Month: November 2020

The DNA of a Good Leader (PART I)

Posted on by Subhadeep Datta

Rajeswari S

In our lives, we would have come across some people with great leadership qualities. They may not be leading a team, or an organization, but they exude an aura. They conduct themselves in a manner that sets them apart from the rest. As the debate rages on whether leaders are born, made, discovered, innovated, invented!? Let’s see what makes a person a true and admirable leader.

Generally, a good leader should be successful, progressive, and positive, must possess good personality traits, communication and delegation skills, charisma, agility, adaptability, and ability to transform the air around them by effecting positive changes.

Some people are able to bring out the best in others and that is the edge they have over others. So, let’s look beyond and list out those qualities that makes a person or YOU a quintessential leader.

  1. Be passionate: Obviously, you would think it is the dedication, commitment for one’s work to up the number of clients, revenue figures, etc. However, it is not just about that. The passion that you have which affects not only your attitude and energy but that of those around you. Your passion should spread like a wildfire and inspire action and positive change among others.

  1. Face obstacles with grace: If any leader knows exactly what a customer or market truly wants from the business, they would be hailed as no less than a God! But alas, life is always full of obstacles, and a true leader knows which battles to fight and how. Effective leaders approach roadblocks with a high level of positivity and maturity. They adopt creative problem-solving techniques that allows them to overcome situations that others might give up on.
  1. Allow honest mistakes, spot talents: An over-protected child learns nothing and cannot sail against the tides. A good leader allows their people to just GO FOR IT! Failure often provides us with some of life’s biggest learning opportunities. As uncertainty and risk are inherent to running a team or business. Some people do commendable jobs under high pressure situations. A good leader spots such resources in their team and makes the best use of their qualities.
  1. Be street smart: It’s hard to find a substitute for old-fashioned street smarts. Knowing how to trust your gut, quickly analyzing situations as well as the people you’re dealing with and knowing how-to spot a bad deal or scammer is an important aspect of leadership. Maturity and experience complement each other, and a perfect combination of this makes a great leader.
  1. Be intuitive and take ownership: Intuition is to art as logic is to math. Leadership is often about following your gut instinct. It can be difficult to let go of logic in some situations but learn to trust yourself. Having said that, if your instinct fails, leadership is also about taking ownership for what happened, learning lessons from it and NEVER TO REPEAT THE SAME MISTAKE.
  1. Understand opportunity cost: Leaders know that many situations and decisions in business involve risk and there is an opportunity cost associated with every decision you make. An opportunity cost is the cost of a missed opportunity. This is usually defined in terms of money, but it may also be considered in terms of time, man-hours, or any other finite resource. Great leaders understand the consequences of their decisions before making them.
  1. Be liked: You can respect a person who talks flamboyantly, has a brilliant mind, impeccable manners, and business skills, but do you LIKE them? A leader should not only be respected but they should also be liked. Liking a person is a not a quantifiable quality, is it? But, it can be achieved in the way a leader captains the team, spreads a positive feeling among them and make the group feel that they belong there.
  1. Laugh: Yes…you read it right. The proven routes to a person’s mind or heart is a healthy sense of humor. It works well in getting the best out of your team. Nobody likes a templated talk or expression, even if it is good news you are trying to convey. Also, effective leaders can laugh at themselves as they understand that they are also humans and can make mistakes like everyone else. Leaders who take themselves too seriously risk alienating people.

Unique brands of Leadership

A quick look at some successful CEOs, new-age entrepreneurs, and their unique leadership mantras:

  1. Satya Nadella, CEO, Microsoft

Leadership mantra: 

  • An avid reader
  • Looks beyond the Horizon
  • Makes the right move at the right time
  • Makes every second count
  • Nurture strong company culture 
  1. Nitin Saluja and Raghav Verma, Founder, Chaayos, fastest growing tea startup of India,

Leadership mantra: Give people wings to fly and they will carve out their own journey.

  1. Mukesh Ambani, Chairman & Managing director, Reliance Industries Ltd

Leadership mantra:

  • Money is not everything but important
  • Have a dream and plan to fulfill it
  • Let your work speak for itself  
  • Trust your instincts
  • Trust all, but depend on none

References:

  • https://briandownard.com,
  • https://economictimes.indiatimes.com

About the Author –

Working in IP, into Content Development with 13 years of Technical, Content and Creative Writing background. Off-work, passionate about singing, music, creative writing; love highway drive, a movie buff.

Patient 360 & Journey Mapping using Graph Technology

Posted on by Subhadeep Datta

Srinivasan Sundararajan

360 Degree View of Patient

With rising demands for quality and cost-effective patient care, healthcare providers are focusing on data-driven diagnostics while continuing to utilize their hard-earned human intelligence. In other words, data-driven healthcare is augmenting human intelligence.

360 Degree View of Patient, as it is called, plays a major role in delivering the required information to the providers. It is a unified view of all the available information about a patient. It could include but is not limited to the following information:

  • Appointments made by the patients
  • Interaction with different doctors
  • Medications prescribed by the doctors
  • Patient’s relationship to other patients within the eco-systems specially to identify the family history related risks
  • Patient’s admission to hospitals or other healthcare facilities
  • Discharge and ongoing care
  • Patient personal wellness activities
  • Patient billing and insurance information
  • Linkages to the same patient in multiple disparate databases within the same hospital
  • Information about a patient’s involvement in various seminars, medical-related conferences, and other events

Limitations of Current Methods

As evident in most hospitals, these information are usually scattered across multiple data sources/databases. Hospitals typically create a data warehouse by consolidating information from multiple resources and try to create a unified database. However, this approach is done using relational databases and the relational databases rely on joining tables across entities to arrive at a complete picture. The RDBMS is not meant to handle relationships which extend to multiple hops and require drilling down to many levels.

Role of Graph Technology & Graph Databases

A graph database is a collection of nodes (or entities typically) and edges (or relationships). A node represents an entity (for example, a person or an organization) and an edge represents a relationship between the two nodes that it connects (for example, friends). Both nodes and edges may have properties associated with them.

While there are multiple graph databases in the market today like, Neo4J, JanusGraph, TigerGraph, the following technical discussions pertain to graph database that is part of SQL server 2019. The main advantage of this approach is that it helps utilize the best RDBMS features wherever applicable, while keeping the graph database options for complex relationships like 360 degree view of patients, making it a true polyglot persistence architecture.

As mentioned above, in SQL Server 2019 a graph database is a collection of node tables and edge tables. A node table represents an entity in a graph schema. An edge table represents a relationship in a graph. Edges are always directed and connect two nodes. An edge table enables users to model many-to-many relationships in the graph. Normal SQL Insert statements are used to create records into both node and edge tables.

While the node tables and edge tables represent the storage of graph data there are some specialized commands which act as extension of SQL and help with traversing between the nodes to get the full details like patient 360 degree data.

MATCH statement

MATCH statement links two node tables through a link table, such that complex relationships can be retrieved. An example,

Data Center Migration Planning Tools

SHORTEST_PATH statement

It finds the relationship path between two node tables by performing multiple hops recursively. It is one of the useful statements to find the 360 degree of a patient.

There are more options and statements as part of graph processing. Together it will help identify complex relationships across business entities and retrieve them.

GRAPH processing In Rhodium  

As mentioned in my earlier articles (Healthcare Data Sharing & Zero Knowledge Proofs in Healthcare Data Sharing), GAVS Rhodium framework enables Patient and Data Management and Patient Data Sharing and graph databases play a major part in providing patient 360 as well as for provider (doctor) credentialing data. The below screen shots show the samples from reference implementation.

Desktop-as-a-Service (DaaS) Solution

Patient Journey Mapping

Typically, a patient’s interaction with the healthcare service provider goes through a cycle of events. The goal of the provider organization is to make this journey smooth and provide the best care to the patients. It should be noted that not all patients go through this journey in a sequential manner, some may start the journey at a particular point and may skip some intermediate journey points. Proper data collection of events behind patient journey mapping will also help with the future prediction of events which will ultimately help with patient care.

Patient 360 data collection plays a major role in building the patient journey mapping. While there could be multiple definitions, the following is one of the examples of mapping between patient 360-degree events and patient journey mapping.

Digital Transformation Services and Solutions

The below diagram shows an example of a patient journey mapping information.

Enterprise IT Support Services USA

Understanding patients better is essential for improving patient outcomes. 360 degree of patients and patient journey mapping are key components for providing such insights. While traditional technologies lack the need of providing those links, graph databases and graph processing will play a major role in patient data management.

About the Author –

Srini is the Technology Advisor for GAVS. He is currently focused on Data Management Solutions for new-age enterprises using the combination of Multi Modal databases, Blockchain and Data Mining. The solutions aim at data sharing within enterprises as well as with external stakeholders.

IAST: A New Approach to Finding Security Vulnerabilities

Posted on by Subhadeep Datta

Roberto Velasco
CEO, Hdiv Security

One of the most prevalent misconceptions about cybersecurity, especially in the mainstream media and also among our clients, is that to conduct a successful attack against an IT system it is necessary to ‘investigate’ and find a new defect in the target’s system.

However, for most security incidents involving internet applications, it is enough to simply exploit existing and known programming errors.

For instance, the dramatic Equifax breach could have been prevented by following basic software security best-practices, such as patching the system to prevent known vulnerabilities. That was, in fact, one of the main takeaways from the forensic investigation led by the US federal government.

One of the most important ways to reduce security risks is to ensure that all known programming errors are corrected before the system is exposed to internet traffic. Research bodies such as the US NIST found that correcting security bugs early on is orders of magnitude cheaper than doing so when the development has been completed.

When composing a text in a text editor, the spelling and grammar corrector highlights the mistakes in the text. Similarly, there are security tools known as AST (Application Security Testing) that find programming errors that introduce security weaknesses. ASTs report the file and line where the vulnerability is located, in the same way, that a text editor reports the page and the line that contains a typo.

In other words, these tools allow developers to build software that is largely free of security-related programming errors, resulting in more secure applications.

Just like it is almost impossible to catch all errors in a long piece of text, most software contains many serious security vulnerabilities. The fact that some teams do not use any automated help at all, makes these security weaknesses all the most prevalent and easy to exploit.

Let’s take a look at the different types of security issue detection tools also known as ASTs, or vulnerability assessment tools, available in the market.

The Traditional Approach

Two mature technologies capture most of the market: static code analysis (SAST) and web scanners (dynamic analysis or DAST). Each of these two families of tools is focused on a different execution environment.

The SAST static analysis, also known as white-box analysis because the tool has access to the source code of the application, scans the source code looking for known patterns that indicate insecure programming that could lead to a vulnerability.

The DAST dynamic analysis replicates the view of an attacker. At this point, the tool executes hundreds or thousands of queries against the application designed to replicate the activity of an attacker to find security vulnerabilities. This is a black-box analysis because the point of view is purely external, with no knowledge of the application’s internal architecture.

The level of detail provided by the two types of tools is different. SAST tools provide file and line where the vulnerability is located, but no URL, while DAST tools provide the external URL, but no details on the location of the problem within the code base of the application. Some teams use both tools to improve visibility, but this requires long and complex triaging to manage the vulnerabilities.

The Interactive AST Approach

The Interactive Application Security Testing (IAST) tools combine the static approach and the dynamic approach. They have access to the internal structure of the application, and to the way it behaves with actual traffic. This privileged point of view is ideal to conduct security analysis.

From an architecture point of view, the IAST tools become part of the infrastructure that hosts the web applications, because an IAST runs together with the application server. This approach is called instrumentation, and it is implemented by a component known as an agent. Other platforms such as Application Performance Monitoring tools (APMs) share this proven approach.

Once the agent has been installed, it incorporates automatic security sensors in the critical execution points of the application. These sensors monitor the dataflow between requests and responses, the external components that the application includes, and data operations such as database access. This broad-spectrum coverage is much better than the visibility that SAST and DAST rely on.

In terms of specific results, we can look at two important metrics – how many types of vulnerabilities the tool finds, and how many of the identified vulnerabilities are false positives. Well, the best DAST is able to find only 18% of the existing vulnerabilities on a test application. And even worse, around 50% of the vulnerabilities reported by the best SAST static analysis tool are not true problems!

IT Automation with AI

Source: Hdiv Security via OWASP Benchmark public result data

The IAST approach provides these tangible benefits:

  1. Complete coverage, because the entire application is reviewed, both the custom code and the external code, such as open-source components and legacy dependencies.
  2. Flexibility, because it can be used in all environments; development, quality assurance (QA), and production.
  3. High accuracy, because the combination of static and dynamic point of views allow us to find more vulnerabilities with no false positives.
  4. Complete vulnerability information, including the static aspects (source code details) and dynamic aspects (execution details).
  5. Reduction of the duration of the security verification phase, so that the time-to-market of the secure applications is shorter.
  6. Compatible with agile development methodologies, such as DevSecOps, because it can be easily automated, and reduces the manual verification activities

IAST tool can add tons of value to the security tooling of any organization concerned with the security of the software.

In the same way that everyone uses an automated spell checker to find typos in a document, we believe that any team would benefit from an automated validation of the security of an application.

However, the AST does not represent a security utopia, since they can only detect security problems that follow a common pattern.

About the Author –

Roberto Velasco is the CEO of Hdiv Security. He has been involved with the IT and security industry for the past 16 years and is experienced in software development, software architecture and application security across different sectors such as banking, government and energy. Prior to founding Hdiv Security, Roberto worked for 8 years as a software architect and co-founded ARIMA, a company specialized in software architecture. He regularly speaks at Software Architecture and cybersecurity conferences such as Spring I/O and APWG.eu.