Healthcare Information Security

Cybersecurity News

How to Best Migrate and Secure Healthcare Applications

Ensuring secure healthcare applications can be challenging for covered entities, but it can be successfully accomplished.

By Bill Kleyman

- So, you’re in the healthcare world and are dealing with a challenging (sometimes legacy) application. Who isn’t?

Secure healthcare applications should be a top priority for covered entities

The reality here is that a great majority of IT environments have some kind of application challenge. Sometimes it could be security, while other times it’s trying to figure out how to best optimize the entire app.

With virtualization continuing to impact healthcare environments, how do you migrate and secure healthcare applications into a virtual ecosystem? Here’s the other big consideration, what about cloud?

Cloud computing now allows for healthcare workloads – even those wrapped with compliance regulations – to be virtualized and placed into the cloud. This is a huge shift forward as more IT managers strive to achieve even greater levels of efficiency. The biggest challenge usually arises with applications that are difficult to move, virtualize, and sometimes secure. So, if you’re working with challenge applications and want to find a new way to deliver them securely – consider the following.

Conduct an application analysis and mapping

READ MORE: Best Practices for SQL Server Deployment in Healthcare

There will come a time when running a legacy app will simply no longer make any sense. Yes, even if it “still works,” it might nevertheless be time to migrate. Before any initiative starts, there are some powerful tools that can do deep application analytics. This involves understanding policies, security architectures, dependencies, user interaction, and even what the application is compatible with. You can run these analyses against older applications to see if they can be virtualized, migrated, and what resources are required to even run this app in a new environment. In working with any challenging application, get as many details as possible first. If your results come in showing that you have a completely immobile application, you’re going to need to make some serious healthcare IT and business decisions. Does it make sense for you to run on a rigid application, or does it make sense to make an investment and move to an architecture that’s a lot more agile?

Understand various virtualization options

There are a number of different ways to deliver complex applications. Virtualization is one of those great ways. Within the realm of healthcare virtualization, your application delivery options revolve around application packages and streaming, hosted applications, and virtual desktops. Each of those options works well and each of those can help offload challenging applications into a virtual ecosystem. The key is knowing which type of environment is best and how you can secure it all. The great part with virtualization is the capability to isolate and secure entire data sets and workloads. Compliance apps can live on their own VM (even on a segmented LAN), accessing its own set of resources. In some cases, the app needs to be installed on a server, and streamed to an endpoint as a package. This way you can wrap specific policies, network settings, and even drivers into an application. Similarly, you can virtualize an application and present it on a virtual sever as a hosted app. This is a great way to give numerous users access to a shared and secured application architecture. Finally, with VDI, you can deploy specific applications into virtual desktops being presented to policy-based user groups. This is a great way to control apps as they interact with subsets of users.

Security can be wrapped around a number of physical, virtual, and cloud components

New types of security technologies allow you to wrap powerful policies around the network, data center, and even application layers. IPS and IDS solutions contextually scan your entire ecosystem to ensure compliance data is not leaked. When working with challenging applications, know that you can push them into a virtual or even cloud environment. After you conduct your analysis and truly understand the definition of your applications, you’ll be able to see how to integrate them with cloud and a robust virtual infrastructure. If you’re moving a bare-metal application into a cloud environment make sure you have support from your vendor and even sometimes your virtualization product. Some healthcare applications are actually being designed to be virtualized. Know that some legacy apps are built on older code bases and will just fundamentally be challenging to work with. Even if the initial cost seems large to move away from an app, the longer term business value may very well outweigh that first investment. Think about the value of your data and your digital assets and then think about how well your existing or legacy apps can support that. Remember, you’re not just trying to move a challenging application into a new environment. You’re also trying to improve user experiences, optimize the business, and better control all of your critical data points.

READ MORE: How End-Point Evolution Will Impact Healthcare Data Security

The reality here is that there is no one silver bullet for secure healthcare application migration. Various apps have numerous requirements, dependencies, and challenges around migration. But this doesn’t mean it’s impossible.

You really need to understand the value of your apps, how to best deliver them, and the overall impact on your healthcare ecosystem. The more agile your application environment, the faster you can adapt to healthcare and industry market changes. Even if your legacy application works today, this doesn’t mean it’s actually bringing value to your business. Know when to make the migration, plan out the process, and make sure it aligns with your overall healthcare goals. 


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks