- Let’s be honest. If you start to discuss all the various aspects of healthcare data security, it’s easy to get overwhelmed quickly. There are so many parts and pieces when it comes to working with proper healthcare security it’s safe to say that it can all get chaotic. And yet, we continue to see large investments being made into overall security spend.
Gartner recently forecasted that security spending will total $96.3 billion in 2018, an increase of 8 percent from 2017. Organizations are spending more on security because of regulations, shifting buyer mindset, awareness of emerging threats, and the evolution to a digital business strategy.
"Overall, a large portion of security spending is driven by an organization's reaction toward security breaches as more high profile cyberattacks and data breaches affect organizations worldwide," said Gartner Research Director Ruggero Contu. "Cyberattacks such as WannaCry and NotPetya, and most recently the Equifax breach, have a direct effect on security spend, because these types of attacks last up to three years."
Here’s the big question: Are you focusing on your specific security use cases or are you chasing industry trends? Because if it’s the latter, you’re in for a long run.
We know that healthcare is a constant target. We also know that this isn’t going to change. So, instead of talking about a very specific security solution or a new type of healthcare security model, I want to look at the concept of healthcare security from a high-level, practical perspective. That is:
• Security at the datacenter level
• Security at the end-point (end-user) level
• Security in the middle
When planning out a healthcare security platform, there are a few important considerations that must be made to ensure the appropriate tools are in place.
Simply going with one vendor without realizing the impact on the new environment can have detrimental results on performance and the end-user experience. To better understand some of the ramifications, administrators should use technologies that are created to live in the hybrid world—cloud and virtual.
Some of these practical points include:
Deploy intelligent security solutions. Next-generation security platforms can integrate with on premise as well as cloud systems. And yes, they can work with regulation requirements and compliance. Most of all, they can positively impact the healthcare delivery model. Intelligent security best practices take a holistic approach to the entire solution.
Let’s face it, standalone security solutions won’t be able to cover your entire healthcare entity. Look for tools which integrate with your critical systems both within the data center and when working with cloud. Finally, good security solutions also help provide greater levels of automation and orchestration around security events. In these cases, your security platform can mitigate an attack and reduce negative impacts.
Your basic piece of advice revolves around this question: Is your new security solution there to just secure your environment or is it there to help aggregate data and make better security decisions? That’s the different between traditional security and next-generation capabilities.
Have a good management platform. Having a solid management platform revolving around security is an absolute must. When it comes to security, being proactive and having visibility into a healthcare environment is crucial to catching small issues before they become big problems. Do you have a network switch somewhere you forgot about? Maybe there’s a lab environment that hasn’t been patched in a while. Or, maybe there’s a small remote office that hasn’t been checked in some time.
When it comes to distributed healthcare IT, the saying is simple but very accurate: You can’t manage data that you can’t see. New types of management platforms connect applications, virtual systems, and monitoring all under one management plane. Furthermore, you can now use log and event management to get real-time information about your healthcare environment focusing on inefficiencies, security issues, and even user experience challenges.
Choose a solution that is adaptable. Advanced, enterprise-ready, security products are capable of focusing not on one, but multiple vendors, applications, and even services. Pick a model that can handle a variety of healthcare technologies to ensure maximum flexibility for your environment.
From there, ensure your security model can deliver the workloads you need for your business to be efficient. This means that security solutions should not impede the business process, but rather enable it. In creating a solid virtualization, cloud, and security architecture, your healthcare IT system must be agile and scale with the needs of your business. This could mean deploying both physical and virtual security options.
Look for latest generation, cloud-ready features. When working with a mobile healthcare patient or workforce, look for a solution that has a very light footprint on the endpoint and can handle a lot of the processing and definitions within a cloud environment. This will remove the resource hit on the network bandwidth utilization while still delivering the proper amount of cloud and virtual environment security.
From there, work with solutions that can interrogate devices coming into your healthcare environment. BYOD, IT consumerization, and even IoT are introducing many new devices into the healthcare data center. Never leave these parts of your infrastructure unmanaged. A lost or breached device can become a serious healthcare security concern.
The final piece of advice is to apply security based on perspective; that is, think about your users. How are they leveraging your systems? Are they more mobile than stationary? Similarly, are you developing a lot of in-house applications? Is that environment secure and is your DevOps team using best practices around their designs?
Applying security from a contextual perspective will make your life easier. As overwhelming as security in the healthcare world might be, when you piece it out based on use case or business division, aligning the right security model becomes easier.
Finally, don’t be afraid to ask for help. Complacency is security’s worst enemy. When you feel like everything is working great and you’re not worried about security, that is usually a good time for an audit, just to make sure.