Sep 23 2021

What Is Secure Access Service Edge, and How Can It Help Your Healthcare Organization?

SASE offers a range of potential benefits for healthcare, including reduced exposure to security risks and faster access to mission-critical applications for users away from the hospital campus.

In a 2019 enterprise networking report, analyst firm Gartner coined the term secure access service edge to describe the combination of software-defined WAN with cloud-based security. SASE is intended to move security out of the enterprise data center and closer to users and their devices, which are increasingly deployed and used outside the traditional firewall.

For healthcare, SASE has emerged as an effective way to manage a workforce that’s increasingly distributed, whether it’s administrative staff working remotely, physicians providing care in branch offices or visiting nurses seeing patients in their homes.

“Pushing security controls as close to the sites, devices and users as possible is transformational, and it makes sense. But healthcare has perimeters with firewalls and appliances stacked on top of each other,” says Sinan Eren, vice president of zero-trust access at Barracuda Networks. “Healthcare benefits from SASE by pushing the controls to wherever the employees are, instead of concentrating security at a central location.”

Identity Access Management Is the Foundation of SASE for Healthcare

The foundation of SASE is the zero-trust security model. Behind a traditional enterprise perimeter or firewall, IT teams would trust devices and users by default. In a distributed environment with no perimeter, trust cannot be guaranteed, even if a connection to the corporate network has been established.

In the zero-trust model, user and device identity must be authenticated to access a network and anything on it, such as business applications, servers or other devices. SASE implementations often couple zero trust with the principle of least privilege, which grants users, devices or applications access only to what they need to do their job or complete a task. Assets that cannot be accessed aren’t even visible to users or devices, Eren says.

READ MORE: SASE offers security in cloud migration for healthcare organizations.

“One of the most important investments before moving to SASE is to get identity and access management in order,” he adds. “Without a central repository of users, groups and assets, it’s difficult to roll out security and connectivity. SASE and zero trust make it possible to securely extend work to remote destinations because of this explicitly assigned access.”

Just as SASE de-emphasizes blanket access to corporate assets for anyone or anything logged, it also avoids maintaining the same level of privileged access for a long period of time.

“Once the access is granted, it’s important to constantly re-evaluate the posture of the user or device to determine whether to evolve that level of privilege,” says Abe Ankumah, CEO and co-founder of Nyansa, a network analytics software company that is now part of VMware. For example, an employee’s role with an organization may change, or a medical device may no longer run a supported version of Windows. “Just because something was granted privilege doesn’t mean that they get to keep it.”

3 Common Starting Points for SASE in Healthcare

Adopting SASE in a healthcare setting doesn’t require a sudden, wholesale transition. “You need to be thoughtful about a strategy that won’t require a rip-and-replace,” Ankumah says.

There are three common starting points for deploying SASE architecture in healthcare. Each has played a role in helping hospitals support care delivery and maintain business operations during COVID-19.

  1. Replacing the VPN: Administrative staff continue to transition away from working in the hospital setting. To provide access for these employees, health systems are looking to replace the virtual private network, which was not originally designed to provide constant access to thousands of employees, Ankumah says. The SASE approach and the zero-trust model enable organizations to manage access at network endpoints while reducing their attack surface, he adds.
  2. Migrating to the cloud: Today’s enterprises are getting out of the data center business, both to reduce expenses and to increase agility. Healthcare organizations are no exception, though the need to secure protected health information heavily influences how health systems deliver business applications in the cloud. Here, SASE combined with cloud access security broker (CASB) software can monitor user activity, enforce security policies and encrypt data across the network, rather than for each individual application or endpoint connection, as with on-premises deployments.
  3. Optimizing application performance: Clinical staff working remotely need access to patient data in electronic health record systems just as quickly as those working inside the four walls of a hospital. CASB coupled with SASE can monitor the activity and performance of business applications and prioritize bandwidth for business-critical apps. This has the added benefit of increasing the number of calls to a server farm or data center that a network can handle, says Laurence Pitt, global security strategy director for Juniper Networks.

MORE FROM HEALTHTECH: 4 key advantages of SD-WAN technology for healthcare.

Many healthcare organizations are “doing SASE by default,” even if they aren’t using the term to refer to their network and security strategy, Pitt says.

“Healthcare is being pushed into SASE, and IT pros need to start preparing themselves,” he says. “They shouldn’t fight it; it will protect their environment and keep people safer.”

Olemedia/Getty Images