SECURITY
RESEARCH REVEALS OPPORTUNITIES ZERO TRUST CREATES FOR HEALTHCARE SECURITY
Zero Trust Architecture has gained paramount importance as the healthcare industry starts to include more connected Internet of Medical Things ( IoMT ) devices , Augmented Reality and robotics within care pathways . However , the Zero Trust model – never trust , always verify , assume breach and verify explicitly – is not a one-size-fits-all approach . The road to Zero Trust is an iterative process that relies on the IT security team to be thoughtful in determining how moving to a Zero Trust model will affect core processes and patient care .
To help IT leaders understand Zero Trust principles and examine leading vendor architectures , Info-Tech Research Group has published a new industry blueprint , Navigate Zero-Trust Security in Healthcare .
A fully implemented Zero Trust solution makes it harder for attackers to access , encrypt or steal digital assets such as medical health records . Zero Trust helps healthcare IT security teams manage risk across multiple domains , including devices , applications such as billing and scheduling , identities and data .
While healthcare CIOs and CISOs recognise the value of pursuing a Zero Trust security strategy , they can also encounter several challenges including :
» Winning over a sceptical clinical audience by applying the principles of Zero Trust .
» Difficulties in the ability to identify , track and verify all devices in their healthcare network .
» Moving away from a perimeterbased security architecture to a Zero Trust Architecture while demonstrating that this change will support the provision of healthcare .
Zero Trust is a strategy that forgoes reliance on perimeter security and moves controls to where users access resources .
It consolidates security solutions and saves operating expenditures while also enabling business mobility by securing the digital environment at all layers .
Knowing where to start is crucial for IT leaders , as Zero Trust is not only complex from an architectural perspective but there is also no clear checklist to follow when revising your security posture to adopt Zero Trust .
The blueprint suggests to leaders and their teams the following life cycle of a Zero Trust deployment :
1 . Build cybersecurity resilience 2 . Risk prioritisation 3 . Deployment and review 4 . Assessment
As well , Info-Tech advises the following steps when implementing a Zero Trust Architecture , especially in a healthcare environment :
» Define objectives before architecting a Zero Trust environment .
» Design from the inside out rather than from the outside in .
» Plan to achieve a centrally managed platform rather than distinct , multiple tools .
As examples and additional guidelines , the blueprint also recommends examining the security architectural frameworks that organisations like Microsoft and Google have applied to their environments .
To modernise and safeguard the technology assets of healthcare organisations , Info-Tech advises that IT must convince clinical leaders to add more security controls that go against the grain of reducing friction in workflows while demonstrating these controls support the organisation . When implemented properly , Zero Trust embeds security into existing processes . �
www . intelligenthealth . tech 57