Do you have an IT-related question that needs answering? Ask away.

When it comes to a person's health, it’s not always clear what the problems are until you have access into all relevant information, giving a complete picture for a medical professional to make conclusions. The same can be said of the health of an IT environment at a hospital or within a wider health trust. Without visibility into the data and gaining a clear understanding of what is factually going on, any assumptions made can be misleading, rarely achieve desired outcomes and in some cases, have dire consequences.

 

Why visibility is important

Focussing on just treating symptoms, rather than addressing an underlying medical condition, won’t yield long-term benefits. Likewise, without complete visibility into an IT environment or at least all the factors involved in the situation you’re dealing with, you’re not going to resolve the issue. Instead you’re potentially masking, delaying, assisting or circumventing the root cause. 

 

The IT world is becoming increasingly complex - Digitalisation, increasing IoT and remote working means workforces are more distributed than ever and user requirements are constantly changing/increasing. All of these factors make delivering IT as a service and meeting the demands on IT increasingly difficult, even from just a capability perspective; that’s before you even consider securing this Behemoth.

 

Clear visibility into this matrix provides the foundation to meaningful decision making, allowing leaders to give strategic direction based on knowledge, rather than assumption. Without this knowledge, how is it possible to prioritise, align IT with business goals, understand vulnerabilities and highlight the root cause of performance problems? 

 

Lack of visibility impacting efficiency and performance

There are a number of points to consider when discussing how poor visibility can impact efficiency and performance, including:

  1. Difficulty in understanding root cause of poor performance
  2. Employee acceptance of poor performance meaning a lack of feedback
  3. Reactive troubleshooting of inhibiting IT problems
  4. Measuring the cost of poor performance vs solution investment

 

Let’s take a closer look…



  1. Difficulty in understanding the root cause of poor performance

Expanding on our original point in the article, when IT issues occur, they tend to persist to some extent. This is often due to a lack of understanding into what the root of the problem is, an example: 

 

A help desk ticket comes in relating to a perceived hardware issue for poor performance, the hardware is checked, wireless connectivity, reboot, etc. Eventually, the issue is brushed under the carpet and never dealt with. 

 

With deeper visibility into the different areas, it could be identified that there was in fact no hardware or connectivity issue. The root cause was actually an application issue that was also impacting a number of other employees.

The impact of this in a healthcare organisation is:

  • A growing number of unresolved service tickets - Increasing pressure of IT teams
  • Longer meantime to resolution - Meaning medical staff are working inefficiently for longer
  • Increased burnout - From both IT and medical staff as systems are not working correctly
  • Massive inefficiencies - Increasing patient waiting times & treatment, costs and frustration.

 

This example brings us nicely to our next point.




  1. Employee acceptance of poor performance meaning a lack of feedback

Often an organisation's first notification of an issue is from their users, either phoning in an issue or raising a support ticket. Although these tickets can sometimes be quick fixes or repetitive, they are your indication of an issue and often the start to the troubleshooting process. 

 

If root causes of persistent issues aren’t found and resolved, the user becomes accepting of this level of performance, which can cause a domino effect of wider company inefficiencies.

 

Without this front-line feedback from your users and lack of visibility into the correct metrics to measure the end users experience, how are you able to tell if your network, applications or users are performing poorly? You don’t have any insight. 

 

Which can lead to our next problem, a constantly reactive state.




  1. Reactive troubleshooting of inhibiting IT problems

When you don’t have insight into your network, application and end user metrics, paired with poor feedback from your users due to acclimatisation of poor performance, you’re in a sticky situation.

 

Why?

 

Essentially, you’re only ever going to hear about or be made aware of issues that are already big, causing wide-scale disruption. You’ll be in a constant loop of reacting to IT problems, constantly putting out fires and never having the opportunity to solve the root cause and so the loop continues.

 

This makes it extremely difficult for change to take place, meaning operational and clinical efficacies cannot be found. The end result? Wasted budget, increased frustration and ultimately a poorer level of patient care due to medical staff not having the tools and systems working in the way they require.




  1. Measuring the cost of poor performance vs solution investment

When it comes to technology procurement, hiring expertise and investing in any solution, the key questions are:

 

  • What problem does this solve?
  • What does this enable us to do?
  • Is it worth the investment? 

 

These are impossible questions to answer if you can’t identify two pieces of information:

 

  1. What’s the scale of the problem
  2. What’s the root cause

 

Without understanding these two areas, you're either spending budget blindly or not investing the correct time, money and resources to a problem. 

 

One big initiative in Healthcare currently, is tooling/vendor consolidation. Why? Because poor procurement decisions have been made as there is a lack of understanding around the problem. Often we see a bandage for a scratch or a plaster for a break. 

 

The key to spending budget effectively and efficiently is understanding where you need to spend it and where you don’t. Visibility is the key to achieve this. 

 

The operational benefits of achieving visibility into healthcare IT systems

The role of IT is very similar, across many industry sectors. Fundamentally it supports the specialist in their job role, enables efficiencies where possible and underpins operations and business objectives. 

 

This doesn’t vary drastically for Healthcare where the role of IT is to enable medical and support staff to treat patients effectively and efficiently. But what does this mean in reality? 

 

It means the use of medical devices to more quickly and accurately gather information, treat or monitor patients. It means the sharing of patient information to relevant departments to ensure the correct course of action is taken and treatment is given. It means adding efficiency to relieve medical and support staff, where possible, to avoid burnout and ensure they are able and capable to conduct their roles. It’s about making sure everyone who relies on IT has the tools they need to do their job to the best of their ability. 

 

This can only be achieved when IT has the resource, knowledge and expertise to underpin healthcare operations and it starts with gaining that insight. What is required? What do I have? What do I need to do to meet the demand? 

 

When this can be achieved, the benefits are plentiful:

  • Decreased waiting time for patients
  • reduced burnout amongst IT, medical and support staff
  • Increased budget effectiveness
  • reduction in help desk tickets
  • faster mean time to resolution on tickets
  • Proactive management of IT as a service to healthcare.

 

The threat of poor visibility in healthcare

Now let’s turn our attention to the threat of not having visibility in healthcare IT environments. We all heard about WannaCry in 2017, although not specifically targeted, the speed at which it reduced the affected NHS departments to pen and paper highlighted the lack of strong cyber posture to deal with these types of cyber attacks. 

 

The first point is therefore clear, the NHS and wider healthcare sector are at significant risk of being majorly impacted by cyber attacks. These can cause service outages or impact normal IT system usage. This has a direct impact on patient care and can even be fatal if test results, medical records or treatment plans cannot be accessed. Not having visibility into potential ingress paths, vulnerabilities, network connectivity and active devices exposes networks to these wide spread, vicious attacks that move laterally and quickly.

 

Secondly, healthcare networks tend to have huge numbers of devices within them. From Medical devices like infusion pumps to unmanaged devices like personal phones or smart TVs. Not having visibility of these devices and their activity poses a huge threat, as each of them could be leveraged for access into the network. It is crucial to understand the access and activity of these devices, managed or unmanaged. 

 

Finally, we appreciate that many networks grow organically over time and some systems, although legacy, need to remain in place for a specific purpose. However, many healthcare networks are extremely complex - Tooling crossover, data duplication, random connectivity, confused network access, the list goes on. Fundamentally, complexity is hard to secure, it provides blind spots where vulnerabilities can be easily exploited. 

 

It’s not an overnight process but with insight into the network, you can begin to untie the knots and identify where time and resources can be spent to improve the situation as a whole. Want to make it easier? Seek ways of gaining deep visibility into your network, it’s devices, users and applications.

 

Visibility is the key to high performing, secure IT

To go full circle, we initially said:

 

“without visibility into the data and gaining a clear understanding of what is factually going on, assumptions can be misleading and rarely achieve desired outcomes.” 

 

This applies to performance, security and just about every other IT initiative a healthcare organisation can have, it really is the foundation to everything. Visibility can not only enable the benefits we have outlined above, it also significantly reduces the time to respond and improves effectiveness when reacting to any incident.

 

 

Our recommendation - before you discuss your next tooling or solutions procurement, ask yourself what you’re basing the decision on, and do you understand the situation as a whole?

Testimonials


“Net Consulting have been extremely flexible and willing to work within the demanding restraints necessary. They have also been able to successfully adapt the Riverbed and IBM solution to suit our specific requirements, such as the need for multiple security levels. The solution has been working well for around 2 years now and is a key capability for the MOD’s approach to service management"

Ministry of Defence

Read case study

“We needed to understand whether our applications could operate from a shared services datacentre. Net Consulting were able to give us the answers.”

Sheffield Hallam University

Read case study

"What Net Consulting provides us with is a baseline for where we are now. We can achieve our longer-term objectives with this robust foundation of information. It’s key to success, and that’s why we collaborate with companies like Net Consulting to build trust and deliver our outputs."

Ministry of Defence

Read case study

“The BlueArmour service allows us to see potential ingress paths an attacker can take into our network, as well as potential data egress paths. The service provides us with critical, prioritised information to quickly remediate issues."

Blake Morgan LLP

Read case study

“Unless you’re prepared to run a 24/7 security operation in-house, headed up by a team of seriously skilled people, you’re never going to match what BlueArmour ATD offers.”

Capital Law LLP

Read case study

“Net Consulting’s understanding of our requirement was evident through a superb bid and they showcased exactly the right approach. Clearly their Public Sector experience was transferable in terms of this engagement. Their cybersecurity expertise is very strong across the team, right from knowledgeable, technical and engaging leaders, through to their team of Floodlight SOC analysts. Net Consulting were under a very tight deadline, given the fact we needed to complete this piece of work within the financial year. They performed at a significant pace, were very reactive and agile, and never once let their high level of standards slip."

Digital Health and Care Wales

Read case study

Partners


palo-alto
ktsl
netscout-arbor
riverbed
Redseal
asmglobal
cgi
deep-secure
juniper-networks
bmc
Gigamon