Jun 18 2021

SASE Offers Security in Cloud Migration for Healthcare Organizations

Here’s how secure access service edge can work for organizations undergoing cloud migration.

What’s the best way to secure your applications as they move to the cloud? Gartner suggests the answer is secure access service edge. SASE is not a new concept: It’s a bundling of other trusted network and security technologies, viewed through the lens of a mobile workforce with cloud-based applications.

What Is SASE in a Nutshell?

SASE is a way of thinking about how to break out of an isolated data center and shift to cloud-accessible applications. Its focus is on getting users to the applications, combining networking and security.

The “secure access” part suggests that organizations use zero-trust network access (ZTNA) whenever possible and VPNs only when necessary. The “service edge” part requires IT teams to apply best practices in network-edge and endpoint firewalls, combined with the strongest cloud security tools available.

What Does SASE Do for Healthcare Organizations?

SASE lets you zoom out to consider applications and how users connect to them at the same time. Without a big-picture framework, organizations can end up with cloud-hosted applications that no one can use, or that are not secure.

What Are the Steps to Move to SASE?

The biggest piece of SASE is implementing ZTNA. This requires a strong identity management program that includes multifactor authentication, as well as significant network and firewall changes and application adjustments to integrate with ZTNA, such as single sign-on. The second step is shifting applications to the cloud and bolting on cloud-compatible security tools. This step can be challenging, but the lessons learned from ZTNA can speed the process.

How Does SASE Affect Patient Privacy and Health Information?

SASE is neutral regarding HIPAA privacy rules. However, SASE enables healthcare providers to field a more mobile workforce, which can lead to practices such as delivering patient data to clinicians on smartphones. This can create privacy concerns.

WATCH: Why Does Zero-Trust Adoption Continue to Gain Prominence?

IT managers should include strong authentication of both devices and users. They should also revisit their policies and technologies for bring-your-own-device and choose-your-own-device programs to ensure they preserve patient privacy.  

How Do I Reconcile HIPAA and SASE’s Access Freedoms?

SASE protects a cloud-focused approach to application delivery, which might raise alarm bells for healthcare organizations. IT managers may be tempted to provide access to resources via VPN to re-create the closed garden of a private data center. But that won’t move you very far down the path of SASE. It will also create a disconnect as you try to incorporate Software as a Service application and security offerings.

jörg röse-oberreich/Shutterstock