Skip to main content

Search site

Find podcasts, news, articles, webinars, and contributors in one search.

Executive Interview
Executive Interview artwork

Browser Blind Spots and How to Pitch Security Upgrades | Google Fridays with Sebastian Estades

Questions Answered in This Episode

  • What browser security blind spots are silently exposing patient data in healthcare systems?
  • How can CIOs justify enterprise browser investment to CFOs through concrete ROI metrics?
  • Is your organization aware of which AI tools clinicians are actually using right now?
  • Can you detect patient information being copied to unauthorized cloud tools in real time?
  • How do you secure remote clinician access without overhauling your entire infrastructure?

About This Episode

Sebastian Estades, Senior Account Executive for Enterprise Platforms and Devices at Google, brings 15 years of healthcare software experience to a conversation that starts with a hard question: do you actually know what AI tools your clinicians are using? Drex DeFord sits down with Sebastian to dig into where health system browser security is quietly breaking down, why shadow AI usage is the gap most organizations can't even see yet, and how enterprise browser is building a real financial case against VDI infrastructure costs.

Key Points:

  • 02:30 AI Blind Spots in the Browser

  • 04:56 The Shadow AI Question

  • 06:19 Quick Start Enrollment Steps

Keep up to date on the latest in health IT:

https://thisweekhealth.com/news/

X: This Week Health

LinkedIn: This Week Health

Donate: Alex’s Lemonade Stand: Foundation for Childhood Cancer

Thank You to Our Episode Partner

Google Chrome

Contributors

People featured in this episode — open a profile for more.

Transcript

This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong. Browser Blind Spots and How to Pitch Security Upgrades | Google Fridays with Sebastian Estades [00:00:00] Drex DeFord: Hey, everyone. It's Google Chrome Friday, and today, uh, we're talking about the enterprise browser and security and ROI, and how to make the case for a deeper investment in, in an- in an enterprise browser program. This is all part of our Google Chrome Friday series for conversations running through the month of July, and my guest today is Sebastian Estades, Senior Account Executive for Enterprise Platforms and Devices at Google. Thanks for being here, um, I really appreciate it. Sebastian Estades: Yeah, thanks for having me, Drex. A big fan of 229, and it's been great partnering with you all over the last few years. Drex DeFord: , We've spent some time together at 229 project events, and I know you have a couple coming up. I'm not gonna be there, but you'll be able to see, uh, you're gonna see Bill and you're gonna see Sarah. It's great to have you on the show now, so this is kind of cool for me. Tell me a little bit about yourself, and then of course I have questions I'm gonna ask. Sebastian Estades: [00:01:00] Yeah, of course. So,, I've been with Google just over two and a half years now. Originally came in focused on healthcare, uh, and I have a long history of working with healthcare clients throughout my 15 years of, uh, software sales. So, uh, extensive background dealing with Epic, Cerner, you know, Allscripts, so on and so forth. I have a passion for healthcare, as that's what I studied in undergrad. Uh, so always great to, to get in front of customers in the healthcare space. Drex DeFord: It's always fun to see you in the mix with a bunch of customers too, because clearly that really is where your heart is. Um, so let me ask you a question. Well, I'm gonna ha- I have a few questions, actually. Um, where are health systems facing the most critical challenges around browser security today? Like, where are the blind spots that usually get missed when they're trying to protect patient data without breaking clinician workflow? Sebastian Estades: Yeah, great, great question. Um, in speaking to clients, you know, obviously every client's [00:02:00] different, but at, at a high level, the biggest challenges that we're seeing are, you know, there's... From the management side, there's the, "I need to keep up to date with the latest, you know, uh, vulnerabilities on Chrome," right? We're now on a two-week release cycle, so some folks are, are having challenges around just keeping up, right, with managing, uh, those updates, uh, with their ADMX files and GPO policies. So that's where we're seeing some folks come over to us and use our cloud console to manage updates, right? To keep up to date there. Hmm. Uh, I'd say from a user workflow and, like, risk perspective, a big security gap right now and a challenge that is driving most of our conversations today is around AI usage, right? Um, and uh, typically, there are blind spots there for, uh, organizations as far as user context and what's happening in the browser DOM. Uh, so, uh, most tools today rely on things having to, uh, get to the network before you see things that maybe shouldn't be happening, like copying and pasting of, uh, of [00:03:00] patient information. So- Right ... that's been a gap, and that's an area that we've been having a lot of, uh, conversations with customers about and helping them with, uh, on the browser side. Um, and I'd say lastly, uh, the, the last piece would be around, um, the unmanaged device access. So remote access for these individuals. Depending on the organization, they allow it, they may not, they may not allow it at all, or they allow it through, like, a v- virtual... virtualization technology or exposing their entire infrastructure via VPN. Drex DeFord: Yeah. Sebastian Estades: So speaking about how do doctors and clinicians access, you know, s- specific, uh, patient files from an unmanaged device while they're home pajama charting, right? So that's the other area as well that we've, uh, we've seen. Drex DeFord: When you're with customers and they get into the ROI conversation, what, what does the ROI conversation look like when a CIO's making the case for enterprise browser to a CFO? Sebastian Estades: there is a tool consolidation piece, uh, with [00:04:00] a secure browser offering. Uh, you know, we're taking elements of a SASE solution, some native, DLP solutions, uh, and baking it into the browser. So while not every customer, right, will be able to eliminate everything, they may be able to draw down on the cost of those tools, right? Maybe less licensing, maybe a different license tier. Uh, the other, uh, piece too is, like, uh, a lot of healthcare systems are relying heavily on virtual desktops, right? Infrastruc- VDI to deliver these applications. You know, secure browser presents a different way to securely deliver, uh, these critical applications in a way that doesn't have the backend infrastructure cost that you see with virtualization. And the beauty of this is, is that we've actually partnered, um, you know, with Citrix and Omnissa, uh, and who both, uh, have their, our solution as part of their stack as a way to help customers, you know, save costs on the infrastructure, uh, with those platforms, um, where it makes sense to. Drex DeFord: what's the question health system IT leaders should be asking [00:05:00] their teams right now, but they probably aren't? Sebastian Estades: Yeah, it's a great question. I'd say, um Do they know what tools, AI tools are, uh, you know, clinicians and doctors using? Like, how much shadow AI is out there? And some customers are asking the question, but maybe just, uh, don't have a, a reliable way to understand that and understand what, how many content transfers are happening to those sites. Um, so that, I think that's a question everybody has to ask. Everyone is using AI today, um, and whether you like it or not, so it's how do you understand what is happening? How do you, uh, provide guardrails and educate your end users on what they should and should not be doing, and what tools they should and should not be using? So that's an area on our end that we can help with, uh, you know, at no cost. You know, organizations likely already have Chrome browser being used by their, their users, right? It's, it's the number one browser, uh, used globally, so, uh, we are able to essentially bring in the browsers that already exist out there into a [00:06:00] console and give you nice reporting around what shadow AI usage or SaaS usage is happening amongst your users with no disruption to the users, right? So a lot of customers are starting off with that, "Let me, um, inspect what's going on before I make changes," uh, with our platform. So we could show that in a nice way, uh, to show what, what exactly is happening. Drex DeFord: How hard is that to do with a customer? Sebastian Estades: Pretty straightforward. So, uh, it's, uh, being on more on a technical front, uh, they would just push out a token, uh, to their devices via whatever mechanism, maybe Intune, right? To all their Windows devices and then, you know, Mac devices, uh, Linux, so on and so forth. And when they push that token out, um, the next time that browser res- restarts on that managed device, uh, it would then show up in the, in the console. At which point it could start collecting data on copy/paste, upload/download, content transfers, uh, what tools they're using, so on and so forth, just by pushing that token out, which has zero user impact- Drex DeFord: Hmm Sebastian Estades: um, to do. Uh, 'cause you're not changing, you're still relying on [00:07:00] GPO for all your policies initially until you migrate over. Um, but, but just by enrolling them, there's no user impact. Drex DeFord: You can't protect it if you can't see it, if you don't know what's happening- Right ... right? That's really the bottom line. Sebastian Estades: Exactly. That's how we start with all customers, so that's usually the, the first step. Um, even if they've already decided they're going to do secure browse and they already know what use cases are, usually the first step is let's just enroll all your browsers, pull reporting, understand what's going on, and then see if our as- assumptions were correct. And then build a plan to how to, you know, start rolling out policies, right? To, to, uh, enforce certain things that you want to enforce to the users. Drex DeFord: I like it. Hey, thanks for your time today, Sebastian. I'm looking forward to seeing you in person probably somewhere on the road sometime soon. Sebastian Estades: Yeah, looking forward to it. Thank you, Drex. Appreciate you having me. Speaker 5: thanks for joining this executive interview with me, Drex DeFord. Here at This Week Health, we believe every healthcare leader needs a community to lean on and learn from. Build your network at [00:08:00] thisweekhealth.com/subscribe, and share all of this with a colleague. Thanks for being here. I'll see you around campus

Found this useful? Share it with your network