Fireside Chat with Dr. Vinita Chauhan-Ramprasath

Dr. Vinita Chauhan

1. Tell us something about your childhood. What values had been instilled in you that helped you excel later in your life?

I think we all have our modest beginnings; I have certainly had mine. Growing up, we were comfortable but never outrageously wealthy. My parents were extremely hard workers and that is something they both instilled in me and my sister. We had everything we needed, but there weren’t a lot of luxuries and we didn’t miss them. Another thing our parents were very unequivocally insistent about was a good education. My father lost his father at a young age and then proceeded to educate himself and ended up getting his doctorate with a scholarship. My mother came from a family that put education above all else. Hard work and the value of education are two things that were instilled in us early in our lives.

2. What have been some of the biggest challenges in your life and how that has shaped you?

When I moved to the US, I lived on my own for the first time and so many things were new and different. Every immigrant has gone through that phase but for me that was especially hard because I was so sheltered before that. Getting a hang of the education system that was so different was also a task. After working in academic research for a while, there was a point when I realized didn’t want to be in academia. I had enrolled in an MBA program that I really enjoyed. When I went back from my maternity leave, I wasn’t willing to give up on my research position yet. There was one semester when my son was still an infant, I was taking 5 classes, working 30 hours a week in my lab, and teaching 2 online courses. It was a result of pure planning, and a lot of support from my husband; my days planned to the minute. It was a very trying time but was extremely rewarding.

3. How did you discover your passion for STEM?

I always enjoyed Biology. I found it fascinating and I was also fortunate enough to have some great Biology teachers. One of my teachers ended up mentoring me and helped me explore various opportunities. That was a big turning point for me. She tried to nurture my interests and talked to me about my options going forward. Studies have shown that school-going girls, lose interest in STEM at an early age, more so than boys, if not nurtured and supported appropriately. Girls take it harder when they make mistakes, and we need to show them to learn from it and continue moving forward.

4. What were the biggest leadership shifts in the past year?

We have all been trying to do our best juggling work and our family’s health. And we’re all in this together. There have been times my sons walked into the room while I was in meetings and no one batted an eyelid. Leaders understand that we are all managing things at home too and allow us the flexibility to do so. People step up to the challenge they are presented if we give them an opportunity to do so and the pandemic has clearly tested all of us.

5. Could you tell us something about how to manage remote teams?

I personally like to have video calls with my team members and know what is happening in their lives even outside of work. Our physical and mental health and well-being makes everything else possible, being mindful of that is important. It is also important to empower our teams to feel confident enough to come up with the best solutions. It is very fulfilling for me to see my team members come up with better ways of doing things and prove me wrong. A manager’s number one priority is to ensure that everyone is working to the best of their ability.

6. How important do you think is Diversity and Inclusion for corporates?

We are resistant to change but change is the only constant. Look at what the last year has taught us. Diversity, inclusion, and equity are considered buzzwords in corporate world, but they are important in every facet of life. There is a story about 4 people looking at a box as a problem but from different angles. So, it is a different problem for each of them, that results in different solution. Being inclusive fosters creativity and innovation.

Valuing our employees empowers them to be better performers. I have been fortunate to have leaders, both male and female, who have shown faith in me. I am particularly proud of working with Premier. Our leaders ensure that everyone is given a seat at the table and is heard and that makes everyone, in turn, want to do a better job.  

7. How would you describe an ideal technology partner?

The number one thing would be for them to understand our business. They must have the capability and resources to fulfill our business needs. Another important thing is clear communication. However, one thing that the pandemic reinforced was that the highest priority should be the ability to transform. Even if we don’t have an immediate need, we must have the capability to learn and adapt.

8. As someone from the healthcare industry, what message would you like to give to our readers especially about vaccination?

India is at a stage right now where US was sometime ago. We’ve had over a year to prepare for this and yet we aren’t adequately organized. On top of it, there is a debate about the vaccines raging on. The technology that these vaccines are based on has been widely researched. I would request people not to be skeptical of them. It will not make you immune from the infection, but it will ensure that you don’t die from COVID. Complications from COVID can have severe, adverse, long-term effects.

Please wear your masks, social distance if you step out of your homes and make the right decision for yourself and your families and get the vaccine when you are eligible.

About Dr. Chauhan –

Vinita Chauhan-Ramprasath was born and raised in India and spent most of her childhood in Mumbai. She graduated with her B.Sc. in Chemistry and Biochemistry from Mumbai and then received her M.Sc. in Biochemistry. Vinita moved to the United States in August 2000 and received her Doctorate in Diagnostic Medicine and Pathobiology. She got married in 2006 and moved to Charlotte where she worked as a research faculty at University of North Carolina at Charlotte before getting her MBA and joining Premier Inc. Currently Vinita works as a Director of ITS Operations where she manages the GAVS-Premier partnership as well as a part of the integration management office within Premier. Vinita lives in Charlotte, NC with her husband Ram and her two sons Neel and Nikhil and their dog Dakota.

API Security

Logaiswar S

“An unsecured API is literally an ‘all you can eat buffet’ for hackers.”

What is API security?

API security is the protection of network-exposed APIs that an organization, both owns and uses. APIs are becoming the preferred method to develop new-age applications. They are one of most common ways to interact between microservices and containers like systems and apps. API are developed using REST or SOAP methods. However, the true strength of API security depends on how there are implemented.

Master Data Management Software Tools

REST API Security Vs SOAP API Security

REST APIs use HTTP and Support Transport Layer Security Encryption (TLS). It is a standard that makes the connection private and checks whether the data transferred between the two systems (client and server) is encrypted. REST API is faster than SOAP because of the statelessness of nature. REST API doesn’t need to store or repackage data.

SOAP APIs use built protocols known as Web services. These protocols are defined using a rule set that is guided by confidentiality and authentication. SOAP API has not been around for as long as REST API. SOAP API is more secure than REST API as it uses Web security for transmission long with SSL.

Why is API security important?

Organizations use API to connect services and transferred data. The major data breaches through API are broken, exposed, or hacked APIs. The way API security is used depends on what kind of data is transferred.

Security testing of APIs is currently a challenge for 35% of organizations, that need better capabilities than what current DAST and SAST technologies offer to automatically discover APIs and conduct testing. Organizations are moving from monolithic web applications to modern applications such as those that make heavy use of client-side JavaScript or ones that utilize microservices architecture.

How API Security works?

API security depends on authentication and authorization. Authentication is the first step; it is used to verify that the client application has the required permission to use API. Authorization is the subsequent step that determines what data and action an authentication application can access while interacting with API.

APIs should be developed with protective features to reduce the system’s vulnerability to malicious attacks during API calls.

The developer is responsible for ensuring the developed API successfully validates all the input collected from the user during API calls. The prepared statements with blind variables are one of the most effective ways to prevent API from SQL injection. XSS can be easily handled by cleaning the user input from the API call. Cleaning the inputs helps to ensure that potential XSS vulnerabilities are minimized.   

Best Practice for Secure API

Some basic security practice and well-established security control if the APIs are shared publicly are as follows:

  • Prioritize security: Potential loss for the organization happens using unsecured APIs, so make security a priority and build the API securely as they are being developed.
  • Encrypt traffic using TLS: Some organizations may choose not to encrypt API payload data that is considered to be non-sensitive, but for organizations whose API exchange sensitive data, TLS encryption should be essential.
  • Validate input: Never pass input from an API through to the endpoint without validating it first.
  • Use a WAP: Ensure that it can understand API payloads.
  • Use token: Establish trusted identities and then control access to services and resources by using tokens.
  • Use an API gateway: API gateways act as the major point of enforcement for API traffic. A good gateway will allow you to authenticate traffic as well as control and analyze how your APIs are used.

Modern API Data breach

USPS Cooperate Database Exposure

The weakness allowed an attacker to query the USPS website and scrape a database of over 60 million cooperate users, email addresses, phone numbers, account numbers, etc.

Exploitation

The issue was authentication-related which allowed unauthorized access to an API service called ‘informed visibility’, which was designed to deliver real-time tracking data for large-scale shipping operations.

This tracking system was tied into web API in a way that users could change the search parameters and view and even in some cases modify the information of other users. Since there wasn’t a robust anti-scraping system in place, this mass exposure was compounded by the automated and unfettered access available.

Lessons Learned

Providers giving extreme power to a specific service or function without securing every permutation of its interaction flow can lead to such exploits. To mitigate API-related risks, coding should be done with the assumption that the APIs might be abused by both internal and external forces.

References:

  1. https://www.redhat.com/en/topics/security/api-security
  2. https://searchapparchitecture.techtarget.com/definition/API-security
  3. https://nordicapis.com/5-major-modern-api-data-breaches-and-what-we-can-learn-from-them/

About the Author –

Logaiswar is a security enthusiast with core interest in Application & cloud security. He is part of the SOC DevSecOps vertical at GAVS supporting critical customer engagements.

Challenges Enable Change and Success

Vijayalakshmi Rajesh

In this hyper-connected digital age, one may misconceive a ‘challenge’ to be a deadlock and associate it with negativity. To me a challenge always implies an opportunity. Opportunity to explore newer ways of reaching success. I strongly believe that without challenges life would be mundane. The rapid improvements and progress we see today were challenges overcome by someone.

To solve any problem, we need to accept its existence and understand its dynamics. Only then can we come up with solutions. When I started my career as a marketing professional, I was the only lady in my team and a fresher too. I had to overcome many challenges. I always had the attitude to keep fighting. At times, I had no support as I was the only one swimming against the tide. But I never gave up!

I salute my mother for raising me to never shy away from challenges. I would like to share my memories of the wonderful days I spent with her. My mother had a charming personality. I admired her patience. She was a multitasker. To me, no one could match her skills at embroidery and knitting. Her zeal and enthusiasm towards life inspire me even today. I remember during my school days, I often found her immersed in her handiwork, which she also taught many women who subsequently started their businesses. After school, I would look at the work she had done that day. While she was busy in the kitchen, I would hold the cloth in my hand and closely examine the artwork. While the front side was beautiful, the backside attracted me more because it would reveal the effort put in to create the masterpiece. For my wedding, my mother gifted me a beautifully embroidered handkerchief. I immediately flipped it to look at the techniques used to keep the backside neat. My mother said something beautiful then. She said, “I noticed how you always check the work behind before looking at the actual finished product on the front. This goes on to show that you are a person who will view challenges first and learn through them. Never give up your attitude to fight and your eye for detail.”

My mother’s values have led me onto a successful path in CSR. I get immense satisfaction whenever I complete projects. I remember a child, about 6 years old, from the school where I built a library. She came to me with a flower in her hand which she had picked on her way to school and told me, “Ma’am we are grateful for all these books. I am going to read all the books and become a doctor one day.” I could feel my mother patting me on my back and my eyes welling up because only I knew the challenges I had to face in delivering the project. But these little things mean a lot to me.

I have recently noticed an interesting paradigm, especially among the younger generation. Some are not only fighting their own problems, but they are also trying to resolve the problems faced by others.

To quote an example. I read about Jayalakshmi from Pudukottai, Tamil Nadu, India, in a leading daily. She was selected to visit NASA’s Kennedy Space Centre in the US after winning a competition. Through her plea for financial support, she secured excess funding. She then channelized the surplus funds to build public toilets in her village. She also convinced her fellow villagers who were hesitant about the idea to build toilets. To me, this is extraordinary because she has challenged the status quo and won the battle for many!

To everyone out there I would say – Challenges are just as difficult as we perceive them to be. We can overcome them if we view them as opportunities. Explore the world of endless possibilities with a fighting spirit. Today we have a vaccine for COVID, created in the shortest span of time by scientists. No vaccine has been readied from scratch in less than a year. The days of “It has always been done this way” are long gone!

About the Author –

Vijayalakshmi comes with 20 years of Marketing and Academic experience. She is the Founder and Managing Trustee at ZRII TRUST. ZRII was formed as a platform to deliver high-impact social projects through Corporate Social Responsibility (CSR) funds.

Her work includes raising awareness about modern-day issues that women and children face. She is actively involved in ensuring safer and improved workspaces for women. Some of her trophy programs are under women empowerment which includes a year-long training program for women of southern Tamil Nadu, a driver training program for women to drive app-based cabs, and placement of women in factories.

Vijayalakshmi is an ombudsperson at GAVS and guides GAVS in our endeavor to be a gender-balanced and respectful workplace.

Blockchain-based Platform for COVID-19 Vaccine Traceability

Srinivasan Sundararajan

Over the last few weeks, several pharma companies across world have announced vaccines for COVID. The respective governments are going through rigorous testing and approval processes to roll out vaccines soon.

The massive exercise of administering vaccines to billions of people across different geographies poses various challenges. Add to this the fact that different vaccines have strict conditions for storage and handling. Also, the entire history of traceability of the vaccine should be available.

While tracking the supply chain of any commodity in general and pharmaceutical products, in particular, is always complex, the COVID-19 vaccine poses tougher challenges. The following are the current temperature sensitivity needs of various vaccine manufacturers.  

best dcaas providers in usa

The information is from publicly available sites and should not be treated as a guideline for vaccine storage.

Blockchain to the Rescue

Even before the pandemic, Blockchain with its built-in ability to provide transparency across stakeholders has been a major platform for pharmaceutical traceability. The criticality for providing COVID-19 vaccine traceability has only strengthened the cause of utilizing blockchain for the supply chain in the pharma industry.

Blockchain networks with its base attributes like de-centralized ownership of data, single version of truth across stakeholders, the ability to ensure the data ownership based on cryptography-based security, and the ability to implement and manage business rules, will be a default platform handling the traceability of COVID-19 vaccines across multiple stakeholders.

Going beyond, Blockchain will also play a major role in the Identity and Credentialing of healthcare professionals involved, as well as the Consent Management of the patients who will be administered the vaccine. With futuristic technology needs like Health Passport, Digital Twin of a Person, Blockchain goes a long way in solving the current challenges in healthcare beyond streamlining the supply chain.

GAVS Blockchain Based Prototype for COVID-19 vaccine Traceability

GAVS has created a prototype of Blockchain-based network platform for vaccine traceability to demonstrate its usability. This solution has a much larger scope for extending to various healthcare use cases.

The below is the high-level process flow of the COVID-19 vaccine trial and various stakeholders involved.

digital transformation services and solutions

Image Source – www.counterpointresearch.com

Based on the use case and the stakeholders involved. GAVS prototype first creates a consortium using a private blockchain network. For the sake of simplicity, Distributors are not mentioned, but in real life, every stakeholder will be present. Individuals who receive the vaccine from hospitals are not part of the Network at this stage. But in future, their consent can be tracked using Blockchain.

Using Azure Blockchain Service, we can create private consortium blockchain networks where each blockchain network can be limited to specific participants in the network. Only participants in the private consortium blockchain network can view and interact with the blockchain. This ensures that sensitive information about vaccines are not exposed or misused.

data center consolidation initiative services

The following smart contracts are created as part of the solution with assigned ownership to the individual stake holders.

Blockchain solution and services

A glimpse of few of the smart contracts are listed for illustration purposes.

pragma solidity ^0.5.3;

pragma experimental ABIEncoderV2; 

contract Batch {

    string  public BatchId;

    string  public ProductName;

    string  public ProductType;

    string  public TempratureMaintained;

    string  public Efficacy;

    string  public Cost;

    address public CurrentOwner;

    address public ManufacturerAddr;

    address public AirLogAddr;

    address public LandLogAddr;

    address public HospAdminAddr;

    address public HospStaffAddr;

    string[] public AirTemp = new string[](10);

    string[] public LandTemp = new string[](10);

    string[] public HospTemp = new string[](20);

    string  public receiptNoteaddr;

    constructor  (string memory _batchId, string memory _productName,  string memory _productType,  string memory _TemperatureMaintained,  string memory _Efficacy,  string memory _Cost) public {

        ManufacturerAddr = msg.sender;

        BatchId = _batchId;

        ProductName = _productName ;

        ProductType = _productType;

        TemperatureMaintained = _TemperatureMaintained;

        Efficacy = _Efficacy;

        Cost = _Cost;

    }   

    modifier onlyOwner()    {

        require (msg.sender == CurrentOwner, “Only Current Owner Can Initiate This Action”);

        _;

    }      

    function updateOwner(address _addr) onlyOwner public{

       CurrentOwner = _addr;

    }        

    function retrieveBatchDetails() view  public returns (string memory, string memory, string memory, string memory, string memory, address, address, address, address, address, string[] memory, string[] memory, string[] memory, string memory) {

        return (BatchId,ProductName,TemperatureMaintained,Efficacy,Cost,ManufacturerAddr,AirLogAddr,LandLogAddr,HospAdminAddr,HospStaffAddr,AirTemp,LandTemp,HospTemp,receiptNoteaddr);  

    }

}  

The front end (Dapp) through which the traceability of the COVID-19 vaccine can be monitored is also developed and the following screenshots show certain important data flows.

Vaccine Traceability System Login Screen

best dcaas providers in usa

Traceability view for a particular batch of Vaccine

digital transformation services and solutions

Details of vaccinated patients entered by hospital

data center consolidation initiative services

Advantages of The Solution

  • With every vaccine monitored over the blockchain, each link along the chain could keep track of the entire process, and health departments could monitor the chain as a whole and intervene, if required, to ensure proper functioning.
  • Manufacturers could track whether shipments are delivered on time to their destinations.
  • Hospitals and clinics could better manage their stocks, mitigating supply and demand constraints. Furthermore, they would get guarantees concerning vaccine authenticity and proper storage conditions.
  • Individuals would have an identical guarantee for the specific vaccine they receive.
  • Overall this technology-driven approach will help to save the lives in this critical juncture.

 Extensibility to Future Needs

Gartner’s latest hypercycle for emerging technologies highlight several new technologies and notably Health Passport. As the travelers used to travel with a physical passport pandemic has created the need for a health passport, which is more like a digital health record that passengers can carry on their phones. Ideally, it should show the passengers past exposure to diseases and the vaccine records. By properly deploying health passports, several industries can revive themselves by allowing free-flowing movement of passengers across the globe.

The above blockchain solution though meant for COVID-19 traceability can potentially extended to a health passport once the patient also becomes part of it by a wallet based authentication mechanism, at GAVS we plan to explore the health passports on Blockchain in the coming months.

About the Author –

Srini is the Technology Advisor for GAVS. He is currently focused on Healthcare Data Management Solutions for the post-pandemic Healthcare era, using the combination of Multi Modal databases, Blockchain and Data Mining. The solutions aim at Patient data sharing within Hospitals as well as across Hospitals (Healthcare Interoperability) while bringing more trust and transparency into the healthcare process using patient consent management, credentialing, and zero knowledge proofs.

Patient 360 & Journey Mapping using Graph Technology

Srinivasan Sundararajan

360 Degree View of Patient

With rising demands for quality and cost-effective patient care, healthcare providers are focusing on data-driven diagnostics while continuing to utilize their hard-earned human intelligence. In other words, data-driven healthcare is augmenting human intelligence.

360 Degree View of Patient, as it is called, plays a major role in delivering the required information to the providers. It is a unified view of all the available information about a patient. It could include but is not limited to the following information:

  • Appointments made by the patients
  • Interaction with different doctors
  • Medications prescribed by the doctors
  • Patient’s relationship to other patients within the eco-systems specially to identify the family history related risks
  • Patient’s admission to hospitals or other healthcare facilities
  • Discharge and ongoing care
  • Patient personal wellness activities
  • Patient billing and insurance information
  • Linkages to the same patient in multiple disparate databases within the same hospital
  • Information about a patient’s involvement in various seminars, medical-related conferences, and other events

Limitations of Current Methods

As evident in most hospitals, these information are usually scattered across multiple data sources/databases. Hospitals typically create a data warehouse by consolidating information from multiple resources and try to create a unified database. However, this approach is done using relational databases and the relational databases rely on joining tables across entities to arrive at a complete picture. The RDBMS is not meant to handle relationships which extend to multiple hops and require drilling down to many levels.

Role of Graph Technology & Graph Databases

A graph database is a collection of nodes (or entities typically) and edges (or relationships). A node represents an entity (for example, a person or an organization) and an edge represents a relationship between the two nodes that it connects (for example, friends). Both nodes and edges may have properties associated with them.

While there are multiple graph databases in the market today like, Neo4J, JanusGraph, TigerGraph, the following technical discussions pertain to graph database that is part of SQL server 2019. The main advantage of this approach is that it helps utilize the best RDBMS features wherever applicable, while keeping the graph database options for complex relationships like 360 degree view of patients, making it a true polyglot persistence architecture.

As mentioned above, in SQL Server 2019 a graph database is a collection of node tables and edge tables. A node table represents an entity in a graph schema. An edge table represents a relationship in a graph. Edges are always directed and connect two nodes. An edge table enables users to model many-to-many relationships in the graph. Normal SQL Insert statements are used to create records into both node and edge tables.

While the node tables and edge tables represent the storage of graph data there are some specialized commands which act as extension of SQL and help with traversing between the nodes to get the full details like patient 360 degree data.

MATCH statement

MATCH statement links two node tables through a link table, such that complex relationships can be retrieved. An example,

Data Center Migration Planning Tools

SHORTEST_PATH statement

It finds the relationship path between two node tables by performing multiple hops recursively. It is one of the useful statements to find the 360 degree of a patient.

There are more options and statements as part of graph processing. Together it will help identify complex relationships across business entities and retrieve them.

GRAPH processing In Rhodium  

As mentioned in my earlier articles (Healthcare Data Sharing & Zero Knowledge Proofs in Healthcare Data Sharing), GAVS Rhodium framework enables Patient and Data Management and Patient Data Sharing and graph databases play a major part in providing patient 360 as well as for provider (doctor) credentialing data. The below screen shots show the samples from reference implementation.

Desktop-as-a-Service (DaaS) Solution

Patient Journey Mapping

Typically, a patient’s interaction with the healthcare service provider goes through a cycle of events. The goal of the provider organization is to make this journey smooth and provide the best care to the patients. It should be noted that not all patients go through this journey in a sequential manner, some may start the journey at a particular point and may skip some intermediate journey points. Proper data collection of events behind patient journey mapping will also help with the future prediction of events which will ultimately help with patient care.

Patient 360 data collection plays a major role in building the patient journey mapping. While there could be multiple definitions, the following is one of the examples of mapping between patient 360-degree events and patient journey mapping.

Digital Transformation Services and Solutions

The below diagram shows an example of a patient journey mapping information.

Enterprise IT Support Services USA

Understanding patients better is essential for improving patient outcomes. 360 degree of patients and patient journey mapping are key components for providing such insights. While traditional technologies lack the need of providing those links, graph databases and graph processing will play a major role in patient data management.

About the Author –

Srini is the Technology Advisor for GAVS. He is currently focused on Data Management Solutions for new-age enterprises using the combination of Multi Modal databases, Blockchain and Data Mining. The solutions aim at data sharing within enterprises as well as with external stakeholders.

Zero Knowledge Proofs in Healthcare Data Sharing

Srinivasan Sundararajan

Recap of Healthcare Data Sharing

In my previous article (https://www.gavstech.com/healthcare-data-sharing/), I had elaborated on the challenges of Patient Master Data Management, Patient 360, and associated Patient Data Sharing. I had also outlined how our Rhodium framework is positioned to address the challenges of Patient Data Management and data sharing using a combination of multi-modal databases and Blockchain.

In this context, I have highlighted our maturity levels and the journey of Patient Data Sharing as follows:

  • Single Hospital
  • Between Hospitals part of HIE (Health Information Exchange)
  • Between Hospitals and Patients
  • Between Hospitals, Patients, and Other External Stakeholders

In each of the stages of the journey, I have highlighted various use cases. For example, in the third level of health data sharing between Hospitals and Patients, the use cases of consent management involving patients as well as monetization of personal data by patients themselves are mentioned.

In the fourth level of the journey, you must’ve read about the use case “Zero Knowledge Proofs”. In this article, I would be elaborating on:

  • What is Zero Knowledge Proof (ZKP)?
  • What is its role and importance in Healthcare Data Sharing?
  • How Blockchain Powered GAVS Rhodium Platform helps address the needs of ZKP?

Introduction to Zero Knowledge Proof

As the name suggests, Zero Knowledge Proof is about proving something without revealing the data behind that proof. Each transaction has a ‘verifier’ and a ‘prover’. In a transaction using ZKPs, the prover attempts to prove something to the verifier without revealing any other details to the verifier.

Zero Knowledge Proofs in Healthcare 

In today’s healthcare industry, a lot of time-consuming due diligence is done based on a lack of trust.

  • Insurance companies are always wary of fraudulent claims (which is anyhow a major issue), hence a lot of documentation and details are obtained and analyzed.
  • Hospitals, at the time of patient admission, need to know more about the patient, their insurance status, payment options, etc., hence they do detailed checks.
  • Pharmacists may have to verify that the Patient is indeed advised to take the medicines and give the same to the patients.
  • Patients most times also want to make sure that the diagnosis and treatment given to them are indeed proper and no wrong diagnosis is done.
  • Patients also want to ensure that doctors have legitimate licenses with no history of malpractice or any other wrongdoing.

In a healthcare scenario, either of the parties, i.e. patient, hospital, pharmacy, insurance companies, can take on the role of a verifier, and typically patients and sometimes hospitals are the provers.

While the ZKP can be applied to any of the transactions involving the above parties, currently the research in the industry is mostly focused on patient privacy rights and ZKP initiatives target more on how much or less of information a patient (prover) can share to a verifier before getting the required service based on the assertion of that proof.

Blockchain & Zero Knowledge Proof

While I am not getting into the fundamentals of Blockchain, but the readers should understand that one of the fundamental backbones of Blockchain is trust within the context of pseudo anonymity. In other words, some of the earlier uses of Blockchain, like cryptocurrency, aim to promote trust between unknown individuals without revealing any of their personal identities, yet allowing participation in a transaction.

Some of the characteristics of the Blockchain transaction that makes it conducive for Zero Knowledge Proofs are as follows:

  • Each transaction is initiated in the form of a smart contract.
  • Smart contract instance (i.e. the particular invocation of that smart contract) has an owner i.e. the public key of the account holder who creates the same, for example, a patient’s medical record can be created and owned by the patient themselves.
  • The other party can trust that transaction as long the other party knows the public key of the initiator.
  • Some of the important aspects of an approval life cycle like validation, approval, rejection, can be delegated to other stakeholders by delegating that task to the respective public key of that stakeholder.
  • For example, if a doctor needs to approve a medical condition of a patient, the same can be delegated to the doctor and only that particular doctor can approve it.
  • The anonymity of a person can be maintained, as everyone will see only the public key and other details can be hidden.
  • Some of the approval documents can be transferred using off-chain means (outside of the blockchain), such that participants of the blockchain will only see the proof of a claim but not the details behind it.
  • Further extending the data transfer with encryption of the sender’s private/public keys can lead to more advanced use cases.

Role of Blockchain Consortium

While Zero Knowledge Proofs can be implemented in any Blockchain platform including totally uncontrolled public blockchain platforms, their usage is best realized in private Blockchain consortiums. Here the identity of all participants is known, and each participant trusts the other, but the due diligence that is needed with the actual submission of proof is avoided.

Organizations that are part of similar domains and business processes form a Blockchain Network to get business benefits of their own processes. Such a Controlled Network among the known and identified organizations is known as a Consortium Blockchain.

Illustrated view of a Consortium Blockchain Involving Multiple Other Organizations, whose access rights differ. Each member controls their own access to Blockchain Network with Cryptographic Keys.

Members typically interact with the Blockchain Network by deploying Smart Contracts (i.e. Creating) as well as accessing the existing contracts.

Current Industry Research on Zero Knowledge Proof

Zero Knowledge Proof is a new but powerful concept in building trust-based networks. While basic Blockchain platform can help to bring the concept in a trust-based manner, a lot of research is being done to come up with a truly algorithmic zero knowledge proof.

A zk-SNARK (“zero-knowledge succinct non-interactive argument of knowledge”) utilizes a concept known as a “zero-knowledge proof”. Developers have already started integrating zk-SNARKs into Ethereum Blockchain platform. Zether, which was built by a group of academics and financial technology researchers including Dan Boneh from Stanford University, uses zero-knowledge proofs.

ZKP In GAVS Rhodium

As mentioned in my previous article about Patient Data Sharing, Rhodium is a futuristic framework that aims to take the Patient Data Sharing as a journey across multiple stages, and at the advanced maturity levels Zero Knowledge Proofs definitely find a place. Healthcare organizations can start experimenting and innovating on this front.

Rhodium Patient Data Sharing Journey

IT Infrastructure Managed Services

Healthcare Industry today is affected by fraud and lack of trust on one side, and on the other side growing privacy concerns of the patient. In this context, the introduction of a Zero Knowledge Proofs as part of healthcare transactions will help the industry to optimize itself and move towards seamless operations.

About the Author –

Srini is the Technology Advisor for GAVS. He is currently focused on Data Management Solutions for new-age enterprises using the combination of Multi Modal databases, Blockchain, and Data Mining. The solutions aim at data sharing within enterprises as well as with external stakeholders.

Design-led Organization: Creative Thinking as a Practice!

Gogul R G

This is the first article in the series of ‘Design-led organization’ writing about creative thinking as a practice in GAVS. It is the first step for the readers to explore the world of design and creativity. So, let’s get started!

First let’s see what is design thinking is all about

There is a common misconception that design thinking is new. But when you look back, people have applied a human-centric creative process to build meaningful and effective solutions. Design has been practiced for ages to build monuments, bridges, automobiles, subway systems, etc. Design is not only limited to aesthetics, it is more of a mindset to think of a solution. Design thinking is a mindset to iteratively think about a complex problem and come up with a viable solution

Thinking outside of the box can provide an innovative solution to a sticky problem. However, thinking outside of the box can be a real challenge as we naturally develop patterns of thinking that are based on the repetitive activities and commonly accessed knowledge surround ourselves. It takes something to detach away from a situation where we’re too closely involved to be able to find better possibilities.

To illustrate how a fresh way of thinking can create unexpectedly good solutions, let’s look at a famous incident. Some years ago, an incident occurred where a truck driver had tried to pass under a low bridge. But, he failed, and the truck became firmly lodged under the bridge.

IT Infrastructure Managed Services

The driver was unable to continue driving through or reverse out. The struck truck caused massive traffic problems, which resulted in emergency personnel, engineers, firefighters, and truck drivers gathering to negotiate various solutions to dislodge the truck.

Emergency workers were debating whether to dismantle parts of the truck or chip away at parts of the bridge. Each of one were looking for a solution with their respective level of expertise. A boy walking by and witnessing the intense debate looked at the truck, at the bridge, then looked at the road and said, “Why not just let the air out of the tires?” to the absolute amazement of all the specialists and experts trying to resolve the issue.

When the solution was tested, the truck could drive with ease, having suffered only the damage caused by its initial attempt to pass underneath the bridge. It symbolizes the struggles we face where often the most obvious solutions are the ones hardest to come by because of the self-imposed constraints we work within.  

“Challenging our assumptions and everyday knowledge is often difficult for us humans, as we rely on building patterns of thinking in order not to have to learn everything from scratch every time.

Let’s come back to our topic “What is Design thinking?” Tim Brown, Executive Chairman of IDEO – an international design and consulting firm quoted design thinking as below.

“Design thinking is a human-centered approach to innovation that draws from the designer’s toolkit to integrate the needs of people, the possibilities of technology, and the requirements for business success.

Now let’s think about our truck example. A boy with his fresh mindset provides a simple solution to address a complex problem. Yeah! this is the sweet spot. Everyone is creative and capable of thinking like a designer, and out of the box, to come up with a solution. This way of inculcating design as a mindset for a solution is known as Design thinking.

Yes, you read it right, everyone is creative…

We forget that back in kindergarten, we were all creative. We all played and experimented with weird things without fear or shame. We didn’t know enough not to. The fear of social rejection is something we learned as we got older. And that’s why it’s possible to regain our creative abilities, even decades later. In the field of design and user experience, there are individuals to stick with a methodology a while, they will end up doing amazing things. They come up with break through ideas or suggestions and work creatively with a team to develop something truly innovative. They surprise themselves with the realization that they are a lot more creative than they had thought. That early success shakes up how they see themselves and makes them eager to do more.

We just need to rediscover what we already have: the capacity to imagine, or build upon, new to the world ideas.  But the real value of creativity doesn’t emerge until you are brave enough to act on those ideas.

Geshe Thupten Jinpa, who has been the Dalai Lama’s chief English translator for more than twenty years, shared an insight about the nature of creativity. Jinpa pointed out that there’s no word in the Tibetan language for ‘creativity’ or ‘being creative’. The closest translation is ‘natural’. In other words, if you want to be more creative, you should be more natural! So…be natural!

At your workplace, the complex problems can be easily sorted out when you find a solution using creativity with the mindset of design thinking. Creativity can be improved by following the below steps.

  1. Go for a walk.
  2. Play your favorite games.
  3. Move your eyes.
  4. Take a break and enjoy yourself.
  5. Congratulate yourself each time you do something well.
  6. Estimate time, distance, and money.
  7. Take a route you never have taken before.
  8. Look for images in mosaics, patterns, textures, clouds, stars…
  9. Try something you have never done before.
  10. Do a creative exercise.
  11. Start a collection (stamps, coins, art, stationery, anything you wish to collect)
  12. Watch Sci-Fi or fantasy films.
  13. Change the way you do things – there are no routine tasks, only routine way of doing things.
  14. Wear a color you do not like.
  15. Think about how they invented equipment or objects you use daily.
  16. Make a list of 10 things you think are impossible to do and then imagine how you could make each one possible.
  17. For every bad thing that happens to you, remember at least 3 good things that happened.
  18. Read something you have not read yet.
  19. Make friends with people on the other side of the world.
  20. When you have an idea, make a note of it, and later check to see if it happened.
  21. Connect a sport with your work.
  22. Try food you never tried before.
  23. Talk to grandparents and relatives and listen to their stories.
  24. Give an incorrect answer to a question.
  25. Find links between people, things, ideas, or facts.
  26. Ask children how to do something and observe their creativity.

Start doing the above-mentioned steps to inculcate a creative mindset and apply it in your day-to-day work. Companies like GE health care, Procter & Gamble, UBER practiced design thinking and implemented in their new product launches and for solving complex problems in their organizations. Be natural to be more creative! When you are more creative, you can apply design thinking for seeking any solution for a complex problem in your work.

This is the first article in the series of Design led Organization in GAVS. Keep watching this space for more articles on design and keep exploring the world of design-thinking!

References:

About the Author –

Gogul is a passionate UX designer with 8+ years of experience into designing experiences for digital channels like Enterprise apps, B2C, B2B apps, Mobile apps, Kiosk, Point of Sale, Endless aisle, telecom products. He is passionate about transforming complex problems into actionable solutions using design.

Center of Excellence – Security

The Security Center of Excellence was instituted to set standards in the practice and be the point of contact for technical solutions, problem solving, etc. The broad objectives of this CoE are as follows:

  • Develop and maintain technical assets that can be leveraged across GAVS.
  • Enable Quality Governance by providing support in gating of architecture and design related deliverables.
  • Enable Operational Governance by establishing cadence for tech review of projects.
  • Create domain-based SMEs within the practice.
  • Train and upskill members in the practice.
  • Improve customer satisfactory index by implementing new ideas and innovations across all engagements.
  • Create additional SOC services for market competency.
  • Automation – Detect, investigate and remediate cyberthreats with playbooks and response workflows.

COVID and the changing nature of threat landscape

For many industries, it has been challenging period ever since the COVID outbreak, more so for those in security. Clearly, the bad actors have lot of time at their disposal which is reflective in the innovative techniques being used to attack targets. The level of vigilance required in monitoring the alerts and application of threat hunting techniques is key to diagnosing problems at initial stages of compromise in the worst-case scenario.

Microsoft Cloud Solution Provider

Remote Infrastructure Monitoring Services
Source: IBM X-Force Research

For enterprises that have no clue about MDR (Managed Detection and Response), this is a good time for them to start. We have innovative, cost effective solutions – “Make Hay while the Sun shines”. Small and large corporations alike have lost business and money because of lapse in security controls and monitoring. Now is not the time to make headlines that you are the victim of a major breach.

Our team is developing a vulnerability alerting tool, which we intend to equip customers with to provide qualified bulletin alerts, i.e. alerts only on vulnerabilities that affect them. This is a first of a kind in the market. This will greatly benefit existing and new customers.

Expanding into IAM and PAM

Security practice is expanding into Identity & Access Management (IAM) and Privileged Access Management (PAM) services. With new customers being onboarded into this focus areas for products such as Sailpoint, Thycotic, Ping, Cyberark, Okta and Azure PIM, we are expanding our talent pool through recruitment and through training and certification. This should largely benefit our existing customers and prospects who intend to leverage our security practice to fulfil their cyber security needs.

Expansion of our Red Team

Our Red Team within the practice has been expanded with many talented members, including some with bug bounty bragging rights. This has enormously helped in performing intensive tests on our internal product platforms, security assessments for customers. We have also extensively invested on tools for the Red Team to help them reduce assessment times.

Certification drive

With some more analysts having certified across AZ-500, Cyberark and trained on Darktrace. GAVS’ security analysts are taking full advantage to increase their knowledge thanks to the generosity of our alliances and training sites like Pluralsight. Even the mighty Microsoft opened their learning website for free, enabling young talent to equip themselves with critical DevOps and Cloud security skills.

As part of CoE initiatives, we have;

  • Aligned our security roadmap based on industry trends and to ensure solutions tailored for customer pain points.
  • Extended our SOC practice with IAM and PAM in 2020.
  • Identified domain-based SME and product-based SME for quick support.

We are currently in the process of creating security products, GVAS and GSMA, to help customer in proactively identifying and addressing vulnerabilities and self-maturity assessment of their cybersecurity posture. We are also underway to add Operational security to our Security practice.

If you have any questions about the CoE, you may reach out to them at COE_INFOSEC@gavstech.com

CoE Team Members

  • Venkatakrishnan A
  • Shivaram J
  • Alex Nepolian Lawrence
  • Ravindran Girikrishnan
  • Aravindah Sadhasivam Subramanian
  • Vijayakumar Veerapandiyan
  • Thubati Uday
  • Ganta Venkata Sandeep
  • Sundaramoorthy S
  • Sukanya Srinivasan

Center of Excellence – Network

The Network CoE was established to focus on Network solution design, Network design, Advanced Network troubleshooting, Network consulting, Network automation, and competency development in Next Generation Network technologies. It is also involved in conducting Network and Network security assessments in the customer’s IT infrastructure environments focused on optimization and transformation.

Network and Network Security Certification drive

As part of Network CoE, we focus on upgrading the skill sets of L1, L2, L3 Network engineers so that their competency levels are high. This is achieved by Network certification drives organized by Network COE. There are many certification drives focusing on Routing, Switching, Network security, Data Center Technologies, and Network automation driven by Network CoE like CCNA, CCNP, PCNSE, CCNA Data Center and Cisco Certified DevNet Associate. There is an active participation in these certification drives, and many GAVS engineers got themselves certified.

Standard Best Practices and Standard Operating Procedures

In Network CoE, the focus is on industry best practices. Standard Operating Practices are created for various technologies within Networking and Network security and used for Network operations.  We have Standard Operating Practices for Monitoring, NOC, switching, routing, WIFI, load balancers and Network security.

Next generation Network Transformation

The Network and Network Security Industry is undergoing key changes in terms of next generation technologies,Next Generation Firewall, Software defined Networks, WIFI 6 standard. There is an added impetus to Network automation, Intent based Networking. We enable Network transformation by enabling these technologies in customer environments.

Network Automation

We are focusing on Network automation of Standard Operating practices pertaining to Network and Network Security technologies. Instead of usual script-based automation, we focus on automation through Network Programmability via standard API interfaces. This gives much finer control and increased functionality in automation.

Network Assessments and Recommendations

We undertake Network Assessments which focuses on Networking and Network security infrastructure including devices and monitoring tools. We focus on various device types like routers, switches, firewall, WIFI controllers, WIFI access points, load balancers, Layer-3 switches, collaboration devices, SD-WAN devices, MPLS devices, VPN devices, IPS devices, etc. We also focus on Network monitoring tools.  We have a GAVS tool called GAVS topology mapper which can be used to discover network topology and its serves as one of the inputs during Network assessment. We apply standard best practices and come out with findings and recommendations. The recommendations will be directed towards Network optimization and/or Network transformation.

Solutions for Pain Points

We identify customer paint points in Networking and Network security areas and address it with comprehensive solutions. A case in point is where we designed a disaster recovery solution for an enterprise network, where the main site and DR site had different subnet schemes and for the Disaster recovery solution to work the VMs in main site and DR site need to have the same IP address.

Network Maturity Model

In GAVS, we have a Network Maturity Model. We have various levels with the Model. We use the Network Maturity Model to rate Network and Network Security setup.

Network Maturity Levels
ScoreLevel
5Optimised
4Managed
3Defined
2Repeatable
1Ad hoc
Network Design

We undertake Network design of Green Field projects (New Network) or Network re-design of Brownfield projects (Existing Network).  A case in point is where we re-designed an existing data center for better resiliency.

Data Center Design

We have designed Data Centers with N+1 Redundancy based on Cisco Nexus 9K and ACI as part of Data Center move and consolidation.  We used spine and leaf architecture for high availability. We have migrated Catalyst 6000 based data center to a Data Center with Nexus 9K.

Advanced Network and Network Security Services

We undertake several Advanced Network and Network security services. We have done large scale Cisco Identity Service Engine (ISE) Hardening and upgrade. We also migrated to DMVPN for several hundreds of sites.

Advanced Network and Network SecurityTroubleshooting

There are situations when a problem will involve two or more towers, e.g., Networking, server applications etc., we get involved and crack these kinds of problems.

For example, a problem which involved DHCP Network service running in a server. The DHCP network service became slow. We systematically analysed and found out that the actual problem is the server slowness and not the DHCP Network service. In another situation, we found out that DMZ firewall was having 90% CPU utilization which led to connection drops of Applications and we fixed it by upgrading the firewall devices.

Conclusion

We continue to partner with GAVS Customer success managers to provide unique experience to customers in the Networking area.

If you have any questions about the CoE, you may reach out to them at COE_NETWORK@gavstech.com

CoE Team Members

  • Ambika Tripathi
  • Andrew Ellis
  • AvineshYokanathan
  • Deepak Narayanaswamy
  • Durai Murugan Prakash
  • Faheem koyatty
  • Ganesh Kumar J
  • Gayathri R
  • Ibrahim Silver Nooruddin
  • JettiTarakesh
  • Justin Robinson
  • Krishnakumar R
  • Nabiulla A
  • Nandhini Prabhu
  • Navaneetha Krishnan
  • Palanisamy Sakthivel
  • Prasad R
  • Rajeshkanna S
  • Ravichandran V
  • Shafi H
  • Shamini P
  • Shanmukha Ganesh
  • Sridhar
  • Srijith
  • Suresh Chander
  • Venkata Manikrishna Soma
  • Vishal Manuhar

Center of Excellence – Java

The Java CoE was established to partner with our customers and aid them in realizing business benefits through effective adoption of cutting-edge technologies; thus, enabling customer success.

Objectives

  • Be the go-to team for anything related to Java across the organization and customer engagements.
  • Build competency by conducting training and mentoring sessions, publishing blogs, whitepapers and participating in Hackathons.
  • Support presales team in creating proposals by providing industry best solutions using the latest technologies, standards & principles.
  • Contribute a certain percent of revenue growth along with the CSMs.
  • Create reusable artifacts, frameworks, solutions and best practices which can be used across organization to improve delivery quality.

Focus Areas

  1. Design Thinking: Setting up a strong foundation of “Design Thinking and Engineering Mindset” is paramount for any business. We aim to do so in the following way:
IT Infrastructure Managed Services

2. Solution and Technology: Through our practice, we aim to equip GAVS with solution-oriented technology leaders who can lead us ahead through disruptive times

IT Operations Management Software

3. Customer success

  • Identify opportunities in accounts based on the collaboration with CSMs, understand customer needs, get details about the engagement, understand the focus areas and challenges.
  • Understand the immediate need of the project, provide solution to address the need.
  • Java council to help developers arrive at solutions.
  • Understand architecture in detail and provide recommendation / create awareness to use new technologies
  • Enforce a comprehensive review process to enable quality delivery.

Accomplishments

  • Formed the CoE team
  • Identified the focus Areas
  • Identified leads for every stream
  • Socialized the CoEwithin GAVS
  • Delivered effective solutions across projects to improve delivery quality
  • Conducted trainings on standards and design-oriented coding practices across GAVS
  • Publishedblogs to bring in design-oriented development practices
  • Identified the areas for creating re-usable artefacts (Libraries / Frameworks)
  • Brainstormed and finalized the design for creating Frameworks (For the identified areas)
  • Streamlined the DevOps process which can be applied in any engagement
  • Built reusable libraries, components and frameworks which can be used across GAVS
  • Automated the Code Review process
  • Organized and conducted hackathons and tech meetups
  • Discovered potential technical problems/challenges across teams and offered effective solutions, thereby enabling customer success
  • Supported the presales team in creating customized solutions for prospects

Upcoming Activities

  • Establishing tech governance and align managers / tech leads to the process
  • Setting up security standards and principles across domain
  • Buildingmore reusable libraries, components and frameworks which can be used across GAVS
  • Adopting Design Patterns / Anti-patterns
  • Enforcing a strong review process to bring in quality delivery
  • Enabling discussions with the customers
  • Setting up a customer advisory team

Contribution to Organizational Growth

As we continue our journey, we aim to support the revenue growth of our organization. Customer Success being a key goal of GAVS, we will continue to enable it by improving the quality of service delivery and building a solid foundation across all technology and process streams. We also want to contribute to the organization by developing a core competency around a strategic capability and reduce knowledge management risks.

If you have any questions about the CoE, you may reach out to them at COE_JAVA@gavstech.com

CoE Team Members

  • Lakshminarasimhan J
  • Muraleedharan Vijayakumar
  • Bipin V
  • Meenakshi Sundaram
  • Mahesh Rajakumar M
  • Ranjith Joseph Selvaraj
  • Jagathesewaren K
  • Sivakumar Krishnasamy
  • Vijay Anand Shanmughadass
  • Sathya Selvam
  • Arun Kumar Ananthanarayanan
  • John Kalvin Jesudhason