Fireside Chat with Dr. Vinita Chauhan-Ramprasath

Dr. Vinita Chauhan

1. Tell us something about your childhood. What values had been instilled in you that helped you excel later in your life?

I think we all have our modest beginnings; I have certainly had mine. Growing up, we were comfortable but never outrageously wealthy. My parents were extremely hard workers and that is something they both instilled in me and my sister. We had everything we needed, but there weren’t a lot of luxuries and we didn’t miss them. Another thing our parents were very unequivocally insistent about was a good education. My father lost his father at a young age and then proceeded to educate himself and ended up getting his doctorate with a scholarship. My mother came from a family that put education above all else. Hard work and the value of education are two things that were instilled in us early in our lives.

2. What have been some of the biggest challenges in your life and how that has shaped you?

When I moved to the US, I lived on my own for the first time and so many things were new and different. Every immigrant has gone through that phase but for me that was especially hard because I was so sheltered before that. Getting a hang of the education system that was so different was also a task. After working in academic research for a while, there was a point when I realized didn’t want to be in academia. I had enrolled in an MBA program that I really enjoyed. When I went back from my maternity leave, I wasn’t willing to give up on my research position yet. There was one semester when my son was still an infant, I was taking 5 classes, working 30 hours a week in my lab, and teaching 2 online courses. It was a result of pure planning, and a lot of support from my husband; my days planned to the minute. It was a very trying time but was extremely rewarding.

3. How did you discover your passion for STEM?

I always enjoyed Biology. I found it fascinating and I was also fortunate enough to have some great Biology teachers. One of my teachers ended up mentoring me and helped me explore various opportunities. That was a big turning point for me. She tried to nurture my interests and talked to me about my options going forward. Studies have shown that school-going girls, lose interest in STEM at an early age, more so than boys, if not nurtured and supported appropriately. Girls take it harder when they make mistakes, and we need to show them to learn from it and continue moving forward.

4. What were the biggest leadership shifts in the past year?

We have all been trying to do our best juggling work and our family’s health. And we’re all in this together. There have been times my sons walked into the room while I was in meetings and no one batted an eyelid. Leaders understand that we are all managing things at home too and allow us the flexibility to do so. People step up to the challenge they are presented if we give them an opportunity to do so and the pandemic has clearly tested all of us.

5. Could you tell us something about how to manage remote teams?

I personally like to have video calls with my team members and know what is happening in their lives even outside of work. Our physical and mental health and well-being makes everything else possible, being mindful of that is important. It is also important to empower our teams to feel confident enough to come up with the best solutions. It is very fulfilling for me to see my team members come up with better ways of doing things and prove me wrong. A manager’s number one priority is to ensure that everyone is working to the best of their ability.

6. How important do you think is Diversity and Inclusion for corporates?

We are resistant to change but change is the only constant. Look at what the last year has taught us. Diversity, inclusion, and equity are considered buzzwords in corporate world, but they are important in every facet of life. There is a story about 4 people looking at a box as a problem but from different angles. So, it is a different problem for each of them, that results in different solution. Being inclusive fosters creativity and innovation.

Valuing our employees empowers them to be better performers. I have been fortunate to have leaders, both male and female, who have shown faith in me. I am particularly proud of working with Premier. Our leaders ensure that everyone is given a seat at the table and is heard and that makes everyone, in turn, want to do a better job.  

7. How would you describe an ideal technology partner?

The number one thing would be for them to understand our business. They must have the capability and resources to fulfill our business needs. Another important thing is clear communication. However, one thing that the pandemic reinforced was that the highest priority should be the ability to transform. Even if we don’t have an immediate need, we must have the capability to learn and adapt.

8. As someone from the healthcare industry, what message would you like to give to our readers especially about vaccination?

India is at a stage right now where US was sometime ago. We’ve had over a year to prepare for this and yet we aren’t adequately organized. On top of it, there is a debate about the vaccines raging on. The technology that these vaccines are based on has been widely researched. I would request people not to be skeptical of them. It will not make you immune from the infection, but it will ensure that you don’t die from COVID. Complications from COVID can have severe, adverse, long-term effects.

Please wear your masks, social distance if you step out of your homes and make the right decision for yourself and your families and get the vaccine when you are eligible.

About Dr. Chauhan –

Vinita Chauhan-Ramprasath was born and raised in India and spent most of her childhood in Mumbai. She graduated with her B.Sc. in Chemistry and Biochemistry from Mumbai and then received her M.Sc. in Biochemistry. Vinita moved to the United States in August 2000 and received her Doctorate in Diagnostic Medicine and Pathobiology. She got married in 2006 and moved to Charlotte where she worked as a research faculty at University of North Carolina at Charlotte before getting her MBA and joining Premier Inc. Currently Vinita works as a Director of ITS Operations where she manages the GAVS-Premier partnership as well as a part of the integration management office within Premier. Vinita lives in Charlotte, NC with her husband Ram and her two sons Neel and Nikhil and their dog Dakota.

Reimagining ITSM Metrics

Rama Periasamy

Rama Vani Periasamy

In an IT Organization, what is measured as success.? Predominantly it inclines towards the Key Performance Indicators, internally focused metrics, SLAs and other numbers. Why don’t we shift our performance reporting towards ‘value’ delivered to our customers along with the contractually agreed service levels? Because the success of any IT operation comes from defining what it can do to deliver value and publishing what value has been delivered, is the best way to celebrate that success.

It’s been a concern that people in service management overlook value as trivial and they often don’t deliver any real information about the work they do . In other words, the value they have created goes unreported and the focus lies only on the SLA driven metrics & contractual obligations. It could be because they are more comfortable with the conventional way of demonstrating the SLA targets achieved. And this eventually prevents a business partner from playing a more strategic role.

“Watermelon reporting” is a phrase used in reporting a service provider’s performance. The SLA reports depict that the service provider has adhered to the agreed service levels and met all contractual service level targets. It looks ’green’ on the outside, just like a watermelon. However, the level of service perceived by the service consumer does not reflect the ’green’ status reported (it might actually be ’red’, like the inside of a watermelon). And the service provider continues to report on metrics that do not address the pain points.  

This misses the whole point about understanding what success really means to a consumer. We tend to overlook valuable data and the one that shows how an organization as a service provider is delivering value and helping the customer achieve his/her business goals.

The challenge here is that often consumers have underdeveloped, ambiguous and conflicting ideas about what they want and need. It is therefore imperative to discover the users’ unarticulated needs and translate them into requirements.

For a service provider, a meaningful way of reporting success would be focused on outcomes rather than outputs which is very much in tandem with ITIL4. Now this creates a demand for better reporting, analysis of delivery, performance, customer success and value created.

Consider a health care provider, the reduced time spent in retrieving a patient history during a surgery can be a key business metric and the number of incidents created, number of successful changes may be secondary. As a service provider, understanding how their services support such business metrics would add meaning to the service delivered and enable value co-creation.

It is vital that a strong communication avenue is established between the customer and the service provider teams to understand the context of the customer’s business. To a large extent, this helps the service provider teams to prioritize what they do based on what is critical to the success of the customer/service consumer. More importantly, this enables the provider become a true partner to their customers.

Taking service desk as an example, the service desk engineers fixes a printer or a laptop, resets passwords. These activities may not provide business value, but it helps to mitigate any loss or disruption to a service consumer’s business activities. The other principal part of service desk activity is to respond to service requests. This is very much an area where business value delivered to customers can be measured using ITSM.

Easier said, but how and what business value is to be reported? Here are some examples that are good enough to get started.

1. Productivity
Assuming that every time a laptop problem is fixed with the SLA, it allows the customer to get back to work and be productive. Value can be measured here by the cost reduction – considering the employee cost per hour and the time spent by the IT team to fix the laptop.

How long does it take for the service provider to provide what a new employee needs to be productive? This measure of how long it takes to get people set up with the required resources and whether this lead-time matches the level of agility the business requires equates to business value. 

2. Continual Service Improvement (CSI)

Measuring value becomes meaningless when there is no CSI. So, measuring the cost of fixing an incident plus the loss of productivity and identifying and providing solutions on what needs to be done to reduce those costs or avoid incidents is where CSI comes into play.

Here are some key takeaways:

  • Make reporting meaningful by demonstrating the value delivered and co-created, uplifting your operations to a more strategic level.
  • Speak to your customers to capture their requirements in terms of value and enable value co-creation as partners.
  • Your report may wind up in the trash, not because you have reported wrong metrics, but it may just be reporting of data that is of little importance to your audience.   

Reporting value may seem challenging, and it really is. But that’s not the real problem. Keep reporting your SLA and metrics but add more insights to it. Keep an eye on your outcomes and prevent your IT service operations from turning into a watermelon!

References –

About the Author –

Rama is a part of the Quality Assurance group, passionate about ITSM. She loves reading and traveling.
To break the monotony of life and to share her interest in books and travel, she blogs and curates at www. kindleandkompass.com

API Security

Logaiswar S

“An unsecured API is literally an ‘all you can eat buffet’ for hackers.”

What is API security?

API security is the protection of network-exposed APIs that an organization, both owns and uses. APIs are becoming the preferred method to develop new-age applications. They are one of most common ways to interact between microservices and containers like systems and apps. API are developed using REST or SOAP methods. However, the true strength of API security depends on how there are implemented.

Master Data Management Software Tools

REST API Security Vs SOAP API Security

REST APIs use HTTP and Support Transport Layer Security Encryption (TLS). It is a standard that makes the connection private and checks whether the data transferred between the two systems (client and server) is encrypted. REST API is faster than SOAP because of the statelessness of nature. REST API doesn’t need to store or repackage data.

SOAP APIs use built protocols known as Web services. These protocols are defined using a rule set that is guided by confidentiality and authentication. SOAP API has not been around for as long as REST API. SOAP API is more secure than REST API as it uses Web security for transmission long with SSL.

Why is API security important?

Organizations use API to connect services and transferred data. The major data breaches through API are broken, exposed, or hacked APIs. The way API security is used depends on what kind of data is transferred.

Security testing of APIs is currently a challenge for 35% of organizations, that need better capabilities than what current DAST and SAST technologies offer to automatically discover APIs and conduct testing. Organizations are moving from monolithic web applications to modern applications such as those that make heavy use of client-side JavaScript or ones that utilize microservices architecture.

How API Security works?

API security depends on authentication and authorization. Authentication is the first step; it is used to verify that the client application has the required permission to use API. Authorization is the subsequent step that determines what data and action an authentication application can access while interacting with API.

APIs should be developed with protective features to reduce the system’s vulnerability to malicious attacks during API calls.

The developer is responsible for ensuring the developed API successfully validates all the input collected from the user during API calls. The prepared statements with blind variables are one of the most effective ways to prevent API from SQL injection. XSS can be easily handled by cleaning the user input from the API call. Cleaning the inputs helps to ensure that potential XSS vulnerabilities are minimized.   

Best Practice for Secure API

Some basic security practice and well-established security control if the APIs are shared publicly are as follows:

  • Prioritize security: Potential loss for the organization happens using unsecured APIs, so make security a priority and build the API securely as they are being developed.
  • Encrypt traffic using TLS: Some organizations may choose not to encrypt API payload data that is considered to be non-sensitive, but for organizations whose API exchange sensitive data, TLS encryption should be essential.
  • Validate input: Never pass input from an API through to the endpoint without validating it first.
  • Use a WAP: Ensure that it can understand API payloads.
  • Use token: Establish trusted identities and then control access to services and resources by using tokens.
  • Use an API gateway: API gateways act as the major point of enforcement for API traffic. A good gateway will allow you to authenticate traffic as well as control and analyze how your APIs are used.

Modern API Data breach

USPS Cooperate Database Exposure

The weakness allowed an attacker to query the USPS website and scrape a database of over 60 million cooperate users, email addresses, phone numbers, account numbers, etc.

Exploitation

The issue was authentication-related which allowed unauthorized access to an API service called ‘informed visibility’, which was designed to deliver real-time tracking data for large-scale shipping operations.

This tracking system was tied into web API in a way that users could change the search parameters and view and even in some cases modify the information of other users. Since there wasn’t a robust anti-scraping system in place, this mass exposure was compounded by the automated and unfettered access available.

Lessons Learned

Providers giving extreme power to a specific service or function without securing every permutation of its interaction flow can lead to such exploits. To mitigate API-related risks, coding should be done with the assumption that the APIs might be abused by both internal and external forces.

References:

  1. https://www.redhat.com/en/topics/security/api-security
  2. https://searchapparchitecture.techtarget.com/definition/API-security
  3. https://nordicapis.com/5-major-modern-api-data-breaches-and-what-we-can-learn-from-them/

About the Author –

Logaiswar is a security enthusiast with core interest in Application & cloud security. He is part of the SOC DevSecOps vertical at GAVS supporting critical customer engagements.

Moving Ahead as Managers

Bindu

Bindu Vijayan

When I was recently asked to drive employee experience at GAVS, I thought, what an opportunity to support a group who are deliverers of high-value systems! I have personally seen the Leadership’s wisdom and the passion to drive GAVS forward as a meaningful and purposeful company. This is an opportunity to help deliver fine-tuned responses through earnest feedback.  And thus, started a somewhat ministerial role – listening truly, relating to what is being heard, because we believe there is a huge potential to strengthen bonds.

Operational execution takes place from the Managers, and here at GAVS, the value system is entrenched in the belief that seniors serve the needs of others; the inverse pyramid.  I have seen our CEO, Sumit Ganguli, treating everyone like a Leader, and everyone is given the responsibility to know and understand the company and the business. The earnest attempt is to have employees relate to GAVS, be the best brand ambassadors for the values and culture we stand for. 

Often times, we as Managers are going through the stress from genuinely caring to get everything right and move projects and teams forward along with the company, but it might be a totally different story with the teams we are managing – things aren’t going too well, and even before we realize what is going on, people leave us.

This points us to a need to recalibrate ourselves and our managerial style, and sometimes our self-calibration can have profound implications for the organization.

Was it a single event that had team members leave? It most times isn’t, it is a collection of problems…no quick fixes or silver bullets, but let’s take the medicine, the whole course, that would turn things around. We have all been on both sides and know what it is to open up and give honest feedback, the genuine hope and excitement about change, and as Managers today, we are happy to actually have individuals open up.   

Who am I as a Manager?

Ed Catmull, President, and co-founder of Pixar writes, “We acknowledge we will always have problems, many of them hidden from our view; that we work hard to uncover these problems, even if doing so means making ourselves uncomfortable

As a Manager, let me take a real hard look at myself in the mirror to see what I might be doing wrong.  Why are my team members quitting? How do I lead? Is it through ‘Power’, as in our real inner power to lead with positivity and assertiveness, or is my leadership about ‘force’, where my authority, screaming, bullying, manipulating, sycophancy that drives my team along with me?

Making time for everyone

Let us make time to meet every single person in our team even when we are managing large teams. Scheduling that one crucial hour with each team member is giving them the opportunity to be a reviewer, exchange seats with them, and see it through their eyes.  Keep the agenda for the meeting to speak only about how we can improve managing them, all defenses down.

Demonstrate we see them as our peers, listen…

Listen to everything they have to say, without interrupting. Be a true listener, and promises are to be made and to be kept. The worst thing for us to do is to have that ‘excellent chat’ and go back to the ‘same old’.

Get straight forward feedback from the team and give them immunity for saying it the way it is

Sometimes we need to hear the little harsh truths about ourselves. And the team doesn’t want to see us defensive about our ways of impacting them wrong. We have to hear them out, and everything they want to say, and that’s the first step for them to choose to stay. People should feel safe to talk about things they want as improvements, and to be heard on what is working vs things that are not working.

Don’t wait on actions

Unless commitment is made, there are only promises and hopes, but no plans” – Peter Drucker

I don’t mean there is a magic wand that we can use for everything to turn good overnight. But continuous improvements, by way of small consistent steps, should be visible, and getting everyone involved in it would be a great way to get it right. Everybody wants to see progress.

Here are some toxic traits that call for recalibration;

  • Highly irritable, short-tempered
  • Arrogant, unapproachable
  • Getting defensive about constructive criticism
  • Overtly dominant
  • Belittling other people’s feelings
  • Highly controlling
  • Manipulative

Today, it is interesting to see lots of new-age companies where there are zero hierarchies, employees and leaders are like family. The millennials and the Gen Z are comfortable being who they really are, and we Managers from different demographics must simply jump in and learn from their signature authenticity.

About the Author –

Bindu Vijayan takes care of Employee Experience at GAVS, she works towards creating an environment that’s conducive to passion and make employees feel valued as individuals. She is an avid reader, enjoys music and poetry, and is a devoted mother and a grand-mother. An ardent Kafka fan, she relates to his famous quote, “Don’t bend; don’t water it down; don’t try to make it logical; don’t edit your own soul according to the fashion. Rather, follow your most intense obsessions mercilessly.”

Healthcare Transformation Using Cognitive Services

Srinivasan Sundararajan

Democratization of AI in Healthcare

Organizations are becoming increasingly digital and Artificial Intelligence is being deployed in many of them. Often small tech-savvy start-ups and large firms with huge funds, like those in technology and finance businesses, are deploying sophisticated forms of AI.

But several other companies are being left behind. They may not know how or where to deploy AI, or they may not have the resources to create their own AI. Cloud technologies are filling this gap. With options from Google, AWS, Microsoft, and plenty of other vendors, companies can begin exploring how AI can help them. The more that AI becomes accessible, the more companies – and users – can leverage it for their benefit. 

Healthcare is often cited as an area that AI can help immensely. The democratization of AI in healthcare, which is being driven by cloud technologies, is leading to greater access and more predictive work in patient monitoring and smarter reactive responses to health issues. 

ML and AI have traditionally been perceived as the domain of experts and specialists with PhDs. While democratization of AI is viewed differently by different organizations, a common theme has been to make AI adoption simpler.

The following are a few democratized AI services available as part of cloud providers (most of the examples are from Microsoft Eco System as a reference, however other providers also have similar services).

Handwriting Recognition

ai-led operations consulting firm in healthcare

With Windows Ink, you can provide your doctors with the digital equivalent of almost any pen-and-paper experience imaginable, from quick, handwritten notes and annotations to whiteboard demos.

The Windows Ink platform, together with a pen device, helps create digital handwritten notes, drawings, and annotations. The platform supports capturing digitizer input as ink data, generating ink data, managing ink data, rendering ink data as ink strokes on the output device, and converting ink to text through handwriting recognition.

There are equivalent options in other platforms like iOS and Android which can be used for making similar applications for doctors.

Optical Character Recognition

ai-led operations management services in healthcare

Azure’s latest OCR technology Computer Vision Read API extracts printed text (in several languages), handwritten text (English only), digits, and currency symbols from images and multi-page PDF documents. It can extract text from text-heavy images and multi-page PDF documents with mixed languages and detect both printed and handwritten text in the same image or document.

Most hospitals have to deal with lot of documents, especially when it involves external parties like insurance companies. Healthcare organizations can increase productivity and cut down on costs by investing in OCR for managing medical documents.

Emotion APIs

The Azure Face service provides AI algorithms that can detect, recognize, and analyze human faces in images. Facial recognition software has varied applications like in security, natural user interface, image content analysis and management, mobile apps, and others.

Using this API, we can detect perceived facial expressions such as anger, contempt, disgust, fear, happiness, neutral, sadness, and more. It is important to note that facial expressions alone do not represent the internal states of people.

Speech Translation

ai-led product engineering services in healthcare

The number of people in the U.S. who speak a language other than English is large and growing. Language barriers have been found to impede access to care, compromise quality, and increase the risk of adverse outcomes. When friends and family interpret, they are prone to omit, add, and substitute information.

The Azure Speech Translation API can translate incoming speech into more than 60 languages. This API enables real-time, multi-language speech-to-speech and speech-to-text translation of audio streams. With the Speech SDK, your applications, tools, and devices have access to source transcriptions and translation outputs for provided audio. Interim transcription and translation results are returned as speech is detected, and results can be converted into synthesized speech.

Health BOTs

AI for Health Cloud Enablement Services

  • Providers have built health bot instances that triage patient issues with a symptom checker, help patients find appropriate care, and look up nearby doctors.
  • Insurers have built health bot instances that give their customers an easy way to look up the status of a claim and ask questions about benefits and services.

Azure Health Bot empowers developers in healthcare organizations to build and deploy AI-powered, compliant, conversational healthcare experiences at scale. Combining a built-in medical database with natural language capabilities to understand clinical terminology, it can be easily customized for various clinical use cases. The service ensures alignment with industry compliance requirements and is privacy protected to HIPAA standards.

Conversational intelligence also adapts dynamically as the health bot instance learns from previous interactions.

Text Analytics for Health

The healthcare industry is overwhelmed with data. They face an incredible challenge in trying to identify and draw insights from all that information. Unlocking insights from this data has massive potential for improving healthcare services and patient outcomes.

The Key Phrase Extraction API evaluates unstructured text, and for each JSON document, returns a list of key phrases.

AI/ML Led Solutions for Life Sciences

The Text Analytics API lets you take unstructured text and returns a list of disambiguated entities, with links to more information on the web. The API supports both Named Entity Recognition (NER) for several entity categories and entity linking.

Text Analytics for health performs NER, relation extraction, entity negation, and entity linking on English-language text to uncover insights in unstructured clinical and biomedical text.

Reinforcement Learning

AI Tools for Digital Transformation in Healthcare Industry

Medical diagnoses essentially involve mapping patients’ medical history, current symptoms, and other information to the correct disease profile. It can be an incredibly complex task representing an enormous burden (in both time and cognitive energy required) for busy clinicians.

Personalizer API uses reinforcement learning to select the single best action, known as reward action ID. Azure Personalizer is a cloud-based service that helps your applications choose the best content item to show your users.

Personalizer currently uses Vowpal Wabbit as the foundation for the machine learning. This framework allows for maximum throughput and lowest latency when making personalization ranks and training the model with all events.

Anomaly Detection

digital transformation in healthcare it consulting

Anomaly detection in medical treatment can be used to discover deviations from regular patterns and determine whether the patient management is unusual. Detecting an anomaly from medical images including mammograms, CT, or PET images is still an ongoing research problem drawing a lot of attention with applications in medical diagnosis.

The Anomaly Detector API enables you to monitor and detect abnormalities in your time series data without having to know machine learning. Using your time-series data, the API determines boundaries for anomaly detection, expected values, and which data points are anomalies.

Detect anomalies in your streaming data by using previously seen data points to determine if your latest one is an anomaly. This operation generates a model using the data points you send and determines if the target point is an anomaly.

Conclusion

Healthcare transformation requires a great amount of AI integration and implementation.

However, most healthcare organizations don’t have enough resources and bandwidth to work on AI development and deployment. Also, AI Involvement by its very nature is iterative and more concentration is required on involving the stakeholders and arriving at a consensus. Remember, the success of AI depends on the richness of data which is the main responsibility of healthcare organizations, while implementation of AI can be taken care of by these cognitive services.

About the Author –

Srini is the Technology Advisor for GAVS. He is currently focused on Healthcare Data Management Solutions for the post-pandemic Healthcare era, using the combination of Multi-Modal databases, Blockchain, and Data Mining. The solutions aim at Patient data sharing within Hospitals as well as across Hospitals (Healthcare Interoprability), while bringing more trust and transparency into the healthcare process using patient consent management, credentialing and zero-knowledge proofs.