Security

Breaking Down SASE for Healthcare

Here’s how secure access service edge strategies can steel healthcare organizations against cyberthreats as a mobile workforce becomes a priority.

Mike Chapple

Mike Chapple is associate teaching professor of IT, analytics and operations at the University of Notre Dame.

Physicians, nurses, administrators and other healthcare staff depend on rapid and efficient access to information to deliver high-quality patient care. Today, that means enabling a mobile workforce to access information wherever they are, whether in the office, at a patient’s bedside or at home in the middle of the night.

Simultaneously, HIPAA and other privacy regulations require the careful safeguarding of protected health information. The same IT teams charged with facilitating access to information by a mobile workforce are also tasked with keeping that information safe from prying eyes. In the past, providing that protection meant firewalling off healthcare networks and blocking outside access. But that approach simply won’t work in today’s mobile landscape.

Secure access service edge is an approach to network security that enables healthcare organizations to meet these conflicting IT requirements at the same time. Providers and administrators can quickly and easily access important patient records while those records remain inaccessible to outsiders.

Click the banner below for access to exclusive security content and a customized experience.

What Is Secure Access Service Edge?

SASE is a complete shift in network security philosophy. It throws out the old paradigm in which a user’s access to resources is limited by location and adopts an approach that makes access dependent on the user’s identity. Rather than enforcing restrictions specific to location, SASE aims to deliver a secure network connection to authorized users of the network wherever they are in the world.

Implementing SASE requires building out a suite of integrated technologies that can provide a secure end-user experience over untrusted connections. It’s an approach that requires vision and planning, and is typically executed gradually over several years.

SASE is strongly compatible with cloud technology. In fact, many people consider SASE itself to be a cloud service offering. SASE also enables the prolific use of other cloud services by incorporating technology that allows organizations to extend their own security policies into the cloud, deploying cloud service configurations that comply with security and privacy requirements.

GET THE WHITE PAPER: Learn how SASE can improve security.

Understanding the Core Components of a SASE Architecture

As an integrated cybersecurity philosophy, SASE touches virtually every component of an organization’s security program. From a technology architecture perspective, this means ensuring that the organization has a robust set of tools that cover endpoints, network devices, cloud services and other components of the technology stack.

Let’s inspect the core components of a SASE architecture:

Identity and access management platforms form the core of a SASE approach. After all, a security philosophy that depends on a user’s identity can only work if the organization is confident of each user’s identity. A modern IAM platform should enable multifactor authentication and provide robust authorization controls across enterprise systems and cloud services.
Firewalls remain important in a SASE-enabled environment. They continue to enforce perimeter restrictions, keeping outsiders off the network and allowing approved SASE connections to access services.
VPNs provide the secure data transport required to deliver a SASE connection over the internet. They offer secure, encrypted tunnels that allow users to reach into the corporate network while keeping their traffic safe.
Intrusion prevention systems offer cybersecurity teams assurance that their networks are protected from attack by monitoring network activity and blocking potentially malicious connection attempts.
Secure web gateway solutions provide end users with a secure web browsing experience by blocking malicious sites and enforcing content-based security policies. Some organizations may go further and adopt remote browser isolation technology that places web browsing in a virtualized sandbox environment.
Cloud access security brokers integrate with the many cloud service providers used by an organization and allow administrators to centrally define security policies and then enforce those policies across many different services.
Data loss prevention platforms watch for attempts to remove sensitive data from approved environments through a combination of watermarking and pattern recognition, and then block such transfers before protected health information can leave the safety of the organization’s network.
Endpoint protection technologies guard endpoints (such as desktops, laptops and mobile devices) from compromise by combining robust anti-malware protection with detection and response capabilities that enable cybersecurity teams to react immediately to potential attacks.

Fortunately, most organizations already have many of these technologies in place. As they adopt a SASE approach, healthcare systems should move to upgrade and integrate these solutions.

EXPLORE: SASE offers security in cloud migration for healthcare organizations.

Moving Toward a SASE Strategy in Healthcare

SASE is on the short-term horizon for organizations across all industries. A recent Gartner survey showed that 40 percent of organizations expect to have an explicit SASE strategy by 2024. Given the complexity of implementing SASE, the time is now to begin planning an organization’s next-generation cybersecurity architecture.

Cybersecurity leaders should approach all technology modernization efforts with an eye toward enabling a SASE approach. Making SASE-conscious decisions today will save a healthcare organization significant time and money down the road.

Curt Merlo/Theispot