Customizing OOTB IT Network Security Software Products

Sundaramoorthy S

As global IT is rapidly being digitalized, the network security requirements of major businesses are offered as Out of The Box (OOTB) IT security products by IT OEMs (Information Technology Original Equipment Manufacturers).

The products offered by OEMs adhere to global standards like ISO/IEC 2700, NIST, GDPR, CCPA, and PDPB, which leads to businesses buying licenses for the end products with the intention of saving time and money. However, while integrating, deploying, and maintaining the product solution, the intention of owning the product is violated.  

This article focuses on the customizations of the OOTB products that should be avoided, and steps for tuning the customization of the requirements in the licensed products.

Customization is desirable when it lies within the OOTB product’s radar. Moving beyond the limits leads to multiple operational challenges.

Customizations that are narrower in scope end up being under-utilized. There are certain customizations that can very well be done without. It is ideal to conduct an analysis to validate whether the time and money invested for such customizations will give proportionate benefits/returns.

Product OEMs should be consulted on matters of future releases and implementations before taking such decisions. Choosing the right implementation partner is equally important. Failing to do so may result in issues in production systems, in terms of Audit, Governance, Security, and Operations. Realizing the flaw in later stages costs businesses heavily. Extensive testing must be conducted to ensure the end-to-end capabilities of the OOTB product are not violated.

Listed below are few observations based on my discussions with executives who have faced such issues in ongoing and completed implementations.

Customizations to Avoid

  • OOTB products are customized by overwriting thousands of lines of code. It makes the product tightly coupled to the network and makes the future upgrades and migration of the product complex.
  • Disregarding the recommendations of product architects & SMEs and making customizations to the existing capability of the products to meet the isolated requirements of a business leads to further hidden issues in the products. Finally, what the business demands is to customize, which violates the intent of the OOTB product.
  • Random customizations make the products compatible with the existing enterprise architecture which makes the network vulnerable.
    Below are some challenges:
    • OOTB designed products are unable to consume the business data as it is in some cases
    • Some business users are not willing to migrate to new systems, or unable to educate the users to utilize the new systems.
  • OOTB APIs are not utilized in places where it is required.

Cons of Customizing

  • OEMs provide support for OOTB features only and not for customized ones.
  • The impact of customizations on the product’s performance, optimization, and security is not always clear.
  • Audit and Governance are not manageable if the customizations are not end-to-end.
  • The above issues may lead to a lower return on investment for the customizations

Steps to Avoid Major Customization

For New implementations

  • The Road Map and strategy should be derived by doing a detailed analysis of the current and future state while selecting the product solution.
  • PoCs for requirements of the future state should be done with multiple products which offer similar services in the market to select the right one.
  • Future requirements vs product compliance matrix should be validated.
  • Gap analysis between the current state and future state should be executed through discussions with product owners and key stakeholders in the business.
  • Implementation partners could be engaged in such activities which could refine the analysis and offer their expertise on working with multiple similar products in the market so that the outcome (product selected) is best in terms of cost and techno-functional requirements.

For existing implementations where the product solution is already deployed

  • OOTB product features should be utilized efficiently by vendors, partners, and service providers.
  • To utilize the OOTB product, massaging the existing dataset or minimal restructuring post risk analysis is acceptable. This exercise should be done before onboarding the product solution.
  • For any new requirement which is not OOTB, rather than customizing the product solution independently as an end-user (business entity), a collaborative approach with implementation partners and OEMs’ professional services (minimal) should be taken. This can help address the complexity of requirements without any major roadblocks in the implementation in terms of security and performance of the product solution already deployed in the network. In this approach, support from the product team is available too, which is a great plus.

Role of OEMs

OEMs should take the necessary efforts to understand the needs of the customers and deliver relevant products. This will help in ensuring a positive client experience.

Below are few things the OEMs should consider:

  1. OEMs should have periodic discussions with clients, service providers, and partners, and collect inputs to upgrade their product and remain competitive.
  2. Client-specific local customizations which could be utilized by global clients should be encouraged and implemented.
  3. OEMs should implement the latest technologies and trends in OOTB products sooner than later.
  4. OEMs could use the same technical terminologies across the products which offer similar services, as of now individual products use their own which is not a client and user-friendly.

Since security is the top priority for all, above discussed improvisations, tips and pointers should be followed by all the IT OEMs in the market who produce IT network security products.

Customizations in IT security products are not avoidable. But it should be minimal and configurable based on the business-specific requirements and not major enhancements.

OOTB vs Customization Ratio

Enterprise IT Support Services USA

About the Author –

Sundar has more than 13 years of experience in IT, IT security, IDAM, PAM and MDM project and products. He is interested in developing innovative mobile applications which saves time and money. He is also a travel enthusiast.

Fireside Chat with Dr. Vinita Chauhan-Ramprasath

Dr. Vinita Chauhan

1. Tell us something about your childhood. What values had been instilled in you that helped you excel later in your life?

I think we all have our modest beginnings; I have certainly had mine. Growing up, we were comfortable but never outrageously wealthy. My parents were extremely hard workers and that is something they both instilled in me and my sister. We had everything we needed, but there weren’t a lot of luxuries and we didn’t miss them. Another thing our parents were very unequivocally insistent about was a good education. My father lost his father at a young age and then proceeded to educate himself and ended up getting his doctorate with a scholarship. My mother came from a family that put education above all else. Hard work and the value of education are two things that were instilled in us early in our lives.

2. What have been some of the biggest challenges in your life and how that has shaped you?

When I moved to the US, I lived on my own for the first time and so many things were new and different. Every immigrant has gone through that phase but for me that was especially hard because I was so sheltered before that. Getting a hang of the education system that was so different was also a task. After working in academic research for a while, there was a point when I realized didn’t want to be in academia. I had enrolled in an MBA program that I really enjoyed. When I went back from my maternity leave, I wasn’t willing to give up on my research position yet. There was one semester when my son was still an infant, I was taking 5 classes, working 30 hours a week in my lab, and teaching 2 online courses. It was a result of pure planning, and a lot of support from my husband; my days planned to the minute. It was a very trying time but was extremely rewarding.

3. How did you discover your passion for STEM?

I always enjoyed Biology. I found it fascinating and I was also fortunate enough to have some great Biology teachers. One of my teachers ended up mentoring me and helped me explore various opportunities. That was a big turning point for me. She tried to nurture my interests and talked to me about my options going forward. Studies have shown that school-going girls, lose interest in STEM at an early age, more so than boys, if not nurtured and supported appropriately. Girls take it harder when they make mistakes, and we need to show them to learn from it and continue moving forward.

4. What were the biggest leadership shifts in the past year?

We have all been trying to do our best juggling work and our family’s health. And we’re all in this together. There have been times my sons walked into the room while I was in meetings and no one batted an eyelid. Leaders understand that we are all managing things at home too and allow us the flexibility to do so. People step up to the challenge they are presented if we give them an opportunity to do so and the pandemic has clearly tested all of us.

5. Could you tell us something about how to manage remote teams?

I personally like to have video calls with my team members and know what is happening in their lives even outside of work. Our physical and mental health and well-being makes everything else possible, being mindful of that is important. It is also important to empower our teams to feel confident enough to come up with the best solutions. It is very fulfilling for me to see my team members come up with better ways of doing things and prove me wrong. A manager’s number one priority is to ensure that everyone is working to the best of their ability.

6. How important do you think is Diversity and Inclusion for corporates?

We are resistant to change but change is the only constant. Look at what the last year has taught us. Diversity, inclusion, and equity are considered buzzwords in corporate world, but they are important in every facet of life. There is a story about 4 people looking at a box as a problem but from different angles. So, it is a different problem for each of them, that results in different solution. Being inclusive fosters creativity and innovation.

Valuing our employees empowers them to be better performers. I have been fortunate to have leaders, both male and female, who have shown faith in me. I am particularly proud of working with Premier. Our leaders ensure that everyone is given a seat at the table and is heard and that makes everyone, in turn, want to do a better job.  

7. How would you describe an ideal technology partner?

The number one thing would be for them to understand our business. They must have the capability and resources to fulfill our business needs. Another important thing is clear communication. However, one thing that the pandemic reinforced was that the highest priority should be the ability to transform. Even if we don’t have an immediate need, we must have the capability to learn and adapt.

8. As someone from the healthcare industry, what message would you like to give to our readers especially about vaccination?

India is at a stage right now where US was sometime ago. We’ve had over a year to prepare for this and yet we aren’t adequately organized. On top of it, there is a debate about the vaccines raging on. The technology that these vaccines are based on has been widely researched. I would request people not to be skeptical of them. It will not make you immune from the infection, but it will ensure that you don’t die from COVID. Complications from COVID can have severe, adverse, long-term effects.

Please wear your masks, social distance if you step out of your homes and make the right decision for yourself and your families and get the vaccine when you are eligible.

About Dr. Chauhan –

Vinita Chauhan-Ramprasath was born and raised in India and spent most of her childhood in Mumbai. She graduated with her B.Sc. in Chemistry and Biochemistry from Mumbai and then received her M.Sc. in Biochemistry. Vinita moved to the United States in August 2000 and received her Doctorate in Diagnostic Medicine and Pathobiology. She got married in 2006 and moved to Charlotte where she worked as a research faculty at University of North Carolina at Charlotte before getting her MBA and joining Premier Inc. Currently Vinita works as a Director of ITS Operations where she manages the GAVS-Premier partnership as well as a part of the integration management office within Premier. Vinita lives in Charlotte, NC with her husband Ram and her two sons Neel and Nikhil and their dog Dakota.

API Security

Logaiswar S

“An unsecured API is literally an ‘all you can eat buffet’ for hackers.”

What is API security?

API security is the protection of network-exposed APIs that an organization, both owns and uses. APIs are becoming the preferred method to develop new-age applications. They are one of most common ways to interact between microservices and containers like systems and apps. API are developed using REST or SOAP methods. However, the true strength of API security depends on how there are implemented.

Master Data Management Software Tools

REST API Security Vs SOAP API Security

REST APIs use HTTP and Support Transport Layer Security Encryption (TLS). It is a standard that makes the connection private and checks whether the data transferred between the two systems (client and server) is encrypted. REST API is faster than SOAP because of the statelessness of nature. REST API doesn’t need to store or repackage data.

SOAP APIs use built protocols known as Web services. These protocols are defined using a rule set that is guided by confidentiality and authentication. SOAP API has not been around for as long as REST API. SOAP API is more secure than REST API as it uses Web security for transmission long with SSL.

Why is API security important?

Organizations use API to connect services and transferred data. The major data breaches through API are broken, exposed, or hacked APIs. The way API security is used depends on what kind of data is transferred.

Security testing of APIs is currently a challenge for 35% of organizations, that need better capabilities than what current DAST and SAST technologies offer to automatically discover APIs and conduct testing. Organizations are moving from monolithic web applications to modern applications such as those that make heavy use of client-side JavaScript or ones that utilize microservices architecture.

How API Security works?

API security depends on authentication and authorization. Authentication is the first step; it is used to verify that the client application has the required permission to use API. Authorization is the subsequent step that determines what data and action an authentication application can access while interacting with API.

APIs should be developed with protective features to reduce the system’s vulnerability to malicious attacks during API calls.

The developer is responsible for ensuring the developed API successfully validates all the input collected from the user during API calls. The prepared statements with blind variables are one of the most effective ways to prevent API from SQL injection. XSS can be easily handled by cleaning the user input from the API call. Cleaning the inputs helps to ensure that potential XSS vulnerabilities are minimized.   

Best Practice for Secure API

Some basic security practice and well-established security control if the APIs are shared publicly are as follows:

  • Prioritize security: Potential loss for the organization happens using unsecured APIs, so make security a priority and build the API securely as they are being developed.
  • Encrypt traffic using TLS: Some organizations may choose not to encrypt API payload data that is considered to be non-sensitive, but for organizations whose API exchange sensitive data, TLS encryption should be essential.
  • Validate input: Never pass input from an API through to the endpoint without validating it first.
  • Use a WAP: Ensure that it can understand API payloads.
  • Use token: Establish trusted identities and then control access to services and resources by using tokens.
  • Use an API gateway: API gateways act as the major point of enforcement for API traffic. A good gateway will allow you to authenticate traffic as well as control and analyze how your APIs are used.

Modern API Data breach

USPS Cooperate Database Exposure

The weakness allowed an attacker to query the USPS website and scrape a database of over 60 million cooperate users, email addresses, phone numbers, account numbers, etc.

Exploitation

The issue was authentication-related which allowed unauthorized access to an API service called ‘informed visibility’, which was designed to deliver real-time tracking data for large-scale shipping operations.

This tracking system was tied into web API in a way that users could change the search parameters and view and even in some cases modify the information of other users. Since there wasn’t a robust anti-scraping system in place, this mass exposure was compounded by the automated and unfettered access available.

Lessons Learned

Providers giving extreme power to a specific service or function without securing every permutation of its interaction flow can lead to such exploits. To mitigate API-related risks, coding should be done with the assumption that the APIs might be abused by both internal and external forces.

References:

  1. https://www.redhat.com/en/topics/security/api-security
  2. https://searchapparchitecture.techtarget.com/definition/API-security
  3. https://nordicapis.com/5-major-modern-api-data-breaches-and-what-we-can-learn-from-them/

About the Author –

Logaiswar is a security enthusiast with core interest in Application & cloud security. He is part of the SOC DevSecOps vertical at GAVS supporting critical customer engagements.

Privacy Laws – Friends not Foes!

Barath Avinash

“Privacy means people know what they’re signing up for, in plain language, and repeatedly. I believe people are smart. Some people want to share more than other people do. Ask them.” – Steve Jobs

Cyber Security and Compliance Services

However futile a piece of data is today; it might be of high importance tomorrow. Misuse of personal data might lead to devastating consequences for the data owner and possibly the data controller.

Why is Data Privacy important?

For us to understand the importance of data privacy, the consequences of not implementing privacy protection must be understood. A very relevant example to understand this better is the Facebook-Cambridge Analytica scandal which potentially led to canvassing millions of Facebook users for an election without users’ explicit consent. 

To answer one long standing argument against privacy is that “I do not have anything to hide and so I do not care about privacy”. It is true that privacy can provide secrecy, but beyond that, privacy also provides autonomy and therefore freedom, which is more important than secrecy.

How can businesses benefit by being data privacy compliant?

Businesses can have multifold benefits for complying, implementing, and enforcing privacy practice within the organization. Once an organization is compliant with general data privacy principles, they also become mostly compliant with healthcare data protection laws, security regulations and standards. This reduces the effort an organization has to go through to be compliant on several other security and privacy regulations or standards. 

How can businesses use privacy to leverage competition?

With privacy being one of the highly sought out domain after the enactment of GDPR regulation for the EU followed by CCPA for USA and several other data protection laws around the world, businesses can leverage these for competitive advantage rather than looking at privacy regulations as a hurdle for their business and just as a mandatory compliance requirement. This can be achieved by being proactive and actively working to implement and enforce privacy practices within the organization. Establish regulatory compliance with the customers by means of asking for consent, being transparent with the data in use and by providing awareness. Educating people by providing data user centric awareness as compared to providing awareness for the sake of compliance is a good practice and thus will result in increasing the reputation of the business.

Why is privacy by design crucial?

Business should also focus on operations where implementing ‘privacy by design’ principle might build a product which would be compliant to privacy regulations as well as security regulations and standards through which a solidly built future proof product could be delivered.

The work doesn’t stop with enforcement and implementation, continual practice is necessary to maintain consistency and establish ongoing trust with customers.

With increasing statutory privacy regulations and laws in developed countries, several other countries have been either planning to enact privacy laws or have already started implementing them. This would be the right time for businesses located in developing countries to start looking into privacy practice so that it would be effortless when a privacy law is enacted and put into enforcement.

What’s wrong with Privacy Laws?

Privacy laws that are in practice come with their fair share of problems since they are relatively new.

  • Consent fatigue is a major issue with GDPR since it requires data owners to consent to processing or use of their data constantly, which tires the data owner and results in them ignoring privacy and consent notices when sent by the data processor or data collector.
  • Another common issue is sending multiple data requests by ill-motivated malicious users or automated computer bots to the data collector in order to bombard them with requests for data owner’s data which is available with the controller, this is a loophole under the ‘right to access’ of GDPR which is being exploited in some cases. This will burden the data protection officer to cause delay in sending requested data to the customer thus inviting legal consequences.
  • Misuse of privacy limitation guidelines are also a major problem in the GDPR space, time and again data collectors provide data processing purpose notice to data owners and subsequently use the same data for a different purpose without receiving proper consent from data owner thus often violating the law.

What the future holds for privacy?

As new privacy laws are in works, better and comprehensive laws will be brought in, learning from inconveniences of existing laws. Amendments for existing laws will also follow to enhance the privacy culture.

Privacy landscape is moving towards better and responsible use of user data, as the concept of privacy and its implementation matures with time, it is high time businesses start implementing privacy strategies primarily for business growth rather than merely for regulatory compliance. That is the goal every mature organization should aim towards and work on.

Privacy is firstly a human right; therefore, privacy laws are enacted on the basis of rights, because laws can be challenged and modified under court of justice, but rights cannot be.

References:

https://www.nytimes.com/2018/04/04/us/politics/cambridge-analytica-scandal-fallout.htm

https://iapp.org/news/a/fake-dsars-theyre-a-thing/

About the Author –

Barath Avinash is part of GAVS’ security practice risk management team. He has a master’s degree in cyber forensics and information security. He is an information security and privacy enthusiast and his skillet include governance, compliance and cyber risk management.

Challenges Enable Change and Success

Vijayalakshmi Rajesh

In this hyper-connected digital age, one may misconceive a ‘challenge’ to be a deadlock and associate it with negativity. To me a challenge always implies an opportunity. Opportunity to explore newer ways of reaching success. I strongly believe that without challenges life would be mundane. The rapid improvements and progress we see today were challenges overcome by someone.

To solve any problem, we need to accept its existence and understand its dynamics. Only then can we come up with solutions. When I started my career as a marketing professional, I was the only lady in my team and a fresher too. I had to overcome many challenges. I always had the attitude to keep fighting. At times, I had no support as I was the only one swimming against the tide. But I never gave up!

I salute my mother for raising me to never shy away from challenges. I would like to share my memories of the wonderful days I spent with her. My mother had a charming personality. I admired her patience. She was a multitasker. To me, no one could match her skills at embroidery and knitting. Her zeal and enthusiasm towards life inspire me even today. I remember during my school days, I often found her immersed in her handiwork, which she also taught many women who subsequently started their businesses. After school, I would look at the work she had done that day. While she was busy in the kitchen, I would hold the cloth in my hand and closely examine the artwork. While the front side was beautiful, the backside attracted me more because it would reveal the effort put in to create the masterpiece. For my wedding, my mother gifted me a beautifully embroidered handkerchief. I immediately flipped it to look at the techniques used to keep the backside neat. My mother said something beautiful then. She said, “I noticed how you always check the work behind before looking at the actual finished product on the front. This goes on to show that you are a person who will view challenges first and learn through them. Never give up your attitude to fight and your eye for detail.”

My mother’s values have led me onto a successful path in CSR. I get immense satisfaction whenever I complete projects. I remember a child, about 6 years old, from the school where I built a library. She came to me with a flower in her hand which she had picked on her way to school and told me, “Ma’am we are grateful for all these books. I am going to read all the books and become a doctor one day.” I could feel my mother patting me on my back and my eyes welling up because only I knew the challenges I had to face in delivering the project. But these little things mean a lot to me.

I have recently noticed an interesting paradigm, especially among the younger generation. Some are not only fighting their own problems, but they are also trying to resolve the problems faced by others.

To quote an example. I read about Jayalakshmi from Pudukottai, Tamil Nadu, India, in a leading daily. She was selected to visit NASA’s Kennedy Space Centre in the US after winning a competition. Through her plea for financial support, she secured excess funding. She then channelized the surplus funds to build public toilets in her village. She also convinced her fellow villagers who were hesitant about the idea to build toilets. To me, this is extraordinary because she has challenged the status quo and won the battle for many!

To everyone out there I would say – Challenges are just as difficult as we perceive them to be. We can overcome them if we view them as opportunities. Explore the world of endless possibilities with a fighting spirit. Today we have a vaccine for COVID, created in the shortest span of time by scientists. No vaccine has been readied from scratch in less than a year. The days of “It has always been done this way” are long gone!

About the Author –

Vijayalakshmi comes with 20 years of Marketing and Academic experience. She is the Founder and Managing Trustee at ZRII TRUST. ZRII was formed as a platform to deliver high-impact social projects through Corporate Social Responsibility (CSR) funds.

Her work includes raising awareness about modern-day issues that women and children face. She is actively involved in ensuring safer and improved workspaces for women. Some of her trophy programs are under women empowerment which includes a year-long training program for women of southern Tamil Nadu, a driver training program for women to drive app-based cabs, and placement of women in factories.

Vijayalakshmi is an ombudsperson at GAVS and guides GAVS in our endeavor to be a gender-balanced and respectful workplace.

From Good to Great – DNA of a Successful Leader (PART II)

Rajeswari S

Before you are a leader, success is all about growing yourself. When you become a leader, success is all about growing others” – Jack Welch

In my previous article, I wrote about a few qualities that make for a good leader. In this article, I discuss a few ways in which a leader can become great from good.

  1. Seek to understand and be understood: Seeking feedback and taking criticisms is not an easy task for anyone. When you are holding a leadership position and people look up to you, it is even more difficult. But a true leader does exactly that and does it HONESTLY. A good leader focuses on the needs of others. When you are open to feedback and constructive criticism, you have the right to give the same to others. Make genuine efforts to listen when your team speaks. Great leaders listen first, speak second.
  1. Be there: Being there is just not about being the center of attention. You need to be there for your people during critical times and help members across your organization find solutions to roadblocks. Mentorship is an art. Your people should accept you as their mentor and gaining that space is not as easy.
  1. Demonstrate empathy and compassion: This quality is an extension of the previous point. When you are laser-focused on your goals, it can be difficult to focus on the needs of others around. You need to know not only how your actions affect people, but what you need to do to show understanding and sympathy for others.
  1. Get curious: Leaders are often driven with an insatiable desire to learn; they push the limits of what’s possible and explore opportunities as a continuous process. Expanding your mind can often be as simple as reading and asking ‘why’ more often. Curiosity can help you to get to the root of a problem and promote better ideas and thoughts. Leaders think and embrace others’ ideas. A correctly asked question with the right intention could lead to many opportunities and achievements.
  1. Be in the know: Leaders go out of their way to stay educated and up-to-date. Intentional learning is a continuous process of acquiring, understanding information with the goal of making yourself more intelligent and prepared on a specific subject. People cannot always see your work, it is how you talk that creates the first impression. When you make an informed or up-to-date speech, you get the edge over others.
  1. Enjoy the ride: Smart leaders know that their journey is often more rewarding than their destination. Which is why they take the time to enjoy life and what they have already achieved because they know nothing can last forever. When you can enjoy the journey, you’ll be amazed by what you can learn. A great leader embraces each day as an experience. They grow every day!
  1. Celebrate and Connect: Leaders working toward a brighter future share their success with the people they care about – business partners and customers, family and friends, employees, and their families, etc. Great leaders celebrate other’s victory as their own; this creates a high-performing team and culture. A true captain takes time to know about the people around her and their lives. It goes a long way in running not only a successful business but a happy one too!
  1. Pursue new experiences: Mountains are interesting to watch and hike. Why? Because of its rugged terrain and unpredictable nature. Straight roads are boring, that is why we sleep on a highway drive! An intelligent leader is never complacent and constantly pushes himself out of his comfort zone. To stay prepared for any bumps along the road, leaders actively pursue new experiences that allow them to learn and grow. From starting a new venture to coaching a little league to diversifying the business.

Unique brands of Leadership

A quick look at successful CEOs, new-age entrepreneurs, and their unique leadership mantras:

Ø  Sundar Pichai, CEO, Alphabet Inc. and its subsidiary Google LLC

Leadership mantra:

  1. Never forget your roots
  2. Focus more on others’ success than your own
  3. Empower the youth
  4. Stay humble and keep learning

Ø  Bill Gates, Founder, Microsoft

Leadership mantra: 

  1. Knowledge is different from wisdom
  2. Take a step-by-step approach to make progress towards your vision
  3. Empower people to create new opportunities to explore ideas; Embrace creativity
  4. Be caring and passionate

Ø  Suchi Mukherjee, CEO, Limeroad, an Indian online marketplace
Leadership mantra: True leadership is about enabling the voice of the youngest team member.

Ø  Amit Agarwal, CEO, NoBroker, a real estate search portal
Leadership mantra: Leaders provide employees the opportunity to be leaders themselves.

References   

About the Author –

Rajeswari is part of the IP team at GAVS. She is involved in technical and creative content development for the past 13 years. She is passionate about music and writing and spends her free time watching movies or going for a highway drive.

 

Tuning Agile Delivery for Customer and Employee Success

Ashish Joseph

What is Agile?

Agile has been very popular in the software development industry for empowering delivery to be more efficient and effective. It is a common misconception for Agile to be thought of as a framework or a process that follows a methodology for software development. But Agile is a set of values and principles. It is a collection of beliefs that teams can use for decision making and optimizing project deliveries. It is customer-centric and flexible, helping teams adapt accordingly. It doesn’t make the decision for the team. Instead, it gives a foundation for teams to make decisions that can result in a stellar execution of the project.

According to the Agile Manifesto, teams can deliver better by prioritizing the following over the other.

  • Individuals and Interactions over process and tools
  • Working Model over Comprehensive Documentation
  • Customer Collaboration over Contract Negotiation
  • Responding to Changes over following a Plan

With respect to Software Development, Agile is an iterative approach to project management which help teams deliver results with measurable customer value. The approach is designed to be faster and ensures the quality of delivery that is aided with periodic customer feedbacks. Agile aims to break down the requirement into smaller portions, results of which can be continuously evaluated with a natural mechanism to respond to changes quickly.

AIOps Artificial Intelligence for IT Operations

Why Agile?

The world is changing, and businesses must be ready to adapt to how the market demands change over time. When we look at the Fortune 500 companies from 1955, 88% of them perished. Nearly half of the S&P 500 companies is forecasted to be replaced every ten years. The only way for organizations to survive is to innovate continuously and understand the pulse of the market every step of the way. An innovative mindset helps organizations react to changes and discover new opportunities the market can offer them from time to time.

Agile helps organizations execute projects in an everchanging environment. The approach helps break down modules for continuous customer evaluation and implement changes swiftly.

The traditional approach to software project management uses the waterfall model, where we Plan, Build, Test, Review and Deploy. But this existing approach would result in iterations in the plan phase whenever there are deviations in the requirement with respect to the market. When teams choose agile, it helps them respond to changes in the marketplace and implement customer feedback without going off the plan. Agile plans are designed in such a manner to include continuous feedback and its corresponding changes. Organizations should imbibe the ability to adapt and respond fast to new and changing market demands. This foundation is imperative for modern software development and delivery.

Is Agile a right fit for my Customer? People who advocate Agile development claim that Agile projects succeed more often than waterfall delivery models. But this claim has not been validated by statistics. A paper titled “How Agile your Project should be?” by Dr. Kevin Thompson from Kevin Thompson Consulting, provides a perspective from a mathematical point of view for both Agile and Waterfall project management. Here both approaches were followed for the same requirements and were also affected by the same unanticipated variables. The paper focused on the statistical evidence to support the validity of both the options to evaluate the fit.

While assessing the right approach, the following questions need to be asked

  • Are the customer requirements for the project complete, clear and stable?
  • Can the project effort estimation be easily predicted?
  • Has a project with similar requirements been executed before?

If the answer to all the above questions are Yes, then Agile is not the approach to be followed.

The Agile approach provides a better return on investment and risk reduction when there is high uncertainty of different variables in the project. When the uncertainty is low, waterfall projects tend to be more cost effective than agile projects.

Optimizing Agile Customer Centricity

Customer centricity should be the foundation of all project deliveries. This help businesses align themselves to the customer’s mission and vision with respect to the project at hand. While we consider an Agile approach to a project in a dynamic and changing environment, the following are some principles that can help organizations align themselves better with their customer goals.

  • Prioritizing Customer Satisfaction through timely and continuous delivery of requirements.
  • Openness to changing requirements, regardless of the development phase, to enable customers to harness the change for their competitive advantage in the market.
  • Frequent delivery of modules with a preference towards shorter timelines.
  • Continuous collaboration between management and developers to understand the functional and non-functional requirements better.
  • Measuring progress through the number of working modules delivered.
  • Improving velocity and agility in delivery by concentrating on technical excellence and good design.
  • Periodic retrospection at the end of each sprint to improve delivery effectiveness and efficiency.
  • Trusting and supporting motivated individuals to lead projects on their own and allowing them to experiment.

Since Agile is a collection of principles and values, its real utility lies in giving teams a common foundation to make good decisions with actionable intelligence to deliver measurable value to their customers.

Agile Empowered Employee Success

A truly Agile team makes their decisions based on Agile values and principles. The values and principles have enough flexibility to allow teams to develop software in the ways that work best for their market situation while providing enough direction to help them to continually move towards their full potential. The team and employee empowerment through these values and principles aid in the overall performance.

Agile not only improves the team but also the environment around which it is established by helping employees to be compliant with respect to audit and governance.  It reduces the overall project cost for dynamic requirements and focuses on technical excellence along with an optimized process for its delivery. The 14th Annual State of Agile Report 2020 published by StateofAgile.com surveyed 40,000 Agile executives to get insights into the application of Agile across different areas of enterprises. The report surveyed different Agile techniques that contributed most towards the employee success of the organization. The following are some of the most preferred Agile techniques that helped enhance the employee and team performances.

Best AI Auto Discovery Tools

All the above Agile techniques help teams and individuals to introspect their actions and understand areas of improvement in real time with periodic qualitative and quantitative feedback. Each deliverable from multiple cross functional teams can be monitored, tracked and assessed under a single roof. All these techniques collectively bring together an enhanced form of delivery and empower each team to realize their full potential.
Above all, Agile techniques help teams to feel the pulse of the customer every step of the way. The openness to change regardless of the phase, helps them to map all the requirements leading to an overall customer satisfaction coupled with employee success.

Top 5 Agile Approaches

Best AIOps Platforms Software

A Truly Agile Organization

Majority of the Agile approach has been concentrated towards development, IT, and Operations. However, organizations should strive towards effective alignment and coordination across all departments. Organizations today are aiming for greater expansion of agility into areas beyond building, deploying, and maintaining software. At the end of the day, Agile is not about the framework. It is all about the Agile values and principles the organizations believe in for achieving their mission and vision in the long run.

About the Author –

Ashish Joseph is a Lead Consultant at GAVS working for a healthcare client in the Product Management space. His areas of expertise lie in branding and outbound product management. He runs a series called #BizPective on LinkedIn and Instagram focusing on contemporary business trends from a different perspective. Outside work, he is very passionate about basketball, music, and food.

Why is AIOps an Industrial Benchmark for Organizations to Scale in this Economy?

Ashish Joseph

Business Environment Overview

In this pandemic economy, the topmost priorities for most companies are to make sure the operations costs and business processes are optimized and streamlined. Organizations must be more proactive than ever and identify gaps that need to be acted upon at the earliest.

The industry has been striving towards efficiency and effectivity in its operations day in and day out. As a reliability check to ensure operational standards, many organizations consider the following levers:

  1. High Application Availability & Reliability
  2. Optimized Performance Tuning & Monitoring
  3. Operational gains & Cost Optimization
  4. Generation of Actionable Insights for Efficiency
  5. Workforce Productivity Improvement

Organizations that have prioritized the above levers in their daily operations require dedicated teams to analyze different silos and implement solutions that provide the result. Running projects of this complexity affects the scalability and monitoring of these systems. This is where AIOps platforms come in to provide customized solutions for the growing needs of all organizations, regardless of the size.

Deep Dive into AIOps

Artificial Intelligence for IT Operations (AIOps) is a platform that provides multilayers of functionalities that leverage machine learning and analytics.  Gartner defines AIOps as a combination of big data and machine learning functionalities that empower IT functions, enabling scalability and robustness of its entire ecosystem.

These systems transform the existing landscape to analyze and correlate historical and real-time data to provide actionable intelligence in an automated fashion.

Data Center Migration Planning Tools

AIOps platforms are designed to handle large volumes of data. The tools offer various data collection methods, integration of multiple data sources, and generate visual analytical intelligence. These tools are centralized and flexible across directly and indirectly coupled IT operations for data insights.

The platform aims to bring an organization’s infrastructure monitoring, application performance monitoring, and IT systems management process under a single roof to enable big data analytics that give correlation and causality insights across all domains. These functionalities open different avenues for system engineers to proactively determine how to optimize application performance, quickly find the potential root causes, and design preventive steps to avoid issues from ever happening.

AIOps has transformed the culture of IT war rooms from reactive to proactive firefighting.

Industrial Inclination to Transformation

The pandemic economy has challenged the traditional way companies choose their transformational strategies. Machine learning-powered automations for creating an autonomous IT environment is no longer a luxury. The usage of mathematical and logical algorithms to derive solutions and forecasts for issues have a direct correlation with the overall customer experience. In this pandemic economy, customer attrition has a serious impact on the annual recurring revenue. Hence, organizations must reposition their strategies to be more customer-centric in everything they do. Thus, providing customers with the best-in-class service coupled with continuous availability and enhanced reliability has become an industry standard.

As reliability and scalability are crucial factors for any company’s growth, cloud technologies have seen a growing demand. This shift of demand for cloud premises for core businesses has made AIOps platforms more accessible and easier to integrate. With the handshake between analytics and automation, AIOps has become a transformative technology investment that any organization can make.

As organizations scale in size, so does the workforce and the complexity of the processes. The increase in size often burdens organizations with time-pressed teams having high pressure on delivery and reactive housekeeping strategies. An organization must be ready to meet the present and future demands with systems and processes that scale seamlessly. This why AIOps platforms serve as a multilayered functional solution that integrates the existing systems to manage and automate tasks with efficiency and effectivity. When scaling results in process complexity, AIOps platforms convert the complexity to effort savings and productivity enhancements.

Across the industry, many organizations have implemented AIOps platforms as transformative solutions to help them embrace their present and future demand. Various studies have been conducted by different research groups that have quantified the effort savings and productivity improvements.

The AIOps Organizational Vision

As the digital transformation race has been in full throttle during the pandemic, AIOps platforms have also evolved. The industry did venture upon traditional event correlation and operations analytical tools that helped organizations reduce incidents and the overall MTTR. AIOps has been relatively new in the market as Gartner had coined the phrase in 2016.  Today, AIOps has attracted a lot of attention from multiple industries to analyze its feasibility of implementation and the return of investment from the overall transformation. Google trends show a significant increase in user search results for AIOps during the last couple of years.

Data Center Consolidation Initiative Services

While taking a well-informed decision to include AIOps into the organization’s vision of growth, we must analyze the following:

  1. Understanding the feasibility and concerns for its future adoption
  2. Classification of business processes and use cases for AIOps intervention
  3. Quantification of operational gains from incident management using the functional AIOps tools

AIOps is truly visioned to provide tools that transform system engineers to reliability engineers to bring a system that trends towards zero incidents.

Because above all, Zero is the New Normal.

About the Author –

Ashish Joseph is a Lead Consultant at GAVS working for a healthcare client in the Product Management space. His areas of expertise lie in branding and outbound product management. He runs a series called #BizPective on LinkedIn and Instagram focusing on contemporary business trends from a different perspective. Outside work, he is very passionate about basketball, music, and food.

Patient Segmentation Using Data Mining Techniques

Srinivasan Sundararajan

Srinivasan Sundararajan

Patient Segmentation & Quality Patient Care

As the need for quality and cost-effective patient care increases, healthcare providers are increasingly focusing on data-driven diagnostics while continuing to utilize their hard-earned human intelligence. Simply put, data-driven healthcare is augmenting the human intelligence based on experience and knowledge.

Segmentation is the standard technique used in Retail, Banking, Manufacturing, and other industries that needs to understand their customers to provide better customer service. Customer segmentation defines the behavioral and descriptive profiles of customers. These profiles are then used to provide personalized marketing programs and strategies for each group.

In a way, patients are like customers to healthcare providers. Though the element of quality of care takes precedence than profit-making intention, a similar segmentation of patients will immensely benefit the healthcare providers, mainly for the following reasons:

  • Customizing the patient care based on their behavior profiles
  • Enabling a stronger patient engagement
  • Providing the backbone for data-driven decisions on patient profile
  • Performing advanced medical research like launching a new vaccine or trial

The benefits are obvious and individual hospitals may add more points to the above list; the rest of the article is about how to perform the patient segmentation using data mining techniques.

Data Mining for Patient Segmentation

In Data Mining a, segmentation or clustering algorithm will iterate over cases in a dataset to group them into clusters that contain similar characteristics. These groupings are useful for exploring data, identifying anomalies in the data, and creating predictions. Clustering is an unsupervised data mining (machine learning) technique used for grouping the data elements without advance knowledge of the group definitions.

K-means clustering is a well-known method of assigning cluster membership by minimizing the differences among items in a cluster while maximizing the distance between clusters. Clustering algorithm first identifies relationships in a dataset and generates a series of clusters based on those relationships. A scatter plot is a useful way to visually represent how the algorithm groups data, as shown in the following diagram. The scatter plot represents all the cases in the dataset, and each case is a point on the graph. The cluster points on the graph illustrate the relationships that the algorithm identifies.

AIOps Artificial Intelligence for IT Operations

One of the important parameters for a K-Means algorithm is the number of clusters or the cluster count. We need to set this to a value that is meaningful to the business problem that needs to be solved. However, there is good support in the algorithm to find the optimal number of clusters for a given data set, as explained next.

To determine the number of clusters for the algorithm to use, we can use a plot of the within cluster’s sum of squares, by the number of clusters extracted. The appropriate number of clusters to use is at the bend or ‘elbow’ of the plot. The Elbow Method is one of the most popular methods to determine this optimal value of k i.e. the number of clusters. The following code creates a curve.

AIOps Digital Transformation Solutions
AI Devops Automation Service Tools

In this example, based on the graph, it looks like k = 4 would be a good value to try.

Reference Patient Segmentation Using K-Means Algorithm in GAVS Rhodium Platform

In GAVS Rhodium Platform, which helps healthcare providers with Patient Data Management and Patient Data Sharing, there is a reference implementation of Patient Segmentation using K-Means algorithm. The following are the attributes that are used based on a publicly available Patient admit data (no personal information used in this data set). Again in the reference implementation sample attributes are used and in a real scenario consulting with healthcare practitioners will help to identify the correct attributes that is used for clustering.

 To prepare the data for clustering patients, patients must be separated along the following dimensions:

  • HbA1c: Measuring the glycated form of hemoglobin to obtain the three-month average of blood sugar.
  • Triglycerides: Triglycerides are the main constituents of natural fats and oils. This test indicates the amount of fat or lipid found in the blood.
  • FBG: Fasting Plasma Glucose test measures the amount of glucose levels present in the blood.
  • Systolic: Blood Pressure is the pressure of circulating blood against the walls of Blood Vessels. This test relates to the phase of the heartbeat when the heart muscle contracts and pumps blood from the chambers into the arteries.
  • Diastolic: The diastolic reading is the pressure in the arteries when the heart rests between beats.
  • Insulin: Insulin is a hormone that helps move blood sugar, known as glucose, from your bloodstream into your cells. This test measures the amount of insulin in your blood.
  • HDL-C: Cholesterol is a fat-like substance that the body uses as a building block to produce hormones. HDL-C or good cholesterol consists primarily of protein with a small amount of cholesterol. It is considered to be beneficial because it removes excess cholesterol from tissues and carries it to the liver for disposal. The test for HDL cholesterol measures the amount of HDL-C in blood.
  • LDL-C: LDL-C or bad cholesterol present in the blood as low-density lipoprotein, a relatively high proportion of which is associated with a higher risk of coronary heart disease. This test measures the LDL-C present in the blood.
  • Weight: This test indicates the heaviness of the patient.

The above tests are taken for the patients during the admission process.

The following is the code snippet behind the scenes which create the patient clustering.

Best AIOps Platforms Software

The below is the output cluster created from the above algorithm.

Just from this sample, healthcare providers can infer the patient behavior and patterns based on their creatinine and glucose levels, in real-life situations other different attributes can be used.

AI will play a major role in future healthcare data management and decision making and data mining algorithms like K-Means provide an option to segment the patients based on the attributes which will improve the quality of patient care.

About the Author –

Srini is the Technology Advisor for GAVS. He is currently focused on Healthcare Data Management Solutions for the post-pandemic Healthcare era, using the combination of Multi Modal databases, Blockchain and Data Mining. The solutions aim at Patient data sharing within Hospitals as well as across Hospitals (Healthcare Interoprability), while bringing more trust and transparency into the healthcare process using patient consent management, credentialing and zero knowledge proofs.

Getting The Best From Healthcare AI

Tim perry

Tim Perry

Co-founder & CIO, Healthcare Too

Advisor to the CIO of AgFirst

Is Healthcare Artificial Intelligence The Answer?

To help explain the future of healthcare Artificial Intelligence (AI) let’s borrow a few lines from Lewis Carroll’s classic Alice in Wonderland:

Alice: Would you tell me, please, which way I ought to go from here?

The Cheshire Cat: That depends a good deal on where you want to get to.

So it is with healthcare AI. It really just depends on where we want to go with healthcare in the US (and globally for that matter). Much of the current conversation seems to be on using AI to improve medical care. Hospitals want to use data from retail clinics, homes, government agencies, and more to predict individual medical needs. Big Tech companies try to apply AI to diagnose diseases better than physicians. Insurers collect massive amounts of data to manage better their risk pool through AI.

AI in Healthcare

A common theme for so many of these healthcare AI scenarios is that AI improves the efficiency of the current system. That improvement is supposedly good for everyone: patients, providers, insurers. And that is also where we get it terribly wrong. If we really want to make the most of healthcare AI investments and promote wellbeing there are two things we must remember:

  1. No one wants to be a patient, but everyone wants to be healthy.
  2. AI offers only point solutions, not a universal truth.

Everyone Wants To Be Healthy

No one wants to be a patient, not even doctors and nurses. The patient experience is painful, frightening, and terribly expensive (in the US anyway). Everyone would much prefer to remain healthy and never see the inside of a hospital. In the US sick care system, however, there is a financial incentive only when there is a diagnosis and treatment. Healthcare AI solutions that do not produce more diagnoses and treatments are not viable in our current sick care system. Like Alice, we must know which way we want to go: more sick care or a new system for health and wellbeing?

AI Offers Only Point Solutions

Artificial Intelligence comes in two basic flavors: 1) General and 2) Narrow. Again, we must plan and invest knowingly to get to where we want to go. These investments over the next 5-10 years will largely determine the direction of Healthcare for decades.

General AI

This is the sexy AI, the stuff we see in science fiction. Computers are so smart that they can address any type of problem decisively and with lightning speed. We use words like “reasoning” or “thinking” when we imagine the power of General AI. As far as our investments and resources go for healthcare AI the General AI option is many years away. We cannot afford to invest in fiction.

Narrow AI

That leaves us to consider narrow AI. These are solutions that are focused on a specific task like search, image analysis, or driving a car. Each is a significant undertaking and requires advanced capabilities. These point solutions in healthcare AI are already underway. Unfortunately, many of the solutions are those that focus on more diagnoses and treatments in the current sick care model. This is not where we want to go.

Healthcare AI For Health

IT Operations Management Software

Focused on Narrow AI, we can envision healthcare where AI promotes health as a state of complete physical, mental, and social well-being and not merely the absence of disease or infirmity (as the World Health Organization defines health). There are near countless examples of improving health with AI when we think holistically about real healthcare requirements:

  • Instead of more diagnoses and treatments, what about healthcare AI that weans patients off medications with improvements in nutrition and other social determinants of health?
  • Maybe AI that offers an appropriate personalized spiritual thought based on facial expression, voice tone, or body posture?
  • What about AI for positive online social interactions that help filter negative experiences and protect privacy instead of tracking every movement/action to provide more ads?
  • If we allow AI-driven cars on our roads why not self-driving food trucks with fresh produce and prepared foods for areas we currently call “food deserts”?
  • And just imagine, if you will, an AI that evaluated a person’s current health not only against mountains of conventional medical data from the last hundred years but millennia of data from traditional medical systems like Ayurveda and Traditional Chinese Medicine?

There are countless applications for real healthcare AI. We only need to decide where we are going. Be Well!

About the Author –

Tim Perry, MPA, MS, CPHIMS, CISSP is the Co-Founder & Chief Information Officer of Consumer Health platform HealthCare Too. At present, Tim is an advisor to the CIO of AgFirst and plays a key role in Strategy and Planning of the organization. Over the past 3 decades, Tim has worked in Fortune 50 executive leadership roles as well as startups and has developed a deep passion for transforming healthcare. He is blessed with a wonderful wife and two inspiring children. Tim has practiced Tai Chi (Taiji Chuan) for 20 years and enjoys cooking wholesome (and easy) meals.