Monday, March 11, 2019

Price transparency in healthcare to regain patient trust requires accuracy via better use of technology


The next BriefingsDirect healthcare finance insights discussion explores the impacts from increased cost transparency for medical services.

The recent required publishing of hospital charges for medical procedures is but one example of rapid regulatory and market changes. The emergence of more data about costs across the health provider marketplace could be a major step toward educated choices – and ultimately more efficiency and lower total expenditures.

But early-stage cost transparency also runs the risk of out-of-context information that offers little actionable insight into actual consumer costs and obligations. And unfiltered information requirements also place new burdens on physicians, caregivers, and providers – in areas that have more to do with economics than healthcare.

Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy.

To learn more about the pluses and minuses of increased costs transparency in the healthcare sector, we are joined by our expert panel:
The panel is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions.

Here are some excerpts:

Gardner: For better or worse, we are well into an era of new transparency about medical costs. Heather, why is transparency such a top concern right now?

Kawamoto
Kawamoto: It’s largely due to a cost shift. Insurance companies are having patients owe more of a payment’s portion. With that there has been a significant rise in the high-deductible health plans -- not only in the amount of the deductible, but also in the number of patients on high-deductible plans.

And when patients get, sadly, more surprise bills, we start to hear about it in the media. We also have the onset this month of the IPPS/LTCH PPS final rule from the Centers for Medicare and Medicaid Services (CMS) [part of the U.S. Department of Health and Human Services].

The New York Times did a recent story about this, and that’s created buzz. And then people start saying, “Hey, I know I have a medical service coming up, I probably need to call in and actually find out how much my service is going to be.”

Gardner: It seems like the consumer, the patient, needs to be far more proactive in thinking about their care, not just in terms of, “Oh, how do I get better? Or how do I stay as healthy as I can?” But in asking, “How do I pay for this in the best possible way?”

That economic component wasn't the case that long ago. You would get care and you didn't give much thought to price or how it was billed.

Joann, as somebody who provides care, what’s changed that makes it necessary for patients to be proactive about their health economics?

Know before you owe

Barnes-Lague
Barnes-Lague: It’s the consumer-driven health plans, where patients are now responsible for more. They have to make a decision – “Do I buy my groceries, or do I have an MRI.”

The shift in healthcare makes us go after the patient before insurance is paid 100 percent. Patients now have a lot of skin in the game. And they have to start thinking, “Do I really need this procedure, or can it wait?”

Gardner: And we get this information-rush from other parts of our lives. We have so much more information available to us when we buy groceries. If we do it online, we can compare and contrast, we can comparison shop, we can even get analysis brought to the table. It can be a good thing.

Julie, you are trying to help people make better paying decisions. If we have to live with more cost transparency, how can technology be a constructive part of it?

Gerdeman
Gerdeman: It's actually a tremendous opportunity for technology to help patients and providers. We live in an experience economy, and in that economy everyone is used to having full transparency. We’re willing to pay for faster service, faster delivery.

We have highly personalized experiences. And all of that should be the same in our healthcare experiences. This is what people have come to expect. And that's why, for us, it’s so important to provide personalized, consumer-friendly digital payment options.

Sanborn: As someone who has been watching these high-deductible health plans unfold, data has come out saying the average American household can't afford a $500 medical bill, that an unexpected $500 medical bill would drastically impact that household’s finances for months. So people are looking to understand upfront what they are going to owe.

At the same time, patients are growing tired of the back-and-forth between the provider and the payer, with everyone kicking the can back and forth between then saying, “Well, I don’t know that. Your provider should know that.” And the provider says, “Well, your health plan is the one that arbitrates the price of your care. Why don't you go ask them?” Patients are getting really, really tired of that.
Learn How to Meet Patient Demands
for Convenient Payment Options
for Healthcare Services
Now the patients have the bullhorn, and they are saying, “I don't care whose responsibility it is to inform me. Someone needs to inform me, and I want it now.” And in a consumer-driven healthcare space, which is what’s evolving now, consumers are going to go where they get that retail-like experience.

That’s why we are seeing the rise in urgent care centers, walk-in clinics, and places where they don’t have to wait. They can instead book an appointment on their phone and go to the appointment 20 minutes later. Patients have the opportunity to pick where they get their care and they know it. At the same time, they know they can demand transparency because it's time.

Gardner: So transparency can be a force for good. It can help people make better decisions, be more efficient, and as a result drive their cost down. But transparency can put too much information in front of people, perhaps at a time when they are not really in a mindset to absorb it.

What are you doing at CVS, Alena, to help people make better decisions, but not overload them?

Clear information increases options

Harrison
Harrison: The key to good transparency tools is that they have to be a 100 percent accurate. Secondly, the information has to be clear, actionable, and relevant to the patient.

If we gave patients 10 data points about the price of a drug -- and sometimes there are 10 prices depending on how you look at it -- it would overwhelm folks. It would confuse them, and we could lose that engagement. Providing simple, clear data that is accurate and actionable shows them the options specific to their benefit plan. That is what we can do to help consumers navigate through this very complex web in our healthcare system.

Gardner: Recondo helps people create and deliver estimates throughout this process. How does that help in providing the right information, at the right time, in the right context?

Kawamoto: It's critical to provide [estimate information] when a patient schedules their service, because that gives them the opportunity -- if there is a financial question or concern -- to say, “Okay, I don’t know that I can pay for that. Is there another location where the price might be different? What are my financial options in terms of the payment plan or some sort of assistance?”

Enabling providers to proactively communicate that information to patients as they schedule a service or in advance gives patients an opportunity to shop. They know they are going to be meeting with an orthopedic surgeon because they need knee arthroscopy.

In advance of that, they should be able to get some idea of what they are going to owe, relative to their specific benefit information. It puts them in that position to engage with the orthopedic surgeon to say, “I looked at the facility and it's actually going to be $3,000. What are my options?” Now, that provider can be a part of the cost discussion. I think that is critical.

Barnes-Lague: As providers we have to be okay with patients making that decision, of saying, “Maybe I won’t have that service now.” That’s consumer-driven. And sometimes that hurts our volume.

We may have had a hard time understanding that in the beginning, when we shared estimates and feared that the patients wouldn't come. Well, would you rather trick them and then have bad debt?
As providers we have to be okay with patients making that decision, of saying, "Maybe I won't have that service right now." That's consumer-driven. ... It's about being comfortable with the patient making educated decisions.

It’s about being comfortable with the patient making educated decisions. Perhaps they will come back for your MRI in December when their deductibles are met, and they can better afford it.

Gardner: Part of this solution requires the physician or practitioner to be educated enough to help the patient sort out the finances, as well as the care and medical treatments. As someone who has a lot of clinicians, technicians, and physicians, are they not the primary point for more transparency to the patient?

Barnes-Lague: That would be the ideal solution, to have the physicians who are referring these very expensive services to begin having those conversations. Often patients are kind of robotic with what their doctors tell them.

We have to tell them, “You have a choice. You have a choice to make some phone calls. You have a choice to do your own price shopping.” We would love it if the referring physicians began having those price-transparency conversations early, right in their offices.

Gardner: So the new dual-major: Economics and pre-med?

Julie, your background is in technology. You and I both know there are lots of occupations where people have complex decisions to make. And they have to be provided trust and accommodation to make well-informed decisions.

Whether you are a purchasing agent, chief executive, or chief marketing officer, there are tools and data to help you. There have been great strides made in solving some of these problems. Is that what we are going to see applied to these medical decisions across the spectrum of payer, provider, and patient?

Easy-to-access, secure data builds trust

Gerdeman: This field is ripe for disruption. And technology, particularly emerging technology, can make a big difference in providing transparency.

A lot of my colleagues here have talked about trust. To me, the reason everybody is requiring transparency is to build trust. It goes back to that trusted relationship between the provider and the patient.

The data should be available to everyone. It’s now time to present the data in a very clear, simple, and actionable way for them to make decisions. The consumer can make an informed decision, and the provider can know what the consumer is facing.

Gardner: Yet to work, that data needs to be protected. It needs to adhere to multiple regulations in multiple jurisdictions, and compliance is a moving target because the regulations change so often.

Beth, what do we do to solve the data availability problem? Everybody knows data is how to solve it. It’s about more data. But nobody wants to own and control that data.

Sanborn: Yes, it’s the $64,000 question. How do you own all that data and protect it at the same time? We know that healthcare is one of the most attacked industries when it comes to cyber criminals, ransomware, and phishing.

Sanborn
I hear all the time from experts that as much as the human element drives healthcare, as far as data and its protection [the human element] is also the greatest vulnerability. Most of the attacks you hear about happen because someone clicked on a link in an email or left their laptop somewhere. These are basic human errors that can have catastrophic consequences depending on who is on the receiving end of that error.

Technology is, of course, a huge part of the future, but you can't let technology develop faster than the protections that have to go with it. And so any developer, any innovator who is trying to help move this space forward has to make cybersecurity a grassroots foundational part of anything that they innovate.

It’s not enough to say, “My tool can help you do this, this, and this.” You have to be able to say, “Well, my tool will help you do this, this, and this, and this is how we are going to protect you along the way.” That has to be part of, not just the conversation, but every single solution.

Gardner: Alena, at CVS, do you see that data solution as a major hurdle to overcome? Meaning the controlling, managing, and protection of the data -- but also making it available to every nook and cranny that it needs to get to?

Harrison: That’s always a key focus for us, and it’s frankly ingrained in every single thing we do. To give a sense of what we are putting out there, the price transparency tools that we have developed are all directly connected to our claims system. It’s the only way we can make sure that the patient out-of-pocket costs we provide are 100 percent accurate. They must reflect what that patient would pay as they go to their local pharmacy.
See the New Best Practice
of  Driving Patient Loyalty
Through Estimation
But making sure that our vendor partners have a robust and very rigorous process around security is paramount. It takes time to do that, and that’s one of the challenges we all face.

Gardner: So we have a lot going on with new transparency regulations, and more information coming out. We know that we have to make it secure, and we are going to have to overcome that. So it’s early still.

It seems to me, though, there are examples of the tools already developed and how they can be impactful; they can work.

Joann at Shields, do you have any examples of what benefits can happen when you bring in the right tools for transparency and for making good decisions?

Transparency upfront benefits bottom line

Barnes-Lague: Yes, we bring in more revenue and we bring it in timely. We used to be at about 60 percent collected from the patient’s side overall. Since we implemented tools, we are at 85 percent collected, a 400 percent increase in our overall revenue.

We have saved $4.5 million in [advance procedure] denials, just based on eligibility, authorization, and things like that. We are bringing in more money and we don’t require as much labor because of the automation. We are staffed around the automation now.

Gardner: Julie, how does it work? How do better tools and more information in advance help collect more money for a medical transaction?

Gerdeman: It works in a couple of ways. First, from a patient-facing perspective, they have the access to pay whenever and wherever they are. Having that access and availability is critical.
We have saved $4.5 million in [advance procedure] denials -- just based on eligibility, authorization, and things like that. We are bringing in more money and we don't require as much labor because of the automation.

Also they need to be connected. An estimate – like Heather talked about, to be able to make a decision from that -- has to be available from the very beginning.

And then finally, it's about options. All of these things help drive adoption if you give a patient options and clarity upfront. They have a choice of how to pay and they have the knowledge about costs. That adoption drives success.

So if you implement the tools appropriately you will see immediate impact. The patients adopt it, the staff adopts it, and then it drives up the collections that Joann is talking about.

Gardner: Heather, we have seen in other industries that tracking decision processes and behaviors leads to understanding use patterns. From them, incentivization can come into play. Have you seen that? How can incentives and transparency improve the overall economic benefits?

Incentivization improves savings

Kawamoto: Being able to communicate to patients what their anticipated out-of-pocket costs will be is powerful. A lot of organizations have created the means where they say to the patient, “If you pay this amount in advance of your service, you will actually get a discount.” That puts the patient in a position to say, “I could save $200 if I decide to pay this today.” That's a key component of it. They know they are going to get a better cost if they pay sooner, and then many of them are incented to do that.

Gardner: Any other thoughts about incentives, Alena?

https://www.healthpay24.com/

Harrison: Yes. An indirect incentive, but still quite relevant, is that our price transparency tools are available to all of our CVS Caremark members. We are seeing about 230,000 searches a month on our website.

When members search for the drugs they are taking, if there are lower-cost alternative options, we see members in their next refill order one of those lower cost drugs 20 percent of the time. That results in an average savings of $120 per prescription fill for those patients. As you can imagine, over the course of several months, that savings really starts to add up.

Gardner: We have come back to the idea of the out-of-pocket costs. The higher the deductible, the lower the premiums. People are incentivized therefore to go to lower premiums. But then, heaven forbid, they have an illness, and then they have to start thinking about, “Oh my gosh, how do I best manage that out-of-pocket deductible?”

Nowadays, with technologies like machine learning (ML), artificial intelligence (AI), and big data analytics, we are seeing prescriptive or even recommendation types of technologies. How far do we need to go before we can start to bring some of those technologies about making good recommendations based on data -- rather than intuition or even a lack of informed decision making — to medical finance decisions? How do we get to that point where we can be proscriptive in automated recommendations, rather than people slogging through this by themselves?

Automated advice advances

Gerdeman: At HealthPay24 we are looking at predictive analytics and what role the predictive capability can play in helping make recommendations for patients. That’s not necessarily on the clinical or pharmaceutical side, but we know when a patient makes an appointment and gets an estimate what their propensity to pay will be.

Proactively we can offer them options based on what we know ahead of time. They don't even have to worry about it. They can just say, “Okay, here are my choices. I have only saved up $500; therefore, I am going to take advantage of a loan or a payment plan.” And I do believe that technology will help.

On the AI side, it’s already starting. As you talk to providers, they are using it for repetitive processes. But I think there is even more opportunity on the cognitive side of AI to play [a role] in hospitals. So there is a big opportunity.


Gardner: We already see this in financial markets. People get more information, they get recommendations, and there is arbitrage. It’s not either/or. It’s what are the circumstances? What’s the credit we can offer? How do we make the most efficient transaction for all parties?

So, as in other transactions, we have to gain more comfort with the combination economics and medical procedures. Is that part of the culture shift? You have to be a crass consumer and you have to be looking out for your health.

Any thoughts about the need to be both a savvy consumer as well as a patient?

Kawamoto: It's critical. To Julie’s point, we are now looking through our data and finding legitimate savings opportunities for patients, and we’re proactively outreaching to those patients. Of course, at the end of the day, the decision is always in the provider’s hands -- and it should be, because not all of us are clinicians. I certainly am not. But to allow patients to prompt that fuller conversation helps drive the process, so the burden isn't just on the provider. This is critical.

Gardner: Before we close out, any recommendations? How should the industry best prepare for more transparency around procedures and payments in medical environments? Joann, what do you think people should be thinking about to better prepare themselves as providers for this new era of transparency?

Lead with clear communication

Barnes-Lague: Culture is very important within the organization. You need to continue to talk. It’s shifting. Let’s talk about the burden to the provider, now that the patients are responsible for more. There is no other product that you can purchase without paying upfront. But you can walk away from healthcare without paying for it.

The more technology you implement, the more transparency you can provide, the more conversations you can have with those patients – these not only help the patients. You as providers are in business for revenue. This helps bring in the revenue that you have lost with the shift to consumer-driven health plans.

Gardner: Heather, as someone who provides tools to providers, what should they be thinking about when it comes to a new era of transparency?
View a Webinar on How Accurate 
Financial Data Helps Providers
make Informed Decisions
Kawamoto: While there have been tools available to providers, now we have to make those tools available to patients. Providers are, in many cases, the first line of communication to patients. But before that patient even schedules, if they are in a position to know they need a service, they can go out and self-shop.

That’s what providers need to be thinking about. How do I get even further out into the decision-making process? How do we engage with that patient at that early point, which is going to build trust, as well as ensure that revenue is coming to your particular facility?

Gardner: Beth, what advice do you have for consumers, the patients? What should they be thinking about to take advantage of transparency?

Take care of physicians and finances

Sanborn: First, I want to advocate for the physicians. We hear all the time about change fatigue, burnout; burnout is as hot a topic as transparency. If providers are going to be put in the position of having to have financial conversations with patients, I think health system leaders need to be aware of that and make sure that providers are properly educated. What do they need to know so that they can accurately communicate with patients? And they need to understand how that's going to affect the workload -- that is already onerous and at times damaging -- to physicians. So along Joann’s comments about culture, there needs to be a culture around ushering in physicians into that role.

From a consumer standpoint, when we look at the law that just went into effect, patients need to understand what are they looking at. The price list that the hospital is publishing is a chargemaster. It’s a naked price from a hospital. It's not what they are going to pay, and so we need to eradicate the sticker shock that I am sure is happening at first glance.

Gardner: The patient needs to self-educate about what’s net-net and what’s gross when it comes to these prices?
Patients need to be educated on what they are looking at, and then understand the options available to them as far as what they are actually going to pay. Payers need to make sure they are reaching out and make sure their consumers understand how the benefits work.

Sanborn: Right. You can put these prices in plain terms. The chargemaster is what a hospital charges. But remember you have insurance. There are discounts for self-pay. There could be other incentives or subsidies that you are eligible for.

So please don't have a heart attack, literally, when you look at this price and go, “Oh, my gosh, is that what I am responsible for?” Patients need to be educated on what they are looking at, and then understand the options available to them as far as what you are actually going to pay.

And the other thing is benefits literacy. Payers need to make sure they are reaching out to their consumers and making sure their consumers understand how the benefits work so that they can advocate for themselves.

Gardner: Alena at CVS, as a provider of pharmaceutical services and goods, what advice do you have about making the best of transparency?

Harrison: Beth hit the nail on the head with a lot of her points. We see similar brute-force regulation happening in the prescription drug space. So pharmaceutical manufacturers now need to publish their “sticker” prices.

Little do most people know, the sticker price is something no one pays. Payers don't pay it. Patients certainly don't pay it. The pharmacy doesn’t pay it. And so it is so critical as this information becomes available to make sure that your customers, consumers, and members understand what they are looking at. You as an organization should be prepared to support them through the process of navigating this additional information.

Gardner: Julie, what should people be thinking about on the vendor side, the people providing these tools, now that transparency is a necessary part of the process? What should the tool providers be thinking about to help people navigate this?

Gerdeman: It comes back to the user experience -- providing a simple, clear, and consumer friendly experience through the tools. That is what’s going to drive usage, adoption, and loyalty.
View Provider Success Stories
on Driving Usage, Adoption,
and Loyalty Among Patients
Technology is a great way for providers to drive patient loyalty, and that is where it’s going to make a difference. That’s where you are going to engage them. You are going to win hearts and minds. They are going to want to come back because they had a great clinical experience. They feel better, they are healthier now, and you want the rest of their experience financially to match that great clinical experience.

Anything we can do in the tools themselves to be predictive, clear, beautiful, and simple will make all the difference.
 
Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy. Sponsor: HealthPay24.

Wednesday, March 6, 2019

A new Mastercard global payments model creates a template for an agile, secure, and compliant hybrid cloud


The next BriefingsDirect cloud adoption best practices discussion focuses on some of the strictest security and performance requirements that are newly being met for an innovative global finance services deployment.

We’ll now explore how a major financial transactions provider is exploiting cloud models to extend a distributed real-time payment capability across the globe. Due to the needs for localized data storage, privacy regulations compliance, and lightning-fast transactions speeds, this extreme cloud-use formula pushes the boundaries -- and possibilities -- for hybrid cloud solutions.

Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy.

Stay with us now as we hear from an executive at Mastercard and a cloud deployment strategist about a new, cutting-edge use for cloud infrastructure. Please welcome Paolo Pelizzoli, Executive Vice President and Chief Operating Officer at Realtime Payments International for Mastercard, and Robert Christiansen, Vice President and Cloud Strategist at Cloud Technology Partners (CTP), a Hewlett Packard Enterprise (HPE) company. The discussion is moderated by  Dana Gardner, Principal Analyst at Interarbor Solutions.

Here are some excerpts:

Gardner: What is happening with cloud adoption that newly satisfies such major concerns as strict security, localized data, and top-rate performance? Robert, what’s allowing for a new leading edge when it comes to the public clouds’ use?

Christiansen: A number of new use cases have been made public. For the front runners like Capital One [Financial Corp.], and some other organizations, they have taken core applications that would otherwise be considered sacred and are moving them to cloud platforms. Those have become more-and-more evident and visible. The Capital One CIO, Robert Alexander, has been very vocal about that.

Christiansen
So now others have followed suit. And the US federal government regulators have been much more accepting around the audit controls. We are seeing a lot more governance and automation happening as well. A number of the business control objectives – from security to the actual technologies to the implementations -- are becoming more accepted practices today for cloud deployment.

So, by default, folks like Paolo at Mastercard are considering the new solutions that could give them a competitive edge. We are just seeing a lot more acceptance of cloud models over the last 18 months.

Gardner: Paolo, is increased adoption a matter of gaining more confidence in cloud, or are there proof points you look for that opens the gates for more cloud adoption?

Compliance challenges cloud

Pelizzoli: As we see what’s happening in the world around nationalism, the on-the-soil [data sovereignty] requirements have become much more prevalent. It will continue, so we need the ability to reach those countries, deploy quickly, and allow data persistence to occur there.

Pelizzoli
The adoption side of it is a double-edged sword. I think everybody wants to get there, and everybody intuitively knows that they can get there. But there are a lot of controls around privacy, as well as the SOX and SOC 1 reports compliance, and everything else that needs to be adjusted to take into the cloud into account. And if the cloud is rerouting traffic because one zone goes down and it flips to another zone, is that still within the same borders, is it still compliant, and can you prove that?

So while technologically this all can be done, from a compliance perspective there are still a lot of different boxes left to check before someone can allow payments data to flow actively across the cloud -- because that’s really the panacea.

Gardner: We have often seen a lag between what technology is capable of and what regulations, standards, and best practices allow. Are we beginning to see a compression of that lag? Are regulators, in effect, catching up to what the technology is capable of?

Pelizzoli: The technology is still way out in the front. The regulators have a lot on their plates. We can start moving as long as we adhere to all the regulations, but the regulations between countries and within some countries will continue to have a lagging effect. That being said, you are beginning to see governments understand how sanctions occur and they want their own networks within their own borders.

Those are the types of things that require a full-fledged payments network that predated the public Internet to begin to gain certain new features, functions, and capabilities. We are now basically having to redo that payments-grade network.

https://www.mastercard.us/en-us.html
Gardner: Robert, the technology is highly capable. We have a major player like Mastercard interested in solving their new globalization requirements using cloud. What can help close the adoption gap? Does hybrid cloud help solve the log-jam?

Christiansen: The regionalization issues are upfront, if not the number-one requirement, as Paolo has been talking about. I think about South Korea. We just had a meeting with the largest banking folks there. They are planning now for their adoption of public cloud, whether it’s Microsoft Azure, Amazon Web Services (AWS), or Google Cloud. But the laws are just now making it available.

Prior to January 1, 2019, the laws prohibited public cloud use for financial services companies, so things are changing. There is lot of that kind of thing going on around the globe. The strategy seems to be very focused on making the compute, network, and storage localized and regionalized. And that’s going to require technology grounding in some sort of connectivity across on-premises and public, while still putting the proper security in-place.
Learn More About Software-Defined and
Hybrid Cloud Solutions
That Reduce Complexity
So, you may see more use of things like OpenShift or Cloud Foundry’s Pivotal platform and some overlay that allows folks to take advantage of that so that you can push down an appliance, like a piece of equipment, into a specific territory.

I’m not certain as to the cost that you incur as a result of adding such an additional local layer. But from a rollout perspective, this is an upfront conversation. Most financial organizations that globalize want to be able to develop and deploy in one way while also having regional, localized on-premises services. And they want it to get done as if in a public cloud. That is happening in a multiple number of regions.

Gardner: Paolo, please tell us more about International Realtime Payments. Are you set up specifically to solve this type of regional-global deployment problem, or is there a larger mandate? What’s the reason for this organization?

Hybrid help from data center to the edge

Pelizzoli: Mastercard made an acquisition a number of years ago of Vocalink. Vocalink did real-time secure interbank funds transfer, and linkage to the automated clearing house (ACH) mechanism for the United Kingdom (UK), including the BACS and LINK extensions to facilitate payments across the banking system. Because it’s nationally critical infrastructure, and it’s bank-to-bank secure funds transfer with liquidity checks in place, we have extended the capabilities. We can go through and perform the same nationally critical functions for other governments in other countries.

Vocalink has now been integrated into Mastercard, and Realtime Payments will extend the overall reach, to include the debit/credit loyalty gift “rails” that Mastercard has been traditionally known for.

I absolutely agree that you want to develop one way and then be able to deploy to multiple locations. As hybrid cloud has arrived, with the advent of Microsoft Azure Stack and more recently AWS’s Outposts, it gives you the cloud inside of your data center with the same capabilities, the same consoles, and the same scripting and automation, et cetera.

As we see those mechanisms become richer and more robust, we will go through and be deploying that approach to any and all of our resources -- even being embedded at the edge within a point of sale (POS) device.
As we examine the different requirements from government regulations, it really comes down to managing personally identifiable information.

As we examine the different requirements from government regulations, it really comes down to managing personally identifiable information.

So, if you can secure the transaction information, by abstracting out all the other stuff and doing some interesting cryptography that only those governments know about, the [transaction] flow will still go through [the cloud] but the data will still be there, at the edge, and on the device or appliance.

We already provide for detection and other value-added services for the assurance of the banks, all the way down to the consumers, to protect them. As we start going through and seeing globalization -- but also the regionalization due to regulation – it will be interesting to uncover fraudulent activity. We already have unique insights into that.

No more noisy neighbors

Christiansen: Getting back to the hybrid strategy, AWS Outposts and Azure Stack have created the opportunity for such globalization at speed. Someone can plug in a network and power cable and get a public cloud-like experience yet it’s on an on-premises device. That opens a significant number of doors.

You eliminate multi-tenancy issues, for example, which are a huge obstacle when it comes to compliance. In addition, you have to address “noisy neighbor” issues, performance issues, failovers, and stuff like that that are caused by multi-tenancy issues.

If you’re able to simply deploy a cloud appliance that is self-aware, you have a whole other trajectory toward use of the cloud technology. I am actively encouraged to see what Microsoft and Amazon can do to press that further. I just wanted to tag that onto what Paolo was talking about.


Pelizzoli: Right, and these self-contained deployments can use Kubernetes. In that way, everything that’s required to go through and run autonomously -- even the software-defined networks (SDNs) – can be deployed via containers. It actually knows where its point of persistence needs to be, for data sovereignty compliance, regardless of where it actually ends up being deployed.

This comes back to an earlier comment about the technology being quite far ahead. It is still maturing. I don’t think it is fully mature to everybody’s liking yet. But there are some very, very encouraging steps.

As long as we go in with our eyes wide open, there are certain things that will allow us to go through and use those technologies. We still have some legacy stuff pinned to bare-metal hardware. But as things start behaving in a hybrid cloud fashion as we’re describing, and once we get all the security and guidelines set up, we can migrate off of those legacy systems at an accelerated pace.

Gardner: It seems to me that Realtime Payments International could be a bellwether use case for such global hybrid cloud adoption. What then are the checkboxes you need to sign off on in order to be able to use cloud to solve your problems?

Perpetual personal data protection

Pelizzoli: I can’t give you all the criteria, but the persistence layer needs to be highly encrypted. The transports need to be highly encrypted. Every time anything is persisted, it has to go through a regulatory set of checks, just to make sure that it’s allowed to do what it’s being asked to do. We need a lot of cleanliness in the way metrics are captured so that you can’t use a metric to get back to a person.

If nothing else, we have learned a lot from the recent [data intrusion] announcements by Facebook, Marriott, and others. The data is quite prevalent out there. And payments data, just like your hospital data, is the most personal.

As we start figuring out the nuances of regulation around an individual service, it must be externalized. We have to be able to literally inject solutions to regulatory requirements – and not by coding it. We can’t be creating any payments that are ambiguous.
Learn More About Software-Defined and
Hybrid Cloud Solutions
That Reduce Complexity
That’s why we are starting to see a lot of effort going into how artificial intelligence (AI) can help. AI could check services and configurations to test for every possibility so that there isn’t a “hole” that somebody can go through with a certain amount of credentials.

As we go forward, those are the types of things that -- when we are in a public cloud -- we need to account for. When we were all internal, we had a lot of perimeter defenses. The new perimeter becomes more nebulous in a public cloud. You can create virtual private clouds, but you need to be very wary that you are expanding time factors or latency.

Gardner: If you can check off these security and performance requirements, and you are able to start exploiting the hybrid cloud continuum across different localities, what do you get? What are the business outcomes you’re seeking?

Common cloud consistency

Pelizzoli: A couple of things. One is agility, in terms of being able to deploy to two adjacent countries, if one country has a major outage. That means ease of access to a payments-grade network -- without having to go through and put in hardware, which will invariably fail.

Also, the ability to scale quickly. There is an expected peak season for payments, such as around the Christmas holidays. But there could be an unexpected peak season based on bad news -- not a peak season, but a peak day. How do you go through and have your systems scale within one country that wasn’t normally producing a lot of transactions? All of a sudden, now it’s producing 18 times the amount of transactions.


Those types of things give us a different development paradigm. We have a lot of developers. A [common cloud approach] would give us consistency, and the ability to be clean in how we automate deployment; the testing side of it, the security checks, etc.

Before, there were a lot of different ways of doing development, depending on the language and the target. Bringing that together would allow increased velocity and reduced cost, in most cases. And what I mean by “most cases” is I can use only what I need and scale as I require. I don’t have to build for the worst possible day and then potentially never hit it. So, I could use my capacity more efficiently.

Gardner: Robert, it sounds like major financial applications, like a global real-time payment solution, are getting from the cloud what startups and cloud-native organizations have taken for granted. We’re now able to take the benefits of cloud to some of the most extreme and complex use cases.

Cloud-driven global agility

Christiansen: That’s a really good observation, Dana. A healthcare organization could use the same technologies to leverage an industrial-strength transaction platform that allows them to deliver healthcare solutions globally. And they could deem it as a future-proof infrastructure solution.

One of the big advantages of the public cloud has been the isolation of all those things that many central IT teams have had to do day-in and day-out. That is to patch releases, upgrade processes, constantly looking at the refresh. They call it painting the Golden Gate Bridge – where once you finish painting the bridge, you have to go back and do it all over again. And a lot of that effort and money goes into that refresh process.

And so they are asking themselves, “Hey, how can we take our $3 or $4 billion IT spend, and take x amount of that and begin applying it toward innovation?”
Right now there is so much rigidity. Everyone is asking the same question, "How do I compete globally in a way that allows me to build the agility transformation into my organization?"

And if someone can take a piece out of that equation, all things are eligible. Everyone is asking the same question, “How do I compete globally in a way that allows me to build the agility transformation into my organization?” Right now there is so much rigidity, but the balance against what Paolo was talking about -- the industrial-grade network and transaction framework -- to get this stuff done cannot be relinquished.

So people are asking a lot of the same questions. They come in and ask us at CTP, “Hey, what use-cases are actually in place today where I can start leveraging portions of the public cloud so I can start knocking off pieces?”

Paolo, how do you use your existing infrastructure, and what portion of cloud enablement can you bring to the table? Is it cloud-first, where you say, “Hey, everything is up for grabs?” Or are you more isolated into using cloud only in a certain segment?

Follow a paved path of patterns

Pelizzoli: Obviously, the endgame is to be in the cloud 100 percent. That’s utopian. How do we get there? There is analysis being done. It depends if we are talking about real-time payments, which is actually more prepared to go into the cloud than some of the core processing that handles most of North America and Europe from an individual credit card or debit card swipe. Some of those core pieces need more rewiring to take advantage of the cloud.

When we look at it, we are decomposing all of the legacy systems and seeing how well they fit in to what we call a paved path of patterns. If there is a paved path for a specific type of pattern, we put it on the list of things to transition to, as being built as a cloud-native service. And then we run it alongside its parent for a while, to test it, through stressful periods and through forced chaos. If the segment goes down, where does it flip over to? And what is the recovery time?

https://www.mastercard.us/en-us.html
The one thing we cannot do is in any way increase latency. In fact, we have some very aggressive targets to reduce latency wherever we can. We also want to improve the recovery and security of the individual components, which we end up calling value-added services.

There are some basic services we have to provide, and then value-added services, which people can opt in or opt out of. We do have a plan and strategy to go through and prioritize that list.

Gardner: Paolo, as you master hybrid cloud, you must have visibility and monitoring across these different models. It’s a new kind of monitoring, a new kind of management.

What do you look to from CTP and HPE to help attain new levels of insight so you can measure what’s going on, and therefore optimize and automate?

Pelizzoli: CTP has been a very good and integral part of our first steps into the cloud.

Now, I will give you one disclaimer. We have some companies that are Mastercard companies that are already in the cloud, and were born in the cloud. So we have experience with AWS, we have experience with Azure, and we have some experience with Google Cloud Platform.

It’s not that Mastercard isn’t in the cloud already, it is. But when you start taking the entire plant and moving it, we want to make sure that the security controls, which CTP has been helping ratify, get extended into the cloud -- and where appropriate, actually removed, because there are better ones in the cloud today.

Extend the cloud management office

Now, the next phase is to start building out a cloud management office. Our cloud management office was created early last year. It is now getting the appropriate checks and audits from finance, the application teams, the architecture team, security teams, and so on.

As that list of prioritized applications comes through, they have the appropriate paved path, checks, and balance. If there are any exceptions, it gets fiercely debated and will either get a pass or it will not. But even if it does not, it can still sit within our on-premises version of the cloud, it’s just more protected.

As we route all the traffic, that is where there is going to be a lot of checks within the different network hops that it has to take to prevent certain information from getting outside when it’s not appropriate.

Gardner: And is there something of a wish list that you might have for how to better fulfill the mandate of that cloud management office?

Pelizzoli: We have CTP, which HPE purchased along with RedPixie. They cover, between those two acquisitions, all of the public cloud providers.

https://www.mastercard.us/en-us.html

Now, the cloud providers themselves are selling you the next feature-function to move themselves ahead of their competitor. CTP and RedPixie are taking the common denominator across all of them to make sure that you are not overstepping promises from one cloud provider into another cloud provider. You are not thinking that everybody is moving at the same pace.

They also provide implementation capabilities, migration capabilities, and testing capabilities through the larger HPE organization. The fact is we have strong relationships with Microsoft and with Amazon, and so does HPE. If we can bring the collective muscle of Mastercard, HPE, and the cloud providers together, we can move mountains.

Gardner: We hear folks like Paolo describe their vision of what’s possible when you can use the cloud providers in an orchestrated, concerted, and value-added approach.

Other people in the market may not understand what is going on across multi-cloud management requirements. What would you want them to know, Robert?

O brave new hybrid world

Christiansen: A hybrid world is the true reality. Just the complexity of the enterprise, no matter what industry you are in, has caused these application centers of gravity. The latency issues between applications that could be moved to cloud or not, or impacted by where the data resides, these have created huge gravity issues, so they are unable to take advantage of the frameworks that the public clouds provide.

So, the reality is that the public cloud is going to have to come down into the four walls of the enterprise. As a result of that, we are seeing an explosion of the common abstraction -- there is going to be some open sourced framework for all clouds to communicate and to talk and behave alike.

Over the past decade, the on-premises and OpenStack world has been decommissioning the whole legacy technology stack, moving it off to the side as a priority, as they seek to adopt cloud. The reality now is that we have regional, government, and data privacy issues, we have got all sorts of things that are pulling it all back internally again.

Out of all this chaos is going to rise the phoenix of some sort of common framework. There has to be. There is no other way out of this. We are already seeing organizations such as Paolo’s at Mastercard develop a mandate to take the agile step forward.

They want somebody to provide the ability to gain more business value versus the technology, to manage and keep track of infrastructure, and to future-proof that platform. But at the same time, they want a technology position where they can use common frameworks, common languages, things that give interoperability across multiple platforms. That’s where you are seeing a huge amount of investment.

I don’t know if you recently saw that HashiCorp got $100 million in additional funding, and they have a valuation of almost $2 billion. This is a company that specializes in sitting in that space. And we are going to see more of that.
Learn More About Software-Defined and
Hybrid Cloud Solutions
That Reduce Complexity
And as folks like Mastercard drive the requirements, the all-in on one public cloud mentality is going to quickly evaporate. These platforms absolutely have to learn how to play together and get along with on-premises, as well as between themselves.

Gardner: Paolo, any last thoughts about how we get cloud providers to be team players rather than walking around with sharp elbows?

Tech that plays well with others

Pelizzoli: I think it’s actually going to end up being a lot more of the technology that’s being allowed to run on these cloud platforms is going to take care of it.

I mentioned Kubernetes and Docker earlier, and there are others out there. The fact that they can isolate themselves from the cloud provider itself is where it will neutralize some of the sharp elbowing that goes on.


Now, there are going to be features that keep coming up that I think companies like ours will take a look at and start putting workloads where the latest cutting-edge feature gives us a competitive advantage and then wait for other cloud providers to go through and catch up. And when they do, we can then deploy out on those. But those will be very conscious decisions.

I don’t think that there is a one cloud fits all, but where appropriate we will go through and be absolutely multi-cloud. Where there is defining difference, we will go through and select the cloud provider that best suits in that area to cover that specific capability.

Gardner: It sounds like these extreme use cases and the very important requirements that organizations like Mastercard have will compel this marketplace to continue to flourish rather than become a one-size-fits-all. So an interesting time that we are seeing the maturation of the applications and use cases actually start to create more of a democratization of cloud in the marketplace.

Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy. Sponsor: Hewlett Packard Enterprise.

You may also be interested in: