Privacy in Connected Health : Great post by Joe Kvedar

Joe does a great job of summarizing key issues here concerning privacy in connected health.

Posted in Uncategorized | Leave a comment

Using a “host factory” to deliver secure hybrid and multi-cloud instances…and then…secure container management

For those of us that track AWS – last week was pretty welcome update that includes a bunch of great new features – announcement here.

One of the key challenges that I see over and over again for large enterprise tech is trying  to get the best of AWS without complete lock-in to Amazon (multi-cloud) while  at the same time supporting their mix of on-prem and cloud systems infrastructure (hybrid).  Hybrid AND multi-Cloud is hard – but possible imho if you select a small number of key elements of your architecture that are independent of AWS (or any PaaS cloud provider for that matter).

One of the most important elements to protect as independent is your core authentication/authorization/secrets infrastructure – but where do you start – it’s such a complicated, tangled mess.

Try this….it can be very useful to provide a service that is essentially a “host factory” to assign dynamic identity to VMs.  The host factory provides a single, independent identity for the VM so that services such as secrets management, ssh, service authorization, PKI, etc can all be delivered independently of the physical location of the vm and/or the cloud provider.

For example – in AWS, your instances authenticate to the “host factory” using it’s AWS IAM role. IAM roles are the bridge between AWS instances and their “host factory” identity. This host factory identity can be used to deliver all of the services mentioned above regardless of the provider – on-prem or any cloud service provider.  This essentially provides a “line in the sand” where your intimacy with any given cloud provider is going to stop and where your control of your own machines identities starts.

Now that AWS has brought IAM roles to containers. The same bridge from ec2 instances to your “host factory” identity can be used to manage container identities.

So whether your app is VM based or containerized, it registers in the same way with the “host factory” and uses all the same core features (except ssh of course; which is not really a for containers 😉

IMHO – this approach is possible to implement quickly if you use a great system like Conjur.

There was a similar dynamic a few years back with networking identity and access management – along came a great product – Illumio – which has been adopted broadly to solve this problem.  Conjur is doing for the app layer – what Illumio delivered for network layer.

Give it a try and let me know what you think.

Posted in Uncategorized | Leave a comment

OpenVPN on ChromeOS – just say no

For anyone who is trying to make OpenVPN on ChromeOS work – just stop.

If you’ve got ChromeOS device – it’s likely you have an Android device – best to just use OpenVPN on Android rather than the unnatural act of getting ChromeOS OpenVPN support to work.

Worth a blog post – I dunno – but it would have saved me more than a few hours this weekend 🙂

Maybe the forthcoming Android support on ChromeOS will get us a freebie.

Posted in Uncategorized | Leave a comment

Nathan Hunt Palmer : May 21, 1936 – July 21, 2016

To those who knew and loved Pop, it is no surprise that he died with as much selflessness and dignity with which he lived. Our loving and loyal husband, father, grandfather, and brother died July 21 st at 2 pm at the age of 80 with his family by his side. He is survived by his wife; Suzy (Elsa) Palmer, his children; Andrew Hunt (Amy) Palmer and Anne Palmer (Dan)Wilson, his 8 grandchildren; Gerry (Heather), Morgan, Jonah, Annie, Sofia, Josephine, Elijah, and Abraham, and his sister Quimby (Mark) Mahoney. He was preceded in death by his mother Blanche Hunt Palmer, his father; Percival Bowditch Palmer III, and his brother Bradley (Judy) Palmer.

Nate grew up in Hinsdale, Illinois with an amazing community that surrounded he and his siblings with joy and love. He graduated from Deerfield Academy in Massachusetts and went on graduate from Dartmouth College. Deerfield and Dartmouth were both places that made Nate beam with pride. He cherished the education and the relationships he established while there. He was often seen wearing “Dartmouth Green”.

IMG_20160409_172535307A retired United States Air Force Captain, Nate spent some of his service time in South Korea on an island known as Paengnyong-Do. We often heard stories and life lessons from the time he spent in Korea and his time serving his country helped shape his life’s principle of “contentment”. After his service he started his career in sales beginning with Sunbeam and eventually running the family business, Illinois FWD Truck and Equipment Company.

After his first encounter with cancer in 1999, Nate retired and decided to spend the rest of his life making family and community his priority. Nate was happiest when helping others. He often volunteered at the local elementary school, or drove friends, neighbors, and even complete strangers to cancer treatment appointments. He adored attending his grandchildren’s sporting events and other activities. One of his favorite pastimes was driving his 1930 Model A in local parades and hanging out with his Whidbey Island Model A Club buddies.

Nate influenced all of us in big and small ways. He is known for teaching us all how to have a “firm handshake while looking people directly in the eye”. He exuded class and felt most comfortable in his sport coat and tie. He loved kites, remote control planes and boats, corn on the cob, reading, sailing, black coffee, raisin toast, the Chicago Bears, Jamaica, old cars, jets, and apple pie. He was proud to be an American, a Palmer, a brother, a husband, a father, and a grandfather.

In a small entry for a Deerfield reunion Nate described himself as being “inside proud” and remembered headmaster Boyden’s words “Be worthy of your heritage”, which he said made him try harder. Nathan Hunt Palmer has left an incredible legacy of humility and hard work. He will be missed every day.

There will be no services, however, if you would like to honor Nate, make sure your next handshake is firm and always remember to look people right in the eye.

A few of Nate’s favorite organizations:

Posted in Uncategorized | 2 Comments

Non-Compete Progress

I sat down to write a post on non-compete progress…

…then realized that Jeff Bussgang already did – his post here – well said Jeff.

Posted in Uncategorized | Leave a comment

PillPack and ExpressScripts saga ends :)

I’m thrilled that the PillPack and ExpressScripts saga has ended.  Details are in this Fast company article.  Truly exceptional leadership from TJ Parker and Elliot Cohen @ PillPack – this is how heathcare will change in the states – through the bold leadership of innovators like TJ and Elliot – thanks guys 🙂

Posted in Uncategorized | Leave a comment

BC/BS of MA needs to support PillPack

Three years ago I came home from one of my usual breakfast meetings at Henrietta’s Table and told my wife Amy that I’d met these entrepreneurs who started a company that had a service that she would love.  One was a pharmacist and the other a smart young tech guy @ MIT – killer team with a great idea that just seemed obviously better.

She rolled her eyes and muttered something under her breadth that sounded like “here we go again”.  While I am the eternal optimist  – she’s a bit of a skeptic – one of the many reasons I love her.  She was probably expecting another type of Android device or Sonos to show up at the door.  Most of the random stuff that I drag home is either uninteresting or a waste of her time – however – this time it was different.

Three days later she got a PillPack box.   Within weeks she told me she couldn’t imagine what it was like to manage our medications before PillPack.  Within months – she had her parents signed up.  This was a non-trival change because their pill situation(like many folks) looked something like this :


PillPack was just simply a better way to deliver medication to people who need them.  Perhaps most importantly – it is a fantastic service for those of us that remotely manage our parent’s care to ensure that our parents (who can’t remember the day of the week) get the right medications in the right doses as simply as possible.

Then – last week we got this letter from Blue Cross/Blue Shield of MA :


First of all – I can’t believe that BC/BS cares where I get my prescriptions filled – my relationship is supposed to be with BS/BS – not CVS or Rite Aid – or ExpressScripts whoever they are.  Second – I was thinking – why doesn’t BC/BS just include PillPack directly in their network instead of going through ExpressScripts.  Then I read the 2nd page of the letter which is here:


So is this guy – John A. Fallon MD is suggesting that I go to one of three pharmacies in Manchester NH – even though his employer – Blue Cross/Blue Shield of MASSACHUSETTS – knows that I live in Cambridge, MA.  REALLY?  These are the people who supposedly care about my health and wellness – and yet they want me to drive up to NH to fill my prescriptions every few weeks – really?  What’s going on?

Then I went to this site : – and realized that I was not alone 😦

My guess is that PillPack has become so successful that they have begun threatening the establishment in pharmacy and as a result – a bunch of people and companies who think that putting pharmacies at the back of a retail store is a good thing.  Honestly – it’s just not – stop trying to subject me to retail upsell in order for me to get the medications that I need.

The other reason they are doing this is that ExpressScripts has their own mail order service that is threatened by PillPack.  In this case – all I can say is innovate or die – new innovations like PillPack don’t happen at big companies like ExpressScripts or BC/BS – it happens when motivated, smart entrepreneurs do things that others think are impossible.  ExpressScripts – if you haven’t built a service that is as popular as PillPack – maybe it’s a message that you just can’t do what needs to be done in the next level of pharmacy.

The most offensive thing for me is that my Healthcare plan provider – Blue Cross/Blue Shield is in bed with these people who want to control where I get my pills.  Not which pills I take – or if these pills are branded or generic – but where I actually do my shopping…really?  Didn’t we sort through most of this in the 1990’s : Barnes and Nobel vs. Amazon, etc – and realize that the old brick and mortar companies that don’t embrace what’s best for the consumer will go out of business?  I guess not – the monopolistic behavior of companies like ExpressScripts and Blue Cross/Blue Shield is hurting me.  I wish they would just get on board with PillPack and we can all move on with our lives.

Posted in Uncategorized | Leave a comment