Embracing cloud, and new technologies like AI, make providing real-time data to clinicians and patients in federal health care settings possible, explains Leido...
What’s the most valuable thing that cloud can provide to both clinicians and patients in federal health care settings?
Access to the right data at the right time, said Srini Iyer, senior vice president and chief technology officer for the health group at Leidos.
It’s possible to do that securely, but it requires continued efforts by both agencies and industry to evolve use of the latest tools and management techniques, Iyer said during the Federal News Network Cloud Exchange 2023.
Health care agencies across government are moving to modern multicloud architectures as the foundation for securely sharing data across their entire enterprise and with partners, inside and outside the federal government.
But emerging trends in health care delivery — including a surge in telehealth, a rise in Internet of Things medical devices and greater use of artificial intelligence — also present new opportunities for adversaries to compromise sensitive information, including personally identifiable information (PII).
“The amount of data that is being generated on a daily basis is significant, and protecting that data is very critical,” Iyer said.
New challenges to federal health care require a new approach to cybersecurity. To ensure the protection of data in the cloud, Iyer said agencies need to understand security is a shared responsibility between the cloud provider and the data user.
“Cloud service providers provide really good, solid infrastructure — up to a certain point. Beyond that, it is up to the user of the applications or the app owner to ensure that there is security all the way through,” Iyer said.
A typical federal employee uses up to 30 cloud-based services on any given day, he said. Given that wide array of tools, it’s essential for agencies to ensure there’s end-to-end encryption and security across all their platforms and devices, Iyer advised.
“When you look at security, it is end to end. It’s all the way from your handheld device, if you’re using that to schedule an appointment, all the way through the back end, to the physician’s office — and back. It just can’t be in bits and pieces. And typically, that’s what has been happening in days past, where you were siloed and people were looking at security in bits and pieces,” Iyer said.
Most federal health care agencies work in hybrid cloud environments, managing some data and workloads on premise and some in the cloud. That likely won’t change, he said.
“Most customers that we’ve been working with are migrating to the cloud and also keeping the data on prem. When you’re looking at radiology or imaging data, that has to be on premises because you’re looking at petabytes of data,” Iyer said.
Therefore, the security strategy must be hybrid as well, he said.
The fairly low barrier to entry for cloud makes it easy for agencies to begin their IT modernization journey. But that hybrid work environment can be challenging to manage unless IT organizations track their cloud workloads effectively, Iyer said.
“That is becoming a nightmare for the CIOs, from an enterprise standpoint. Between cloud sprawl and shadow IT, it keeps them busy, because you’re dealing with multiple cloud entities,” Iyer said.
Additionally, to ensure health care agencies stay on top of emerging threats to their networks, Iyer said they need visibility throughout their enterprise and across multiple cloud service providers.
“When your workload traverses from one CSP to another CSP, now you’ve lost visibility. It’s like a relay race, passing the baton to somebody else, and they may not be interested in looking at that. But we need to ensure that there is visibility across multiple CSPs. And that becomes very challenging, it’s not trivial,” Iyer said.
That visibility is also essential so that agencies avoid overpaying for cloud services or underutilizing the cloud capabilities they’re paying for.
“In the early days of cloud, people had some services running overnight or on late nights or weekends, and suddenly they started seeing their bills come up. That was sky high. We can avoid a lot of that with proper governance and proactive care,” Iyer said.
To stay ahead of emerging threats, he suggested that agencies need to have strong multifactor authentication in place — especially for increasingly automated processes.
“This becomes even more critical when you’re having machine-to-machine interactions,” Iyer said. “A lot of times, there is no human in the loop. You have two different services, especially in a microservices architecture, interacting with themselves. You need to ensure that the right authentications and credentials are passed, so that it gives them access.”
Meanwhile, agencies continue to refine their zero trust strategies, as mandated by the Biden administration.
Iyer cautioned that proper implementation of zero trust requires that agencies understand their employees’ workflows and help them navigate changes.
Without this work in place, Iyer said agencies run the risk of locking legitimate users out of applications.
“Zero trust is not a silver bullet, in the sense that there is not a single product or solution that can that you can put on an enterprise and say, ‘I’m now golden.’ That’s not going to happen. It is a process, it’s an approach, it’s a culture,” Iyer said.
In the event of a cyber incident, agencies need to ensure they have adequate incident response plans in place.
“We need to be able to respond in a fairly reasonable amount of time. We just can’t wait for days or weeks because typically we don’t realize that there is an attack vector in our system until it’s a few weeks in,” Iyer said.
Agencies also need to stay on top of cyber hygiene basics, such keeping up to date on security patches and educating employees about phishing campaigns.
Iyer said agencies need to remain especially vigilant about these steps now that adversaries are using generative artificial intelligence tools to their advantage.
“Your attackers are always looking for that vulnerability. They have to succeed once, but from a security professional standpoint, you’ve got to be 100%,” he said.
AI and automation may factor into a new wave of cybersecurity threats, but these same technologies are also driving innovations in the delivery of health care services, he said.
“AI is here. And generative AI especially is going to change how we’re going to do things. We are already using it — whether we like it or not, whether we acknowledge it or not. … The question is, how much do you trust that? That trust becomes a big factor,” Iyer said,
He said Leidos is using natural language processing to help one health care agency reduce the number documents employees have to go through and is improving productivity.
“Everybody’s time is constrained. You don’t want them going through volumes and volumes of data. But getting to the right amount at the right time is very important,” he said.
To read or watch other sessions on demand, go to our 2023 Cloud Exchange event page.
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
Senior Vice President and Chief Technology Officer, Health Group, Leidos
Reporter, Federal News Network
Senior Vice President and Chief Technology Officer, Health Group, Leidos
Srini Iyer is Senior Vice President and Chief Technology Officer, for the Leidos Health Group. His current role includes providing leadership across a wide range of technology challenges supporting Leidos’s diverse health portfolio. As part of this role, he is responsible for overseeing the internal R&D portfolio, driving technology partnerships across emerging and large technology companies, growing technical talent through upskilling, and leading a team of talented solution architects.
Mr. Iyer brings nearly 30 years of experience in developing and managing complex enterprise solutions in the defense, health care, financial and telecommunications sectors. He sets the company’s focus on emerging technologies such as analytics/AI, full-spectrum cyber, digital engineering, and bringing technology to customers operating at the tactical edge.
Prior to his current role, he led ManTech’s Innovation and Capabilities Office, as their Corporate CTO, spearheading the company’s strategy to meet and exceed customers’ complex mission requirements by advancing company capabilities and service differentiation with leading-edge technologies. There, he led a team of technology officers and solution architects charged with developing and harnessing the power of tomorrow’s disruptive technologies to shape the world for the better. He has mastered the monitoring of multiple group “drivers” at once, including the unique needs of scores of customers and how ManTech innovates to design and deliver the right solution every time.
Mr. Iyer joined ManTech in 2015 from Northrop Grumman, where he crafted IT solutions for customers including the Defense Department, Department of Homeland Security, and other federal agencies. While at Northrop Grumman, Mr. Iyer managed a large independent research and development portfolio as the company’s director of technology and oversaw the development of solutions for customers’ most complex and important problems. He was responsible for developing strategies for two of the company’s key growth initiatives in cyber and cloud.
Before Northrop Grumman, Mr. Iyer held key leadership roles in the commercial sector, including a wireless startup that was eventually acquired by Sybase.
He earned a Master of Science in computer engineering from the University of Texas at Austin and a Bachelor of Science in electrical and electronics engineering from the University of Madras. He holds executive leadership certificate from Darden School of Business, University of Virginia.
Reporter, Federal News Network
Jory Heckman has been a reporter at Federal News Network since January 2018. Jory got his start as an intern in 2011 and was a digital news writer and editor for Federal News Network from 2014 to 2018. He also worked as a desk assistant with CBS News Radio in New York and was a reporter for the Citizens’ Voice newspaper in Wilkes-Barre, Pennsylvania.