[BreachExchange] 3 Tips for Creating Healthcare Security Change, Process Controls

[Audrey McNeil]

http://healthitsecurity.com/news/3-tips-for-creating-
healthcare-security-change-process-controls

Healthcare and security are probably some of the hottest topics today.
We’re seeing medial IoT emerging, more digitizing of the healthcare
ecosystem, and more healthcare services specifically using technology to
revolutionize patient care.

We’re beyond the days of pen, paper, and even microfiche. The digital
progression of the healthcare environment has created amazing opportunities
to help people and improve the business side of healthcare.

However, with the digital revolution come serious concerns about data
control, and managing healthcare security.

On that note, how do you control security? How do you create a process to
manage change within security policies?

Your healthcare is now tightly connected; sharing policies between
applications, firewalls, network devices, and even end-users. Managing
these policies and how they interact with data is absolutely critical.

With that in mind, let’s look at three great ways to create healthcare
security change controls.

Utilize automation for security control

A big challenge for administrators actually revolves around dependencies.
One change within a network can have impacts on apps, services, and even
users. Complicating the matter further, many healthcare organizations have
distributed environments; with critical security points, throughout. The
good news is that security automation tools can specifically address these
challenges. Basically, they help with process and security change
automation. You point your network and even firewall configurations to
these software tools, and they help you map out your policies. This is a
great way to ensure you can control your networking and security
environment very effectively. The other cool part is that these kinds of
solutions can be hardware agnostic. So, you can have a Cisco ASA at one
location and a Juniper Firewall at another. The software will still allow
you to manage your security settings under one management environment.

Integrate security policy monitoring and deep data analysis

This is a process of DLP, IPS/IDS, and creating solid access control lists
(ACLs). More so, data analytics and SIEM (security information and event
management) tools can give you powerful abilities to correlate events,
logs, and even user interactions. An effective security and network model
revolves around being as proactive as possible. Reactionary security
measures once an event has occurred are what’s costing healthcare so much
today. Of course, it’s extremely difficult to become omniscient in your
healthcare security practice. However, creating good monitoring policies,
alongside data analytics, will allow you to correlate and control events
spanning your entire healthcare environment. The key is to create
visibility into all of your locations (clinics, remote offices); and where
the locations where your data resides (cloud, on-site, colo). From there,
you can integrate change policies with how your data flows through your
network. You’ll be able to create both data as well as change process
controls with an eye on data leakage and data loss prevention.

Incorporate audits, testing, and compliance controls

This one is big. Healthcare organizations are now finding it a lot more
challenging to create audit trails around their data, cloud, and even
security infrastructure. This also complicates testing when there are just
so many pieces to manage. In creating solid security and process controls,
it’s critical that administrators deploy tools which are able to logically
abstract the physical nature of security, and create powerful trails for
auditing and compliance. This can mean testing for PCI/DSS or even HIPAA
violations. Beyond compliance, one powerful management interface which
aggregates various firewall and security policies allows for much easier
testing. Now, administrators can granularly analyze various locations,
physical as well as virtual devices, and truly understand how their cloud
and data center model is working. The key point to understand here is the
fact that the security architecture of the modern healthcare enterprise is
becoming more complex. Through it all, audit and testing tools are
specifically designed to make the management of these security pieces
simpler and a lot more effective.

Managing your environment will always be critical. However, creating solid
change processes and controls around security will create a more cohesive
data center ecosystem. Most of all, you’ll have better visibility into all
of your data repositories and be able to control access at a distributed
level.

Even though your healthcare security environment might be complicated, you
don’t have to sacrifice functionality when you want to make changes.
Leverage agnostic security tools that help with security modifications and
ones that help with process control.

>From there, using powerful tools to get deeper visibility into your data
flow will help you create audit and great security trails.

Finally, these types of tools also help eliminate human errors when updates
or changes are made. Security automation systems will help ensure that
dependencies are taken care of and that all systems receive the proper
updates.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161031/a11e3c9f/attachment.html>