New technologies make healthcare security pros more efficient

One of the underlying sayings in IT is “do more with less.” This certainly holds true for the healthcare industry. Over the past few years, administrators have been tasked with creating a more robust and efficient environment capable of handling more users. Technologies revolving around user density have improved – as have platforms around virtualization. Organizations can place much larger amounts of workloads on more condensed pieces of equipment and leverage virtualization to reduce the hardware footprint.

A large part of the conversation, as it always does, revolves around security. This can range from data-loss prevention (DLP) to securing multiple points both within and outside of a healthcare IT network. To keep up with cloud computing and virtualization advancements, security technologies have come a long way as well. Now, healthcare administrators are able to work with much more than just a physical firewall.

Software-defined technologies – The term “software-defined” has been gaining some steam and rightfully so, seeing as the technology is designed to specifically simplify the networking and security process. New types of software-based engines are available to take security to a whole new level. Application firewalls and load-balancing virtual servers help create a more robust infrastructure. Administrators are able to do much more with software-driven features. Plus, the management capabilities of these technologies have come a long way as well.

Security virtualization – Although physical firewalls still have a strong place in the industry, new types of products are gaining momentum as well. Virtual firewalls or virtual security appliances are making their way into many large health care environments. For those points in the network which require that hardware aspect, working with a hardened appliance may be the right move. However, for internal traffic security or some type of policy-based service – why deploy a physical device? This is where virtual appliances can really help out. Not only can you assign numerous routes and paths to the device via a robust vNIC environment, these appliances are extremely agile. As a virtual device, it can be migrated, copied, and easily backed up to new locations if needed.

Advanced scanning and control engines/policies – New types of policies and scanning engines are being deployed within the new security appliance models. Built on board, features like data-loss prevention (DLP), intrusion detection/prevention services (IPS/IDS), and even disaster recovery load-balancing, are all become more standard. These policies are directly designed around an evolving infrastructure. For example, Distributed Denial of Service (DDoS) attacks have evolved over the years. Now, we have both high-bandwidth (volumetric) as well as application-layer attacks. Because of these new types of threats, security devices can now scan nodes inside of the network (virtual appliances can do this) while at the same time scanning the Internet service provider (ISP)’s cloud.  Remember the following:

- The best pace to stop high-bandwidth DDoS attacks is in the ISP’s cloud (via network-based DDoS protection).

- The best place to perform application-layer DDoS detection and mitigation is at the network perimeter.

Cloud security – The evolution of security has certainly taken us into the cloud. Now, more devices are tasked with scanning more types of traffic coming into a healthcare infrastructure. The ability to control private as well as hybrid cloud environments is a need for many growing organizations. Now, security appliances can work with identity federation to allow secure access into cloud-based workloads. Furthermore, new technologies allow administrators to create application-specific Micro-VPN connection back into the environment. This can be done without the need to have the device connect via a full VPN. Instead, only a specially wrapped application can request that secure tunnel.

Controlling end-user devices and BYOD – End-user device control is an important part of any BYOD initiative. Furthermore, administrators need to see what data is flowing through those end-points and secure that as well. New types of device interrogation mechanisms can help allow only certain types of devices access to the network. For example, administrators can check for rooted devices or ones without the right patch level. From there, they can allow or allow partial access into the environment. Furthermore, features like geo-fencing can block users coming in from unsecure areas or outside of an approved area altogether.

As part of the logical evolution of IT – security products had to adapt to the growing demand for cloud computing and IT consumerization. As mentioned earlier, the IT environment has come far beyond the standard physical. Mobile devices, cloud computing and a distributed infrastructure all demand a new type of security platform. Administrators now have the option of deploying physical, virtual, and even hybrid platforms at any point within (or outside) their current environment. The ability to connect cloud platforms and distribute data securely is becoming a true reality. Beyond efficiency for a healthcare organization – new security platforms have redefined how data integrity works. With better scanning engines and the ability to stop data leakage – security administrators can focus on helping their IT environment grow with the needs of the healthcare organization.

Bill Kleyman, MBA, MISM, has heavy experience in network infrastructure management. He has served as a technology consultant and taken part in large virtualization deployments while be involved in business network design and implementation. He is currently the Virtualization Architect at MTM Technologies Inc. and his prior work includes Director of Technology at World Wide Fittings Inc.