CURE FOR THE COMMON CLOUD:

HOW HEALTHCARE CAN SAFELY ENABLE THE CLOUD

Craig GuinassoGenomic HealthCISO

Krishna NarayanaswamyNetskopeChief Scientist

2

• Established in 2000 and is the world’s leading provider of genetic cancer diagnostic tests

• Corporate HQ – Redwood City, CA• Company’s lead product, the Oncotype Dx breast cancer test has been

shown to predict the likelihood of chemotherapy benefits as well as recurrence of invasive breast cancers

• 600,000 patient tests to date conducted by more than 1,400 physicians in 70 countries

• 800+ employees globally, $275M revenue in 2014

4

‣ Strong technology and services partnerships

‣ Discover cloud apps and assess risk‣ Govern all apps and data‣ Safely enable sanctioned cloud apps

‣ $131.4M from top Silicon Valley VCs‣Accel, Lightspeed, Iconiq,

Social+Capital‣Customers include

‣ 250+ employees globally, including North America, throughout Europe, and Asia-Pacific

‣ Early architects/executives from Palo Alto Networks, NetScreen, Cisco, McAfee, VMware

‣ First comprehensive CASB patent, 40+ additional patent claims across four categories

Let’s talk about the cloud…

There are 22,000+enterprise cloud apps today (and

growing)

7

Most IT departments underestimate

cloud app usage by 90%

Average number of cloud apps per enterprise

94% of these are not enterprise-ready

Cloud: Now playing on a mobile device near you

10

Nearly HALF of all cloud app activities originate from a mobile device

ONE THIRD of all DLP violations occur

on mobile devices

76.2% Of Cloud DLP Violations occur in healthcare and life sciences

68.5% Of DLP violations are protected health information (PHI)

Business vs. Mission Critical

Information Technology is not Genomic Health’s core business; however information delivery is fundamental to our unique science and patient value.

HistoryGenomic Health had “purpose built” systems maintained by “in-house” resources. This model wasn’t going to scale or support growing business needs.

IT CharterAgilityIntegrated & InnovativeScalable & Secure

Cloud storageData & analytics

Collaboration

Payor and pricing management

Line of business apps

Order management

Sample management

Genomic Health’s Data & Analytics Requirements vs. Twitter’s

!

FIND UNDERSTAND SECURE

FIND

Bob Jones in IT

Ashok Kumar in Marketing

Amy Bishop in Finance

Pierre Bonaparte in Research

Side-by-sidecomparisons

17

Risk assessment and discovery of unsanctioned app usage

UNDERSTAND

✔ Who? What group/OU? Where?

✔ What app/category? From what device?

✔ To whom? What content?A contract CRO clinician sent a

patient’s MRI to a counterpart via Box

…to which content…

See what users did…

…and see the who, what, when, where, and with whom

20

8% of data in cloud storage would violate DLP policy if the enterprise knew about it

SECURE✔ Block and coach

✔ Encrypt

✔ Prevent sharing outside of co.

✔ Require justification

✔ Perform “quiet” legal hold

Activity- and data-level

policies

✔ Quarantine and alert users

Standardize on enterprise-approved apps

• Too risky• Unacceptable

terms

Block Speed Bump Block/Coach Context-Driven• Unsanctioned app• Alert/guidance/

justification• “Data may be

made public”

• Sanctioned app/ activity

• DLP• Data = PHI

• If-then context• Person/group• Activity• Data residency

Enforce granular policies

24

Help people do the right thing

Your organization has standardized on Box. Would you like an account?

25

Dr. No

CIO, CISO and Sys Admins alike must broker new conversationswithin institutions.

Find ways to say “YES” while also maintaining appropriate control.

26

Thank you!

Craig Guinassocguinasso@genomichealth.com

Krishna Narayanaswamykrishna@netskope.com