Zscaler Blog
Get the latest Zscaler blog updates in your inbox
SubscribeThe Best Medicine for Healthcare Data Is Integrated DLP
You could argue that the challenges of securing medical data are more imposing than those of securing any other form of data. Electronic health records (EHR) are often transferred and shared between providers on a regular basis, and these records contain personal, in-depth patient data. These transfers put protected health information (PHI) at high risk as it moves from location to location. Additionally, the stringent regulations and compliance requirements for PHI force providers to learn how to construct the best data protection strategy for their needs—although this has been a necessary evil for some time now.
To this end, our friends within the Health Information Management Working Group at CSA have put together a great discussion on the task of securing patient data and development of best practices. For providers looking for guidance from an expert that’s made the data protection journey, this content can be extremely valuable:
Cloud Security Alliance
Working Group: Health Information Management
Research Publication: Data Loss Prevention in healthcare
One of the main topics of this publication is the architecture from which you should deliver data loss prevention (DLP) and data protection. While it’s important to understand best practices on how to implement data protection in the healthcare industry, it’s also valuable to know what the right architecture for a unified data protection platform should look like.
With that, let's read a few paragraphs on how Gartner defines Security Service Edge and how it can help providers deliver better protection for data in motion and at rest.
Securing Data In Motion
In the medical and health industries, protecting sensitive data during transit is crucial. With the increasing reliance on digital platforms and the internet, organizations often face the challenge of safeguarding data over untrusted networks. The core building block for securing this sensitive data is DLP.
Inline DLP combined with SSL inspection enables sensitive data in transit to be identified and classified. This ensures that data leaks to the internet or via email are prevented, maintaining the confidentiality of patient information. To this end, inline visibility into cloud apps such as electronic health record systems is also essential. By leveraging inline CASB technology, organizations can detect shadow IT and block risky apps, ensuring data security without hindering the use of critical cloud applications.
In the healthcare industry, the use of personal devices by medical professionals and contractors poses a unique challenge. Implementing browser isolation technology allows for seamless data access on personal devices that doesn’t compromise their security. By hosting browser sessions in a secure cloud environment, sensitive data remains protected, even on unmanaged devices. Better yet, users get the specialized power of a purpose-built enterprise browser, only when needed, without having to change which browser they use.
Perhaps the biggest benefit of SSE is that all of these unique features are integrated into a centralized, cloud-delivered platform. When hosted via the cloud, DLP is not only easier to deploy, but also more accurate in detection. Rather than dealing with multiple policies that could trigger differently and at different times, SSE gives you a singular view across your landscape, so decisions can be made on a holistic basis.
Securing Data at Rest In the Medical Industry
When it comes to securing medical data at rest, it’s worth learning and remembering a few key capabilities that have helped healthcare organizations do so with greater ease:
- SaaS Data Security lets you prioritize securing sensitive data in SaaS platforms, as it can be easily shared in risky ways. To prevent this, providers often consider adding CASB to their data protection strategy. By using a CASB that leverages the same DLP policy used for data at rest as that in motion, you can reduce alert fatigue and streamline response times. Since DLP engines will trigger the same to data inline and at rest in SaaS, visibility becomes consistent across channels. This is one of the main advantages of standardizing across a Security Service Edge architecture.
- SaaS Security Posture Management (SSPM) helps to identify and address misconfigurations in SaaS platforms, such as enabling multifactor authentication and closing risky open shares. Look for SSPM platforms that align with compliance frameworks like NIST or HIPAA to establish and maintain the required security posture.
- SaaS Supply Chain Security helps address the risks associated with third-party applications that may connect into your SaaS Platforms. You can scan SaaS platforms for risky connections from third-party applications that may have known vulnerabilities or allow unauthorized access to sensitive medical data. You’ll then get guidance on how to revoke these connections to ensure data hygiene and maintain a strong posture overall.
- .
- Endpoint DLP protects sensitive data stored on endpoints such as removable media or employee devices. Implement endpoint DLP with a unified agent that works alongside an SSE platform and enforces a unified DLP policy through inline inspection. This helps prevent data leaks and ensures the security of patient information.
A word on Zscaler and shared workstation security: Securing data on shared workstations can sometimes be a challenge as implementing and managing user-level policy controls across multiple logins on a single device is often difficult to do.
Zscaler integrates with the Imprivata Digital Identity platform allowing providers to easily support these multi-user workstation environments. Clinicians can easily and securely authenticate in and out of devices and only access applications for which they’ve been authorized.
Bringing it All Together
Unifying data protection into one platform is extremely powerful and can drastically simplify how you secure data. When delivered from an always-on cloud, you get one single DLP policy that follows users everywhere as well as consistent alerting, no matter where data is located.
It’s helpful to gain a variety of perspectives on how to secure data, especially when it comes to a task as tricky as protecting medical data. While there are a multitude of different approaches to this task, understanding best practices can make all the difference for providers looking to begin their journey.
All of this said, building the right architecture is equally important. If you’re interested in learning more about Security Service Edge and how Zscaler can help you secure your patient data, we’re here to chat or show you a demo.
Photo Credit: Image by https://www.freepik.com/free-photo/medical-banner-with-doctor-working-laptop_30555907.htm
Was this post useful?
Get the latest Zscaler blog updates in your inbox
By submitting the form, you are agreeing to our privacy policy.