New research reveals the opportunities Zero Trust creates for healthcare security  

New research reveals the opportunities Zero Trust creates for healthcare security  

Zero Trust Architecture has gained paramount importance as the healthcare industry starts to include more connected Internet of Medical Things (IoMT) devices, Augmented Reality and robotics within care pathways. However, the Zero Trust model – never trust, always verify, assume breach and verify explicitly – is not a one-size-fits-all approach. The road to Zero Trust is an iterative process that relies on the IT security team to be thoughtful in determining how moving to a Zero Trust model will affect core processes and patient care.  

To help IT leaders understand Zero Trust principles and examine leading vendor architectures, Info-Tech Research Group has published a new industry blueprint, Navigate Zero-Trust Security in Healthcare

A fully implemented Zero Trust solution makes it harder for attackers to access, encrypt or steal digital assets such as medical health records. Zero Trust helps healthcare IT security teams manage risk across multiple domains, including devices, applications such as billing and scheduling, identities and data. 

While healthcare CIOs and CISOs recognise the value of pursuing a Zero Trust security strategy, they can also encounter several challenges including: 

  • Winning over a sceptical clinical audience by applying the principles of Zero Trust. 
  • Difficulties in the ability to identify, track and verify all devices in their healthcare network. 
  • Moving away from a perimeter-based security architecture to a Zero Trust Architecture while demonstrating that this change will support the provision of healthcare. 

Zero Trust is a strategy that forgoes reliance on perimeter security and moves controls to where users access resources. It consolidates security solutions and saves operating expenditures while also enabling business mobility by securing the digital environment at all layers. 

Knowing where to start is crucial for IT leaders, as Zero Trust is not only complex from an architectural perspective but there is also no clear checklist to follow when revising your security posture to adopt Zero Trust. The blueprint suggests to leaders and their teams the following life cycle of a Zero Trust deployment: 

  1. Build cybersecurity resilience 
  1. Risk prioritisation 
  1. Deployment and review 
  1. Assessment 

As well, Info-Tech advises the following steps when implementing a Zero Trust Architecture, especially in a healthcare environment: 

  • Define objectives before architecting a Zero Trust environment. 
  • Design from the inside out rather than from the outside in. 
  • Plan to achieve a centrally managed platform rather than distinct, multiple tools. 

As examples and additional guidelines, the blueprint also recommends examining the security architectural frameworks that organisations like Microsoft and Google have applied to their environments. 

To modernise and safeguard the technology assets of healthcare organisations, Info-Tech advises that IT must convince clinical leaders to add more security controls that go against the grain of reducing friction in workflows while demonstrating these controls support the organisation. When implemented properly, Zero Trust embeds security into existing processes.