There is a notable increase in the number of healthcare providers that have used zero trust initiatives, as per Okta in its 2022 State of Zero Trust Security report. In 2022, 58% of surveyed companies stated they had or have commenced using zero trust initiatives, up by 21 percentage points from the 37% in 2022. Additionally, 96% of all healthcare respondents stated they either got or are preparing to employ zero trust in the following 12 to 18 months, higher from 91% in 2021.
The traditional strategy to security perceives devices and programs inside the network perimeter as trustworthy, because they are behind the safety of perimeter defenses. Nevertheless, that method doesn’t work effectively online, where there is no perimeter to protect. Zero trust means “never trust, always verify”. Zero trust considers that all devices and accounts may be harmful, no matter if it is within or outside the network perimeter. Under zero trust, every device, account, connection, and application are subject to strict authentication verifications, the principle of least privilege is enacted, and there’s thorough security tracking.
Okta stated that Zero Trust is a good guiding concept, however getting there is a difficult task, demanding a number of deeply integrated best-of-breed options functioning perfectly together. Each firm has a unique starting condition, varied resources, and varied priorities, bringing about unique journeys to arrive at an identical destination-true Zero Trust security.
Implementing Zero Trust in Healthcare
There’s been a considerable growth in medical and IoT devices, software, and cloud-based solutions, which has substantially amplified the attack surface. Therefore, security teams find it harder to secure against cyberattacks employing traditional safety methods. Zero trust gives a solution and almost all healthcare providers that haven’t enforced zero trust initiatives claim they have a strategy set up to utilize zero trust within the following 6 – 12 months.
98% of healthcare survey participants mentioned identity takes on an important function in their zero trust strategy, with 72% rating it vital and 27% rating it crucial, with the most important projects employing Single Sign-on for staff members and protecting access to APIs. At present, just 6% of healthcare respondents stated they have context-based access guidelines ready. Nevertheless, 40% mentioned they will be moving these out in the upcoming 12-18 months, and all healthcare participants considering extending MFA SSO, or both to SaaS applications, internal programs, and servers in the next 12-18 months.
The most vital factors for maintaining and bettering access to internal resources were: device trust, geographic position, and trusted IP address, and then time or working hours-based access, and whether or not the resource wanting to be accessed is remarkably sensitive. Healthcare companies are furthermore moving away from password-based authentication. Usage of passwords dropped from 94% of healthcare providers in 2021 to 85% in 2022, as push authentication usage went up from 16% in 2021 to over 40% in 2022.
Okta mentioned that the use of a Zero Trust framework gives a system that makes it simpler for companies to constantly examine their security posture and the relative maturity of their design, and determine the suitable security methods to boost their development at each step of their journeys. Nonetheless, there are problems for healthcare companies, and the most essential is the existing talent and skill scarcity. Considering the talent/skill deficiency encountered all over the world, companies must find solutions that help them advance their Zero Trust journeys without making the requirement for more funds, headcount, or training sources. They have to find options that merge with their present security ecosystems to get the best value.