More Content - Including Podcasts

Friday, December 16, 2011

Hacking Motivations - Where Following the Money is Going

Was a time, way back when I first got into IT, that the primary motivation for hacking was notoriety, infamy, and the occasional retribution for public flaming.  That said, there were certain financial motivations and corporate espionage aspects in those days also.

And really, the prime motivation for people to do anything is always money. As they say on the innumerable crime procedural dramas, "follow the money."

What is interesting is how things are evolving, or more accurately, being exposed, these days with respect to where following the money takes you.  We always assume hackers are targeting personal financial and health data for the purposes of identity theft.  More recently, cyber-terrorism concerns are on the rise with SCADA attacks coming to the forefront in the US and elsewhere. And these are absolutely valid, as well as the continued and large risks of corporate information being accessed or destroyed for corporate espionage or disgruntled employee revenge.

But consider a BBC Radio 4 documentary exposing how UK private detective agencies are using hacking skills to expose potential news stories that they are bringing to certain nameless major media outlets.  And if you think that activity is limited to those rascals over in the UK, I encourage you to replace your head in the sand immediately to continue your blissful ignorance.

How does this change what we do as security and privacy professionals?  Again I'll go to my standard refrain of the urgency and priority of IT security and privacy policies and governance in each of our organisations.  But what this "new" information gives us IT security professionals is additional support tin our budgetary discussions.  If we want to do our jobs, and do them well, the reality is we are competing for each dollar (particularly this time of the year) with every other IT service related initiative and operational need.  We need to make our business case concise, and tailor our plans to address the highest risk areas first.  If you work somewhere with a relatively low probability for natural disaster or civil unrest, then your local media is going to be busy trying to get stories that make them money.

Can they make money off revealing information about your organisations operations or strategies? Then that is what they will be interested in doing, and don't doubt they are already looking for ways in.

Thursday, December 15, 2011

Social Media - It's for Everyone, But Not Everyone is for Social Media.

Recent events in the professional hockey world have me thinking about SoMe at work.  Now, while I do daydream about hockey occasionally at work, this is a more direct (please hear me out) connection than you'd think.

Chicago Blackhawks winger Dave Bolland recently got caught up in the atmosphere of a live interview, and made a series of disparaging remarks about the top players on my home team. "So what?" you say, "professional athletes talk trash often." And I'll be the first to agree.  What got me thinking here though, is how quickly a few comments, thrown out without forethought or apparently malice (see article about Bolland "recanting" his comments the next day) went from radio to Twitter, Facebook, and numerous other social media channels.  The net result? Well, Bolland will have to play the Canucks on January 31. He also now has cemented a reputation for himself, that may be great with his fans, and for whatever reason, this kind of behaviour seems idolized in the celebrity world.

Now picture an employee at any public or private institution with access to a computer, and no corporate controls (read: policies more so than firewalls) around social media. What kind of damage could that employee unleash with a flippant comment about the organisation, a competitor, or worse, a valued partner or customer?

And how do you repair that damage once done? Once the post goes out on LinkedIn, Twitter, YouTube, Facebook, or any other popular channel? It's been clearly illustrated that companies that try to back-track and battle back against negative social media just look like Goliath, no matter how wronged they have been. Hey, they are the 1%, as the OWS gang would say.

The best defence is a plan. Like with all privacy and security matters, you need to understand the risk, and take the reasonable steps to mitigate.  Are we going to have 100% prevention? Nope.  But if you have social media policies drafted up (like these shared by SocialMediaGovernance.com), and a workforce educated about the use of SoMe at & about work, you have a mitigation plan.

Wednesday, December 14, 2011

Medical Education Networks Must Be Good Neighbours

This story makes an understated point for us managing medical education and research networks.

While we may not operate or support the systems on the clinical networks, we operate immediately adjacent to them.

As our educators and researchers bring devices closer between these networks, we need to illustrate leadership, good faith, and act as responsible neighbours and ensure systems under our management are as protected as possible, and users as educated as possible. This in turn lightens the load for our colleagues managing the clinical networks immediately responsible for patient care.

Malware shuts down hospital near Atlanta, Georgia
http://nakedsecurity.sophos.com/2011/12/13/malware-shuts-down-hospital-near-atlanta-georgia/

Tuesday, November 29, 2011

ItManageCast - Vivit Worldwide

ItManageCast - Vivit Worldwide

Good morning from Vienna!
While I drink my Latte Machiatto and eat my croissant and wait for delegate access to HP Discover 2011 EMEA to open to delegates, I will update any who are following this on our presentation last night of the Vivit Worldwide Champion and Leader of the Year, 2011.
What seemed like the largest number of chapter and SIG leaders to gather for dinner yet converged on the upper floor of the 1516 restaurant in downtown Vienna last night. The dinner was for Vivit to have an opportunity to recognise our leaders who keep the machinery of Vivit moving - without them there would be no Vivit Worldwide. At the dinner we recognised both our EMEA Leader of the Year, and Champion of the Year.

The Champion of the Year is a new recognition category this year, decided to begin this fall by your Vivit Directors. We find that as we are an organisation that is accountable to our members, we have always held the policy that HP employees cannot be leaders in our organisation. That long standing and popularly supported by-law has led us to a conundrum however; what happens when an HP employee goes above and beyond in their support for the Vivit Worldwide community and goals? In order to rectify this oversight, we created the category of Vivit Champion of the Year.



This year, while receiving a couple of strong nominations, we did eventually make the decision to award this honour to Paolo Cattacolio from HP in France. Paolo has been instrumental this past year in bringing the European user community of the TRIM product into the Vivit family. TRIM was acquired by HP, as a great asset to their software portfolio, but the well-established local user groups of the product were left without a global connecting community to HP Software. This is where Paolo, and Vivit Director Richard Bishop identified a need and worked tirelessly to support these users. So in recognition of his support of the Vivit user community worldwide, and the TRIM software users need to interconnect globally for advocacy, education, and community, Vivit President Michael Collins and myself (Director of SIGs & Chapters, and co-leader of the BSM SIG) presented the beautiful trophy for EMEA 2011 Vivit Champion of the Year to Paolo.


After a rousing round of applause, Michael called attention to the awarding of the Vivit EMEA Leader of the Year. I believe this is the third year for this reward, which has gone to the passionate and thorough work of our German leaders in years past. This time we moved the trophy north in recognition of the efforts this past year, and years previous, of Martijn Stuiver. Martijn is a co-leader of the SM SIG, and has recently integrated existing customer and partner communities in Holland into a Dutch local user group.




Michael extended a sincere thanks, and warnings to carry the trophy carefully! Martijn shared with the rout his secret passion for 5-pin bowling, but we aren't sure when he would possibly have the time! We just hope he doesn't use the globe from the trophy!


Thank you to both Paolo & Martijn, all the leaders who were present last night, and all our leaders around the world who couldn't join us in Vienna, but whose passionate work for Vivit is noted year round. If you know a great Vivit leader in your local chapter or special interest group, or an HP employee who goes above and beyond to support the HP Software user community, please make sure you let myself or Stephanie know about them, and be certain to nominate them for the next Champion and Leader of the Year.

Wednesday, November 23, 2011

Original Podcast Back Online!

The original itManageCast podcast is back online!

This interview was recorded a few years ago when one of Vivit's "best & brightest" members, Mike Peckar, was deploying HP network management software at Camp Victory in Iraq.  If you use (or used) HP Software Network Node Manager (OK, I'm dating myself here, but you know the application family I'm talking about) you should know (or know about) Mike.  He literally wrote the book on the use of that software. Seriously. Literally.

Interestingly enough, while this interview took place a few years ago, the root issues around NMS really haven't changed and most players in the market space haven't shifted significantly.

I'm about to get back in the game of analysing enterprise NMS solutions (which takes me back to my early career in some ways) so I found this "classic" itManageCast interview helpful, and thought many of you might as well.

Stay tuned for updates on my explorations into the current world of NMS.  in the meantime, listen to the interview with Mike Peckar about his book "the Fognet Fieldguide to Network Node Manager."

http://itmanagecast.podbean.com/


       

                               
   
Podcast Powered By Podbean
   
   

Tuesday, June 28, 2011

Visions for 2012 in Healthcare

Elaine McKnight, ADM, Planning and Innovation, BC Ministry of Health
Neil Gardner, CIO Saskatchewan Health
Barry Rivelis, CIO BCPHSA and VCH
Bill Trafford, SVP Alberta Health Services

Bill was presented via video. I originally thought they meant via VC, but it was in fact a pre-recorded video of Bill doing his presentation in a boardroom.

Bill stated some of the key issues today being treatment based on episodic rather than continuous methods, a more patient centric and accessible world of data and knowledge, and shrinking workforce in health services.

What Bill claims is needed is to move to model that meets these demands in a two pronged approach with a focus on health systems improvements and leveraging of information technology to provide contiguous, secure, realtime access to patient and practitioner information and the enabling of personal health plans.

Bill tells us that Alberta has all the components to enable this today, and the solution is a connected provider community that empowers patients.



Neil Gardner agreed with Dan about some of the drivers for change in health systems, focussing on an aging population that is driving the need for major change to ensure sustainability. Neil noted that the healthcare workplace needs to see changes to ensure professionals are attracted and retained to enhance care, teamwork, and a culture of patient centric wholistic care. Better information empowering transparent and accountable decision making at all levels in healthcare is cited as a strong case for BI.

Care processes, quality, and patient safety are noted as important aspects of healthcare that we are on the cusp of being able to deliver though LEAN, MedRec, and use of care teams.

Current investments in info structure are making a difference today, and will continue tomorrow. Neil stated that greater integration of back end data for health system use to support health system planning and evaluation is an important area to focus.

Neil noted that taking our IT governance and support processes to the next level around system availability, integrity, data quality, business engagement, and identity management are key future initiatives to be architecting in the next year.

Increasing costs, limited budgets, and importance of increasing value create an environment where western provincial alignment and engagement of partners is vital to succeed in these initiatives.



Barry has the honor of being the last person speaking at the conference and everyone's rapt attention before lunch. Barry titled his presentation "Moving to Health 2.0"

Barry shared that 46 is the mean age of social media users in Canada, which should give us pause for thought on who we are delivering healthcare to and how.

Health 2.0 is a digital environment that drives bedside to bench, I.e.: Tightening up how we align research and health care delivery, via a dynamic value chain that pulls together infrastructure, distribution, and applications and information exchange.

Barry feels that investments will need to be focussed in always on devices, device integration, patient/provider information gateway, digital patient ecosystem, business intelligence, information exchange, enterprise wide integrated systems, always on infrastructure, and patient driven consent. The concept is health care available any place, any time, providing anything the patient needs.

A dynamic learning health system that is always on is Barry's vision that we have elements of in place today, but we need to start to architect.

The first question went to Barry, and was how do we get to a turbocharged environment where we manage health information efficiently. Barry replied that we have to focus on the stuff that isn't sexy, the plumbing behind the system. A transparent and governed method of information exchange that includes patient focussed consent models. Barry foresees the next 18 months as a focus on identity management for the vast amount of information growing daily. Neil added that our innovation for information capture and structure needs to happen so that the information can be used intelligently.

Barry cited the video of the recent Vancouver riot and asked us the question of whether the next demographic really cares about privacy as much as the current governing generation.

When asked how risk around information management is handled, Neil noted that more education needs to be provided to clinicians on how they can contribute to the process. They can help better identify where the risks lie as we provide more access to patients of their own health information, and ask those patients to increase their ownership. Barry added that case law tends to lag the trends, but that we are not being creative enough about how we deal with risk and how we engage learnings from partner organizations such as ICBC and WorkSafe BC. This will require a culture shift that won't happen overnight but is dependent on today and tomorrow's clinicians to help establish leadership.





- Posted using BlogPress from my iPad

Location:Kelowna, BC

Achievements and Future Visions for Healthcare

Moderator is Mal Griffin, CIO of the Interior Health Authority
Panelists are:
Lisa Gordon, Program Manager, MicroStrategy
Philip Barker, VP of Information Managemnt, FHA
Colleen Hart, Project Director, myHEALTHPlan
Dan Gonos, Chief Technologist, HP Enterprise Services

Lisa was representing MicroStrategy and their Business Intelligence perspective on healthcare transformation. The point made that we have a lot of data in disparate places, and without consolidating and comprehending it, we don't know,what information we might be missing when it comes to measuring patient outcomes and healthcare optimizations.

Other industries are ahead of healthcare when it comes to BI, and we can leverage it better. A case in point is CIHI, where Lisa worked until recently coming to work for MicroStrategy. Lisa shared with us the 5 styles of BI, which matures to a utopia of ad-hoc self-service information delivery via dashboards that are tailored to the needs of the customer. CIHI has achieved this goal, but skipped a number of steps to get there so it is still evolutionary. Cancer Care Ontario is cited as another case study who did follow the maturity process for BI. Monitoring and wait times and improving access to care is provided with iPort and iPort Access tools made publicly available. this has been expanded across other Provincial health bodies to provide all wait times including Emergency.

Mobile devices and BI availability is creating the consumerization of health care in Canada. Individual delivery of key outcomes for health care are available to mobile devices and web portals. This is maturing rapidly in the US, and starting to see adoption in Canada as cited in the above examples.

Lisa proposed the concept of leveraging cloud computing options for healthcare BI. The standard arguments around elasticity and cost reductions are leveraged. She raised the point of security, but it wasn't addressed much further than it normally is in that, it's important.



MyHEALTHPlan Pilot Project at FHA

Colleen and Philip discussed the shareable care plan initiative that FHA is initiating, called MyHEALTHPlan.
It is a demonstration project aimed at improving patient access to quality care for those living with chronic illness. A key point was the involvement of GPs and improving access to resource libraries and active care plans between GPs and patients.

The pilot area was White Rock South Surrey to keep a manageable but realistic scope. 675 individual care plans were created, 550 patients registered online, which exceeded the project goal of 100.

The purpose is to leverage and enhance the chronic care provided at GPs offices, and ensure that the information that is relevant to the patients is accessible easily to the patients.

The results showed increased involvement of the care providers, and increased personal responsibility of patients. Provider capacity was also improved by leveraging efficiencies of self service and remote health. Integrations into the EMR provide wholistic, timely, and thorough information to the patient and medical practitioners anywhere the patient goes within the FHA. The patient is provided with one complete care plan to enable better self care.

Physicians are provided with evidenced based care tools and plans. Philip shared some patient and physician testimonials attributing the success to the shared engagement between the patients and their family physicians as a model that is based on an existing foundation of trust. Having the physicians enroll the patients in the program adds the personal touch that enables success by helping patients feel empowered. The reality that 500 65+ year old patients are actively accessing data from their EMR and contributing to their own health care online is astounding to me personally. While the system today in pilot is developed around chronic illness, I would be happy to leverage this for my own non-chronic health care management.

I see a strong alignment between this initiative and the St. Joseph model discussed earlier today.

An annonimized data repository to determine analytics of patient outcomes and other data for governance decisions is invaluable, and an intelligent use of the data collected. Making this data available to researchers would be a valuable extension in research on chronic care in my eyes. Hopefully this is being considered.

Next steps are introduction into ambulatory care, integrating home health case managers, and working with family practice to increase their involvement.

The project is currently on the cusp of being moved from project to sustainment (operations), confirming the hosting arrangement, and expansion.


Dan Gonos and HPs Vision of Healthcare Futures

Dan gave us a story about poor patient care based on a lack of connected and shared information between various aspects of health services, that don't show a continuum of health care to the patient.

Key take aways were based on ease of data entry for practitioners, bridging the information gap between primary and acute care, and establishing continuity of access to EMRs between all your health services areas.

Health consumers, or patients, want to drive the progress to better information more accessible to themselves and their health care providers which should result in better quality health care.

Change in health care is being driven by evolving business models, a changing workforce, and technology advancements. Intimacy with the customer is being created through rewards plans in the business sectors outside of health. Remote medicine advances enable contiguous and equal health care access regardless of geography.

We are encouraged to find and read his white paper on Enterprise 3.0 and how that is the highest elevation of cloud computing.

Dan suggests the next trends in healthcare convergence is facilities, medical, and communications convergence ensuring that patient care is optimized as the health journey moves throughout various locations and practitioners. This is the same message I received in Vegas a couple of weeks ago. Dan claims that a coordinated care mode of patient care can save $10k per patient per annum. The motto is pitched as the right care at the right place at the right time and the right cost.




- Posted using BlogPress from my iPad

Location:Kelowna, BC

Western Provincial Supply Chain Collaborative Successes

HSSBC was created in 2008. In 2009 BC and Alberta created an informal alliance for supply chain best practices, and in 2010 Saskatchewan and Manitoba joined in, and later that year the group became pan-Canadian. The model is self governing and the report is that success has been achieved in the past year.

Susan Antosh, the President and CEO of Saskatchewan Association of Health Organisations
Doug Kent, VP of Supply Chain for HSSBC

SAHO is now procuring 50% of all goods and services through a centralized process for the province of Saskatchewan. As of March of this year, 7% of all goods and services are procured in conjunction with the other Western Provinces.

HSSBC has standardized with the other western provinces on the use of an external partner, HealthPro to assist in the management of the vast amount of purchasing and supply chain management required. The volume of work was simply too much so external help was needed to gain efficiencies.

After two years with this strategy the savings are noted to be $150M.

HSSBC stated that clinicians are brought into the collaboration and decision making around supply chain and contract awarding to ensure that patient value is a top priority in the awarding process.

All three western provinces are given the ability to work on behalf of each other, share as many plans as possible, and gain efficiencies as a group. Sharing more than procurement, but logistics as well is a key goal for the near future.

Doug's update on the Pan Canadian collaboration informed us that in September of 2010 all provinces and territories asked HSSBC to evaluate the feasibility of a pan Canadian option for purchasing and logistics. Three models are being evaluated today. Having one agency take a lead on different purchases and negotiations, collaboration with GPOs, or having the GPOs run the whole process with governance by the collaborative are the three models in play. We should expect an update by next year on the model of choice.

The impact on the marketplace to date is considered to not have destroyed the competitive nature of the marketplace, that said, it is acknowledged that there are winners and losers, but that the process is fair, accountable, and transparent.

- Posted using BlogPress from my iPad

Location:Kelowna, BC

St Joseph Health and Community Well Being

Elizabeth Glen-Bottari and Maracie Wilson from St. Joseph Health System in California share input about upcoming public policy in California focussed on how community well being can be a transformational healthcare strategy.

Elizabeth proposes that when under economic stresses, the state or province can turn to personal health as it is far more cost effective than healthcare. People need to feel they have a personal responsibility to engage in managing their personal health. Healthy people should remain healthy, people who are not healthy should not get sicker. Responsibility, prevention, early detection, and easy access and understanding of healthcare tools.

Wellness and health improvement is delivered via virtual Telehealth, and community care, integrated medical fitness, and worksite health promotion.

The theory is that the are three spheres of influence for wellness and health improvement. The first is individual, with wellness and integrated medical fitness, and virtual medicine. The next sphere is group health, with population health management, worksite health promotion, and disease management. At the highest level is population, with healthiest communities and access to care and safe environments.

Practical examples are fun challenges such as pedometer individual, family, and community challenges and healthy eating examples.

And integrated medical fitness centre is a comprehensive plan available in three different scales. These sites focus on prevention, rehab, and and fitness services via staff and equipment that provide integrated health therapies to meet the needs of the community, regardless of their current health state. They are not limited to the buildings, but get out into the schools and community centers to share these same practices and wisdom in commitment to health.

Every strategic plan and action has a return on mission as well as return on investment to ensure that the goals with respect to improving the quality of life for the community are also a focus along with ensuring economic responsibility.

Queen of the Valley Wellness Centre is the case study in Napa.

Quality of life, functional capacity, morbidity and mortality, health care utilization, revenue enhancement, and cost avoidance are all metrics tracked for success.

Cisco and ATT are both partners in their telemedicine program.


Maracie spoke about the worksite health promotion, inspired by Dr. D. Eddington's research form enhancing employee health. The mission is considered as a serious economic strategy, to avoid $20M in employee health benefit usage.

The primary focus is a web based health education, coaching, incentives, activity tracking, health risk assessments, and biometric screening. The approach is carrot and stick, where there are some prizes and rewards, but mostly there are higher health premiums for those who do not contribute. This model is more focussed on a US style health system, but can be adopted to a Canadian strategy.









- Posted using BlogPress from my iPad

Location:Kelowna, BC

Partnerships BC Update

Larry Blain, chair of Partnerships BC

PPP in BC spend is about $1.5B per year, a significant price of the overall $6B spend provincially on capital projects. The program began in 2001.

Any capital project that is $50M or more in BC needs to be analyzed whether it is applicable to be a PPP.

35 PPPs are underway or completed in BC to date.

Innovation, efficiency, and transfer of risk must be offset by a higher cost of capital. Partnerships BC has been optimizing the contracts over time to ensure that the minimum amount is used to offset the risk transfer, it is a continuous improvement process.

Procurement includes project boards for business governance which speed up the potential bureaucracy and collaborative process. Financing is optimized with the inclusion of an affordability line, which was implemented in the Sea to Sky Highway project. A budget was allocated over the 20 yr contract, and the business partners were asked to commit to a fixed amount of improvement per dollars over that period to manage cost over runs. This model has been adopted into healthcare PPPs.

Clear evaluation criteria are set up front, documents have been standardized, all to ensure a fair and transparent service.

Abbotsford regional was the first example in healthcare. Royal Jubilee is just completing, and is the next one up. Surrey Out Patient, Kelowna, and Vernon hospital upgrades were all healthcare oriented PPPs. Next up is the BC Cancer Agency for the North, and Ft. St. John.

Surrey Memorial project was the first project where a new process of awarding points for design and budget optimization was used by Partnerships BC.

a new evaluation framework is under development for the next RFP which will balance facility cost with clinical operational efficiency and enhanced patient outcomes. This is evaluated and awarded as points to bidders.

Www.partnershipsbc.com is where you can sign up for newsletters and updates on projects.





- Posted using BlogPress from my iPad

Location:Kelowna, BC

Monday, June 27, 2011

Zeva Mah, Business Intelligence at AHS

Zeva is Dealing with an information explosion which has lots of data with little information, and security and confidentiality concerns at Alberta Health Services. How is she dealing with these challenges?

Quote from Henry Ford "if I had asked people what they wanted they would have said faster horses."

Very applicable to anyone who has ever tried to gather user requirements.

Change is started effectively if you outline the problem, the fix, the impact, and how to achieve the solution... What to continue, stop, do differently, and what to start. We are encouraged to look for solutions that resolve pain points, provide long and short terms gains, clear value, fit with organizational goals and architecture, and can be managed within the current existing capabilities in the organization.

So what does this have to do with Business Intelligence? By optimizing the process for gathering and documenting requirements at the outset of IT providing services to business units, and following the principles discussed, the information that groups really want can be provided. IT can focus on just exactly what is needed, not what business units might think they want.

Delivering business intelligence means defining wants into needs, delivering timely information from data, and helping business units increase their productivity with just the information they need when they need it.



- Posted using BlogPress from my iPad

David Oh, and the Consolidation in Alberta Health Services

First point was David speaking about how healthcare has some of the brightest, most passionate people who work with some of the most slowly moving changes.

David described the various challenges of consolidating multiple health authorities like the show "Big Brother" where several unlike people are thrust together and told to find a way to work together while the world watches.

Procurement consolidation is complete, completed in 12 months to consolidate 12 different entities into one set of processes and governance.

Now many different and disjointed consolidation efforts are underway, and the key issue David notes is that the overall consolidation approach was not ideal, so they are resetting where they can without risking the overall project.

Technology is now the focus, and a strong strategic vision around business intelligence to enable tools for the entire organization. Additionally, in parallel the alignment of process and governance and standardizing IT service delivery is taking place.

The model David shared for consolidation of IT services was inspirational. I'll be making good use of his slides post conference. The workflow is data quality, data governance and mastery, consolidated processes and systems, and finally, where he is headed next, integrated service delivery.



- Posted using BlogPress from my iPad

Location:Kelowna, BC

Dave Nikolejsin, CIO of BC

An enabling infrastructure for better health care in BC

Noted to start, that Dave is leading province wide identity management strategies. There's some interesting potential discussions here. And were about to get into them here...

Multiple cost drivers, capital pressures, aging citizens, availability of skilled staff, spiraling costs of drugs and diagnostic equipment, increase of chronic conditions drive costs.

Dave asks, why are we telling you this again?!

The intent is to focus on one aspect that we can address. We are bumping up against the wall on the next steps in eHealth. Dave proposes we change the approach continually taken up to this point.

Dave took us to a discussion on federal financial management to set the stage for his discussion around BC Healthcare. The problem today is that usernames and passwords are broken. Most people have 25 different passwords, or use the same one over and over again. The costs of identity theft is rising, as is cybercrime, and the heads up is being given that very soon the ownership of the costs of these things will be turned back onto the consumer.

Most organizations are no longer interested in the anonymous Internet from commercials entities to public services. So how do we add an identity layer to the Internet? Privacy is addressed immediately as a right and top priority for BC government. Confidence and trust are huge issues, given the state of data leakage in the world today. We cannot afford to solve each identity management issue throughout the public sector piece by piece, and private sector policy setting is bringing all key players to the table, so a solution should be based on something definitively authoritative and trusted.

In BC, the debate is now over. Government needs to lead, and we've learned from the paper world how to do this. Investments will be necessary, and alignment and leverage are crucial with public and private sectors.

Trusted identities provide a foundation to enhanced security, improved privacy standards, and ultimately achieving economic benefits.

Check US national strategy for trusted identities in CyberSpace. January 2016 is the go date for this to be live, and BC is working closely with US partners to learn and collaborate. From an architectural standpoint, the solutions are being designed ground up to be secure, reusable and standards based.

The health system is where this starts in BC. BC is known to have the strongest links between central IT architecture and planning and health services. Health can focus on health issues, and the CIOs office can focus on central ubiquitous issues.

The health cards are linked to drivers licenses because there is a sound identity proofing process in place there, at least much more sound than the existing process for BC Care Cards. The method is to see economic gain for the provincial government by providing leadership in identity management, and having the private sector come to the Province to leverage the solution.

The quid pro quo with the banking industry is that the readers for the tap devices will be provided by the banks, and the data will be managed by the Province.

I look forward to speaking to Dave further to get any insight on involvement with higher Ed initiatives. I had the chance after his presentation to exchange credentials and get to briefly discuss how the initiatives around identity management and contiguous wireless access can be collaborated in with the work Dave's team is undertaking. We will be having further conversations.


- Posted using BlogPress from my iPad

Location:Kelowna, BC

Panel Session on Personal Health Promotion

Marie Root, Executive Director of Operations, HealthLinkBC
John F. Martin, Director of IT & Telecom, HealthLinkBC
Steve Sagodi, Mustimuhw Solution Architect, Cowichan Tribes
Kevin Craft, International Business Dev Mgr, Health Solutions, Microsoft
Bruce Forde, President & CEO, Cambian Business Services Ltd.

HealthLinkBC

Personal health promotion is about dealing with enormous increase in healthcare expenditures, leveraging public support for citizen engagement, and identifying patterns of health and illness and the associated factors at the population level.

Citizens wish to take charge of their own health, and care providers wish to embrace evidence based medicine for identifying risk factors for disease.

So Marie came up to explain how HealthLinkBC works, and how it has been growing since it's launch in 2008. Services are 24x7 health advice and information via telephone.

Www.HealthLinkBC.ca is the web portal for self service health care inquiries. Dialing 811 in BC gets you directly to the HealthLinkBC line. An RN is available 24x7, pharmacist is available 5pm to 9 am, and dietitians are available during business hours.

Much of the IT work is outsourced to private IT service vendors.
A unified communications platform is being initiated this fall, on top of the existing substantial VOIP platform in place today.

The existing WebServices platform is outdated, but the move to more collaborative and information rich (Web 2.0) platform is the direction moving forward. Data is collected from all the HAs with the goal to become a central knowledge base for clinicians around the province.

The strategies are:
Standardization of telephony, software, hardware, and data models.
Single enterprise call rrecording system
Virtualization of systems using vmWare
Intelligent call treatment and management
Currency and redundancy, BCP and high availability
Best practices such as ITIL

The success story for the infrastructure underpinning the service is around the H1N1 pandemic situation, and how well the systems and services provided results to a very emotional demand for service to the people of BC.

First Nations cEMR

Steve came up and spoke around Cowichan's cEMR called Mustimuhw.
Cowichan is a national leader in health care technology and EMR. This system has been adopted by 56 other first nations. It was noted in a Video that members have equal rights and responsibilities in EHealth initiatives. I'm not clear on what that exactly means when the rubber hits the road, but I think the idea is based around easy availability to the health information for the members, and collaborative health goal setting and monitoring.

The system discussed is used for the nation members across all health disciplines, and the system is designed to be culturally sensitive to First Nations. Terms and pictures that resonate with First Nations members are used throughout the system. goal setting and success monitoring tools are available as are delivery of notes to the Members to ensure they feel included the management of their own health care.

The systems architecture is based on the concept of disconnected use due to the travel requirements to areas with little or no network connectivity by the clinicians.

The personal health promotion aspects discussed earlier as the equal rights and responsibilities layers up to community health care management and reporting, providing better insight into the overall status of health in First Nations.

The Power of Consumer Health, Microsoft

Kevin stated that people have difficulty understanding and acting on health information & 80% of Internet users seek health related information online.

the platform advertised is a cloud based health repository called Microsoft Health Vault. It is live in the US, UK, Germany, and a fees other countries. Not Canada. My personal health information in the cloud. Hmmm, not sounding good to me yet.

It is Canada FOI approved, and used in hospitals in the US such as NYP (myNYP.org). In Canada, Telus is involved as the exclusive partner, the platform is called TelusHealthSpace.com. The concept is that EMRs connect to provide connectivity to the health consumer, particular vendors of equipment such as LifeScan interconnect as well for real time data availability. Data is automatically uploaded to your account, and forwarded to your EMR, if it is interconnected. medPalz is a children's health social network that is also interconnected.

In summary of the Microsoft/Telus offering, it's certainly become more interesting, but I'm interested to see how this kind of solution will work alongside the HealthLinkBC solution. In fact, I'd be questioning a bit of the commercialization aspects because it seems that to be really effective in improving the quality of healthcare, and not just lining Telus' pockets, there needs to be a more open solution that allows any EMR and hardware vendor to interact. I'll be curious to know what this service costs an individual as well.

A question was asked of the HealthLink people as to whether they have any measurement on how much HealthLink may have reduced the demand on clinical services in BC. Marie stated that they don't really know where the patient ends up, and if they came there directed by HealthLink. They keep statistics on how patients are advised, and hope that the advice is followed. John added that a certain percentage of the callers regarding the H1N1 situation noted a satisfaction with the information given, and that they would not be going to the hospitals or clinics. This is not backed by any numbers other than "substantial" but seems to be a good start. I think the message is clear to HealthLinkBC that the people attending this conference and providing health care services to BC would like to understand the value.





- Posted using BlogPress from my iPad

Location:Kelowna, BC

IBMs Watson and Healthcare

Jeffrey Betts, business development executive, IBM Healthcare and Life Sciences.

Evidence based learning, and decomposition of questions to formulate stronger hypothesis.

Discussed the Jeopardy! appearance of Watson. Noted that structured KB approach is only accurate if the question is framed really well. Watson is based on a massively parallel probabilistic evidence-based architecture.

The question is broken down, statistically analyzed, a hypothesis generated, and if a probable answer can be generate din under 3 seconds it rings in.

The hardware for Watson was not purpose built, and does run on Linux. So how does this apply to healthcare?

Diagnostic assistance, evidenced based, collaborative healthcare.
The information challenge for physicians has evolved from not enough information to too much. The human cognitive capacity is 5 facts per decision, and we are outpaced by the volume of information available.

We all suffer from a Bias Blind Spot that limits us from seeing our own cognitive blind spots, so having a tool to help us overcome that is invaluable.

DeepQA Medical Pipeline process being developed at IBM. The workflow starts with case analysis, and follows the same general principles. Nuance speech recognition is being applied to the Watson technology to enable a more human interface.

IBM notes that this is a heavy lift to have clinicians adopt the concept of DeepDx. A case example from the NEJM was illustrated. Watson started by sourcing out symptoms and adding them to the diagnostic model. Family history added, patient history added, then medications and side effects added. And lastly lab findings are added and the confidence in a diagnoses rockets.

It's like watching a PBL session take place in a fraction of the time. There are risks in having such a system replace the human cognitive approach, but as a tool to support that process, this is valuable.



- Posted using BlogPress from my iPad

Location:Kelowna, BC

First Nations Health Council, Michelle DeGroot

Michelle is the executive director of Health actions. Presentation proposed was changed up from original agenda around eHealth. First Nations tripartite health plan was discussed. the FNHC, federal, and Provincial governments are creating agreements that are expected to be completed this summer. 5 regions mirroring the Health Authorities are created, with three reps from each region. They have four pillars of governance, one of those four is a grouping together of all federal, provincial, and other bodies.

She stated that the media claims the first nations are all sick, and Michelle feels this is a poor representation of First Nations. The claim is that consultive grass roots processes are in place to focus on wellness.

A framework agreement is in place as of a month ago to transfer first Nations health care responsibility to the First Nations health governance bodies.

A health actions plan is in place to deal with29 action items which include access to physicians and creation of health care facilities. Also looking at eHealth for central administration of BC first Nations health care records. They are also setting up work with the universities to access education to create opportunities for First Nations to gain the health care education they need to staff the system, and create cultural awareness for non First Nations future practitioners.



- Posted using BlogPress from my iPad

Location:Kelowna, BC

11th Annual Western Provincial Healthcare Summit Keynote

Arrived for the 07:30 start but apparently that was more of a suggestion, as by 8:15 half the vendors weren't even at their booths, and only a small handful of attendees had showed up. So I've secured myself a good seat for the general session, and am getting ready to take notes as I listen today to:
Success Stories from the Western Provinces featuring Dr. Robert Halpenny, President & CEO of the Interior Health Authority; Graham Whitmarsh, Deputy Minister of Health for BC; Dan Florizone, Deputy Minister of Health for Saskatchewan.
Dr. Halpenny introduced Dep Minister Whitmarsh.
Whitmarsh has only been in the post 3 months. He came over from the Finance portfolio. He has stated that the plan for Healthcare in BC remains constant. BC holds one of Canada's healthiest populations. However we still have over 44% adult obesity.

The current system is crisis based focussed on acute care, and not preventive. Also noted that we manage the health system differently than the patients experience it. The strategic plan remains to drive productivity and efficiency across the system. The entire map of the strategic plan was shown; it was certainly not easy to digest in a quick glance. The last update was as of March 2011. The plan is available online, and is worth a review to understand alignment between that of FacMed and the government over all strategy. 15 key result areas in the plan to be aware of. All HAs are asked to align their strategic plans with this plan.

A key point is a drive to a change in funding mechanisms. Major shifts in costs are made through thousands of small decisions. A new generic drug deal has been made, and major milestones in eHaelth will be achieved next year. Next year there will also be a smart health card available.

48% of the overall government spending is Health Care in BC. The demand for services increases by about 6% per year. The rise in Health Care budget this past year was more than the complete budget for the judicial system.

Insert plug for HST. The ability to continue to fund Health Care services was linked to maintaining the HST.

Health care resource need was linked most closely to general inflation and health inflation specifically. This was interpreted as good news as these are discretionary and controllable, and aging and general use increases make up 1/3 of the overall growth, giving us the ability to manage 2/3 of the growth.

A commitment was made to stick with the overall strategic plan as they have been, and not change horses midstream.

Dan Florizone was introduced. Dan is also a board member of the Canadian Health Patient council.

Dan suggested that we've had a fundamental rethink across Western Canada on health care in the last few years. He referenced the Patients First review, and noted that looking at things from a patient point of view is still a fairly new mechanism, and is only now maturing in it's approach.

First issue is that we need to fix access to health care.
Secondly, that we need to repair the overall approach to managing health care.

Dan discussed the metrics used to measure healthcare, and said that our traditional approach within government to compare only within Canada is useless and doesn't challenge us to grow.

We need a fundamental change in our thinking within healthcare in western Canada where we place the customer first, much like private sector vendors.
Dan stated that we need to consider that if things are free, the appetite is unending. We need to rethink the patients perspective in what they want. We think the they want specific services, but what they want is restoration of health, and not being a patient in the first place. It's a bigger picture view that is needed. We need to consider the whole of their health care journey.

Swedish healthcare system has a poster patient named Esther and each meeting or conference ends with "how did this help Esther?" This is an approach to personalize the over all solution to healthcare delivery.

Dan discussed an example of a situation where admittance in a hospital for a patient is improved, but it's only a partial and ineffective optimization because the overall situation is addressed. Esther can be admitted faster, but if the treatment time remains the same, or there's no improvement in post visit care, she sees no change overall and in fact may have longer waits.

We need to be careful not to micro focus and suboptimise solutions, but balance that with still improving Esther's journey.

In summary, Dans approach is to take a standard business view where we want to focus on the overall customer experience and fix it by having everyone fix their areas while keeping the big picture of how those improvements leverage each other.

A parallel was drawn between the airline industry and health care by Graham. He noted that success in the airline industry is achieved by what you do with the plans on the ground, not while they are flying. Also that engaging the clients is vital, but they will always talk about where things are today, but not where we are headed tomorrow. We need to balance the needs of today with the needs of tomorrow given how long it takes to apply significant change. Another point discussed was the difference between how pilots are engaged in the business of the airline and co dependent on the success, but that physicians are funded separately. It may be a model worth considering.

Dan spoke about a visit to Boeing where they looked at how the processes of building planes could be applied to helping patients. Dan made the point that while we may feel that health care is different and special and the models in the business world don't apply, he stated that's not true and we need to look for alignments and application of the things learned in commerce to health care. That visit was followed by a. Visit to Seattle Children's hospital where they have adopted a similar approach and noted 45 minutes from door to disposition.

Dan summed up his thoughts by saying we need to responsibly consider what patients REALLY want when they ask for specific services. What is at the root of their health care service requests?

Physician extenders and nurse practitioners were discussed in the sense of what the public appetite may be. Dan stated that nurse practitioners have been well received in Saskatchewan. Physician extenders have not been applied yet and he's not sure what the appetite will be. Graham said that BC would be a welcome ground for both ideas, and that it's a major priority for BC. dan argued that a team approach is crucial to overall health care success. He discussed models outside of Canada that are not successful because groups of people are forced to work together, but do not function as a team from a patient perspective. A lack of sharing information is detrimental to health care operating as a service industry.

Diane Doyle from Providence Healthcare in Vancouver asked what they think the skills and attributes needed by health care leadership are, and how do those get developed and transferred to staff.

Graham started with an observation around a lack of trust. Between HAs and Ministry. Frustration around perceived lack of organization certainly fills into this. Dan stated that collective planning is vital. Trust, hope, and an ability to rethink because solutions will come from the front lines.

A question was asked for progress updates on eHealth. Graham restated that key delivery milestones will be hit next year. There wasn't a specific answer. Dan said that automating broken systems just moves crap more quickly. It was pretty insightful, while obvious, and hopefully sinks in a bit as to what he's really getting at.

Dr. Halpenny asked the speakers how we align more closely with the private sector to achieve win-win scenarios for the patients. Dan challenged the vendors in the audience to think about how to bring Esther's perspective to meetings with health care professionals.

Mike Emery from MedTronic Canada asked where we sit with respect to remote monitoring, and how HSSBC will adopt improvements in technology in a way that the total ROI (or total cost of care) to the patient is considered?

Graham stated that remote monitoring is a key initiative to be undertaken. It will be be next major project undertaken starting next year. Graham also stated that in BC, any new technology is vetted against the strategic plan and should have a view to the total cost of care before adopting. Dan stated that centralizing everything may not be the ideal answer. Distributing care aspects via remote monitoring is important in how it can bring together virtual groups across Canada to focus on care for individuals.

The comment came up from Graham that we do not in BC have any good metrics for tracking the cost of provisioning health care to our citizens. W simply don't have the granular information we need to make the timely financial decisions.

Telus posed a question about how private sector integration and partnership can increase efficiencies. Dan said it's important to understand the concepts of value chain and supply chain. Stick to those things you are good at. There needs to be more outsourcing of peripheral services like cleaning, parking, etc. And have the health sector focus on health services. What is in the best interests of Esther?




- Posted using BlogPress from my iPad

Location:Kelowna, BC

Friday, June 10, 2011

HP Discover and Client Virtualization and Win 7 Migration

There was some useful theory off the start but once the demo failed and we started to shift into a presentation focussed on AppSense's product, my attention went into a deficit.

Presentation by AppSense, an HP partner.
Key problem noted as the drive to support multiple mobile platforms, this is enabled by virtualizing the desktop. IT client side support is 80% of the $1,298 per annum cost per user. We are experiencing an explosion of unique user devices, per Gartner report. The focus was shifted to end user management in storage, desk side support, and security being the most volatile cost aspect in managing end user computing. The theory proposed is to manage the user, not the devices.

Persistent desktop is the current trend in implementation. Decoupling the user from the apps, OS, and device is the methodology proposed to achieve performance and service delivery improvements.

Define and manage the "digital DNA" of the users environment. Personalization, policy management, user rights, user data, and user installed applications. These are the five key criteria AppSense feels need to be in place to achieve virtual desktop implementation.

AppSense states that virtualizing your users is not migration, but a one time change to reduce the scope of migrations in the future. Challenges with the demo planned caused a lengthy delay, but we now resume the speaking without a demo.

Core point is to tune what the users are doing with their digital DNA before migrating.

Speaker then proposed that when you try to do everything in policy management with GPOs and login scripts, you have to account for all possible scenarios. Example is automatic remapping of printers based on location specific data. The theory is just in time to match match use case requirements instead of just in case at each login. You can also control where and when certain applications are used and when they are not.

Policies can be created such as "when a user launches app a, map drive d to their account. When they quit the app, log them out." The migration benefits are based around fewer images, less storage, and better management and administration. The speaker takes us into the application itself.

I suspect we are now getting into the cusp of a software sales pitch. Several people are starting to walk out and I'm torn between being polite to the speaker and sitting through the rest of a session I'm no longer interested in because it's not moving where I had expected it to, and my desire to go home after a long week in Las Vegas.





- Posted using BlogPress from my iPad

Location:Las Vegas, NV

HP Discover and vSphere Trends and Previews

VMware looks to it's largest customers to indicate what the overall market trends are. Customer deployment trends have been tracked since 2008, and leverage the usage reports to create this information.

VM density per host has hit a plateau and is now is trending down, reasons are expected to be based on maturity of practices in virtualization, and a cap on application requirements stressing the virtual environment. Also, conservative scaling of VMs per host as organizations feel out their comfort zones with the workload per host was suggested by an audience member as the reasoning from their shop.

The trend of tier one apps being virtualized is a huge and growing number of customers reporting that they've virtualized core business applications in production, the key application tipping point was noted as being when SQL servers started to be moved to the virtual environment en-masse. SQL Server 2008 is the single most virtualized Tier 1 app, and Oracle is the least. Interesting that those are the bookends of this trend. The question was raised how much the data was skewed by SQL server sprawl, and it was acknowledged that it may be in part, but in fact getting to a maturity level of having the hosts virtualized helps us as IT managers be in a position to consolidate DB servers.

A discussion took place in the room about the challenges of dealing with an environment with a dependency on Oracle but a desire to virtualize. It seemed to come down to the most common reason people aren't virtualizing Oracle apps, is the complexity of the licensing model from Oracle making us want to just leave it alone.

Conversation wandered a bit further and the discussion touched on the footprint growth taking place when organizations move from Windows 2003 to 2008, which seems to be an increase in memory and storage needs to support the same number of hosts, largely because of how the memory handling architecture has changed to a more block oriented concept.

Next area that the discussion trended to in the room was about how the organizations represented have had a top down virtualization requirement set in their organizations, where any new server requested is by default virtual unless a business case can be made otherwise.

Eventually the discussion stalled out with someone starting a semantic debate with the presenter over how best to gather the data. The presenter showed some great skills in putting the discussion aside and focussing back on the relevant topics.

Most used features of vSphere used today are HA followed by Distributed Resource Scheduling and storage vMotion. Interestingly, the fault tolerance feature is one of the least used, and this is attributed in the room to the maturity, functionality, and reliability of the feature. Network and storage IO control are the two least used features. This conversation led me to think that each manager responsible for this solution should walkthrough the vmWare infrastructure with their admins and understand which features they are using today and why.

An interesting Gartner quote is that virtualization was the most discussed infrastructure topic in the past, but has been superseded by discussions around cloud computing. This to me seems a natural evolution of the same topic, but it's important that your organization top to bottom understands that.

HP, IBM, then Dell are noted as the top three platforms for building vmWare on. Noted that 2x and 4x quad core are the CPU configurations with the largest installed base in the customers surveyed. Now interesting to managers, the vm to admin ratio has been growing, and the number today seems to be at 288 VMs per admin as of q1'11.

Latest findings indicated adoption of vSphere 4.x is at 62%+

Plans for vmWare are around better levels of controls in the virtual environment to increase operational efficiency, understanding that the vm to admin ratio is growing, and a development in the ability to manage your compute resources to SLAs via policies in the virtual cloud infrastructure. The speaker regretfully noted that he has not been provided material to share anything further with us, as an announcement on roadmap is pending within two months.










- Posted using BlogPress from my iPad

Location:Las Vegas, NV

Thursday, June 9, 2011

HP Discover Closing Keynote

Keynote started off with a mix down of images and audio from the show with pop culture and world music. Jake Johansen came out to emcee and had some laughs poking fun at Bill and HP software, noting that the only part he gets is that something is wrong when the font is red.

Jake poked a bit more fun at Intel and their new 3D transistors asking why they wouldn't be 3d in the first place unless they've already been defying the laws of physics.

HPs head of research Prith came out to discuss the future of the connected world and HPs vision. The catch phrase of seamless, context aware, mobile world came up again. Also known as the seamless, secure, connected world. Depends on the audience I think.

Connectivity: the expectation is to be always connected. The desire is for a seamless transition experience.
Cloud: the expectation is efficient, flexible, computing resources. The desire is for information technology to be a utility as simple to use as electricity.

printing and content delivery, mobile immersive experience, cloud and security, information analytics, and intelligent infrastructure are the focus areas for HP research.

Mobile and immersive experience. Big bets are rich and intuitive user experiences, and focus on gesture, speech, and touch interfaces. The displays are glass based displays today that are heavy, but reflecting ambient light through a flexible light fabric. In addition there is continuous view, glasses free 3d imaging.

Seamless collaboration and social computing technologies are brought together in context aware information sharing concepts.

WebOS is trotted out again, this seems to be the big bet for HP.

The big bets in cloud computing are the Cirious platform of enterprise cloud computing. Storage in the cloud is being designed to be more scalable, dynamic, and secure. The security has a requirement to be more automated without increasing risk. HP recognizes what we've known all along about cloud computing, is that in the managed cloud community, until security and the auditing thereof can be established without doubt, very few apps will move there. HP has launched the G Cloud as a way of marketing to federal sector users that there is a cloud solution for them.

Information Analytics wants to tame and exploit the hundreds of terabytes of data collected monthly, weekly or daily. Manual ontologies have become limiting in enterprises, so HP is working to automate them. Moving at the speed of business to calculate business intelligence scenarios, includes the analysis of live social media channels for customers sentiment, intention, and behavior to optimize CRM in real time. HP claims to use this system to predict box office revenue within 10%.

Intelligent Infrastructure leverages radical new approaches for collecting, processing, and storing data and next generation data centres. They expect exascale, 1,000x performance gains, including memristor non volatile memory replacement for DRAM, disk. CeNSE is nano scale level sensors creating a central nervous system for the Earth. CeNSE is used today for oil exploration, and HP is looking at new uses.

HPs big bets for networking and communication is flexible programmable networks, which are open, programmable wired and wireless platforms. Photonics is making it's way deeper into the network with copper continuing to be replaced. Last month at InterOp, they demonstrated the switch backplanes replacing the copper with optical backplanes to see significant performance improvements.

The future of printing inHPs eyes is a move to automated publishing where intuitive, personalized, intelligent content is extracted.

Lastly, we address sustainability. The big bet from HP is sustainable data centers.


- Posted using BlogPress from my iPad
Location:Las Vegas, NV

HP Discover and Cloud security challenges and how to manage them

Presented by Jan De Clercq, Architect at HP TS.
Discussed the three deployment models, and service models for cloud computing, commonly recognized.

The main security risks are blasted through in the presentation from infrastructure to governance and compliance,

The model illustrated is that you build security in IaaS, but make it part of the RFP in SaaS, with PaaS somewhere in the middle.

infrastructure security adds a new item of virtualization layer security in addition to storage, application, host, and network and as your architecture moves from on premise private to SaaS the responsibility of these for the vendor increase.

With network security in a cloud situation, ensure data confidentiality and integrity HTTPs suggested. Revision of security zoning is recommended, with a look at defining security domains.

In the host level, new challenges include a new approach to patch management and vulnerability management. The velocity of attack factor is much higher in a cloud architecture. Validate CSP security controls against ISO 27002 framework and similar standards when using a solution beyond IaaS.

The Browser is the highestbrisk point from an application security perspective. Security must become part of the SDLC. Beware DOS attacks from dark clouds, and economic denial of sustainability attacks. Firewalls, IDS, virtualization layer security, logging and monitoring, and vulnerability scanning are the key skills and technologies to invest in. We should also focus on ensuring browser patching and security are fore-front.

We moved to the topic of security management, with focus areas in availability, access, and vulnerability.
As a customer, key challenges are in defining security controls, and how to leverage the sec management tools in place today. Getting started we must understand our IT layers and data management and flows. When managing availability, understand the CSP methods for communication of outages, and the allocation of resources the CSP has in the event of a failure, so that you don't lose your critical resources for someone else.

Consider the who, why, and how of accessing the resources, and how you will audit that access over time. While aspects can be moved to the responsibility of the vendor or CSP, ultimately you are responsible.

The access device becomes the primary point of patch and security remediation management in a mobile cloud centric computing architecture.

The biggest challenge of IDM in the cloud is that the trust boundary has moved. Federated IDM helps this, as does better access controls, governance, and auditing.

To get your IDM ready for the cloud, consider standards such as SAML 2.0, SPML for automated provisioning, XACML for accounts rights management, and OAuth for cross CSP identify data access. But first it is vital to clean up your internal directories, and consider a multiple protocol identity management platform. It is reasonable to consider identity service provisioning as a cloud based service. Amazon EC2 is an example to consider.

For data protection and privacy in the cloud, understand your data classes, and states. Encryption is important but may be challenging for application specific stores, so it's vital to include this in the cloud app architecture and design. Additionally, ensure you have a plan to monitor and test data removal processes with your cloud service provider, and test it regularly.

The way you are protecting your data today likely doesn't translate to the cloud. Access, compliance, storage, retention, destruction, audit, and how to handle breaches are shift in paradigm. Subjects have the right to know what PII is stored and request you stop keeping or processing it, and you need to be aware of how to make this information available.

Governance, risk, and compliance should be the first things you think about. Start with risk assessment, understand that delegation does not allow you to abdicate responsibility.

There are a multitude of compliance standards, you need to know what is applicable to your business and how to assess your environment against the. You need to know how to monitor and report on your controls and adjust as required.

IT and business both need to move together to a service oriented model before you can move to the cloud. Again, we hear the message of starting your cloud journey with non sensitive data and establish god governance there before even considering anything else.

CSA, ENISA, are both referenced as good places to start to understand aspects of governance around your journey to move apps and data to the cloud.




- Posted using BlogPress from my iPad

Location:Las Vegas, NV

HP Discover and The impact of cloud services on disaster recovery

Another potentially interesting session with the second least desirable timeslot. Least would would be tomorrow at 08:00.

Julien Furioli from PWC presented, he is the architecture and DR practice lead. He assured us that the content here is from the field, and not based on studies or external research groups.

The focus is on financial and retail industries, the challenges and opportunities for cloud and DR and BCP.

Cloud based opportunities are not measured solely on financial benefits, but the high availability and flexibility offered. Challenges in the adoption of cloud computing are security not being considered mature from the client perspective, potential hidden costs in maintaining similar configuration between prod and DR sites, including licensing costs, and determining the correct model for your organization, public, private, or hybrid.

Comparing Financial services to Retail industries as a whole, the DR maturity is much higher in FS. Most retailers aren't consider low RTO and RPOs such as FS organizations who seek specific metrics and measure and test frequently. A large reason is the regulation on the FS industries which is not as much an impact on the FS industry, where they have a higher tolerance for outages and disruptions. DR awareness overall is low in Retail.

Comparatively, FS industry is mature in the the virtualization field, at 30-50% adoption, where Retail varies much more greatly. Neither industry is moving strongly to the cloud services, with both experimenting lightly with public and private cloud solutions for non main line of business services.

The cloud based DR solution being experimented with by Retailers, is hosting a stateless browsing only replicant of their online presence in a cloud architecture. This won't enable commerce in a DR situation, but at least keeps the face of the organization available.

Some global retailers are planning a move of their complete offerings, by making cloud computing the standard for their compute architecture. They will use two competing cloud offerings in a private cloud configuration and offering failover between them.

The main advantage for them is the seasonal bursts of activity these groups see, and the ability to work with these, as well as reprovisioning cloud resources from Dev/QA to production in advance of known peaks since code freezes go into effect prior to peak seasons.

FS is focused more on using private cloud for VDI and enhancing DR. This allows complete standardization of the desktop globally and a high availability virtual desktop.

Weakness here would still be the network.

Illustrated a diagram noting tier 1 - 3 of DR for HA designing using Cloud computing. Second and third tier architectures are predicted to be most readily adopted.

The message that came next summarized an interesting point, which is that DR people make better use of their time up front architecting a solution rather than rolling up their sleeves and orchestrating details without a failover and recovery infrastructure that aligns with the business needs.

At 80% complete on the design, go to the lines of business leaders, to objectively discuss and understand who's business processes are priorities, to ensure that they will be able to get the RTOs and RPOs they truly need.
I would assume he has assumed we'd do some requirements gathering up front and this is intended as a design gateway checkpoint.

Cloud technologies can provided enhanced HA for lower DR tiered services, and flexibility for peak periods.

Public cloud is liken to an engineering offering, more so than a proxy rises business offering. Clients cannot repackage solutions easily.

Focus is expected over time to shift from managing Dr plans to supporting architecture and engineering. Testing should become more frequent and business centric. Automation needs to replace manual processes to leverage the advantages of cloud services. RTOs should trend toward zero, and RPOs will ultimately become negligible. DR manual processes can be expected to manage the RPO gap and catch up on the data.

Within 5-10 years, expect to see DR teams shift to architecture, QA, and engineering resources.

Another promise of this shift is more emphasis on testing because resources are freed up to do it, and the importance of proper testing grows with increased automation.

Current complexity of the DR orchestration model is based on application and infrastructure complexities inherent in the existing architectures. We should get away from rebuilding applications being considered service resumption. Cloud based solutions bring HA benefits to lower tier virtualized shops.


- Posted using BlogPress from my iPad
Location:Las Vegas, NV

Wednesday, June 8, 2011

HP Discover and the Mayo Clinic's Journey Into The Cloud

Presented by Paul Steger, Section Head of Enterprise Computing Services at the Mayo Clinic.

Discussion prefaced by Paul noting that they are not at the destination yet, but underway on the journey. Legal department insisted Paul read the slide disclaiming his presentation before he begins.

Mayo clinic operates in three states, widely distributed across the continent.
Invests over $769M per year in education and research.

Why did they care about virtualization? They found in 2004 their average utilization of server infrastructure was less than 10%, with Windows server, being 82% of all servers at less than 5.1%.

Their datacentres were out of space and capacity, virtualization became the default answer, and VMWare was chosen as the vendor of record to assist in consolidating systems hardware.

Worked initially within the refresh cycle to be conservative in approach.

They've just completed a blitz cycle, and removed over 420 physical servers reclaiming 167kWh in the data centers, they are now 82% virtualized. They found an astonishing. 27% of servers removed really weren't needed anyhow. This was an awakening for the infrastructure teams, and having this made aware to the rest of IT and IS is vital.

As of January 2008, any new server requests were by default virtual, unless a business and technology case can be strongly made to the contrary.

support clause with vendors placed in contract language clarifying that any new services or products WILL be supported by the vendors in a virtual environment.

ROI calculations include power savings, hardware cost avoidance, software cost avoidance. When asked about the future of cloud computing, and when management claims "we have a cloud" then answer is "no, not yet. But were heading there." the question is raised, what is a cloud, and the answer proposed is that it is still just servers, storage, and connectivity. Quoted the NIST definition of cloud computing which I've referenced in a previous blog posting.

Mayo is only looking at private cloud computing, and as IaaS and Platform as a Service as the options. When working with the other groups and customers, they have to agree to lease end dates, there will be no perpetual leases within their cloud. Important business model for governance of the infrastructure to ensure that their is capacity to expand as needed.

Mayo Infrastructure team cannot charge back for their services, but Cloud technologies offer metering capabilities so that Paul can state "here is what your service is costing Mayo Clinic; do you still need this?"

Service delivery improvement will eventually happen with a focus on automation, process, and best practices governance. The goal is to have an SLA for server provisioning of a gold image replica in 24 hours. They know they can come in under the SLA, but are managing expectations.

Dev/Test is the environment where they started because of the lower daily use and decreased customer risk. It gave a platform to help measure the ROI as well. Research and Education groups have been great candidates as well because they work load is seasonal so the elasticity of cloud computing is a perfect fit.

They plan to have multiple business models of cloud computing to be able to make business sense to the different groups they support, different compliance and business operations requirements.

Process of developing the roadmap was to draft a cloud computing white paper, developed a reference architecture in a one page picture, documented simply the requirements, and was granted agreement to complete a POC. Once completed, they need to white paper that case to evaluate the business case and ROI. Leveraging the existing infrastructure as much as possible was key to the architecture and successful acceptance.

Service catalogue clearly identifies the goldmimage available, that's all available in the cloud. The secret sauce is the orchestration layer in the private cloud. this is a plan though, because they do not yethave a service catalogue.

The initial requirements were defined in use cases primarily around "push button" provisioning, and the governance around this provisioning.

Mayo sat down with HP, Cisco, and IBM; HP won the opportunity to create the POC, and it was completed in April 2011. Testing and training will continue through August 2011. They will be working with two internal teams at Mayo to execute to POC testing. Noted that HP came to the table as a real partner in this, and was realistic around the costs, understanding how much of an opportunity this POC is for both Mayo and HP.

Paul has gone on a "speaking tour" to educate different units about what this POC is, what Cloud means to Mayo, where they are planning tom go, and how people can get on board. Subsequently, there will be another roadshow to live demo what they have accomplished.

Reiteration of the point that clients are not being given permanent systems. Question had come up if systems could be archived for later use if not needed for a long period. The answer given to clients is no, when the lease is up, if you can't renew with a business case, it goes away and the resources are reallocated to another business service.

Next steps for Mayo are to re evaluate skill sets, staffing, and general infrastructure support. Many questions and learning is needed before they can broadly expand the offerings.

Access and security
Change control and regulatory compliance
High availability
Software license management
Dynamic provisioning and deprovisioning to meet demand bursts
Organizational structures, teams, and job skills
Cultural acceptance of such a change

Paul posed the question, are we ready for this change in our organization?

- Posted using BlogPress from my iPad

Location:Las Vegas, NV

HP Discover and The Digital Hospitals of the Future

Baldur Johnsen noted that this session is based on forward looking statements and isn't a commitment from HP to deliver these ideas.

Noted that health care practitioners are an aging profession. That the attrition of nursing staff is an issue in North America.

Evolving and changing business models in US health care with billing shifts. Outside of the US, increased privatization of Health Care, Public Private Partnerships, and the movement of risk from the public to the private sector.

Key technology shifts including mobile, cloud, and pervasive or ubiquitous computing, the consumer driving the enterprise, and connectivity.

Parallel drawn between phones and the autonomic user interface and how this can be applied to mobile, pervasive, ubiquitous tools for health care provision.

HP Richter accelerometer is a silicon based device, the most sensitive ever made, at about 1000x more sensitive than competitors products. So sensitive that they can measure in 3 dimensions and measure heart rate as well as breathing simultaneously.

Segue to the concept of the digital hospital. Quote from Peter Drucker, stating "the hospital is all together the most complex human organization ever devised."

The average proportion of a nurses time spent on direct patient care during the active part of a shift is 19%. this is from a 2008 time and motion study in the Permanente Journal across 36 US hospitals. This implies 5 nurses are needed per shift to ensure patients get full time direct patient care.

The theory for a solution is proposed as Care Orchestration, improving clinical and operational efficiency through coordination. Dealing with complexity and interruptions of cognitive and workflow. Resource and process management via event handling, alert management, process flows and identifying bottlenecks, team coordination, and work prioritization.

Noted the importance of convergence in information technologies supporting facilities, medical treatment, and communications. These often operate as three silos of infrastructure, and I would add education and administration as two more potential silos.

The theory is to have pervasive mobile technologies that cross all silos as needed.

Like in many other industries, the economic model is that value is driven by convergence, but this will require significant changes not only to process and organizational governance, but also to the management and governance of data in any state it might be in for compliance.

Video animation provided to illustrate the proposal of how these communications, mobility, and convergence technologies can work together in a use case scenario of transforming the health care world. Using a setof technologies, none of which were brand new, pointed to the fact that it seems simple to just pull this together and automate. There are governance and human care issues that I feel were overlooked in the scenario illustrated of a MVA victim being cared for in an australian hospital.

An illustration was brought up, a functional solution framework indicating how technologies existing today, and where the key integration points are.

Key examples cited are to start by building a converged medical infrastructure, steeped heavily in security for privacy and data governance reasons. Networks and servers and storage are the first points HP addresses, and refers to this as IP convergence points.

Next is client computing infrastructure and the first lift here is proposed as VDI, followed by unified communications and collaboration. This is followed closely in the HP list by messaging & alerts via an integrated alert bus.

From a privacy and data management perspective, patient identification, patient and clinical interactive systems, and asset tracking and management are important for patient care, HCP efficiency, and administrative cost management and risk reduction.

The example keeps being cited of patients pushing a button on a screen to request apple juice or noting pain and requesting meds, to which nurses get an electronic message and pass it on to the appropriate other health care staff whether clinical, pharmaceutical, or administrative support. HP is not acknowledging that the nurses should be going to the patient to assess the validity of the request, or understand if there are mitigating circumstances or health care risks posed by the patients request.

The solution framework map suggested is quite simply, it just has a layer of security separation placed between the converged infrastructure, the integration engine, and the application layer moving upwards, and the underpinning physical access modes.

The discussion moved on to where else besides the hospital is this concept extended into the healthcare community. The mode described is virtual health management, enabling care coordination beyond the hospital and clinic walls.

Key take aways were noted as:
Health care services are in dire need of of paradigm shift in efficient care.
Applying tech in innovative ways tom improve operational efficiency enables health care coordination and improves patient outcomes

Question was asked about actual case studies. Quoted was a 2009 completion of a cooperative effort in a Swedish hospital that is not the full vision, but implemented key parts. It was originally designed for a capture population of 300,000, but due to the efficiencies they've implemented, they've expanded the capture population to 500,000 people.

Another question was regarding integrating current technologies and or other vendors who are best in breed in their particular devices. HP claimed full ability to interoperate with all other vendors as needed.

Question posed if there is a nationwide forum of practitioners in healthcare that HP is consulting. HP claims 9,000 people in health related technology roles. HP runs a health care information system in several Spanish hospitals that they completely develop and support. There's a cared management system called Atlantis that is available to se on the show floor.



- Posted using BlogPress from my iPad

Location:Las Vegas, NV

Tuesday, June 7, 2011

HP Discover and Information Management and Governance Simplified

June Started by warning us that some things may be repetitive from this mornings software keynote.

HP surveyed customers in the past 12 months, and 20% of Business execs feel that IT can deliver information when it is needed.

Leo Apotheker is quoted as saying that data is the worlds most valuable raw resource today.

Three main challenges is that info is inaccessible when needed, information is being managed in silos driven by growth, change, complexity, and compliance, and there is no single owner of information.

Who's neck is really on the line when information cannot be accessed at the right time by the right people, or worse, information is accessed by the wrong people.

June suggests that a fundamental shift in information governance is needed, a holistic approach across the enterprise. Manage the info based on it's life cycle, enable policy based info management. The policy follows the info regardless of what state or locale it is in. The end state is findable information for those who SHOULD be finding it WHEN they need it.

Starting points in practical terms are around governing things like virtual system sprawl, and getting a hold on what places the organization places the most critical data. So I'd say you first need to know WHAT is the most critical information.

I found the lifecycle of information governance useful...
- Capture the information you really need
- Monitor where it goes when by whom
- Protect it
- Retain it according to it's governance needs
- Find it when it's needed

June noted that this process removes duplication and obsolete data freeing up valuable and expensive capacity, I guess this is where you will dig in to find the ROI.

Retention and security policies around information should be discussed with key business stakeholders to make sure everyone understands not only what they want kept, and who should have access, but also understand why you need to move it offline or destroy it when allowable to reduce organizational costs.

Question came up of how do you build the ROI for this work? June stated that it should be based on the value of the decisions being made with the information, and what it would cost to not have the data there when you need it. I would say add to it the cost of freeing up space as well.

June noted that HP StorageWorks software not only manages archiving, but can track access of data for compliance purposes.

The capture aspect of the cycle moved to discuss HP TRIM which is vaunted to provide transparent capture of SharePoint 2010 documents, and the automated capture and management of records across multiple countries and jurisdictions.

The Monitor aspect returns to a discussion of StorageEssentials, claiming to increase storage utilization by 50%.

HP Data Protector is discussed as being the ideal tool to cover backups and restores via tape, disk, or snapshots, making the product ready for heterogeneous environments, and the next step noted medical records and images storage, tracking, and retrieval.

We were informed that at the software pavilion we could get an insight into the products and the workshops HP facilitates to help you get started on the path to better information management and governance.

The key points were based around federated data access, compliance, and a follow-the-data methodology of managing information.

- Posted using BlogPress from my iPad

Location:Las Vegas