- In terms of trends, we need to come to some serious realities as it relates to the conversation around the Internet of Things (IoT) and healthcare data security.
IoT and wearable systems will be making a big impact on a variety of industries. A recent Cisco report goes on to say that an important factor contributing to the growing adoption of IoE is the emergence of wearable devices, a category with high growth potential.
Wearable devices, as the name suggests, are devices that can be worn on a person and have the capability to connect and communicate to the network either directly through embedded cellular connectivity or through another device (primarily a smartphone) using Wi-Fi, Bluetooth, or another technology.
The report describes how these devices come in various shapes and forms, ranging from smart watches, smart glasses, heads-up displays (HUDs), health and fitness trackers, health monitors, wearable scanners and navigation devices, smart clothing, etc.
The growth in these devices has been fueled by enhancements in technology that have supported compression of computing and other electronics (making the devices light enough to be worn). Although there have been vast technological improvements to make wearables possible as a significant device category, wide-scale availability of embedded cellular connectivity still has some barriers to overcome for some applications, such as technology limitations, regulatory constraints, and health concerns.
Nevertheless, the report estimates:
- By 2020, there will be 601 million wearable devices globally, growing fivefold from 97 million in 2015. And, also importantly, traffic from wireless and mobile devices will exceed traffic from wired devices by 2019.
- By 2019, wired devices will account for 33 percent of IP traffic, while Wi-Fi and mobile devices will account for 66 percent of IP traffic. In 2014, wired devices accounted for the majority of IP traffic at 54 percent
New “end-point” conversations are no longer limited to laptops and PCs. We’re now including wearable devices, tablets, and smart devices into the conversation. All of these systems will be accessing new types of applications and services.
To stay competitive, healthcare will simply have to adapt. But that doesn’t mean they need to skimp on security.
It’s important to note that today’s healthcare data security landscape is fundamentally different than before; and grows more complex every single day.
Multi-vector threats and attacks have evolved from simple, volumetric attacks to something much more sophisticated. Now, attackers are using application-layer and HTTP attacks against certain targets within an organization. Arbor Networks 10th annual Worldwide Infrastructure Security Report illustrates this point very clearly.
- The largest reported attack in 2014 was 400Gbps, with other large reported events at 300, 200 and 170Gbps with a further six respondents reporting events over the 100Gbps threshold. Ten years ago, the largest attack was 8 Gbps.
- Firewalls and IPS devices continue to be targets for attackers. According to the report, over one third of organizations had firewall or IPS devices experience a failure or contribute to an outage during a DDoS attack.
- Security incidents are up but enterprises are not fully prepared to respond. The report points out that just over one third of respondents indicated an increase in security incidents this year, with about half indicating similar levels to last year. Forty percent of respondents felt reasonably or well prepared for a security incident, with 10 percent feeling completely unprepared to respond to an incident.
With this in mind, how can healthcare keep up? With so many new devices connecting into the network, where does security play a role?
Security as a multi-layered, contextual, process
Security services are now both physical and virtual. They can run at the hypervisor, network, and storage layer. You can identify specific policies around ACLs and even granularly control wired and wireless traffic. You can have a security architecture which asks contextual questions about the session in order to better process user demands while still enforcing policies. For example, “Who is their user? Where are they coming in from? What device are they using?” can all be contextual identifiers for given repositories of PHI data sets.
Creating intelligence around data and user contexts
Diving deeper, modern security systems dive into the user and their experience. Not only can you create QoS policies to optimize data delivery, you can also granularly secure that traffic. You ensure that the user’s device is not compromised and that PHI always stays on premise. The same control mechanisms are also the ones that shift resources based on user location. This also creates a lot of infrastructure intelligence. Policies can manage IP-based traffic, ensure efficient delivery, and even secure the data. Now, you can couple this with peripherals, connected devices, and even IoT in the healthcare world.
Utilizing next-generation security options
Unified threat management (UTM) appliances are great. However, when it comes to healthcare data security, and IT security in general, there really is no one silver bullet. Rather, it’s critical to use next-generation security technologies and services as an addition, or supplement to your current security architecture. These solutions run as virtual as well as physical appliances scanning deep within your data and network layers. Next-generation IPS/IDS engines integrate with cloud security systems that scan billions of web requests and emails, millions of malware samples, millions of network intrusions attempts, and even open source data sets.
Create security partnerships
Sometimes it’s not enough to just deploy the security architecture. You have to test it, validate against it, and continuously keep up with the pace of the bad guys. Working with security partners helps keep a healthcare environment ready to respond faster to malicious events. It’s critical not to ever feel overly secure when it comes to healthcare data security. Many healthcare organizations are still updating their security platforms, and realizing that a data breach is extremely costly. Vulnerability tests should be ongoing activities. It needs to be understood that healthcare (and security in general) is a very fluid, ever-evolving, practice.
Healthcare environments must not only adapt to new types of devices coming into the network, they must also be ready when it comes to security requirements. This means responding faster, and locking down events more effectively.
To accomplish this, healthcare data centers will need to create smarter networks. These new kinds of environments will have deeper capabilities around data control, network access, and ecosystem monitoring.
In today’s healthcare world, you must acknowledge the simple fact that your data is a target. With that in mind, create healthcare data security architectures capable of responding to incidents quickly, while still keeping your infrastructure agile.