Blue glowing high energy plasma field in space, computer generated abstract background

Project Horizon: The “Secure” Journey to the Cloud – Software-as-a-Service and the Compliant Enterprise

An Office of the CTO Guest Blog

By Noah Wasmer, Director of Advanced Development, VMware


At VMware, we love to read the latest Gartner and IDC reports, but what we love more than anything is our road trips into the field.  I am lucky enough to work in advanced development at VMware, and one of our biggest priorities is to get out in the field to better understand use cases – ensuring that the next generation technologies we develop and deliver are helping customers to solve real pain points.


On one such road trip, I had an opportunity to meet with several healthcare workers at Stanford Medical Center, where I was able to learn not only about their work, but also got the chance to experience their day-to-day interactions with  the technology that helps them do their jobs.


As many folks may have seen at VMworld, Project Horizon is based on the hypothesis that there is a significant diversity of devices such as mobile phones and tablets, by which users are accessing work related apps and data.  While this may seem obvious, we are looking for precise use cases, and quickly found them among the employees at Stanford Medical Center.  Specifically, we want to know if users are simply exploring Facebook and YouTube on their Androids and iPhones, or is it a blend of mission critical enterprise applications being accessed?


Untitled-3 copy.png


As I started walking through the hospital halls, I noticed several tablets being used by the staff.  Doctors and nurses were checking email, schedules, and updates as they moved between patients.  SMS was the most common form of communication within the buildings.  Particularly interesting was an interaction between a contractor and a surgeon, in which the contractor was demoing a new set of medical devices on an iPad.


The business value of mobile devices was instantly solidified as the contractor demoed new tools for facial traumas, embedded videos of the tool in practice, and advanced medical options for specific injuries.  The doctor engaged with very specific questions as several issues had come up recently. It was incredible to see the value of immediate detailed knowledge transfer that could be conveyed in a two-minute hallway conversation, largely enabled by the portability and interactivity of the mobile device.


Over the course of the next couple hours, I talked with several different doctors, nurses, administrators and IT managers, and they each walked me through different applications leveraged by the hospital.  On PCs, the staff really only used a single application, largely Cerner or Epic.  However, on the iPad, users were accessing SharePoint files, Outlook Web Access, and three other password protected SaaS applications that provided scheduling, notices, and procedure best practices.


It was validating to see that most of the applications used by the hospital are accessible through a browser.  It was also immediately clear that there are still pain points left to be solved.  While going through the different apps, one user had to reset their password on not one, but two different sites – one where they couldn’t remember the password and the other that expired after sixty days – to which the user let out a vocal sound of frustration.


We also had a chance to sit down with several senior IT administrators, who wanted nothing more than to be able to support their staff on iPads, but did not have the tools to secure patient records on these mobile platforms.  Their largest concern was not only to ensure that a healthcare worker’s identity allowed single-sign-on into new hospital SaaS applications, but more importantly, to limit the locations and devices where the applications could run.


Traditionally, this has been a value of solutions like – getting access on any browser, anywhere.  However, compliance requires app specific device control as SaaS apps often store files.  As we look to empower admins, we must find ways to set policy on diverse applications such as SaaS across different devices.


The trip was incredibly informative and we are taking these learnings and applying them to Project Horizon.  Horizon will work to create new policies, taking into account a user’s role, application types (such as SaaS vs. native application), device type and importantly, location.


Moving forward, we see this rich policy becoming mandatory in a world with heterogeneous devices, applications, and sensitive data – validated firsthand at the hospital.


Perhaps a supported Apple iPad a day will keep the doctor away … from complaining to IT administrators.