While 15 months ago conversations revolved around a reactive response to the pandemic, talks now address the newest wave of digital transformation. According to David Logan, CTO Office for Aruba Networks, CIOs have come to his organization for help with undertaking new digital transformation initiatives and navigating network security.
A majority of Logan’s conversations have centered around how health systems are expected to deliver experiences within their organization. According to Logan, the focus is on the system’s constituents: anyone digitally interacting or benefitting from digital services.
“There’s a whole set of experiences that all those different constituents need,” he explained.
Security and usability has been a challenge in this. According to Logan, it is a general tenet that systems cannot have adequate security and ease of use at the same time while delivering experiences.
Bring your own devices (BYOD), a phenomenon that began about a decade ago, is an example of the inability to balance. According to Logan, enterprise IT’s reaction to BYOD, which were largely personal mobile devices, was distrust and keeping them on a guest network.
Later on, at departmental levels of organizations, sponsored applications started to support use cases and experiences that require BYOD devices.
“How do you, from an IT perspective, write a security policy for a personal device using an enterprise app? You couldn’t do that ten years ago. It just wasn’t possible to mingle those two things together. And so, from Aruba’s perspective, that’s one of the problems that we set out to solve,” Logan said.
When starting to architect a network where not all mobile devices are known, the first step is understanding how a human thinks about security policies.
“You have to start with a human-understandable concept. Map that into applications, map that into devices and users, and then you find that there is a source of truth in the enterprise for users, and it could be an active directory,” he said.
According to Logan, it is integral for networks to take advantage of sources of truth. This helps determine the access or exclusion of systems and devices. With lists made for security concepts, this is how the network can enforce a policy.
At the beginning of the pandemic, the immediate need was preparation activity for testing triages and patient treatment. According to Logan, no one knew how to scale this at an organizational or geographic level.
As contingency planning modes began, Aruba Networks’ response was to have a set of software-defined architecture tools available to extend networks wherever necessary.
“We marshaled our own resources in terms of our supply chain, providing gear, expertise consulting systems, engineers to help do implementations, and also just serving as a sounding board for CEO’s and their staff to prepare for the unexpected and then help them work through what actually happened,” he said.
According to Logan, a software-defined network needs to be able to adapt to changing conditions. Whether they are mobile or fixed devices, known or unknown users, it does not matter. It is about allowing devices and users to use methods for identification, and through security protocols, can connect to the virtual network.
An example of this is an in-building wifi network for remote telehealth access. A provider can log in from a device, use authentication credentials, and access the same experience. While the user changes locations, software-defined networks extends to the remote location.
“Ultimately, a software-defined network architecture says let’s abstract away the static concepts that we used to use. Still use them because, you know, we need interoperability. But let’s make them software programmable… automatic. Let’s make the user experience really easy… [and] mobility a primary outcome,” he explained.
Extending the network in the new era, Aruba is revamping its supply chain and pivoting its manufacturing process to opt for physical products meant to be remotely deployed.
“That was really the only major change that we needed to go through to then enable our customer base to be able to react to the pandemic and build remote networks of any kind, of any size, in any location,” he said.
According to Logan, the pandemic allowed Aruba to solidify architectures that will ultimately be more strategic in the long term. As healthcare organizations go through the cycles of mergers and acquisitions, it can be a challenge to integrate two different disparate IT networks.
While legacy architecture does not give much flexibility on merging two systems, software-defined architectures allow for reconfiguring a master architecture agreeable to both organizations.
“New capabilities can be extended to that acquired organization so that security can now be common. And then you can move into having operating models of network performance management and application performance management, common as well, just because of software-defined environments,” he said.
According to Logan, 99% of the time, organizations beginning their journey for migrating network architecture with Aruba Networks already have a third party involved.
Because vendors will not replace everything, Aruba Networks helps its healthcare customers strategically look at their environment and decide the vital reinvestment areas. Over time, the augmenting of the environment in their architecture takes place.
According to Logan, Aruba Networks’ founding intent and strategy are to operate on top of third-party environments seamlessly. This allows for customers to install software that works well on top of what is already there.
In hospital settings, many people are visiting and utilizing their mobile devices. Aruba has a way to authenticate these devices as well.
“It should be easy for a patient or family or a guest or a vendor to come into a healthcare facility and get easily connected to the guest network, which we all are operating these days, easily and seamlessly,” he said.
Many organizations utilize portals or open guest networks. There are other options like a mechanism to register guests with temporary credentials fully. To have good user experience with guest-management systems, typical security and safety processes can prove cumbersome.
“If the cellular coverage in a building is good enough, the users aren’t going to do it. They’re just going to use their cell provider because data plans are pretty cheap these days. A lot of organizations don’t have good cell coverage throughout their entire facility. Getting easy access to a wifi network is a really nice benefit for these types of individuals,” he explained.
Aruba is implementing a solution that partners with the cellular wireless industry, Logan explained. The program, Passpoint, is for enabled phones. With a wifi network supporting the PassPoint protocol, the deceive can authenticate carrier networks.
Aruba Central, the cloud management and service platform, has been forming relationships with carriers. Therefore, end organizations and health systems can subscribe to the Passpoint authentication service to enable the safe usage of personal devices. Currently, Logan said, Aruba Networks has a valid subscriber relationship with Verizon, AT&T, and T-Mobile.
This aspect of organizational services is federating networks through a third party, using carrier trusts.
“This ability to federate user knowledge and subscriber knowledge and security policy knowledge from one party, but then allow access into another party’s environment [is] this Federation process. This is what’s going to drive innovation over the next ten years,” he said.
Logan believes that federation and orchestration will be the two keywords making innovation happen.
Several hospitals have recently been taken down by ransomware. There are two angles to address: risk management and security architecture.
According to Logan, every organization has a digital and non-digital operating culture. Its ability to fall back into a non-digital process can reduce concerns about security architecture.
“It really does come down to first asking and answering the question of how critical are specific digital processes and digitally-enabled functions to our day-to-day practice. Be methodical and analytical about it,” he said.
Because of the needs of digital processes like telehealth and hospital-at-home, digitally-enabled telemetry active control systems are necessary to ensure care is within the protocol.
“There are going to be plenty of environments where it’s simply not possible from a risk management perspective to ignore the possibilities of the network being used to attack the infrastructure and deny service,” he said.
From a security architecture perspective, Aruba’s applies segmentation as a strategy for the network. According to Logan, by using finer grain policies and adding this segmentation, the network will be less permissive.
Environments need to be non-permissive to ransomware. This happens when the ability to execute reconnaissance in the environment moves laterally, Logan said.
It is a frightening concept that someone can take down an entire system through a click in an email. Aruba Networks Healthcare has used concepts like role-based access controls and escalating privilege management through multi-factor authentication in previous years.
With increasing financial motives for attackers, there is a need to take action, said Logan.
“The potential rewards are so great that we really just don’t have a choice anymore as IT professionals. We have to create a multi-layered security architecture network application, endpoints detection, response, and the like,” he said.