June 22: Today on the Conference channel, it’s an Interview in Action live from HIMSS 2023 with Marcus Henderson, Senior Platform Solutions Architect at Rubrik and Mike Lonze, Global Black Belt at Microsoft. How does Rubrik's partnership with Microsoft Azure benefit customers who are transitioning from on-premises data centers to the cloud, specifically in terms of data protection and observability? What is Rubrik's approach to cybersecurity and how does it address the increasing frequency of cyber events and ransomware attacks in the healthcare industry? When migrating health systems to the cloud, what are the practical steps involved in moving Epic and other systems from on-premises infrastructure to Microsoft Azure?
"The Patient Experience - A Technology Perspective" is a live webinar that explores the intersection of healthcare and technology, focusing on enhancing the patient experience. As healthcare systems prioritize patient-centered care, leveraging technology becomes crucial. Join us on July 6th, 1:00 PM ET and join the discussion! Register Here. - https://thisweekhealth.com/leader-series-the-patient-experience-a-technology-perspective/
Donate: Alex’s Lemonade Stand: Foundation for Childhood Cancer
This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.
Welcome to this week, health my name is Bill Russell. I'm a former CIO for a 16 hospital system and creator of this week Health. A set of channels dedicated to keeping health IT staff current and engaged. Today we have an interview in action from the 2023 Spring conferences, vibe in Nashville and hymns in Chicago.
Special thanks to our cDW, Rubrik, Sectra and Trellix for choosing to invest in our mission to develop the next generation of health leaders.
You can check them out on our website this week, health.com, now onto this interview.
All right. Here we are from him. It's 2023 and wow, we got the casino going next to us. This is pretty exciting. We're in Chicago and we're in the rubric booth and I'm here with Marcus Henderson and Mike Ron. Marcus. Marcus is with Rubik. Mike is with Microsoft. And we have a conversation I'm excited about cuz I'm hearing Epic and Azure everywhere I go.
And Help me understand how Epic and Azure relates to Rubrik.
Rubrik has been a really strong partner to our customers, bringing on premises protection for a long time now. And, in a natural motion, many of our large hospital systems are looking to get out of the data center business and move into some of those public cloud providers, Azure being a prominent showcase of that.
And so, you know, Rubrik naturally wants to follow them up into that system and provide all of the same goodness that we've always done on premises. Things like industry leading speed to recovery as well as data introspection and data observability against those same tool sets.
So, for us it's a very natural motion. We've always been cloud first from our design. And as our customers are starting to adopt these additional tool sets, Microsoft makes a great partner for us to extend that out.
So, talk a little bit about, what's distinct about Epic and Azure that requires people to maybe think differently about how they're doing their backups?
Or maybe it's the new security posture that we have to consider.
Yeah, absolutely. So, it is a little bit of a different operational model when we move from on premise to the cloud. From to the cloud, right? So we have to have a new tool set a little bit different than on premise. And that's where actually a partnership of rubric brings some of that same doing and that same skilling to ease the burden of operations for the staff to run epic on Azure.
So our focus is enabling our customers to come to bring their epic to Azure. And be as successful as possible. And bringing along the tools they know and love, like Rubrik, is a big benefit of what, why we want to see them
You know, it's interesting, I was talking to some CIOs, and every time I ask them, you know, how are you making the migration and what not, Rubrik always comes up.
Why does Rubrik come up? Why aren't there, why aren't other solutions coming up?
I think there, there's a couple things that are , on the forefront of a CIO's mind. the first obviously being The strict rule set that EPIC puts in place to help foster best practices. We all know that as honor roll.
EPIC has always, tried to use that as an incentive to, adhere to best practices. Rubric, just by virtue of running on our platform, is able to achieve many of those requirements. In a, more turnkey solution, just out of the box by virtue of running it. And so we're able to, align to that.
And in addition to that, the other thing that's often on the forefront is cyber security. And, us, that's at the forefront of our mind. That's our focus. And so with Rubrik, we're able to achieve those kind of base layer functions around, Hey, did I get a backup last night? Am I able to, speak to my recoverability?
But then also provide observability on those tool sets. Because we back it up every night, we have to know what the entropy and what normal looks like for those workloads. And we can pass that back, to our clientele.
I'm going to come back to you and talk about cybersecurity and that concept around the backup.
I want to talk a little bit about the process of health systems that are now looking to move to the cloud. In a more robust almost rapid fashion, to be honest with you. you know, Microsoft is one of the big winners here. Because we already have a relation, a lot of health systems already have a relationship.
You just click the box and now all of a sudden you're doing... sequel in Azure. You're doing and now all of a sudden it's, we're doing epic in Azure and those kind of things. What does it look like to make that migration? You talked a little bit about the operational changes, but let's just talk almost practically about how do I?
Take what I have on prem and get it into the Microsoft cloud.
Yeah, absolutely. So it's it's a great question. And we see it. It's like in waves, right? So we take this very prescriptive approach with organizations and some folks can deviate from that path based on what their business requirements are.
Maybe we want to do disaster recovery first, which we see a lot of, but when we're talking about a full data center exit, moving all of epic and everything else alongside it, where we like to start is, hey, let's start in the non production environment. We're running epic. A lot of different systems. So we
have the so, so test dev or more like dr,
no Test Dev, right?
So yeah, test dev in those training environments, cuz every version of Epic, right? We wanna make sure that the clinicians and the staff that are leveraging Epic are trained. So that's a great first target of like, hey, we're getting our operations staff, you, you know, geared towards delivering Epic in Azure or actually having.
Live end users, but we're not doing patient care. So we start with those dev tests, get into training, then we migrate into D. R. And then one of our approaches is D. R. Is now an active target, and it's just as customers exercise D. R. On a annual basis, fail over into Azure, activate D. R. That now becomes production.
Well, that's running are on premises now. Our old D. R. R. D. R. And we're going to build up another environment which eventually becomes production. And so we give them this, nice clean migration path from start to finish to bring every system is bad.
I'm curious as we move to the cloud, way we were moving to the cloud back in 2012 and we had to worry about latency and bandwidth latency and all those kinds of things.
Are those still major concerns or have we worked through those?
We have to cater it to each organization, right, and scale up. So that's a component of, like, what is needed for each individual organization and scale up the bandwidth. As far as latency is concerned front end of Epic is typically delivered via Citrix or VMware Horizon.
We're starting to see Azure Virtual Desktop in there as well, and that's very latency tolerant. So all the back end components of Epic are running inside of Azure, which is that's where we see that latency sensitivity. We're then delivering out to the end user. We're using a remote protocol to deliver that and deliver a good solution
Latency tolerant.
It's the first time I've heard that terminology. I'm going to use that again. I want to talk about the security. So, one of the things that we saw, and it was probably about a year and a half ago, we saw significant breaches. We saw, obviously Scripps was of those, University of Vermont was one of those Sky Lakes Medical Center, there was a couple others.
Big time, bring it down for a month kind of things. And that's probably one of the first times that backups really became... national news, Why can't we restore? What does Rubrik bring to that, to that equation?
Sure. So when you think about, traditional backup and recovery, you're hyper focused on, traditional concepts like, like Dr, hey, there's a fire, an earthquake, a tsunami, what have you.
But how often do those happen really? And then when you compare them, exactly. You know, In times, right? But when you compare that to, the resurgence of, of cyber events, those are going to be much more common. And so when you think about the timeline of a cyber response, there's all this work that has to be done.
Identification of blast radius, understanding and categorizing any sort of sensitive or regulatory data that you have to report on. As well as, what do I even recover to, from a production perspective, as well as when, so I can prevent reinfection. And it's all of this stuff that has to happen.
It's extensive work. And it's only at the end that the traditional backup product, comes in. And then it's like, okay, well, how fast can you recover? But there's a lot of hurry up and wait. And so, for Rubrik, we looked at that and said, Guys, I mean, we're, leaving, we're leaving things on the table here.
We need to be part of every point in that interaction. And so for Rubrik, where we fit in, is as systems are compromised, because , we sort of operate under a, assumed breach model, because there are, zero days out there. We give you a blast radius because we can tell what normal looks like because we're backing up your things every day, right?
We're going to give you the ability to immediately categorize the data, both in a proactive or reactive capacity with built in scanners to introspect your files. And then we're also giving the ability to threat hunt against these offline backup copies so that you can find those dormant indicators of compromise and you get an understanding, okay, well, when...
when should I recover back to? And we'll actively quarantine those dormant indicators to help you, as part of that process. And so, as you work through your timeline, a typical response is 20 plus days. I mean, how many hospitals can be down for that long without severe financial impact?
We're answering those questions for you immediately. As soon as it happens, as soon as we ingest that data. From a backup perspective, and you know, it's a layered approach. But by using those tool sets and by layering in our ransomware response team, which is a dedicated team that just does this 24 by 7 all day, all the time, we're able to drive some really positive outcomes.
And, it kind of makes our slogan. Don't pay the ransom. Make a little bit more sense. 📍
We'll get back to our show in just a minute. Ever wonder how technology can reshape the patient experience? Join us for our next live webinar, the Patient Experience, a Technology Perspective on July 6th. At 1:00 PM Eastern Time, we're bringing together expert speakers to dive into the intersection of technology and healthcare.
We're gonna explore topics on digital health tools and the impact of ai, blockchain, and other things around this. Whether you're a CIO or part of a healthcare IT team, we think you will gain practical insights from this discussion. Uh, don't miss out on this conversation. Register today at this week, health.com.
We hope to see you there. Now, back to our show.
it's interesting. Threat Hut. against the backup. Yes. That's a new concept for me as well.
Well, and so it's important, right, because a lot of times these cyber intruders will they'll be in your environment and they'll look and watch you.
Right, right. And they'll respond to you reacting to that event, and so they'll try to tighten the screws. With Rubrik, you're threatening against that backup plane. It's invisible to them. They can't see it. It's on our immutable platform. And so just that alone is very powerful statement. You're now able to attack this enemy in your environment in a bunker that they can't see any longer.
So I don't know what I don't know. So I don't usually end an interview with this, but I'm gonna end this with this question, which is what's the question I didn't ask that you think would be interesting to the community?
What I threw that question out because typically when I'm in the room with people who know a lot more about a topic than me, I know I didn't ask all the questions that I really should. I mean, what am I missing about? Either the movement to the cloud, the operational change, the backup posture, security posture, or the reasons that people are looking at rubric as a solution versus, other solutions
that are out there.
Yeah, so, I'll take the, you know, the first stab at this. I think, what's really attractive about moving to the cloud. Is this, enhancement, this capability to get out of the data center business, to have a, fully managed turnkey solution for these really complicated software interactions, right?
But I think the reason that Rubrik is being brought to the forefront is just because it's managed, that doesn't mean you're now absolved of all responsibility. It's a shared model. And so anything that you can do to enhance that posture further, because it's all about layers with security, we want to provide the data back to our customers.
And we want to pull in people that are not traditionally a part of the backup and recovery process. The InfoSec teams, the compliance officers, those type of people who are making those data driven decisions under, in high stress scenarios, what we're trying to do is give them a little bit more data. So that they can make those uh, decisions a little bit more clearly.
And we're doing that in a format that, like, yes, we have our own interfaces, our own UIs, but we also expose our APIs in a way that they can consume it in a format that's familiar to them. Maybe that's Microsoft Sentinel, maybe it's Splunk, maybe it's some other seam tool, but that's, our thought, in the market.
Fantastic. And I'd add on to that, I'd say, like, it's, the dynamic environment that it provides, like, being able to... Like leverage the rubric tools along with, Microsoft. Like they said, Sentinel, Azure Monitor bring all these things into the picture to give us a clean operational view, but also the dynamics from a scale standpoint of like if I need to go into recovery mode, I can start to point these into other Azure regions or even if I'm on premise, I can start to put this into Azure and dynamically scale out, right?
So I can rebuild my environment if the worst scenario happens at a rapid pace, right? We can target. That known good state that rubric has identified and restore that environment rapidly, that's one of those things and from an advantage standpoint that I see both Microsoft and rubric bring to the picture.
Fantastic. I want to thank you for your time.
Well, thank you very much. Thank you. Thank you so
much.
Another great interview. I wanna thank everybody who spent time with us at the conference. I love hearing from people on the front lines and it's phenomenal that they've taken the time to share their wisdom and experience with the community. It is greatly appreciated.
We wanna thank our partners, CDW, Rubrik, Sectra and Trellix, who invest in our mission to develop the next generation of health leaders. Thanks for listening. That's all for now.