Security is the "new" Healthcare
Eight years ago I was introduced to the Healthcare industry by Lisa Suennen (@VentureValkyrie). Three years ago I was introduced to the Security market by TM Ravi (@tmravi) of The Hive. On the eve of RSA I can’t help but notice the parallels. Healthcare not only inspires security practitioners but serves as a model for how the industry must evolve.
First the similarities:
There is an adversary: In healthcare we attempt to outsmart nature. In security we attempt to outsmart the human mind. Security is the only segment within IT that has an active adversary. This creates a cycle of innovation unlike any other in technology.
The threat is polymorphic: Pathogens or, more specifically, viruses mutate. No surprise that the earliest form of electronic security intruders were called viruses. The most sophisticated worms and malware excel at having evasive qualities.
Countermeasures require thoughtful approaches: Drug development is time-consuming. An architecture may or may not work. The efficacy and side-effects (including false positives) are theoretical at design time. Re-vectoring mid-stream can be costly and in some cases impractical.
Disruption is the norm: The Pharma industry evolved from large molecule to small molecule approaches. From chemicals to biologics. Security solutions have their own half-lives, and have seen the rise and eroding relevance of stateful analysis and signature-based virus detection.
Security model going forward:
In 2006 HHS projected that Healthcare costs in the US would approach $4 Trillion or almost 20% of US GDP, in 2016. Expenditures have grown at a slower rate with the 2014 number at $3 Trillion. So what happened? Many things but two stand out – gradual integration of care and a focus on outcomes.
Security also needs to evolve. The 1,000+ vendors competing for attention at RSA will undoubtedly promise better efficacy and disruptive approaches. Customers, anxious about the threat landscape, will deploy some of them. But in healthcare terms, it is the equivalent of taking 50 pills a day with minimal coordination amongst them - each promising a “point” outcome but each creating a side effect of its own.
Marty Roesch from Cisco Security has talked about the notion of the “Golden Hour” in healthcare – care administered quickly drives better outcomes. At Cisco we are focused on driving similar security outcomes – reduce the time to detect and drive faster, more effective remediation via an integrated threat defense architecture. We think our customers will be better and healthier for it.
Interesting perspective. Funny that RSA & HIMSS overlapped this year. And the irony is cybersecurity & healthcare have a robust journey to take! https://www.tripwire.com/state-of-security/security-data-protection/the-hot-topic-of-cyber-security-healthcare/
Venture Investor in Enterprise IT & Frontier Tech. Partner to Visionary Entrepreneurs and Mission Driven VC Funds in Transformative Technologies.
8 年Very true….While there is no such thing as ‘perfect protection', the need is a new push toward “people-centric security” (just like personal responsibility to stay healthy), in which security managers take the approach of training of end users in best practices to minimize risk along with end point security and application isolation, similar to quarantine a patient….;)
VP, Corporate Development, Global Strategy
8 年Anuj, very interesting parallel. I'm sure CISOs and executive management teams would welcome a new security paradigm.
Partner at Delta-v Capital
8 年Great analogy, Anuj. Let's hope that the security industry never has to face the same regulatory scrutiny as the healthcare industry.