Zaki Saleh, Vice President and General Manager of Global Health Business at Peraton, recently spoke with ExecutiveBiz about how the federal health sector continues to be influenced by IT modernization and improved network, data and platforms.
Additionally, Saleh discussed the challenges of implementing zero trust and the renewed focus on data security for our government agencies. He also spoke about the progress our industry is making in emerging technologies as well as the unique challenges on the business side of innovation in the latest Executive Spotlight interview.
“The core of the Zero Trust architecture is around the Policy Administrator and the Policy Engine. This is the point of determination for all access and without their approval no connection will be allowed. This means focusing on configuring and maintaining these two aspects of the Zero Trust architecture.
You can read Zaki Saleh’s full interview below:
ExecutiveBiz: As Zero Trust technology becomes a major focal point, what can you tell us about the challenges of implementing Zero Trust architectures and focusing on data security?
Zaki Saleh: “Agencies have transformed their security architectures over time to meet the needs of the threats they face. Most of this architecture followed a “castle-moat” construction – trust everyone inside the castle and no one on the other side of the moat.
It was reasonably effective; However, as we moved to cloud computing and adopted a more hybrid and distributed workforce strategy, perimeters became blurred and credential theft increased.
Over the past few years, Peraton has worked with various Zero Trust initiatives alongside federal, state, and local governments as well as the Department of Defense to address this digital shift. Accordingly, we have identified the main challenges and solutions for success.
First of all, the Zero Trust architecture is not a “one size fits all” situation. Each agency has nuances – for example, varying number of legacy applications, different architectures, various investments in software to perform some of the zero-trust functions.
It is necessary to properly assess the organization’s current cybersecurity state against the principles of the zero trust concept to create a custom zero trust architecture with the right software applications effectively integrated into a cost-effective cyber defense solution.
Implementing zero trust architectures requires assessing the current landscape. Most agencies have legacy systems that can be very expensive to revamp to accommodate a zero-trust architecture. There are also various guidelines such as NIST, GSA, OMB, DoD and CISA as well as agency specific guidelines. Understanding which framework/strategy to adopt can sometimes be confusing.
Implementing the Zero Trust architecture requires a policy decision and policy enforcement point. Essentially, this is where rules are placed to grant, revoke, or deny a user access to certain corporate resources, while simultaneously allowing termination and the ability to monitor connections.
These new policy decision points can impact organizational change, requiring organizational members to have less access than they have historically or to request permission to gain increased access than they have historically. they may have had in the past.
Additionally, the core of the Zero Trust architecture is around the Policy Administrator and the Policy Engine. This is the point of determination for all access and without their approval no connection will be allowed. This means focusing on configuring and maintaining these two aspects of the Zero Trust architecture.
ExecutiveBiz: Over the past few years, what are some of the biggest improvements you’ve seen in the way we talk and think about innovation in the federal sector since the rise of cybersecurity, AI/ML, 5G and other emerging technologies?
Zaki Saleh: “There is some buzz around AI/ML in the industry. Let’s take a specific example around COVID and how AI/ML can help with innovations in detecting future outbreaks. The United States has established disease surveillance systems.
The current disease surveillance system that uses medical indicators such as new case rates, lab test results, hospitalization rates, death rates, etc., has done what it was designed to do. These are lagging indicators of a new outbreak.
They cannot be collected and analyzed quickly enough by public health officials to immediately detect and act on a new outbreak. This takes time with our current systems. This is not ideal and needs improvement.
Technology can speed up the detection of a new outbreak by looking for leading indicators of a new disease outbreak by using AI and machine learning to look at non-medical indicators from social media or other indicators that something is wrong. something unusual happens, such as increases (spikes) in retail sales of items like cold medicine, tissues or other similar items during the summer months without a cold season. Predictive analytics is what I’m referring to here.
Faster collection, aggregation, dissemination and analysis of medical indicators such as laboratory tests using AI/MI could also speed up the detection, communication and planning of a new epidemic as well as the chain of medical supply in response to an outbreak as well as resupply.
For example, US fighters may be deployed across the globe where internet connectivity may be difficult to come by in a theater. Peraton can deploy cloud solutions “at the edge” to address these challenges. We can use 5G to upload real-time data to the cloud and provide our fighters with the best information to move forward.
ExecutiveBiz: As the federal health sector continues to be heavily influenced by IT modernization and a wide range of other initiatives to improve its networks, platforms and data, what are the biggest improvements being developed in the field of federal health and what still needs to be addressed?
Zaki Saleh: “Another big question. I will highlight that data modernization in healthcare is one of the areas where we are seeing great improvements. In the United States, healthcare is full of disconnected data sets that cannot be viewed or acted upon by patients, providers, and payers.
Although the broader industry shift to certified electronic health records (EHR) technology has provided readable digital records and more portable data, it has failed to measurably improve the cost, efficiency and satisfaction with health care services.
On average, it takes 17 years to integrate best healthcare practices into the flow of medicine. It creates inefficiencies (duplication of tests, treatments, etc.) which increase the cost of care and ultimately become a brake on the quality of care. Assessing quality of care in time to make a difference with high-risk patients is simply not feasible due to fragmented and poorly standardized population health data sets.
At Peraton, we have sought to harness technology to break down barriers to care – we call it “Care without Boundaries” and have built a digital health data integration center which we brand as HealthConcourse. To achieve care without borders, we strive to enable full interoperability of all assets that are shared or of mutual interest to multiple stakeholders.
Namely, we aim to overcome the boundaries prohibiting data interoperability (the sharing of medical records), knowledge interoperability (the sharing of clinical decision support algorithms and models) and the interoperability of process (the sharing of workflow and situational context).
The end result is that our providers, payers and patients can focus on delivering the best care possible using HealthConcourse as an interoperable data platform.
ExecutiveBiz: We often discuss innovation on the technical or capability side. What are some of the unique challenges you’ve seen on the business side of innovation that haven’t been sufficiently addressed or discussed?
Zaki Saleh: “Great question on the business side of innovation, not just technology innovation. Our customers are starting to partner with us on as-a-service offerings as they consider moving from CapEx to OpEx.
Simply put, CapEx and OpEx are how companies invest. While CapEx refers to capital expenditure for the purchase of goods, OpEx refers to operating costs.
In the world of Everything as a Service, the move from CapEx to OpEx is a very important discussion, similar to the decisions we make as consumers to say buy a car in advance (which is like spending CapEx) or choose to rent a car for a month payment (more like OpEx) or just rent a car when you need it waiving the expense of buying or leasing a car and related costs.
Think of OpEx more as rental capacity as needed and scale up or down as needed to consume that capacity.
Our customers need the flexibility to scale up or down as they consume resources and capacity and seek utility-based pricing. We have offerings for IT as a Service or Commerce as a Service. Some examples of computing as a service would be hybrid cloud as a service or storage as a service. For Business as a Service, we offer our customers, for example, digital transformation as a service or intelligent contact center as a service.
Peraton recently acquired the business as a service (aaS) of ViON Corporation, enhancing our offerings in the design, delivery and governance of critical IT infrastructure for our government customers. Additional aaS offerings provide our government customers with more flexibility and resiliency in storage, compute, and network capacity. »