- It's lunchtime, and this is Brad Anderson's lunch break. Two of my favorite things about Microsoft are the smart people that constantly visit campus, and the great fleet of shuttles. Whenever I can I try to take advantage of both of these things, and grab lunch with some of the tech industries best and brightest. This week I meet up with John Houston, the chief information security officer at the University of Pittsburgh Medical Center. John, how are you doing? - What happened to the Ferrari? - I know that you are like a race car guy at heart, so I wanted to do something a little different, you know? - I could've caught an Uber you know. - Yeah, you know. So, University of Pittsburgh Medical Center. - Yep, UPMC. - And that's located in Atlanta? - Pittsburgh, Pittsburgh, Pennsylvania. - Yeah, gotcha. Top ten medical centers in the world. - Yep. - 60,000 employees, 30 hospitals, 5,000 beds. - Yep. - Man, you must be busy. - We are, and we're growing. Great place to work, been there for a long time. - How long you been there? - I've been there for about 20 years. - Wow. As I think about some of these, what do you call them, bellwether industries, and when I see financial healthcare, two specific ones, going to a new kind of a technology, or to a kind of a once in a generation shift like the cloud, I know that we have addressed, you know, the concerns around security et cetera, et cetera. - And I will also say this, Microsoft is one of the good guys. You have too much riding on your cloud products to allow something like a security incident to derail it. - That's existential for us. - So I look at Microsoft, and I almost always make the assumption that you're going to get it right or you're going to put a lot of effort into anything you do from a security perspective. It's sort of built in to the way you do business, and it's been that way for a long time It doesn't mean you're not a big target, but you take it seriously. But unfortunately, that can't be said for everybody. There are a lot of cloud apps that are being developed by small start up companies. Niche products, niche areas, and often the staff that do the development are very small, and don't necessarily understand security the way they necessarily should, or, when having to make the decision about building in more features and functions into their software. - Versus the fundamentals. - Or, the fundamentals like security. They're going to opt to put more features. - Sure. - Because that's what's going to allow them to. - That's how they sell. - To sell a product, or get traction with their product in the market. So I understand that, however, unfortunately often it's one's done to the exclusion of the other, and we've certainly had some situations where we've found that the security of these apps is wanting. - You get a chance to give a lot of key notes, and addresses in very big environments, but you've also testified in front of the senate. - I have, three times. - So what's more nerveracking, a big key note, or testifying in front of the senate? - Probably the senate. - That's what I would think too. - You know, when you're 15 feet from Hillary Clinton. - Under oath. - Or Ted Kennedy, it can be somewhat overwhelming. But it was a lot of fun as well, I wasn't a hostile witness. - How do you then look at the partners, the vendors you're gonna partner with, and push them to deliver what you need? - That's hard because often, the time between you think you need something, and when they can provide it is necessarily too short. You sort of have to hope that the market either stays up with the threats as the occur, because otherwise I think you're gonna always be reacting to the threat. I contend that I have to look at my portfolio of tools almost constantly. Any tool that I might use today just to secure my environment, in two to three, four years, could be obsolete. - If it even lasts that long. - So I'm constantly changing tool sets. It's not because I'm making bad decisions, it's because the threats change, the technologies change to confront the threats, and my business continues to evolve and to change. So the things that were suitable before just simply are no longer suitable. - You know, this is one of the points that we really try to push with all of our customers which is, if you're using, say you're on office 2010, great product, but it's seven years old. The sophistication of the attacks and stuff that are being leveled against everybody, has changed dramatically in that period of time. So one of our points to people I say is, you move to the cloud like you know, you guys are in the process of moving to office 365, you're gonna be more secure because you're gonna be up to date with all the latest innovations and all the latest defenses that we've implemented immediately. - As long as Microsoft can continue to be progressive, and deliver those up to date platforms, yeah, I agree with you. But that is a challenge for a lot of vendors is to continue to keep their software up to date and to evolve it. - [Brad] Next time on Brad Anderson's lunch break. - We used to work for a company that did a lot of defense work and they had the no spec catalog for all the different military specifications, and one of them was donuts. - Do they really? - So if you're gonna buy donuts for the military, there is a specification for donuts. I've seen the specification.
No comments:
Post a Comment