for cloud computing professionals in 2018.
  • There are 50,248 cloud computing positions available in the U.S. today available from 3,701 employers and 101,913 open positions worldwide today.
  • Oracle (NYSE: ORCL), Deloitte and Amazon (NASDAQ: AMZN) have the most open cloud computing jobs today.
  • Java, Linux, Amazon Web Services (AWS), Software Development, DevOps, Docker and Infrastructure as a Service (IaaS) are the most in-demand skills.
  • Washington DC, Arlington-Alexandria, VA, San Francisco-Oakland-Hayward, CA, New York-Newark-Jersey City, NY, San Jose-Sunnyvale-Santa Clara, CA, Chicago-Naperville-Elgin, IL, are the top five cities where cloud computing jobs are today and will be in 2019.

Demand for cloud computing expertise continues to increase exponentially and will accelerate in 2019. To better understand the current and future direction of cloud computing hiring trends, I utilized Gartner TalentNeuron. Gartner TalentNeuron is an online talent market intelligence portal with real-time labor market insights, including custom role analytics and executive-ready dashboards and presentations. Gartner TalentNeuron also supports a range of strategic initiatives covering talent, location, and competitive intelligence.

Gartner TalentNeuron maintains a database of more than one billion unique job listings and is collecting hiring trend data from more than 150 countries across six continents, resulting in 143GB of raw data being acquired daily. In response to many Forbes readers’ requests for recommendations on where to find a job in cloud computing, I contacted Gartner to gain access to TalentNeuron.

Key takeaways include the following:

  • $146,350 is the median salary for cloud computing professionals in 2018.  Cloud computing salaries have soared in the last two years, with 2016’s median salary being $124,300 a jump of $22,050. The following graphic shows the distribution of salaries for 50,248 cloud computing jobs currently available in the U.S. alone. Please click on the graphic to expand for easier reading.

  • The Hiring Scale is 78 for jobs that require cloud computing skill sets, with the average job post staying open 46 days. The higher the Hiring Scale score, the more difficult it is for employers to find the right applicants for open positions. Nationally an average job posting for an IT professional with cloud computing expertise is open 46 days. Please click on the graphic to expand for easier reading.

  • Washington, DC – Arlington-Alexandria, VA leads the top twenty metro areas that have the most open positions for cloud computing professionals today. Mapping the distribution of job volume, salary range, candidate supply, posting period and hiring scale by Metropolitan Statistical Area (MSA) or states and counties are supported by Gartner TalentNeuron.  The following graphic is showing the distribution of talent or candidate supply.  These are the markets with the highest supply of talent with cloud computing skills.

  • Oracle (NYSE: ORCL), Deloitte and Amazon (NASDAQ: AMZN) have the most open cloud computing jobs today. IBM, VMWare, Capital One, Microsoft, KPMG, Salesforce, PricewaterhouseCoopers, U.S. Bank, and Booz Allen Hamilton, Raytheon Corporation, SAP, Capgemini, Google, Leidos and Nutanix all have over 100 open cloud computing positions today.

%d bloggers like this: