HEALTHTECH: What changes are the pandemic and other factors driving in remote work?
KASPIAN: I think when people left the office to work from home or in a hybrid work format, it was a wake-up call. A lot of organizations realized they needed to look at how they were securing their remote users.
Zero trust is the idea that you want to eliminate as much implicit trust as possible. Some of the legacy ways we were using to connect remote users weren’t the best or most secure ways of doing that.
As many folks moved into a work-from-home format, zero-trust network access — where organizations essentially are trying to eliminate that implicit trust, even though someone is coming in with credentials or they’ve authenticated — has become important. The pandemic has magnified that focus and also increased the sense of urgency for organizations to move to more of a zero-trust type of architecture.
HEALTHTECH: Why has this approach become such an important factor in cybersecurity?
KASPIAN: Remote work was part of it, but we’ve also seen much more sophisticated attacks. Ransomware has become very big over the past couple of months. Attackers are much more sophisticated, and we see that urgency reflected in things such as the executive order back in May, where the federal government and its vendors were instructed to take a zero-trust approach.
Unfortunately, in the security industry, every time there’s a new type of security risk or attack, we tend to go find a new tool or technology to try to deal with that. That’s put us in a situation where we have this disparate set of technologies and tools that may or may not integrate.
Zero trust can also be looked at as a strategic approach that takes a more of a holistic view of security in general. It tries to eliminate much of the complexity that we’ve built up over the years. This is the right time for healthcare organizations to consider a zero-trust architecture. They don’t have to do it all at once. They can start in steps and increase their security protections over time, but this is an opportunity to rebuild security as we start changing the way that we build our infrastructures and migrate to the cloud, etc.
HEALTHTECH: How has digital transformation affected the need for zero trust?
KASPIAN: If you look back over the past several years, organizations have changed a lot of things. We’ve been experiencing network transformations such as SD-WAN; data center transformation, with a lot of applications moving from on-premises to the cloud; and finally SecOps transformation in the sense that many security operations centers are working on modernizing their approaches and automating tasks within security.
As these transformations occur, they not only have forced healthcare organizations to look at the way they’re approaching security, but they’ve also presented this wonderful opportunity to rebuild some of these pieces that previously were not as scalable and were more difficult to manage.
The way I see digital transformation fitting into zero trust is by creating an opportunity for healthcare organizations to retool their approaches to security as they’re rebuilding these various facets across their networks, data centers and security operations.
Click the banner below for CDW resources to dig deeper into security and incident response planning.