- The healthcare world is becoming ever more reliant on IT and data center infrastructures. With any new type of technological advancement, the security conversation is always nearby. The reality is simple – the greater the reliance on a certain type of platform – the bigger the target becomes. With more IT consumerization, many more devices, users and a lot of data, healthcare security administrators need to take a new approach to the security challenge.
Traditionally, many environments have focused on securing wide area network (WAN) points and various infrastructure components. In the past, a physically-sound healthcare environment would keep most security officers or IT administrators happy. However, times have changed and more users are bringing in their own devices to connect to the network. Furthermore, there is more utilization of cloud computing and the Internet in general in healthcare. With that in mind, a new way of thinking is required to create a truly robust and secure healthcare IT infrastructure. When working with modern-day healthcare security challenges, starting the process with end-user security can eliminate many unseen environment holes.
Conduct user analysis: One of the first steps in creating a robust security plan is to understand the end-user environment. Remember, no user is built the same and each person likes their own level of personalization. So, although there are user groups, don’t forget about the individual either. Each user group will likely interact with various parts of the environment. Some will need more Internet connectivity, while others will rely heavily on internal systems. Whichever the case, healthcare security administrators must first understand how these users interact with core systems, what data is passed, and how security can be applied without hurting productivity.
Using virtual desktop infrastructure (VDI): Once an analysis has been completed – a scenario may arise where VDI is the right use-case. Why is this an option for healthcare security? With a virtual desktop, administrators are able to completely centralize applications, settings and the entire workload in general. These desktops can then be delivered to controlled thin client endpoints. Today’s virtualization technologies allow for granular user controls and performance optimizations. Locations such as labs, kiosks and even call centers are perfect placements for a VDI deployment. With this type of platform – nothing is stored at the end-point and desktops can be rapidly provisioned and de-provisioned based on demand. Not only is this secure, it’s also improves resource efficiency.
Using next-generation security: This area ranges from virtualization and VDI aware antivirus solutions to modern scanning and policy engines. From a next-generation security perspective – let’s apply the concept to healthcare. Recently, a Wisconsin-based hospital dealt with a massive security hack that infected a staff member’s system. In a revelation, representatives of the healthcare organization indicated that the infected system contained 43,000 patients’ records consisting of names, birth dates, residential addresses, diagnoses, medical record numbers, and within a few instances – Social Security Numbers. Next-generation security products are designed to stop these types of attacks.
Whether it’s a data-loss prevention (DLP) engine scanning the network for certain types of data transmissions or an intrusion prevention (IPS/IDS) service blocking unauthorized entry into an end-point, these technologies are designed to be optimized and very agile. Now, you can deploy agent as well as agentless security components throughout the network and even at the hypervisor level. Furthermore, you are able to disable specific hardware components for end-user machines. Remember to always scan data as it enters and leaves certain machines. Deploying virtual security appliances throughout the environment can help with this as well.
Don’t block BYOD, control it: There’s really no escaping IT consumerization and the rise in user-driven devices. In reality, there are three major ways to approach this new trend: Block it entirely, leave it wide open or deploy control mechanisms. There’s no reason to block the end-user from utilizing a tablet device or even their laptop. In using intelligent technologies, healthcare administrators can interrogate devices to ensure optimal security and that the connection point is secure as well. Furthermore, products like MobileIron and XenMobile help healthcare organizations empower their BYOD platforms rather than make them feel restrictive. In having a good control mechanism, security administrators are able to allow users to deploy their devices and then deliver applications and even desktops to that end-point. Even with consumer-based devices, there still can be direct visibility into what the user is accessing, where they are sending the data, and how they are connecting into the network in general.
The user layer is going to continue to evolve and, most likely, become even more complex. The influx of new types of devices entering your healthcare environment does not have to be a curse. In fact, empowering the user by creating a more robust security platform not only creates a more productive workforce, it also allows the user to be more comfortable with that technology. Understanding what individual user groups are doing, how they access their information and work both internally and externally can paint a great picture of the user personality.
Once that’s established, healthcare security administrators can create an environment around optimization and better end-user computing experiences. This will allow for administrators to continue to control their healthcare IT infrastructure while still meeting the needs of both the business and the end-user.
Bill Kleyman, MBA, MISM, has heavy experience in network infrastructure management. He has served as a technology consultant and taken part in large virtualization deployments while be involved in business network design and implementation. He is currently the Virtualization Architect at MTM Technologies Inc. and his prior work includes Director of Technology at World Wide Fittings Inc.