This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

So this framework works for you to make things a lot faster, smoother and simpler.

Welcome to This Week Health. Today, we're doing a continuing six part series. This is part two of the series, Zero Trust Hospital, the CXO Vision. It's a new book by Zscaler, and I'm lucky enough to have one of the authors, Tamer Baker, the healthcare CTO for Zscaler with me.

I'm Drex Ford, president of Cyber Risk at This Week Health and the 229 Project. And Tamer, welcome to the show.

Thanks for having me. I always love hanging out with you guys.

Yeah. Thanks. We love it too. We've spent a lot of time together. We commiserate a lot over our Air Force days and all of that too.

Tell me about some of that.

Yeah, think we touched on it and hinted on it on the first episode, but of the strong benefits that we think about is being able to be adaptive and innovate faster, right? was mentioned in the first episode how you want to do something new, whether it's an M& A or a new project, and you talk about the broken glass, right?

This is, a lot of exceptions just to get something done ready. The benefits of this architecture operationally mean, once it's in place, You can do all these changes and new implementations and new projects in M& A and all the plumbing is already there. All the architecture is in place now.

All the 20 years of legacy systems that we're constantly trying to, small increments make better once all those headaches go away and you've revolutionized into something that's more of a sass security and more easier to implement . Those benefits pay dividends very quickly because now your team can focus on other things.

And you can have a lot less human capital hours spent doing things that are just, infrastructure related as well as security related.

I feel like a lot of this just we talked about change a little bit in the first episode too. So I would encourage to go back and watch the first episode and all the episodes obviously in the series.

And so tell me about the trauma or the challenge of the change and how you help folks think through that.

A great analogy our CEO has used multiple times that I think I'll bring into this conversation is, it's the difference between when you had a DVD player at your house and you wanted to start a Netflix streaming service, right?

Zero Trust is that Netflix streaming service now. It's simple, it's easy to use for your users, it's much faster to stand up, much faster to add movies to watch your next series, et cetera, whatever you want to do. Continually trying to update and upgrade and move my security appliances to the cloud, but I'm still managing and maintaining it.

That's what zero trust looks like. That's what this architecture we're talking about. When we think about change and modernization, that kind of change is easy to pick up right when it becomes simplified instead of all those DVD players you're trying to manage.

and all those DVD players are also different brands and they all have different remote controls, right?

It's all that. I love that analogy. Definitely will be stealing that one from you. So we talk about risk management. And, managing risk, identifying risk, prioritizing risk. A lot of our decisions about our investments are made because of risk that we bear from the projects that we do, or changes that happen in the environment.

How does the work that you guys are doing, how does that? tie into this risk conversation and the benefits that can come from seeing and managing risk.

And everything has to revolve around that and the four walls, castle, etc. Once we've exploded into users being everywhere, data being everywhere, applications being everywhere, cloud, remote, et cetera, all that did was expand your footprint, right? So your attack surface now is like exponentially greater.

You're the bad actors can find you very easily, much easier because you have way more things to find. Now one of the huge. Risk benefits that we talk about from a zero trust perspective is that it removes that external attack surface. You hide anything externally exposed. So you hide applications that have an Internet address.

But if I remove the attack vector to it, so that actor can't even see or find that application to exploit that vulnerability. Where's the risk really? So the risk dramatically gets reduced on patching that CVE now because I can't even access it as a bad actor, right? So that's one simple example of how we reduce risk with zero trust.

One of many, I should say.

Yeah the reality is to we see more of those critical CVEs come out every day, like with a score of 10, they've got to be done patch them right now, but you can make a different decision about no, that's not really important for us to patch because nobody actually can see it or nobody can get to it too.

Especially within the last year, the number of CVEs and vulnerabilities that are exploiting security appliances, which we'll talk about later in a future episode, but it's so much effort to constantly stay on top of these patches and operationally speaking, it gives your team a break.

I like it. It's a lot of patching. If you do it, I guess

if you do, it's a good point.

I was going to ask you a question about, doing more with less and how zero trust lets healthcare organizations do more with less. That's obviously one example. Are there other examples?

Yeah. When we think about the entirety platform more with less really is, Taking out a whole bunch of single one off type of platform or, pieces of software to do a job.

So I talk to smaller healthcare organizations all the time as well, where they might only have a team of three or five or ten, whatever it may be. Being able to implement something like this, which modernizes the way you do infrastructure and security, means you can get a lot more done. With less vendors to deal with, less management of those tools and less people to do the work.

It makes it way simpler for those smaller organizations as well.

The beauty of it is that we usually talk about do more with less, and it just means work more hours. The Zscaler version, the Zero Trust version of do more with less is do more with less by taking out waste from the current architecture design you have, the current workflows that you have, operations that you have, which frees time for you to do the other things that you've always intended to do.

Yeah, so this is a huge part of what we talk about in the book at some point, too, where we can't do anything.

Like digital modernization, while keeping in mind the clinician and the patient experience. This removal of all these old clunky systems, the thousand DVD players in the cloud, makes it so much more seamless and user friendly. So your clinicians can operate seamlessly and where security happens in the background and they don't even realize it happens.

One less agent, one less click, one less login. et cetera, because it all works seamlessly for them. They have more time with their patients because of this. Another great example, huge squeaky wheel oftentimes, especially since COVID is the remote radiologist, right? That's another big component that we think about and the pains that they go through.

The number of CTOs that have come up to me and told me how pleased they are because their squeaky wheel has been oiled that being the radiologist. that are out sitting on a beach in Maui are now happy customers of theirs. That's a big win from a zero trust architecture perspective.

I love that it scratches, the itch on both sides of the coin, right? , it makes it easier for. The end users, they're happier with it. It lets them be more productive. That's a good financial benefit to the organization, but it also just makes it easier from an operational perspective to run.

That's really cool. Hey, I appreciate you being here today.

Yeah, thanks tuning in to Episode 2 of our Zero Trust series. If you want to dive deeper, you can pick up a signed copy of the book at either VIVE or HIMSS.

Plus, you can get the accompanying Architect's Approach Guide for your team. And if you can't wait, if you're like Tamer and you're impatient, you can register. With the link that's provided in the video description, and you'll get the book automatically in your inbox. During VIVE, we have four more episodes in this series.

Don't miss our special webinar with industry experts on March 27th. And you can register for that at thisweekhealth. com slash zero trust. Thanks again, Tamer.

Thanks Drex.