All the fancy apps in the world won’t do users a bit of good if the network is down. And, in fact, sometimes having a bunch of fancy apps from different vendors introduces the type of complexity that makes it more likely the network will, in fact, go down. So it’s no surprise that a huge trend among CIOs today is application rationalization. It’s one of a number of initiatives that look to drive towards simplicity in the IT ecosystem and, in the process, give CIOs and CISOs a better chance of keeping the lights on. But maintaining network stability goes beyond that, according to Rob Johnson, WW VP & Global Head of Solutions Engineering with SolarWinds, who explains that another key is obtaining the type of visualization that allows for an understanding of where interconnectivity between applications lies. The Holy Grail? Layering on top of that visualization AI and ML to automate the process of rectifying problematic anomalies (yes, not all anomalies are problematic). In this interview with healthsystemCIO Founder & Editor-in-Chief Anthony Guerra, Johnson covers these issues and many more.
Podcast: Play in new window | Download ()
Subscribe: Apple Podcasts | Spotify | Android | Pandora | iHeartRadio | Podchaser | Podcast Index | Email | TuneIn | RSS
Bold Statements
… if you don’t have a strong change management process, if you’ve got a poor incident management process and your teams don’t have a clear set of procedures for identifying and reporting and resolving issues, your problems are going to escalate.
… if you can put performance metrics in where you can see the response times, the uptime and the throughput, you can identify the degraded performance before it’s even impacting the user for timely optimization, then you’re in really good shape.
… there’s a bunch of advancements in telemedicine, as an example, and mobile health and other tech apps. But what that does is it expands the potential attack service for cyber threats, because now you’re having to secure the personal information, and it’s much more challenging.
Anthony: Welcome to healthsystemCIO’s Partner Perspective Interview Series. I’m Anthony Guerra, Founder and Editor-in-Chief. Today, we’re talking with Rob Johnson, Worldwide VP and Global Head of Solutions Engineering with SolarWinds. Rob, thanks for joining me.
Rob: Hey Anthony, it’s an absolute pleasure to be with you today. Thanks for inviting me.
Anthony: You’re very welcome. Looking forward to having a fun chat. You want to start off by telling me a little bit about your organization and your role.
Rob: I would love to. I’ll talk to you from the perspective of our customers – specifically the IT buyer, aka the CIO and their team of IT practitioners, especially those in the healthcare. They’ve got multiple challenges to contend with, the top three, typically – too many software tools, constraints due to resourcing, expertise, and budgets, and then just that intense complexity and managing data across the multiple silos. So those challenges really are what drive our organization and what my role is all about.
So SolarWinds gives companies worldwide – regardless of their type, size, or level of complexity – the ability to visualize, observe, remediate, and automate their entire IT infrastructure, no matter where that infrastructure resides. So we’ve got about 2,000 people around the world maintaining the trust that customers put in us to provide them with the ability to unite what I call granular and accurate data, along with actionable insights so they and their teams can act on, and stay ahead of, these IT issues. We help them get to resolution faster with a rapid time to value.
So when it comes to my role, my role has multiple dimensions to it, probably three. One, I head up the solutions engineering group. This is an awesome group that’s part of our go-to-market function. And it’s a group of men and women who play a crucial role in bridging the gap between the technical solutions and the services that we offer, and then the specific needs of our customers, prospects, and partners. So if you think about technical expertise, customized solution development, product demonstrations, presentations, proof of concepts, technical validation, acting as that critical link between sales and the technical teams, and then the technical teams and our customer success teams; that’s dimension one.
And then dimension two is I report into our chief customer officer, and so get the opportunity to partner across all the functions of sales, customer success, renewals, enablement, channel, rev ops. And our collective goal is ensuring an unmatched customer experience at every touchpoint because that earns us the right to achieve our revenue goals.
And then the final dimension is as a business partner to the other functions, marketing, product, finance, strategy, people’s success and legal. That cross-functional collaboration is really essential for aligning and executing on the broader corporate strategy.
Anthony: Okay, very good, Rob. Let’s talk a little bit about healthcare. So obviously, you’re in a whole bunch of industries, probably all of them, as it were. Tell me about SolarWinds in healthcare.
Rob: I think my perspective is multi-dimensional when it comes to healthcare. In the US, we set up a dedicated healthcare go-to-market team, and I have solutions engineers in my teams across Europe, Asia, and the US supporting customers in that particular market. But to your point, we cut across so many industries. So if you think about those multi-dimensional perspectives, CIOs in the healthcare organizations are telling us that system availability is absolutely critical for them, especially in the ecosystem of the healthcare market. And so that reliability and that uninterrupted functioning of the IT systems underpin probably nearly every aspect of modern healthcare delivery, be that patient care, all the way through to operational efficiency.
Anthony: It’s interesting, right? You’re in a bunch of industries and you’re everywhere on the planet, right? When we talk about healthcare, things are specific to Europe, right? Specific to Asia, and US is a very specific and unique market. So any thoughts about the US healthcare market specifically?
Rob: Yes, a hundred percent. I think when you look at SolarWinds, our approach is very unique – we treat every customer as an individual customer. And from there, figure out which problems they need help solving, and then what that gives you is a really nice vantage point, because suddenly you bubble up all these different problems and all these different use cases into something that’s actually quite strategic, because you’re gaining insights from multiple perspectives and multiple lenses. So whether that’s like the government-funded national health service in the UK, which is obviously slightly different, and some of the regulations there are slightly different than the US.
There are nuances around regulatory. There are nuances around people. There are nuances around process. There are nuances around technology. But if you put the customer problem at the forefront of what you’re trying to address, the nuances you can handle as you go through building that partnership to solve those problems.
Anthony: Very good. I was just at some big healthcare conferences – ViVE and HIMSS; and due to a big vendor outage, there was a lot of talk about system availability, in addition to the buzzword of the year, which is AI. What are your thoughts on the need to keep the lights on?
Rob: We had a few folks over at HIMSS last week as well, so yes, a lot of a lot of buzz there. I find it really interesting, if I can just quickly share with you from the AI perspective, if you go back to the 1970s, which is almost 50-plus years ago, there was some really cool artificial intelligence. Harvard University was looking at how do you diagnose bacterial infections and suggest antibiotics with dosages that are adjusted for the patient’s body weight. And if you go back and look at those types of cool use cases, the challenges back in the ’70s are very similar to today because you’ve got trust issues. You’ve got integration issues. You’ve got integrations to the clinical workflows and then all the limitations in the knowledge. But some of those things have paved the way for a lot of other use cases that we see today. But interestingly, most of them are augmenting how work gets done. And for me, it’s that augmentation of AI that, to your point, will deliver value into people’s lives.
And so, from SolarWinds product perspective, our leaders are leveraging AI technology to augment how the work gets done. And across the whole IT stack – hardware, virtualization, storage, operating systems, middleware, runtime systems, you name it. Everything is critical with overall functionality and performance of the IT ecosystem. So understanding and being able to manage that full IT stack is essential to keep healthcare operating, especially if you’re a CIO of a healthcare organization, because the complexity and criticality of the infrastructure are so much higher. You need to visualize and understand how these systems – such as your patient portals and your telemedicine platforms and your billing software and your electronic health records – are all interconnected.
And then by observing that, you can see, as a CIO, how to identify issues before they escalate into something really critical that could affect patient care or operational efficiency. And so you’re trying to detect and allow for these detections to produce a timely intervention. And so observing which resources may be over or underutilized, the CIO and his team or her team can make data-driven decisions about where to allocate or reduce resources. So this approach ensures optimal performance of the IT system, whilst managing costs and the other things effectively. And these are the things that CIOs and healthcare organizations tell us they care really deeply about. And so if you’re a CIO and you can then remediate and take corrective action to resolve those issues or the vulnerabilities or the inefficiencies within IT, and then automate in line with the regulatory requirements, you can ensure that you’ve now got compliance, for example, logging access to patient data and making sure that that’s carried out consistently and accurately so you can reduce the risk of the non-compliance penalties.
And so back to your original point, if a CIO is struggling to keep the lights on and maintain basic IT operations, it really does impact every aspect of their organization’s ability to function.
Anthony: So I certainly agree that when the systems go down there is a huge impact on the health system. So my question to you is, what are some common reasons that you might have network instability and thus application unavailability?
Rob: I think there’s three domains to explore – people, process, and technology. So let’s start with people first. People make mistakes. Misconfiguration by IT practitioners happens – whether they’re permanent staff, contracting staff, staff that are pulled in an outsourced service. They set up and do changes within change windows. And so, at an infrastructure level, I’m talking about, for example, a firewall setting, maybe someone needs to increase the security of the perimeter within one of the buildings, or maybe there’s more people coming in and they need to increase capacity with the wireless access port, as an example. Those changes could lead to an outage or performance issue because there’s been some form of misconfiguration. So that’s a people challenge. Under people, I’d also put things like, is your team updating and patching the firmware and the software regularly? Because if they’re not, guess what, that’s going to lead to some vulnerabilities which could lead to instabilities due to known bugs.
To your point, when they first designed and architected the system, did they think about capacity planning, disaster recovery, redundancy, segmentation? Did they protect the infrastructure correctly? Those are all things that you need to think about as part of your planning. Unauthorized changes or undocumented changes could also cause conflicts that impact the user experience.
I think you talked about it earlier, phishing and social engineering can also compromise the network perimeter. I’ve also seen folks sometimes accidentally data that’s really important, and which then disrupts the operation and leads to unexpected and unplanned downtime. And then there’s events that you can’t really predict; like someone spilling tea on a device somewhere, improper handling of hardware. These are events sometimes that just happen that you can’t foresee. And I’ve also seen, from a people perspective, people bring in unauthorized devices that then overload the network, which has huge impact on the performance of applications that are really critical and important. So there’s just a few people ones.
From a process perspective, I’ve definitely seen and heard from healthcare organizations that you’ve got to have effective change management – approval processes, pre-changing, testing, all those things to mitigate risk before you implement a change. So if you don’t have a strong change management process, if you’ve got a poor incident management process and your teams don’t have a clear set of procedures for identifying and reporting and resolving issues, your problems are going to escalate. I’ve also seen it where some companies struggle with standardization, sometimes because they’ve grown through acquisition, and they’ve gotten different iterations and different versions of documents and processes. But if they’re not standard across the organization, typically that complexity and variability can lead to issues, which are then very difficult to troubleshoot and resolve. That’s a few around process.
And then from a tech perspective, high volumes of traffic impeding bandwidth intensive applications, overwhelming and slowing down, causing instability. A lot of healthcare workflows rely on technology and systems, and some of it may not integrate well because they’re carrying legacy IT due to cost reasons. So sometimes you’ve got new solutions that can introduce and are more prone to issues. You’ve got outdated hardware. You’ve got security issues, especially as you pointed out, malware, ransomware, denial-of-service attacks – that can all cause a level of instability or outage. You’ve also got a whole bunch of physical factors. Just think about a wall – something as simple as a wall could lead to unstable connections, especially if you’ve got an over-reliance on cloud services.
When you combine those three things together under those three domains, you can quickly see why there are multiple dimensions of causes of network instability.
Anthony: A lot of great stuff in there, and I think you touched on a lot of really important things. Complexity and variability are the enemy of stability. So, we’ll talk a little bit more about that. The concept of application rationalization is big in healthcare, trying to remove some of that complexity. Let’s have a smaller number of applications we’re dealing with. You talked about legacy technology, also called technical debt. This is a big thing. We want to get rid of the technical debt, reduce variability, reduce complexity, all these things.
Rob: It’s a really complex ecosystem, and there’s a lot of silos. And so, if you think about the average CIO in a typical healthcare organization, just look at their typical team – IT team, network engineers, sysadmins, database admins, security specialists. You’re going to have health information technicians, maybe some health record specialists. You’re going to have support staff, technical staff, software developers, engineering, analysts, maybe some data scientists. If you think about all those different people – and I haven’t even mentioned IT project managers, so the people that do the implementation, or the help desk staff, or the strategy team – there are so many roles that are all dependent on several factors. In smaller orgs, some people also have to do multiple roles, regardless of the role that they’re doing.
So the goal is to improve healthcare delivery, but to do it in a way that absolutely simplifies, simplifies the technology, simplifies the process, and simplifies how people collaborate and work together. Because that collaboration becomes very, very important, becomes a cultural advantage when you have people that are naturally collaborating well with each other to solve problems that cut across multiple silos, such as you find in these complicated and complex ecosystems.
Anthony: So, one message to CIOs and health systems may be to increase simplicity, reduce complexity, and that will give you a better shot at network stability, is that correct?
Rob: Yes.
Anthony: What about tools that allow you to know when your environment or network isn’t performing well? You don’t want to rely on your users to find that information out.
Rob: Correct, yes, absolutely. I mean, you need to be able to create a great experience no matter what industry you’re in. But obviously in the healthcare industry, it’s all about the patient and their experience. So everything that you’re doing has to drive towards that. And customers and prospects from a tech perspective use companies like the SolarWinds to get access to information like network health, system health, availability health, compliance, vulnerabilities, experience insights, workflow efficiency, incident responses. All of these things help build a great visual view which line back to the experience that ultimately the end-user is going to feel. So if you can put performance metrics in where you can see the response times, the uptime and the throughput, you can identify the degraded performance before they’re even impacting the user for timely optimization, then you’re in really good shape. But let’s not forget, this is a really difficult, complex environment, with so much inventory and so many moving parts.
If you think about the industry and its rapid transformation, there’s a bunch of advancements in telemedicine, as an example, and mobile health and other tech apps. But what that does is that expands the potential attack service for cyber threats, because now you’re having to secure the personal information and it’s much more challenging. And of course, that patient data is not confined to a single repository, it’s spread across multiple places. And so that decentralization makes it really hard to track and manage as well.
And then you’ve got the regulatory, like the HIPAA landscape, which is constantly evolving. So navigating that regulation whilst ensuring you’re compliant for a smaller company with limited resources is really tough to do.
Anthony: So when you think about visibility into app network performance, you’re talking about seeing if it’s being affected by anything. So you could see if it’s affected by some outage of a piece of technology you have in your stack, or if it’s a cyber incident. So you’re talking about regardless, you would have that window to see for any reason if the network is being affected, correct?
Rob: Yes, what you’re trying to do is look for pattern recognition and help the CIOs with pattern recognition. So imagine you’ve got a healthcare org, they’ve got an observability tool to oversee all of its connectivity and performance of its critical systems. And that include telemedicine, and you’ve got this tool configured to send alerts to your IT team. Let’s say it detects that the response time from your electronic health record system exceeds a certain threshold. That might indicate a network outage or performance degradation. It could trigger an alert one night where, upon investigation, the team say, ‘well, actually the EHR system is functioning normal.’ Now you’ve got this false positive alert that was triggered, and maybe it was triggered by a scheduled backup process that puts some load on the network temporarily that caused this thing to spike and exceed the threshold.
We see this happen a lot. Not only are you now wasting resource effort, you’re creating an alert fatigue to your team and you’re disrupting your normal operations. You’ve got to find ways to minimize this. One of the ways you can do that is using machine learning algorithms and you can use data analytics. You can start to learn the normal behavior and the pattern over time. That would include understanding typical volumes of traffic, response time usage patterns. Then you establish the baseline of what that normal behavior looks like for your system, which means you can more accurately differentiate between a genuine issue and a temporary one. And then with that baseline, you can employ anomaly detection algorithms that will then identify the deviated behavior. And then if you can correlate that event across all your different systems and data sources to pinpoint the root cause, for example, if a spike is in response to the scheduled backup, or let’s say another maintenance, the system recognizes that correlation, determines it’s an anomaly. It’s not indicative of a genuine network outage. Then it can analyze the trends and patterns of the data. It can start to predict potential future issues before they even occur.
And that for me is a beautiful example of where companies like ours are leveraging what I call AI ops or AI for IT operations, because you’re leveraging artificial intelligence, machine learning and the big data analytics technology, and you’re enhancing your IT operational process, which is exactly the goal of AI ops. How do you predict to prevent potential issues before they’re impacting the end-user? We’re using AI ops to sift through vast amounts of operational data which is way too complicated for humans, just based on the volume to analyze quickly enough. These tools and technologies are helping us help our customers identify those patterns and anomalies and insights that ultimately come back to the CIO and the team, making better informed decisions and using data to do that.
Anthony: Would you say, this is my assumption, that most health systems of any size, if you have a hospital in your health system, are going to have some tool that gives them some visibility into the network performance. Is that safe to assume? Everybody’s got something, so the question would then be, what data, what insights is your tool giving you? Some are going to give you more than others, I would assume. What are your thoughts there?
Rob: Yes, I think it becomes really important to be able to look at. I’ve got three things top of mind if you’re in the C-suite. Let’s take security and compliance. Can you build a product that’s designed to protect data and offer quick deployment to safeguard that data with all the IT features – like event correlation and event management and reporting – that’s simplified to the regulatory compliance that you’re under. Can you take your service desk and efficiently address any technical emergencies, which are common due to the critical nature of healthcare, and invest in the products to connect supporting teams with the frontline end-users, because that integration speeds up issue resolution. And then from a monitoring and performance perspective, there’s lots and lots of companies out there that will offer niche specific products that are capable of monitoring some aspects of the metrics that you’re trying to solve for.
What we see, and what a lot of our customers tell us is, “Hey, we’ve got too many.” So now we’ve got this tool sprawl where we’ve invested in a silo fashion and procured multiple vendors to achieve different things. But we haven’t holistically taken a step back and asked, “Are the sum of the parts giving us the outcome that we were expecting?” So we get involved in quite a few discussions, typically, where we look to maybe displace eight or nine other technology vendors to help the customer come into a unified dashboard across the entire IT stack. We recently had an example in the UK last month where a healthcare provider had only displaced one other vendor before we came in, because we were able to look at the entire IT stack, whereas they were just looking at one portion of the IT stack. They saved about 250,000 pounds.
So there’s some really big savings to be had when you look at it from a full observability perspective – can I visualize it, can I observe it; can I remediate it, and then can I automate it? And that’s what’s driving our product strategy as a company because customers are demanding that service from us more and more.
Anthony: This is one area where you could wind up with a lot of point solutions if you’re not thinking about it correctly. Patient engagement is another one that I’ve talked to people about where you can wind up with a bunch of point solutions if you’re not, again, being strategic and trying to maybe go with a vendor that has covers more areas. So that’s one dynamic that’s going on.
And around security, another dynamic is people are getting frustrated with the constant patching. It’s almost like vendors can sometimes put out whatever they want because they know that they can just keep adding patches down the road. What are your thoughts around that?
Rob: Yes, I think, I’ll answer from like a SolarWinds perspective – one of the reasons why I came and joined this leadership team. So our CEO, Sudhakar Ramakrishna in partnership with our VP of security, Tim Brown, and other senior executives, have been leading this partnership with cybersecurity experts like Chris Krebs. And what we’ve been doing is sharing our secure-by-design approach with all industries, and by releasing components of what we call our next-generation build system as open source. And so this is a signal from us as a company to show the industry a new model to help them prevent and mitigate cyberattacks, and make it easier for our customers to avoid everything that you just said. And it’s so important to us because we believe it’s not a case of if you will be breached, it’s a case of when. And I don’t know if you’re aware, but in the USA last year, there were 725 healthcare data breaches that were reported to the Office of Civil Rights. So that’s exposing probably 130-odd million healthcare records.
So if you think about that as a trend, 2023 set a new record for both the number of data breaches and the volume of records compromised, making it the most severe year for healthcare data breaches in the US; 99 percent of the breached records were due to hacking incidents. So that widespread impact of those breaches underscores the critical need to have enhanced cybersecurity measures within the healthcare sector. And healthcare providers and business associates all suffered breaches, indicating that the cyber threats are systemic issue that affect various facets of that entire healthcare ecosystem. And even more interestingly, those breaches were broad, but also with HIPAA regulated entities in numerous states reporting significant incidents.
I think not only do those breaches raise concerns about privacy and security of patient information, they’ve also prompted more regulatory action, which is why I shared earlier that the regulatory will continue to evolve because we’re in a state of constant evolution in this technology world that we find ourselves in today. I think there will be a pressing need for the healthcare sector to adopt more security practices and for the regulatory bodies to enforce stricter compliance standards to mitigate the risk for future breaches. It’s definitely not going away. And what you’ll hear is independent experts will note it’s nearly impossible for any one company to stop a sophisticated and motivated attack. So it’s something that CIOs definitely have to be aware of.
And of course, penalties that come with it. I did some research just last week with some of the team. There was a huge penalty for one healthcare organization in the US where they had to pay a fine of around $1.3 million. So we’re not talking small financial penalties here. We’re talking huge significant budget-impacting penalties.
Anthony: Was it safe to say that the experience your company had a few years ago makes you sensitive to this issue?
Rob: I think the experience that the company had a few years ago gives us a real opportunity to lead by example and share our secure-by-design approach for the entire industry and release everything transparently that we’ve learned.
Anthony: Very good. All right, I think we’re just about out of time, but I would ask for your final message, final piece of advice to CIOs at mid-sized health systems.
Rob: Yes, I’ll give you two. One with a sales hat and one without a sales hat.
Anthony: At least that’s honest now, go ahead (laughing).
Rob: The sales hat would be, “hey, in today’s fast-paced and ever-evolving landscape, our IT observability solution stands as a pillar of support for you as a CIO, because you care about patient care, you care about operational efficiency, and you care about regulatory compliance. So partner with us and we will help navigate that future of healthcare together.” And already our teams are helping CIOs in healthcare keep the lights on around the world and helping IT practitioners tap into that innovation, which will make delivering digital services much easier. That would be the first answer.
The second one would be, completely my personal opinion, have a mindset of an assumed breach and zero trust. Zero trust models are built on the principle of – verify, then trust to prevent access. ‘Assume breach’ operates under the assumption that you will, or you already have, been breached. What that does by combining the two together is it will focus you and your team to minimize the damage and detect, rather than solely just try to prevent going forward. It’s about the readiness to respond and recover from the incidents that do occur, but that’s what matters most. By simplifying and rationalizing your vendor landscape, you are taking risk of your organization for all parties, not just your own function.
Anthony: Perfect, Rob. That’s great. I want to thank you so much for your time today. I think our listeners are going to enjoy it. You have a great day.
Rob: Thanks, Anthony. I really appreciate spending the time with you and having the opportunity to share some insight. So thank you very much.
Share Your Thoughts
You must be logged in to post a comment.