Securing Applications and DataFor both traditional on-prem solutions and cloud-based solutions, how should organizations act to secure their data and applications?
When talking with IT service providers working in the healthcare space, we’ve found a few concerns repeated:
- My organization has become heavily security conscious after the malware attacks, but we’re not sure where to focus.
- Our leadership wants us to adopt cloud infrastructure and platform services, but our security team is preventing that as they are not sure of the security.
- As our development teams are building products, such as SaaS offerings for clients or other solutions, we are not sure what modern tools work for managing the infrastructure and apps involved.
Collectively, these concerns all engage in the shared idea of security and operations.
Modern Threats in a Changing World
Threats to your data and systems have never been more aggressive; they are more capable of not just gaining access to your data, but also removing your access.
The frequency of ransomware attacks is on the rise, and as seen with WannaCry and similar attacks over 2017, healthcare organizations are an increasingly popular target. The sensitive nature of healthcare’s critical data exposes these organizations to a higher level of risk than other industries.
Healthcare is a perfect target for these kinds of attacks. Due to the criticality of patient data and other resources, healthcare organizations are more negatively impacted by ransomware attacks than other industries. Systems going down due to an attack can put actual lives on the line if critical systems for providing patient care are locked and held ransom.
In addition, many healthcare organizations are on slow adoption cycles. A combination of budget and a “change-averse” culture hinders the adoption of new technologies and solutions to protect the environment.
Because healthcare regulation dictates specific requirements for data protection, Healthcare IT departments tend to take an approach of changing very little to preserve the system integrity. However, this means that vulnerabilities are preserved as well (WannaCry specifically was leveraging an exploit called EternalBlue that impacted older Windows instances).
Cloud Security Concerns
The fabric of IT is changing, and many healthcare organizations are struggling to make use of cloud technologies.
Cloud solutions offer unprecedented agility and scalability while reducing the capital investment needed to deploy out innovative solutions. Organizations can scale and make use of on-demand solutions, as well as leverage out-of-the-box solutions tied to BI, machine learning, and serverless application development.
Despite the value and flexibility, extending healthcare data centers to the cloud has proven to be daunting. Data and network governance in the forms of HIPPA and HITECH can increase the complexity of planning cloud solutions. Further, the different offerings of cloud solutions (e.g., infrastructure, tools, application environments, and data solutions) can be confusing for first time adopters.
At a time when security demands to be tightened, but growth and innovation demand the adoption of cloud solutions, IT professionals feel like they are walking a tightrope. It doesn’t have to be that way.
With architecture that meets regulatory compliance and solutions for the management of security in both your data center and in Azure, KiZAN can remove the confusion and uncertainty about protecting your organization’s in-scope data.
Many IT pros are reluctant to adopt Cloud technologies, despite their demonstrated benefit to their business organizations.
Cloud solutions like Azure Web Apps and Machine Learning can reduce capital expenditures, enable flexibility for developers, and scale to the business without extensive data center upgrade projects. Management solutions such as Azure Site Recovery and Log Analytics can be used to manage on-prem servers and provide secure disaster recovery storage.
IT pros are concerned about their data while it is in motion, their data while it is at rest, and the security of the virtual networks that resources use to communicate. As such, storing critical data outside of their facilities is a challenge.
This challenge is often magnified in healthcare organizations. These organizations often adopt a type of change-adverse planning, due to the data governance requirements and intense focus on preventing any downtime for critical systems.
Any change carries risk, and because many of these systems are not maintained and not well understood, risk-through-change is often overestimated, and risk-through-same is underestimated.
This mindset causes many healthcare organizations to over-estimate the risk of cloud services, and under-estimate the maturity of the solutions available. It also causes them to leave old technologies in place, and not implement newer solutions that provide improved protection. Instead of building resilient solutions that can handle changes and improvements, fragile solutions are left in place.
Common Cloud Security Measures
- Leveraging design patterns approved by the same audit organizations that are used to find risks in customer environments, Azure architecture can be designed to remove risk and confusion.
- Traffic can be protected to and from the data center leveraging Express Routes, which are privately owned connections.
- Network management tools (such as Network Security Groups and Application Gateways) can be used to secure and filter traffic inside of the environment as well as to harden the perimeter for external connectivity from customers or patients
Many organizations think of network security first, but in fact, compromised identities are the leading cause
of many ransomware attacks. Attackers gain access to the network not by attacking a firewall or client device,
but by getting credentials of customers through email phishing or similar scams.
Once those credentials are available, attackers can expand their footprint in your environment, compromising client devices and using the compromised account to gain access to other accounts. Over time, the attackers will gain access to an account with greater privileges; either an IT account or a business user account that has access to in-scope or critical data.
IT organizations working in the healthcare space are familiar with securing and protecting in-scope data, ensuring that it is available and that only necessary people have access to it. However, that is only half of the battle; protecting the identity itself is just as critical.
The account is what springs the attack: encrypting data and holding it hostage.
By leveraging Microsoft security tools, customers can be alerted to non-standard or suspicious login patterns, and protect themselves from vulnerabilities by reducing the success of scam emails.
In addition, adopting security practices and solutions focused on Privileged Account Management and Just in Time Administration can prevent attackers from gaining access to privileged accounts.
KiZAN can help.
Through solutions to the management of your organization’s identities, data, and network, KiZAN can remove the confusion and uncertainty about protecting your organization’s data in the changing world.
Posted by Brandon Stephenson
Brandon Stephenson is the Service Management & Automation Practice Lead working out of KiZAN’s Cincinnati office. His technical specialties are System Center Service Manager and System Center Orchestrator. He also has a deep experience with using ITIL to deliver practical IT Service Management solutions.