Jason Payne:
0:01
It’s important to know that security is only as good as being able to stop the weakest link. So the weakest link could be a small IoT or sensor or device which then gives an adversary the opportunity to traverse and potentially shut a hospital down and demand a huge ransom. Those hospitals particularly have to have something in place to know what those critical assets are and how they can report on those critical assets are, and how they can report on those critical assets and what they’re going to do in the event that there was a breach and how they’re going to remediate that.
Michael van Rooyen:
0:32
Today I have the pleasure in having a chat to Jason Payne, who’s the sales director of ANZ at Claroty Healthcare. We’re going to be talking all things around digital visibility healthcare sector and the unique challenges that faces that component of the industry. Jason, welcome to the podcast. Thank you very much Thanks for inviting me in.
Michael van Rooyen:
0:50
Yeah, I appreciate you coming in and we’re catching up fairly late at Cisco Live and I really appreciate the time Before we start. Do you mind just spending a moment on your career and your journey around network security visibility and what led you to your current role as the sales director of ANZ for Claroty Healthcare?
Jason Payne:
1:11
Yeah, so my background as you can probably tell from my accent, I’m not from Australia, so I came to Australia in 2011.
Jason Payne:
1:16
So I’ve been here almost 14 years and my background was predominantly channel, so I’ve got a very, very good understanding of distribution and channel partners. Right Came to Australia, moved into distribution to start with so I could get an understanding of the market, who the partners were, what they were doing, and then progressed, obviously into the vendor vendor land, with my first vendor gig working for Palo Alto, which was there for nearly four years, and after there moved across to Splunk Again, national partner manager looking after a couple of big partners there, and then was presented with an opportunity to join Claroty. So I thought, shall I come across to a pre-IPO vendor and see where that takes me? So that’s brought me here today. So I’ve been with Claroty now for four years. I started in their channel to alliances role for the last 12 months. I’ve now moved into the sales director role for healthcare, so responsible for the go-to-market, the plan, the strategy around our healthcare offering and our healthcare platform, which some people formerly know as Medigate, which is now Xdome for healthcare.
Michael van Rooyen:
2:24
And if I think about your broad background there not only distribution, which is quite interesting. I had a guest recently talk about that. It’s a unique space, but you’ve really been playing the channel, which is great, right. We’re in an industry that really focuses on channel partners Time at Palo Alto really understanding the security landscape and now into the visibility space, right. So it’s certainly a fascinating thing. It’s quite a simple fundamental about what it is around digital visibility, but how key it is to resolving and actually maintaining and looking after customers’ environments. So off that, healthcare organizations face a lot of unique challenges, particularly if we think about the explosion of IoT devices and IoT security. We have a lot of critical instrumentation on the healthcare floor. Can you talk a bit about what some of the key risks associated with healthcare are, holistically from a tech lens, and then maybe a bit about the OT lens on that as well?
Jason Payne:
3:23
Yeah, so healthcare, what we’ve seen on healthcare as opposed to more traditional OT and the verticals that are on our OT side is that in healthcare, healthcare delivery organizations have typically got a pretty flat network. So there’s pretty much all in sundry that’s connected to the network and most of the time, these organizations don’t really know what’s on the network. So you’ve got patient monitors or your equipment, medical devices which are associated with patient care, as well as corporate systems as well, and they all kind of reside on the same network, as well as those OT devices and IoT devices for the buildings of hospitals as well. For the buildings of hospitals as well.
Jason Payne:
4:05
Yes, and it’s important to know that security is only as good as being able to stop the weakest link. So the weakest link could be a small IoT or sensor or device which then gives an adversary the opportunity to traverse and potentially shut a hospital down and demand a huge ransom. So the challenges we’re seeing is that, with healthcare then being brought into security of critical infrastructure in the SOCI Act, those hospitals particularly have to have something in place to know what those critical assets are and how they can report on those critical assets and what they’re going to do in the event that there was a breach and how they’re going to remediate that. So the challenges the healthcare have got is that they want to have the hospital operating 24 hours a day looking after patients they don’t really want to be worrying about. Okay, we’re going to have a cyber breach on a patient monitoring device, but it can happen. So that’s a big challenge for them and even asset inventory and lifecycle management and spending as well against those devices which reside within a hospital.
Michael van Rooyen:
5:11
Yeah, yeah, and off that, I think about the challenges you’ve just spoken about around. You know those devices and we’ll go a little bit deeper into those in a sec, but do you mind just then taking a second for people listening and explaining what Claroty does, what its mission is.
Jason Payne:
5:28
you know what problem it solves in relation to this visibility and how critical it is to have this lens on things. Yeah, so when you look at healthcare and medical devices, they’re very, very different to IT devices. Every manufacturer medical device manufacturer will build their technology with their own proprietary protocols. So it’s important to understand well how do they traverse on the networks within these hospitals. So Clarity solves the problem by giving the visibility into those devices, by understanding the protocols that the items, the assets or the devices are communicating. And then, once we’ve profiled them, what Clarity does is it then enables the organization to have a risk profile associated to it.
Jason Payne:
6:10
So what do these devices look like? What risks do they pose to the hospital? What plans can be put in place to mitigate that risk and reduce the risk? So we look at things like vulnerabilities what vulnerabilities associated to these medical devices and can they be patched? There’s a lot of devices which can’t be patched, and there’s TGA and FDA and there’s a lot of. You can’t put certain things like EDR onto endpoint agents onto medical devices. So what do you do in those instances? So we build the foundations to be able to create the security, not just the security profiles from an enforcement point of view, but understanding workflows around vulnerability and risk.
Jason Payne:
6:52
Looking at communication flows, so anomaly and threat detection. So are these devices communicating to malicious IPs? Is a medical device got access to the internet? Again, it’s all risk? Yes, but also the network segmentation device. Got access to the internet? Against all risk? Yes, but also their network segmentation. So a big part of what we do and one of the reasons why we’re here today at Cisco live is the segmentation piece is around. How do you build segmentation into a hospital network without knowing what’s on there to start with? And we create the smarts around that and we use clinical context from all of our thousands of customers globally to understand what those devices should look like and how they should be profiled and segmented from a security point of view as well.
Michael van Rooyen:
7:33
Yeah, fair enough too, and segmentation is just so fundamental from an architecture point of view, right? So what you’re really saying is being able to identify not only the devices that are on the network, because you know, you don’t know. What you don’t know is really the premise there. The second part is how are they operating? What, the, what are their vulnerabilities? What do we need to report on?
Michael van Rooyen:
7:52
And you certainly did touch on a great topic around not being able to just patch these devices because of the way they’re built and the way the manufacturer runs them and, as you said, regulators are very specific around not just being able to manipulate them in any way. Yeah, but it’s really core and fundamental, right. It’s something that people need to consider, just to make sure they’re aware of what’s on the network what, what, the, what the risks are for that. And then segmentation is part of good design, right. So you really are able to then help them with their journey, right. Do an assessment up front and then help customers with a roadmap journey on how to end up with a much better, secure and visible environment.
Jason Payne:
8:26
Yeah, exactly that. So we always look at risk and maturity. So when we take our customers on this journey exactly what you’ve said it all starts with the visibility. Once a customer’s at the visibility stage, we look at the maturity as the maturity increases, the risk decreases. We look at the maturity as the maturity increases, the risk decreases and that flows through and then going from that device profiling to mitigating on vulnerabilities, putting policies in place so that we can compensate for anything that’s potentially at risk, but then obviously doing the alerting. So RO is an organization that has SOC service. That then getting that customer to mature and move to that point where we can provide those alerting to a SOC to be able to then mitigate and remediate when there’s potential threats that’s happening on the network as well.
Jason Payne:
9:18
So, that takes all the way through from low maturity high risk all the way through to yeah high maturity and at a lower risk.
Michael van Rooyen:
9:27
Right and look under Clarity Healthcare. You know you obviously work with a lot of healthcare providers, you know, on a global scale, so getting great insights and intelligence into what’s happening from a medical point of view, you know. Can you touch on? You know the continuous explosion of new devices because people have got this thing called internet and cloud and we just buy devices and, great, we can get much more data out of it, which is fantastic. Right, it has a business benefit, but of course that increases risk and off the back of that, you know, can you touch on what you’re seeing as kind of some of the most common you know vulnerabilities or specific vulnerabilities you’re seeing in the medical field?
Jason Payne:
10:04
Yeah, vulnerabilities or specific vulnerabilities you’re seeing in the medical field. Yeah, so if we look at our customer base, we look at our thousands of customers globally. We just obviously released a report showing that we’ve just tipped over 20 million devices which we’re monitoring globally.
Jason Payne:
10:18
So we’re currently monitoring those over 20 million medical devices and the benefits of doing that is we’ve got this huge data lake of these medical devices. We know what firmwares are on, we know which ones have got exploitable, known vulnerabilities. So known exploitable vulnerabilities and really what we’re trying to do here is bringing all that information together as a knowledge base and sharing. So when you look at one healthcare delivery organization, they’re probably going to have very similar devices to other. But when you talk about putting in controls and patching and things like that, why would you patch one device just because the manufacturer has brought out a update for it and typically updates are usually brought out because there’s a vulnerability. But you want to know that that is safe. You don’t want to just update your medical devices with a known patch that may not be stable. So again, we can bring a lot of those smarts from what we’re seeing from a global point of view as well. So that’s one of the benefits of what we see by having a specific healthcare product that’s monitoring all those devices.
Michael van Rooyen:
11:25
Yeah, that’s fantastic. I mean it’s been such good intelligence right and just seeing. I guess the other benefits you’ve got with such a global footprint over those thousands of customers and millions of devices is you know, as net new devices are popped into, these new vendor joins the portfolio. You know there’s always medical conferences with some new device or widget that is able to help medical practitioners and people on the floor do their job nurses, et cetera. But you know the ability to be able to quickly identify those and then tell customers you know we’ve identified this problem or when a security vulnerability is announced, at least you can give them that intel insights without them being kind of blind. Right is so critical when we particularly think about you, think about hypotheticals around threat actors shutting down medical devices and people passing away.
Michael van Rooyen:
12:11
I mean that’s plausible reasoning, but something that gives it that fantastic visibility right.
Jason Payne:
12:18
Yeah, and we see all sorts A part of what we’re doing from the visibility point of view. You can see medical devices sitting on guest networks and we’re not seeing hundreds and hundreds of them, but they’re happening. Pretty much. I would say most healthcare delivery organizations are going to have some misconfiguration where they may have a patient device or a medical device which may be on the guest network.
Jason Payne:
12:38
So, obviously, that’s a huge red flag in terms of what we’ve seen Doctors updating their Teslas from the car park, the internet connectivity again, we’ve seen those that are coming up on there as well. So these are all things that do pose risk, because the adversaries again are looking for the weakest point, and that could be the weakest point that suddenly there’s access to something and ultimately the bad guys they want to shut the hospital down. Of course, and ultimately the bad guys, they want to shut the hospital down because they can demand a huge ransom, because patient safety is paramount. So what do the hospitals do? It’s like we’ve got control of the hospital and it could be through something very similar, it could even be like a vending machine. And then what are the hospitals going to do? Are they just going to sit tight and go?
Michael van Rooyen:
13:23
we’re not going to pay the ransom and you can’t take people into operating theatres, so it’s paramount that they know what’s there and what the risk is for them to be able to do that and it’s interesting you touch on that Gardner said last year, I think, at one of the symposiums, one of the key messages is realistically, these devices are critical infrastructure, right, no matter how you look at them, whilst it’s in the medical field, they provide a critical service.
Michael van Rooyen:
13:44
And they were saying that really, the threat actors are on a mission to literally cause physical harm to really prove their point right. And it just continues. And you touched on the weakest link, right. So not being able to know what your weakest link is, how can you remediate? And that’s where Medicaid sorry Clarity Healthcare comes in. If I was then to think about the threat actors, is ransomware attacks, you know, still the most common thing you’re seeing in healthcare. There’s been a number of incidents globally of those. Do you think that, because of the sensitivity of the PII information and those devices, that’s still a target on how to get customers to pay ransom is through ransomware?
Jason Payne:
14:20
Yeah, I mean, look, you’ve touched on two points. There is ransomware is certainly going to be the main motive, because they can charge a huge ransom. You can’t just have a hospital shut down.
Michael van Rooyen:
14:32
It just can’t happen.
Jason Payne:
14:33
So ransomware attacks we’re seeing more of them but then we are also seeing patient data and information that’s been stolen, and that’s not necessarily through the hospital network. So we know we know the big breaches, what happened and medibank breach and so and so forth that there’s there’s a lot of patient information that’s been stolen which is not necessarily linked to the patient care in the sense that, okay, still, the patient information, yeah, you can do a lot of things with that. But shutting a hospital down, stopping people going into surgery because you’ve taken control of the network, is something completely separate, which is much graver consequences in terms of people’s safety and their lives. So, um, they’re both really bad things to happen is that you get your your personal information stolen, but it’s not necessarily going to kill you, yes, whereas if you’re stuck in an elevator that’s stopped because the hospital can’t get you to operate in theatre, then you’ve got a big problem?
Michael van Rooyen:
15:30
Yeah, of course, absolutely. And pivoting away a little bit away from the healthcare the sector, I just wanted to touch on a little bit around your career in channel partnerships. Can you give advice or touch on how you build a real strong channel relationship, particularly here in the ANZ region, knowing you’ve been in other areas?
Jason Payne:
15:49
Yeah, my background being channel, I understand the importance of channel partners. What they bring the channel ecosystem, is what enables a vendor to scale Services that a channel partner offers and their reach into the markets which we want to get into, which we can’t do on our own, is absolutely crucial to us. So working with our channel partners and having them do what Auro are doing is building managed services around a solution and a business outcome is crucial to success is having that services element. That’s important to the partner as well and from my background, I understand it from all sides. So I understand the distribution side, I understand the partner landscape, I understand the vendor landscape, so I understand what’s important to each person and I think we’ve been very successful in the last 12 months in this healthcare sector yes and what we’ve done with our partners is because personally, I know how how operate and what they require from the vendor to be successful, and I think that’s extremely important.
Michael van Rooyen:
16:49
And off that note, what are the kind of qualities knowing you’ve been on?
Jason Payne:
16:52
the other side, what are?
Michael van Rooyen:
16:53
kind of the qualities you’re looking for in the ideal partner.
Jason Payne:
16:55
Yeah, so a partner who’s going to invest in technology and that’s in training partner who’s going to invest in technology and that’s in training, so ensuring that they’ve got adequate skill sets to be able to support the solution, not only in a pre-sales but a post-sales function as well, because that’s going to be where the partner.
Jason Payne:
17:10
We want to make sure the partners are making money, they’re not just selling a product and walking away to the next deal. We want the partner to be a part of the life cycle journey with the customer. So a partner needs to invest in the training so their pre-sales people understand the product, they can scope it and then they can present it and sell it. Sales people need to be able to articulate it again. So it’s important for the partner sales people to understand and they can deliver the same message as we do as the vendor. And then the postales is really where the customer is going to get value, because we want to ensure that these customers remain with us for a long period of time, and they’re only going to remain with us for a long period of time is if they’re happy.
Jason Payne:
17:53
And our partners can provide that in terms of that post-sales customer success part being with them on the journey, ensuring that they’re getting value out of it, ensure that’s mapping back to maybe a managed service that they’re providing and strengthening that relationship. So we want our partners to strengthen their relationship with the customer for our engagement as well.
Michael van Rooyen:
18:10
Yeah, that’s fantastic, and can you just talk a bit about in your sales director kind of role? How do you approach engaging healthcare providers to really understand the unique challenges in dementia? I know it’s your lifeblood, so to speak, pardon the pun. Maybe you could talk a little bit about that. It’s really interesting from how people engage particularly with healthcare. And then if I think about how regulated that industry is, what are some of the methodologies of your approach to do that?
Jason Payne:
18:35
Yeah, so we’re not a huge team, especially our healthcare team.
Michael van Rooyen:
18:38
We’re not huge.
Jason Payne:
18:39
And if you look at the private and public sector, yes, across australia, yes, there’s a lot to go after.
Jason Payne:
18:44
Yeah, public sector has all its nuances, the politics involved around local health districts and how it’s, how they, how the public sector, split up, and our partners obviously have a lot of expertise to help with that.
Jason Payne:
18:57
So typically, what we’re seeing is is that when we’re reaching into these markets, especially the public sector, we ideally want to be at the top. So we want to be working with the departments of health, but it’s a very long journey for a department of health to choose on not only a partner but also a technology. So that means, then, that we’ve got all the other tiers are below. So when we’re looking at introducing our technology to healthcare delivery organization, even be the public or the private sector, we need to foster those relationships, and typically they can be built based around, possibly, some projects that the partner is already providing to that healthcare delivery organization. So it may be that you’re looking after the network, it may be that you’re looking after a managed service for security of some kind, and then we can look to pivot off that to say, well, what are you actually doing around monitoring of healthcare devices and what?
Michael van Rooyen:
19:53
are you?
Jason Payne:
19:53
doing so. From our side, we are approaching those customers and we’re looking at kind of our four key use cases around visibility, vulnerability, risk management, anomaly and threat detection, network security and clinical device efficiency, which is kind of how our product works. But we’ve got various stakeholders within those customers and typically the stakeholders are going to be your network team, your security team and your biomedical team. So we need to bring those teams together. So working with a partner, a partner such as Oro will have a relationship with one of those teams, if not more, right. So that’s how we want to work together. There’s no point us trying to go in on our own and trying to get across all the state and territory health sectors and across all the individual health services and health districts. We can’t scale. We need to go in with that common approach to be able to have those meaningful conversations with the security teams and the network and biomed teams, yeah, because I mean they’re really blending right.
Michael van Rooyen:
20:58
Technology is core and fundamental to everything everyone’s delivering today. So being able to engage with the business and also work through the tech stack, you know, even we see the convergence of the network and security teams working together. Then we add you know, this kind of medical field, we add IoT. It’s kind of this real convergence we’ve been talking about for a very long time is finally here, talking about scaling out and other components. You know, if you think about the, we have to talk about AI, of course, but if I think about it from a medical view or you know, it’s really seeing AI and machine learning reshaping the industry and security solutions. Can you talk a little bit about what you guys are doing in that space? You know how you’re leveraging that, considering the data set you’ve got.
Jason Payne:
21:37
Yeah, so a lot of what we’re doing with the AI part and machine learning part is around our data lake and what we’re collecting and what we’re knowing about medical devices and what we’re seeing. And when I mentioned those 20 million devices, we have to look at things like vulnerabilities. So there’s known vulnerabilities, there’s thousands and thousands of them, but what does that actually mean? You could go to a customer and go well, we found 20,000 vulnerabilities across 000 vulnerabilities across your environment. Okay, well, what am I going to do about it?
Jason Payne:
22:04
yeah you want to know known exploited vulnerabilities, because that’s the bit that you want to dissect and go. Well, known exploited vulnerabilities are going to be more important. But what does that mean to your organization? Yes, based on what we’re seeing through similar organizations, they’ve got similar technology who have potentially had that vulnerability exploited. So we’re using a lot of ai to work for our dollar lake of all of the devices that we’re seeing the firmware versions, but breaking it down to more meaningful, actionable items, which is don’t go and try and patch 20,000 devices because it doesn’t really matter and you’ll never, ever be able to keep up with the CVEs and the patches and everything else. But let’s look at the known exploited vulnerabilities, specifically those that are associated to a subset of technology which is in your environment, that’s where a lot of our AI is coming in, so it’s pinpointed for that particular customer.
Jason Payne:
23:02
So we can look at a customer A and say we know what you’ve got and we know where you should focus your attention, rather than having this minefield of devices with risks associated to them. And, yeah, trying to make it more meaningful, to give them the tools to be able to quickly remediate what they have to.
Michael van Rooyen:
23:26
Yeah, yeah, it’s fascinating. And if I think around then you know you talked about SOCI before. You mentioned SOCIAC, which is very, very critical for Australia.
Michael van Rooyen:
23:33
The government’s really focusing on how we secure critical infrastructure and medical obviously is one of the key pillars to that. Can you talk a little bit about what you’re seeing customers do from the medical field around the supply chain of that, because everyone thinks about Sockie as its own entity or for that entity, but we’re now seeing a lot of discussion around the supply chain being. Part of that Is that some of the conversations you’re having with customers as well about how that blast radius is extended.
Jason Payne:
23:59
Yeah, so a piece of work that I’ve looked at personally. So you may or may not know, and you might be amazed to know, that out of all the hospitals public and private sector hospitals across australia, only 91 hospitals are designated sake hospitals all right. So the way the government defines which hospital has to comply with SOCI is based on does it have a critical care facility or uni?
Michael van Rooyen:
24:27
Yes.
Jason Payne:
24:27
So I look at this and go well, every hospital that’s got patients, regardless if it’s got a critical care unit, intensive care unit, they frame me. So out of the hundreds of hospitals we’ve got in Australia, only 91 of those have to be compliant for.
Michael van Rooyen:
24:47
SOC-E Wow.
Jason Payne:
24:48
And it all goes back to politics again, because if you say all the hospitals have to be compliant, they’re going to need money to be able to do it. So where’s that money going to come from? The government’s going to have to find it to actually pay for it. So what they’ve said is okay, okay, we’re going to take a subset. So those 91 designated sake hospitals then have to have those requirements in place which we can help with and we can.
Jason Payne:
25:12
We can do that work with our partners as well. Which is how do you know what those critical assets are? How do you, how do you map that to sake in terms of that supply chain of? Okay, what does that supply chain look like? Or what are those devices that may have to be reported on for SOCI to Home Affairs? So we help with that and we do the same with Essential A. So all these hospitals have to be. There was new requirements coming out with Essential A that known vulnerabilities have to be remediated within a certain time frame as part of Level 1, Essential 8.
Jason Payne:
25:45
But again, you need to know what you’ve got to be able to remediate those vulnerabilities, and that’s how we can help our customers as well with things like that, yeah.
Michael van Rooyen:
25:55
Looking forward to the future, what are the trends and developments you’re seeing on the horizon for the healthcare? Iot, iot, security, security and just the cybersecurity aspects as a whole?
Jason Payne:
26:06
Yeah. So a lot of the CISOs we’ve spoken to in healthcare is they want a standardized framework, especially for medical device manufacturers, because medical device manufacturers.
Jason Payne:
26:17
They’ve all got proprietary protocols. They’re all using different encryption methods. There’s not a standardized framework, which has happened in OT. So we need to get the healthcare organizations together to lobby towards a standard framework, because we’re seeing things like, okay, tls encryption on certain medical devices, and again one manufacturer will use one way of encrypting the traffic and another one will use something else, and we can see certain things in one header we can’t see in another header, and you’ve got TLS for wireless devices. There’s all these different methods that, from a security point of view, everyone’s trying to be at the forefront to ensure that they’re mitigating the problems. But it’s not standard across the industry. They’re all doing their own things.
Jason Payne:
27:09
So, I think what we need to see is we need to see standardization across medical device manufacturers.
Michael van Rooyen:
27:15
Of that, is there some innovations that you’re allowed to talk to Because I’m sure there’s always some skunk works going on with what you guys are doing but some innovations and capabilities that your team’s bringing to the healthcare sector or other sectors?
Jason Payne:
27:27
Yeah, so we’ve got various facets of how we develop our products. We’ve got Team 82, which is a threat team, so our threat team are constantly looking at ways to innovate based on what they’re seeing from a threat point of view. So they’re actively looking at ways devices can be exploited. We also obviously take a lot of feedback from our customers as well. So one of the things which we’re proud of at Claroty is part of our ideas portal that we have, where our customers can submit what they want out of our platform and what they want us to put our development and research into. So, again, we’re looking at that as well.
Jason Payne:
27:59
We’re actively talking to medical device manufacturers to get an insight into what they’re doing. So outside, outside of not having a common framework or standards with these manufacturers, we’re also looking at ways that we can integrate better with them, because what we want to make sure is that we’re giving customers the best visibility into those devices and what’s happening on the network. So a lot of what Clary does as well is that we’re doing a lot of research and development, working with medical device manufacturers to pull integrations from them as well, so enriching information that’s coming back from these manufacturers whilst they develop their own kind of security measures as well. So there’s a lot of stuff we’re doing there in the background to ensure and we need to do that because we need to stay relevant. So of course, that’s a lot that we do in terms of strengthening and broadening out and also through our alliances as well. So we’ve got we’ve got a good, good strategic alliances as well yeah, fantastic, yeah, that, that, that’s, that’s, uh, you know.
Michael van Rooyen:
28:58
Again back to that in a starting point, right, if you can do that. Very interesting, as we get closer to the end of our discussion today, which has been very insightful, is, um, you know what? What advice would you give healthcare security leaders or operators, or in the tech space there who are looking after these facilities around some of the challenges that they’re facing in securing these devices, particularly as we see? The continuous explosion of digital transformation, explosion of devices, iot, et cetera. Yeah of digital transformation, explosion of devices, iot, et cetera. Yeah, yeah.
Jason Payne:
29:27
As more and more devices are coming on the network, actually what they do and how they communicate and the characteristics of those devices, and it’s becoming a bigger and bigger problem, as you mentioned, as more and more things get connected. So from a security point of view, you need to understand what your risk profile is, and that’s not. I’ve got all my medical devices in a CMDB or in a database that says, well, okay, I know what those are, okay, that’s fine, but a database is not going to tell you what the risks are associated to them. So for healthcare delivery organizations, they all need to have a baseline understanding of what’s communicating on the network and, as I mentioned before, even if they’re in a low maturity phase, they need to know what that risk is, because without it, how can they report those ones that are psychic? How can they report? They can’t if they don’t know what they’ve got.
Jason Payne:
30:20
So my advice is to healthcare delivery organizations and hospitals understand where that program of work fits in in the broadest scheme of things. So they’re all allocating budget towards security and what that looks like and securing patient records. But you have to go broader than that as well, and and sometimes it can be an area which, uh, it’s a nice to have, yes, rather a must have. Yes, and we know the must haves. Everyone’s got firewalls and corporate security for the network and everything else. But is it a nice to have? It can’t be seen as a nice to have.
Michael van Rooyen:
30:57
A hundred percent.
Jason Payne:
30:58
They have to have this because that is where the bad guys are going to come in, of course. So, even if they want to start at a very, very small point, which is just visibility, so even if they want to start at a very, very small point, which is just visibility, and then understand how that’s going to build into their broader cyber strategy, build something into that strategy that takes into account visibility of your non-managed devices and I’m talking about medical devices. Yeah, of course, look that’s fantastic advice.
Michael van Rooyen:
31:22
One of the last questions I’d like to ask participants of the podcast is to tell me about the most significant technology change or shift you’ve been involved with or seen during your time in the industry, and that doesn’t have to be particularly around medical or channel, or anything that you’ve been involved with before Could be, you know, outside of your domain or in your domain.
Jason Payne:
31:45
Like what’s the most significant thing you’ve seen, impact us or you’ve been involved with? I think, as of today and even seeing what we’re seeing around, this conference is AI.
Michael van Rooyen:
31:52
Yes.
Jason Payne:
31:55
It kind of blows your mind, yes, what we’re seeing. And you look back in the future and I’m an older person in this industry now and you look how technology has moved along. I mean, everyone’s talking about AI and artificial intelligence, but it is kind of real now and if you look you mentioned chat, GPT and it’s amazing how technology’s moved from now. We’ve got all this AI and all this information and all this data and you’re seeing these robots that Elon Musk is making and other companies are making and it is scary and you think that everyone’s talking about. In the future, you have a robot at home doing things for you.
Michael van Rooyen:
32:36
The Jetsons right. Yeah, that’s right.
Jason Payne:
32:39
And you aren’t starting to see that happening. So for me how it has come about. And I remember in one of the oldest search engines before Google there was a search engine prior to Google, around the same time, where you were typing something, you’d ask a question.
Michael van Rooyen:
32:57
Right.
Jason Payne:
32:57
But you never really had the smarts to really answer the question properly as opposed to what Google can do now and what AI can do. It just blows my mind a little bit where it’s come from. Oh look, it is amazing.
Michael van Rooyen:
33:07
mind a little bit where it’s come from. It is amazing, right.
Jason Payne:
33:09
Einstein. Was it Einstein or?
Michael van Rooyen:
33:10
which one? It was yeah, yeah, yeah. But I mean their vision was effectively what we’re seeing now with AI. Right, I mean asking that and understanding context and as we build out, I mean it is phenomenal.
Michael van Rooyen:
33:21
And then I think about you know the data behind that, the networks to support that? Yeah, you know. Know the, the data behind that, the networks to support that? Yeah, you know industry? Uh, one of the reasons in our industry and love our industries it just continues to change, right, it evolves, yeah, all the time. I think we’ve all been very beneficial in, in enjoying that journey. Yeah, it always surprises me when we think we’re kind of capping out on where we think should be it. Just something else comes left field, right.
Michael van Rooyen:
33:41
So yeah and, look, I appreciate the time today having having a chat to me. It was an excellent conversation, you you know, regarding, you know really, the visibility and all things in that, and particularly medical for those who hadn’t really heard about the space. So again, jason, really appreciate the time. Yeah, pleasure.
