We’ve been back from InterConnect for a while now and we
can’t stop talking about what a great conference it was! Hats off to the IBM
events team for smooth execution, interesting session topics and cool demos. We
are already looking forward to next year.
Information Insights was fortunate enough to participate in
a Guardium Healthcare panel alongside Scott Benaglio from BlueCross BlueShield
of Western New York (BCBS WNY) and Gary
Wright from Scripps Health. Entitled The Doctor is In: Data Protection for
Healthcare, the panel discussion covered different experiences implementing
and deploying Guardium within the healthcare industry. Below, we’ve recapped
the main ideas shared during the session plus some takeaways you can apply to
the tactical daily work of implementing Guardium.
Special thanks to our moderator Cindy
Compert from IBM for keeping us on track – that was no easy task!
The Doctor Is In: Guardium Healthcare Panel
IBM InterConnect 2017 | Main Ideas and Key Takeaways
IBM InterConnect 2017 | Main Ideas and Key Takeaways
There should be a legitimate security need for Guardium. We
often see Guardium purchased and deployed merely to check off a compliance box.
Unfortunately, the natural result in this scenario is an unhappy Guardium user,
a lack of wide adoption, a perceived low ROI, and an underutilization of
Guardium’s true database security insight. However, when there is an outlined
need and a plan in place prior to purchasing Guardium, organizations are much
more successful. Having an idea of your need or plan doesn’t mean you have to
go through end to end process planning before you implement or even purchase! However, having a solid business driver
behind your decision will not only help guide the direction of the
implementation, but will also provide you with a goal line to strive towards in
order to prove that Guardium is adding value to your organization. Having a
vision (however faint!) for how Guardium can help better secure your healthcare
system databases will allow you to structure your implementation toward that vision
and then expand as your use of Guardium matures.
Know your users and what value Guardium brings to their job role. As
Guardium advocates, we tend to over anticipate how interested administrators
may be when presented with new capabilities and data our solutions can provide.
After consistently seeing a lack of interest at the beginning of BCBS WNY’s
Guardium journey, Scott took a step back and found that really taking the time
to understand what different database administrators cared about helped him deploy
Guardium in a useful way. For Scott, now folks like Systems Architects are very
interested in using Guardium to help them make project decisions that aren’t
even security related!
Develop a phased maturity plan. It’s unrealistic to make a
quick transition from deployment to sending real time alerts with Guardium. By
developing a maturity plan, you can understand where your database protection
is today and what measures are needed to get where you want to be. This “grow-once-you-know”
approach helps educate users on what results Guardium can produce and gives
them time to feel comfortable with the reports they receive. BCBS WNY laid out
their maturity model in three phases: Reactionary, Proactive and Real Time.
Within these three phases, they listed out exactly how they planned to use
Guardium on a day-to-day basis and used each phase as a building block to get
to the next.
Understand what happens to data assets throughout the database system
and how that relates to relationships with the organization. Understanding these relationships is
essential to understanding how people interact with databases across the
organization, not just by person or department. Analyzing this data helps you
know if the correct security controls that are dictated by healthcare protocols
are in place and performing properly.
All the panel members are passionate about IBM’s Guardium
solution and we hope our experiences serve to help other IT teams plan a
thoughtful, deliberate Guardium deployment and implementation plan. Please let
us know if Information Insights team can do anything to help promote Guardium
in your environment.