This is a guest blog post by Sharon Besser, VP Business Development, Guardicore.
In its whitepaper, The Rampant Growth of Cybercrime in Healthcare, health IT advisor organization Workgroup for Electronic Data Interchange (WEDI) reported that attacks on the healthcare sector are becoming increasingly difficult to identify, prevent, and mitigate.
“Chronic underinvestment in cybersecurity has left many so exposed that they are unable to even detect cyberattacks when they occur,” according to the report. While attacks take only seconds, discovery and mitigation can take weeks, if not months. In healthcare, complex networks and sensitive data make this even more of a problem.
The Unique Challenges for Security in Healthcare Environments
- Multiple clinics and locations: This is especially an issue for acute healthcare providers, with no centralized location for IT management, creating a complex, interconnected physical environment.
- Multiple IT technologies: Healthcare providers in particular have many unique systems, all powered by computers that use different operating systems, hardware, and even networking elements.
- Old and new: Healthcare often has layers of infrastructure and network changes, perhaps due to mergers and acquisitions over the years. This can result in complex, non-uniform systems that are difficult to protect and have heavy resource requirements.
- Multiple connected devices: Devices such as blood testing machines, heart-rate monitors, MRIs, and more are connected to the network on backend servers. These often use legacy operating systems, and remain unpatched, despite having direct patient contact.
- OT network: Unlike IT systems, OT such as HVAC, electricity, and oxygen supply can have a measurable impact on human life when in the healthcare sector.
- The drive to modernize: In addition to their legacy systems, many organizations are looking to modernize their IT stack, from increasing their use of the cloud, to extensive use of virtual desktop infrastructure (VDI).
With Citrix Workspace, data is stored in the data center rather than on endpoint devices, protecting patient health information such as clinical trial data and patient financial data. Citrix Networking reduces the attack surface by consolidating access points with granular access control policies, including support for multi-factor authentication to assist with different regulations and compliance mandates.
To secure applications and reduce the overall risk for healthcare networks, enterprises require network segmentation. Unfortunately, using traditional technologies like VLANs and firewalls can be a challenge:
- Slow and error-prone: VLAN configuration can take months and needs to be prioritized with other network team activities. When the application in question is hybrid, this becomes even more difficult.
- Expensive: From multiple egress/ingress points to complex networking configurations to force the traffic through a firewall in a virtual environment. The costs add up fast.
- Lack of visibility: Traditional tools do not provide visibility into inter-segment dependencies. Even if your organization uses traffic taps, you still miss out on valuable context. This is impossible in dynamic environments such as PaaS.
- Downtime: Transition of applications between segments requires changes in the application (re-IPing) and downtime. That can be expensive and require specific timing.
Together, Guardicore and Citrix address these challenges with software-defined segmentation. The core of the technology is based on the concept of a distributed firewall that runs on the workload itself. At the same time, centralized management calculates the policy and distributes it between the workloads.
With this approach, there is no need to purchase and place firewalls, reducing costs, adding simplicity and accelerating implementation. There are also no networking or architecture changes involved and no downtime, dramatically speeding up the process from end to end.
As the policy follows the workload, there’s no need to change the policy when machines move, migrate to the cloud, or when applications autoscale. To create accurate and valuable policies, Guardicore Centra’s visibility tool shows all application dependencies and includes granular detail down to Layer 7.
Suddenly, segmentation is no longer a months-long project. This enables easy implementation of numerous use cases in parallel, from creating large security zones, preventing unauthorized applications or strictly whitelisting a very critical server.