Identity Access Management Is the Foundation of SASE for Healthcare
The foundation of SASE is the zero-trust security model. Behind a traditional enterprise perimeter or firewall, IT teams would trust devices and users by default. In a distributed environment with no perimeter, trust cannot be guaranteed, even if a connection to the corporate network has been established.
In the zero-trust model, user and device identity must be authenticated to access a network and anything on it, such as business applications, servers or other devices. SASE implementations often couple zero trust with the principle of least privilege, which grants users, devices or applications access only to what they need to do their job or complete a task. Assets that cannot be accessed aren’t even visible to users or devices, Eren says.
READ MORE: SASE offers security in cloud migration for healthcare organizations.
“One of the most important investments before moving to SASE is to get identity and access management in order,” he adds. “Without a central repository of users, groups and assets, it’s difficult to roll out security and connectivity. SASE and zero trust make it possible to securely extend work to remote destinations because of this explicitly assigned access.”
Just as SASE de-emphasizes blanket access to corporate assets for anyone or anything logged, it also avoids maintaining the same level of privileged access for a long period of time.
“Once the access is granted, it’s important to constantly re-evaluate the posture of the user or device to determine whether to evolve that level of privilege,” says Abe Ankumah, CEO and co-founder of Nyansa, a network analytics software company that is now part of VMware. For example, an employee’s role with an organization may change, or a medical device may no longer run a supported version of Windows. “Just because something was granted privilege doesn’t mean that they get to keep it.”
3 Common Starting Points for SASE in Healthcare
Adopting SASE in a healthcare setting doesn’t require a sudden, wholesale transition. “You need to be thoughtful about a strategy that won’t require a rip-and-replace,” Ankumah says.
There are three common starting points for deploying SASE architecture in healthcare. Each has played a role in helping hospitals support care delivery and maintain business operations during COVID-19.
- Replacing the VPN: Administrative staff continue to transition away from working in the hospital setting. To provide access for these employees, health systems are looking to replace the virtual private network, which was not originally designed to provide constant access to thousands of employees, Ankumah says. The SASE approach and the zero-trust model enable organizations to manage access at network endpoints while reducing their attack surface, he adds.
- Migrating to the cloud: Today’s enterprises are getting out of the data center business, both to reduce expenses and to increase agility. Healthcare organizations are no exception, though the need to secure protected health information heavily influences how health systems deliver business applications in the cloud. Here, SASE combined with cloud access security broker (CASB) software can monitor user activity, enforce security policies and encrypt data across the network, rather than for each individual application or endpoint connection, as with on-premises deployments.
- Optimizing application performance: Clinical staff working remotely need access to patient data in electronic health record systems just as quickly as those working inside the four walls of a hospital. CASB coupled with SASE can monitor the activity and performance of business applications and prioritize bandwidth for business-critical apps. This has the added benefit of increasing the number of calls to a server farm or data center that a network can handle, says Laurence Pitt, global security strategy director for Juniper Networks.
MORE FROM HEALTHTECH: 4 key advantages of SD-WAN technology for healthcare.
Many healthcare organizations are “doing SASE by default,” even if they aren’t using the term to refer to their network and security strategy, Pitt says.
“Healthcare is being pushed into SASE, and IT pros need to start preparing themselves,” he says. “They shouldn’t fight it; it will protect their environment and keep people safer.”