CIO Influence
CIO Influence News IoT

Zero-Trust Presents an Opportunity for Healthcare IT Leaders to Improve Security of Technology Assets, Says New Blueprint From Info-Tech Research Group

Zero-Trust Presents an Opportunity for Healthcare IT Leaders to Improve Security of Technology Assets, Says New Blueprint From Info-Tech Research Group

Zero-trust architecture has gained paramount importance as the healthcare industry starts to include more connected Internet of Medical Things (IoMT) devices, augmented reality, and robotics within care pathways. However, the zero-trust model – never trust, always verify, assume breach, and verify explicitly – is not a one-size-fits-all approach. The road to zero-trust is an iterative process that relies on the IT security team to be thoughtful in determining how moving to a zero-trust model will affect core processes and patient care. To help IT leaders understand zero-trust principles and examine leading vendor architectures, global IT research and advisory firm Info-Tech Research Group has published a new industry blueprint, Navigate Zero-Trust Security in Healthcare.

A fully implemented zero-trust solution makes it harder for attackers to access, encrypt, or steal digital assets such as medical health records. Zero-trust helps healthcare IT security teams manage risk across multiple domains, including devices, applications such as billing and scheduling, identities, and data.

CIO INFLUENCE: Apprentice Now Joins Amazon Web Services Training Partner Program to Deliver AWS Cloud Skills Training

While healthcare CIOs and CISOs recognize the value of pursuing a zero-trust security strategy, they can also encounter several challenges including:

  • Winning over a skeptical clinical audience in applying the principles of zero-trust.
  • Difficulties in the ability to identify, track, and verify all devices in their healthcare network.
  • Moving away from a perimeter-based security architecture to a zero-trust architecture while demonstrating that this change will support the provision of healthcare.

Zero-trust is a strategy that forgoes reliance on perimeter security and moves controls to where users access resources. It consolidates security solutions and saves operating expenditures while also enabling business mobility by securing the digital environment at all layers.

Knowing where to start is crucial for IT leaders, as zero-trust is not only complex from an architectural perspective, but there is also no clear checklist to follow when revising your security posture to adopt zero-trust. The blueprint suggests to leaders and their teams the following lifecycle of a zero-trust deployment:

  1. Build cybersecurity resilience
  2. Risk prioritization
  3. Deployment and review
  4. Assessment

CIO INFLUENCE: PlainID Launches The PlainID Technology Network to Enable Identity Aware Security for Advanced Access Control

As well, Info-Tech advises the following steps when implementing a zero-trust architecture, especially in a healthcare environment:

  • Define objectives before architecting a zero-trust environment.
  • Design from the inside out rather than from the outside in.
  • Plan to achieve a centrally managed platform rather than distinct, multiple tools.

As examples and additional guidelines, the blueprint also recommends examining the security architectural frameworks that organizations like Microsoft and Google have applied to their environments.

To modernize and safeguard the technology assets of healthcare organizations, Info-Tech advises that IT must convince clinical leaders to add more security controls that go against the grain of reducing friction in workflows while demonstrating these controls support the organization. When implemented properly, zero-trust embeds security into existing processes.

CIO INFLUENCE: Ascend.io Launches Solution in Partnership with Snowflake, Enabling Cost Savings for Data Teams

[To share your insights with us, please write to sghosh@martechseries.com]

Related posts

Beyond Identity Enables Any Business to Eliminate Authentication Friction and Account Takeover Fraud

CIO Influence News Desk

Options Announce Fourth Microsoft Gold Partner Status, With Addition of Project and Portfolio Management Competency

Digital Element Enhances Nodify, Providing Security Teams With Industry Leading Insights Into Nefarious VPN Usage

CIO Influence News Desk