- Healthcare organizations are spending a lot of money on their security strategies. And yet we still see large numbers of breaches, data loss, and health data security incidents. To combat this, healthcare continues to invest in security solutions.
The latest IDC Security Spending Guide indicates that worldwide revenues for security-related hardware, software, and services will reach $81.7 billion in 2017, an increase of 8.2 percent over 2016. Global spending on security solutions is expected to accelerate slightly over the next several years, achieving a compound annual growth rate (CAGR) of 8.7 percent through 2020 when revenues will be nearly $105 billion.
"The rapid growth of digital transformation is putting pressures on companies across all industries to proactively invest in security to protect themselves against known and unknown threats," said Eileen Smith, program director, Customer Insights and Analysis. "On a global basis, the banking, discrete manufacturing, and federal/central government industries will spend the most on security hardware, software, and services throughout the 2015-2020 forecast. Combined, these three industries will deliver more than 30 percent of the worldwide total in 2017."
Following telecommunications, the industries with the next fastest five-year growth rates (CAGR) around security spending are state/local government (10.2 percent), healthcare (9.8 percent), utilities (9.7 percent), and banking (9.5 percent).
As we create more data within the healthcare world, we’ll encounter more instances of attacks and infrastructure breaches. In my experience, technology alone won’t solve your security challenges. In fact, this only a small part of the entire security solution.
If you’ve worked with healthcare security solutions, you undoubtedly know the term “people, process, and technology.” But what does that really mean when creating a security strategy? How can you apply it to your healthcare organization to really enable a good security architecture?
Well, when thinking about people, process, and technology, let’s shift the paradigm in how we approach this methodology.
Train your people
I firmly believe that people are one of the biggest pieces for a successful security strategy. You can have the best processes and technologies in place, but if your people don’t know what to do with that strategy, it’ll all fail quickly. Time and time again I see healthcare organizations train only a handful of people or don’t share their security vision with all staff members. This is why we find spreadsheets with sensitive data on machines, why we still see sticky notes with passwords, and why we still experience simple security challenges. However, these “simple” security challenges can quickly become major problems. It’s critical to work with people to help them understand the role they play in the overall security strategy. And, this can’t be cumbersome. Leading security strategies that revolve around user training allow the process to be transparent and even something that enhances the overall user’s role. The first step in creating a security strategy must be understanding how users interact with hospital and IT systems. From there, you can create processes and leverage technologies to enable your people.
Constantly improve your processes
When you understand your people better, you can design optimal security processes. This can revolve around responding to risk, working with various types of security scenarios, designing a response plan, and even assigning roles during an emergency. Security process is not just an IT or legal initiative. In fact, a good security process will revolve around anyone who touches or interacts with sensitive data. Your process must revolve around data points, users, response technologies, security systems, physical devices, and more. It must also involve key people, response mechanisms, and – most importantly – constant testing. Validation of security process not only helps people stay sharp, it lets you understand where there can be improvements. With well-trained people and a good process, you enable your technology platform to be truly impactful in a security strategy.
Leverage leading technologies
You can have the best security solutions in place, but without well-trained people and a good process, it probably won’t do you much good for long. Leading security technologies now focus on end-point detection and response (think Red Cloak, Carbon Black, or Trend Micro). From there, powerful next-generation firewall solutions help control the entry into your healthcare ecosystem (Palo Alto, Checkpoint, Cisco). However, other types of security systems are impacting advanced use-cases when it comes to healthcare requirements. For example, Citrix Sharefile has a data sharing platform specifically for healthcare. Or, technologies like Rapid7 and Qualys are designed to do advanced data analytics for various types of cloud applications and systems. The point here is simple: don’t just look at traditional security systems for your overall strategy. You will need to examine other solutions to help users and patients better interact with healthcare services. Remember, the best way to integrate security technologies is to ensure that they actually improve user experience without complicating the process.
Within your own organization, take the time to really understand the concept of “people, process, and technology” beyond just the surface of it. Ask yourself, “How well am I training my people?” “What am I doing to improve my processes?” “Am I constantly using new technologies to create better security strategies?”
Too often we stagnate in one area or another. This is where issues can arise. Security strategies are fluid pieces of the healthcare environment and must be constantly evaluated and improved.