Introduction of Guests & Discussion Topics
00:00:06
Speaker
Welcome to another Digital Health episode of Crossroads by Elantra, where our thoughts leader converged to explore the dynamic intersection of healthcare. In this session, the spotlight is on Rick Freilich. Rick is the CEO of Clear Data, a managed services vendor specializing in healthcare security and compliance.
00:00:22
Speaker
Joined by Elantra's in-house managed services expert, Michael Linace, the conversation delves into clear data's 15-year evolution, its recent decision to decouple services and software, and the challenges and opportunities presented by the healthcare cloud landscape. From the intricacies of selling to payer and provider markets, the future of managed services providers, Rick shares invaluable insights.
Cybersecurity Challenges in Healthcare
00:00:45
Speaker
The episode further navigates through the nuances of data breaches, the role of automation in cybersecurity services and the unique challenges posed by safeguarding PHI data in the cloud. Join us for a deep dive into the complexities, innovations, and key takeaways shaping the realm of healthcare technology and security.
00:01:04
Speaker
Hello, everyone. I'm Fred Laurier, and I head up the Digital Health Investment Banking practice at Elantra. On this episode, we have the great pleasure of hosting Rick Frelick, CEO of Clear Data, a leading managed services vendor focused on healthcare security and compliance. Given the topic, I took the liberty of inviting Erhone, henhouse managed services expert, Michael Linace. Michael, perhaps you could quickly introduce yourself.
00:01:27
Speaker
Sure. Happy to. Thanks, Fred. I'm Michael Inoche. I'm based in New York, and I co-lead the technology investment banking group at Elantra and specialize in application consulting and managed services businesses.
00:01:43
Speaker
Thanks, Michael. Before we jump into the actual questions, perhaps a quick bio on you, Rick. I did glance at your LinkedIn profile and correct me if I get any of it wrong, but the initial part of your career was spent managing businesses unit at large technology vendors like Dell and Oracle. In more recent years, you held sales leadership roles, including at Earthlink and Rackspace. Since August of 2022, you've been CEO of Clear Data. Is that a fair representation, Rick?
00:02:12
Speaker
Yeah, that's correct. And I also spent some time at RSA outseer sub. For the benefit of our listeners who may not be familiar with the business itself, could you please in a nutshell summarize how you serve health tech, payer and provider customers?
Rick Freilich's Career & Clear Data's History
00:02:28
Speaker
Yeah, clear data. We've been around for about 15 years and we're the first and obviously we think the best healthcare only provider of comprehensive cloud and we're saying public cloud security and compliance software and services really purpose-built for the healthcare industry. We're enabled by our powerful cyber health platform. So think of us as lots of managed services supported by our cyber health platform software.
00:02:56
Speaker
So these solutions include cloud security posture management CSPM as is properly known managed compliance so not just the software but the services layer on top of that.
00:03:09
Speaker
And then MDR, managed detection response. In addition, we do a lot of the cloud operations for the workloads we manage for our healthcare customers in the cloud to protect their PHI and other sensitive healthcare data. We're certified high trust. We remain compliant with HIPAA, GDPR, SOC 2, ISO 27001. That's what we do. And we've got customers in the payer area, in the provider area, and what we call health tech.
00:03:38
Speaker
which are software companies selling software solutions to healthcare, medical device manufacturers who have data that they need to protect in the cloud, and healthcare services companies selling it to healthcare.
Service Decoupling for Customization
00:03:50
Speaker
For most of its history, Clear Data has offered a single bundle technology solution that included managed services. You are now moving into a couple software from your service offering and sell them separately. What drove this decision?
00:04:04
Speaker
I think this was our desire to meet customers where they were. Some customers are pretty new to the cloud and they really want us to have a white glove approach where we're doing all the services for them. We're managing that total workload in the cloud for them with their PHI data. And as they get more sophisticated, they're like, you know what? I really just want to use the software or I just want to use your MDR service with the software. I don't need as much support on the services for compliance. And now we can actually
00:04:33
Speaker
break apart all these services and software offerings into the different pieces and also innovate on the software a bit as we've done and meet the customer where they are and make it fit what they're trying to accomplish with their company. Secondly, this whole market's getting more customized and personalized.
Healthcare's Slow Cloud Adoption: Why?
00:04:51
Speaker
10 years ago, 15 years ago when we started,
00:04:54
Speaker
This healthcare market wasn't really that experienced in the cloud, right? Even now, they're one of the lagers in all industries and moving to the cloud, to the public cloud especially. But as they become more sophisticated, they're wanting a more personalized experience.
00:05:09
Speaker
You mentioned that it's a tougher sell in healthcare end markets. What do you feel are the obstacles that are needed to be overcome to catch up to other industries that you have sold to in the past at Rec Space, for instance? I think it's more of a concern about moving to the cloud, given they know that PHI data is targeted more than any other data. And so there's that reticence to not have total control that I think in other verticals
00:05:35
Speaker
that's less of an issue today and they have more trust. And number two, they haven't had long-term experience in the public cloud. And so many of our customers, they're just getting their first workloads into the cloud for the first time. So that's one issue. The other is, especially with providers, there's very tight budgets. So even though they know there's cost benefits to moving to the cloud,
00:06:00
Speaker
that initial move, there's initial expense associated with that. And I think especially lately when this environment, the last couple of years, it's a harder sell that way because they're like, well, I want to move to the cloud, but it's going to take a lot of time and effort because that's the final issue.
Managed Services vs. SaaS: What's Needed?
00:06:18
Speaker
They don't have, especially in providers, less so in pairs, the resources in-house to help manage from their side to move these workloads to the cloud.
00:06:27
Speaker
On one of our previous episodes, we had invited Joe Gagnon, CEO of OneUp Health, to talk about FHIR, the Healthcare Interoperability Standard. One thing he said was how payers could be the key to unlocking adoption for FHIR within providers. Do you feel that there's some of that also happening in your own industry where if payers lead the way providers will follow?
00:06:48
Speaker
Somewhat, I mean, it's not a direct correlation, but certainly when we talk to providers and we say that we've got some big and medium sized payers who use us, that really helps with our credibility beyond just the offering itself.
00:07:06
Speaker
Switching topics a bit, we are obviously seeing companies transition from traditional on-premise software to software as a service and cloud-based platforms. What is your view of the opportunity for traditional managed service providers to be able to generate a similar amount of recurring revenue at the same attractive margins that they do now, but most likely the ongoing support will be much less with a SaaS-led platform?
00:07:32
Speaker
Yeah, I think as we evolve here and increasingly our customers are transitioning their operations to the cloud, the managed service providers are going to have to evolve their services. Absolutely. And we're seeing it. We're seeing a lot of these horizontal providers say, oh, you just need software. You can do it yourself.
00:07:49
Speaker
And then a lot of them are finding they can't do that themselves. So I don't think that MSPs are going away in the healthcare space. There's going to be a long-term need for pro services and MSP services in this space, especially in cloud adoption and sort of digital transformation, because there's a resource issue here.
00:08:07
Speaker
hiring security people is really expensive and difficult to hold on to, right? That's a high commodity resource that gets paid a lot of money. And I think when we think about clear data, we're healthcare specific and specializing in secure data migration and high trust cert. With all the influx of the data available, there's going to be an emerging need and there is an emerging need for advanced analytics capabilities, managed cloud operations,
00:08:31
Speaker
I think one of the reasons we broke apart our offering and created a standalone SaaS offering for our software is so we could meet those highly sophisticated customers who don't need the MSP services so much, but there's plenty. I mean, this is a $7 billion market for us, right? There's plenty of companies that need lots of managed services moving forward and the market's huge for us. So it's just a question of meeting those customers where they are
00:08:59
Speaker
selling them the software if that's all they need, and also making our software differentiated versus those horizontal softwares. But yeah, we have to adapt to changing technologies and market demands. Just keeping up our managed services with the changes that AWS, Azure, and Google is a challenge. It's not only a challenge for us, we have people dedicated to that, but if you're a payer or provider, keeping up with all those changes and features and functionality of
00:09:23
Speaker
AWS refusing them or Azure or GCP.
Automation & Security: Clear Data's Approach
00:09:26
Speaker
That's a huge challenge for customers and they think they can handle it, but many of them can. In addition to security and data analytics, are there other emerging solutions that services providers can introduce to maintain or grow revenues from existing clients?
00:09:42
Speaker
Yeah, I mean, we offer cloud operations, which is part of our offering, and it'll be broken apart now. But to most of our customers, to manage changes to the cloud environment, that's the standard offering that we've had, that'll continue to be. And I think all MSPs can offer that. It's not just patching, right? It's how do I optimize the use of the clouds to optimize my results and my app performance as well as cost.
00:10:07
Speaker
This FinOps offerings, we have that as well where we help customers optimize their cloud spend. So that's a very important piece because we have a lot of expertise in doing that. This is all we do. One way that you can build credibility with a customer managing their cloud workloads
00:10:25
Speaker
is to continuously offer them health checks and an ability to leverage you to optimize their spend because it's hard to do that. You really need to know each cloud provider very well to do that. Finally, there's assessments like a well architected review for AWS and others that we offer and that I think other MSPs offer where you're leveraging some of the capabilities of the cloud providers. And then we have a pro services arm. I think most MSPs should have a pro services arm.
00:10:52
Speaker
to help with migrations, to help with assessments, to help understand here's a legacy app that you're thinking of moving to the cloud, but if you just lift and shift it, you're going to be disappointed in the results and the cost as opposed to maybe you need to refactor it. We can help you think that through. Those are services that are going to be very valuable to MSPs moving forward in healthcare.
Optimization through Cloud Operations & FinOps
00:11:16
Speaker
For your business, what role does automation play in your delivery of services? What are the tangible benefits?
00:11:23
Speaker
Yeah, look, manual human errors can lead to healthcare cybersecurity vulnerabilities and breaches, so we try to automate as much as we can. We really adopted a three-prong approach to automation, so we need to protect, detect, and recover, and that combines automated safeguards with our expert personnel. If you just have automation from your software or from third-party tools, you're not gonna do the job as thoroughly as you need to.
00:11:51
Speaker
So the CyberHealth platform, our software tool, really automates the detection of sensitive PHI data stored in the public cloud. It boosts really customer trust in our services. These automated safeguards really ensure that clear data services maintain high levels of security, privacy, compliance, further reinforcing customer trust. But you know what? We also provide MDR services, so managed detection and response.
00:12:17
Speaker
This is integrated into our CHP, but we use third party tools as well, where we've got sensors on every single endpoint that the customer has in the cloud. And we're evaluating that with the heads up eyes on glass 24 seven, but that automated endpoint threat analysis, you can get a lot of threat alerts. Then we have to take that and understand how to triage and prioritize those alerts.
Impact of Data Breaches & Security Investment
00:12:42
Speaker
So Rick, there's an estimated 40 million plus patients in the US that have recently been impacted one way or another by data breaches. HCA, for example, is facing a class action lawsuit for breach that exposed about 11 million patient records. When one of those large events occurs, do you experience an immediate increase in inbound interest for your cybersecurity services?
00:13:05
Speaker
I think that each time, especially if it's a healthcare specific breach, we definitely get an influx of folks looking at our services, going to our website and asking us questions. A lot of these healthcare companies think they can get away with sort of very minimal investment in security and compliance. And you know, you're really playing a bit of Russian roulette there. And now, especially now, you know, what we're seeing lately
00:13:30
Speaker
Ransomware is up dramatically in the last year and a half. Data fishing, of course, DDoS, it's all up. So definitely a major concern. And yeah, we're getting a lot. We get a big bump when these things happen. Luckily in our 15 years, we've never had a breach. Knock on wood.
Why Focus Exclusively on Healthcare Cybersecurity?
00:13:48
Speaker
There's other cloud security management vendors that take a more horizontal approach. Wizz and Drata are two of the big ones. In some cases, they may have tailored offerings to certain verticals such as mappings or security posture to security standards like HIPAA. Clear data obviously focuses exclusively on healthcare. What advantages do you think this brings to you?
00:14:11
Speaker
There's probably no more than two or three vendors like us in the healthcare space that just focus on healthcare. Matter of fact, I've been asked since I've been here the last year and a half, why don't you do other verticals? It's because of the expertise that we glean from our services organization by just focusing on healthcare threats, right?
00:14:32
Speaker
The protecting PHI data is a different animal. It's the most attacked data in the country, right? In the world. It's targeted more because it's data rich, right? So cybersecurity and healthcare for us, it's a matter of protecting lives, not just data. If that data is compromised for a hospital.
00:14:55
Speaker
People can die, right? And we take that very seriously. Matter of fact, it's one of the things that really inspires my team. When I got here, we really believe we're protecting lives every day, right? People's lives. So we're uniquely positioned. We've been doing this the longest to understand the unique requirements and challenges of healthcare organizations in protecting their data in the cloud.
00:15:17
Speaker
the tailored amount of solutions. And like our CHP software, there's a lot more controls. There's a lot more safeguards in there than any of our competitors, because we've been at it longer. We just focused on this. You mentioned some of my competitors that are horizontal. They say they do all this, but I think we do it better and more thoroughly. We offer not just, if you think about our health tech customers,
00:15:42
Speaker
We call it a high trust inheritance. When they come with us, we just hand them that compliance and they have it, right? They don't have to earn it because we've done all the work for them.
Key Insights & Market Positioning
00:15:53
Speaker
Rick, thank you so much for taking the time with us today. I personally learned so much. Among key takeaways of many, I'm shocked at the level of underinvestment in the industry when PHI data is actually the most targeted kind of data and healthcare providers heavily bear the brunt of ransomware when, of course, they are already cash constrained.
00:16:11
Speaker
Second key takeaway is the impact you have on your health tech clients and streamlining RFP responses just by your unique positioning and understanding of the market versus some of your peers that have taken more of a one size fits all approach. Lastly, the complexity of what you're actually doing, your three prong approach security and all, those are just three of many takeaways I could have picked. It was a great discussion, Rick. And again, thank you so much for taking the time today.
00:16:38
Speaker
Thanks, Fred. Thanks, Michael. I enjoyed it and really appreciate the opportunity. Thanks, Rick. As we wrap up this episode, we extend our heartfelt thanks to Rick Froelich, CEO of Clear Data for sharing his wealth of insights into the intricate world of healthcare cloud security and compliance. From the evolution of Clear Data's specialized offerings to the challenges of navigating the healthcare landscape, Rick has provided invaluable perspectives.
Conclusion & Future Discussions
00:17:03
Speaker
The episode has not only shed light on the vulnerabilities and opportunities in healthcare cybersecurity, but also has offered a glimpse into the future of managed services providers in this ever-evolving space. We also express our gratitude to Michael and Aceh as well for having partaken in this insightful discussion. Stay tuned for more similar conversations at the Crossroads of Technology and Healthcare. Until next time, this is Crossroads by Aloncho.