Next-generation security is also key for healthcare
It's been two years since the Target breach exposed glaring weaknesses in corporate cybersecurity. Since then, dozens of hacks have become public, leaving CIOs, CEOs and boards scrambling to shore up their network defenses. Recognising that traditional perimeter defenses and antivirus and antimalware tools aren't sufficient, companies have been adding threat monitoring, behavioral analytics and other tools. Security is the top priority for Jon Russell, CIO of John Muir Health, an integrated health care company with 6,000 employees spread throughout several facilities in the San Francisco Bay Area.
"The traditional IT security defense is completely broken," says Russell. "Most CIOs and senior leadership and boards are realizing that when you wake up every day and see another breach of some kind ... the existing model does not work." He's well into a four-year IT security roadmap, which includes adding vArmour software to identify and flag anomalous traffic flowing across the company's computer network. It's designed to find the type of threat that hit Target, in which an intruder crawled into the network through a third-party vendor and began moving data. "That's a huge transition from saying 'we have a barrier nobody can get through.’" The tech has also provides fodder for conversation with his board, which wants details on what he is doing to buttress corporate defense.
Jon Russell, CIO of John Muir Health.
Cybersecurity is a tough task when you consider that most of the threats stem from corporate employees doing not so safe things with corporate devices or data. As John Halamka, CIO of Beth Israel Deaconess noted in a recent blog post, "We spend millions on new technology, countless hours on policy writing, and engage all stakeholders to enhance their awareness. Yet, we’re as vulnerable as our most gullible employee." That's why Russell of John Muir Health is introducing a "robust education program" in 2016, including using software that simulates phishing scams. Those who fall for the scam will receive additional training to recognize scams. "Those kinds of things are invaluable to making sure that your workforce understands what is appropriate behavior and what isn't," he says.
College student workflows go mobile
University of South Florida CIO Sidney Fernandes is digitising and mobile-enabling formerly manual and paper processes for crucial student-faculty workflows. In 2015, his staff created software that allows students to register, add or drop courses from their iPhone or Android smartphones. With three taps on their mobile phone, students can submit a course request to their advisor, who can then approve or deny it. The software, which integrates with USF’s Banner student information system, shortened registration completion from 15 days to two days, Fernandes says. Students may also use the app to change their advisors. The faculty, meanwhile, can use the software to make sure that the student meets the course requirements, including learning whether he or she is on academic probation and must be barred from the course until they meet their obligations.
Sign up for CIO Asia eNewsletters.