One of the first things Kennedy did was to create Orion Health's Information Security Portal.
"We have a governance structure for security here that spans the entire world," he says. "That is based on risk. We've trained our entire company to understand there is a single point of all things security related, the Information Security Portal.
"It needs to have that consistency across the world because then we have a single language. We understand the consistency and what the risk means.
"In fact, one person that works here is the most incredible security engineer I think I've ever met in 17 years, Tom Parker. His knowledge of application security is just incredible. So he works in development, leads development security. Our applications are born through the secure process."
Kennedy also has an information security manager and information security officers in Orion Health's offices in Europe and the United States (Orion Health has more than 1000 employees in 22 offices worldwide).
"That helps drive down that single policy framework consistency," he says.
These offshore-based security focused staff report to him, not to their responsive teams, "so they can have independence".
Recently, Kennedy's team launched a project called 'Elastic Networking' to "provide improved access to business critical core systems.
"We created the core network," he says. "We pulled all of the core applications into this secure area, and then we have different architectural zones by which we can have different levels of security.
That means in one of the outer areas someone can bring a device and they can use it, but they won't actually penetrate into the core network. Again, it is based on security."
Kennedy has conducted a full risk analysis of all the different areas versus the needs of the executives, the needs of the customer, and created a map showing the risks.
One of the major business risks that emerged was connectivity, and the inconsistency and quality of the network. The smaller offices would have a much lesser experience than the major offices.
"Elastic Networking was born to really have a high level of confidence in the network availability," he states.
It also entails simplifying the supply chain so the company can leverage its size as it works with bigger partners like Verizon.
With Elastic Networking, Orion Health can subdivide the network into separate architectural branches and proactively shape network traffic, thereby increasing stability, security and visibility, Kennedy explains. The two major benefits include better performance and better availability.
All these changes have made a strong, but positive impact to the IT team, he states. "It has turned the IT team into a more strategic force. So they do less reactive work and much more strategic work, thinking about what future and innovation we can pull in two or three years' time, rather than dealing with the problem today."
Sign up for CIO Asia eNewsletters.