Damian Chung , Business Information Security Officer at Netskope
Collaboration across institutions ( such as between a university and an affiliated research hospital ) is another common area where these sorts of data ownership conflicts can arise . Most often , the organizations sign a business associate agreement ( BAA ) that outlines who is responsible for the resulting protected health information ( PHI ) data . But a lot of times , data transfer happens outside the terms of the agreement – without the security or IT team ’ s knowledge . And once proprietary data is exfiltrated from the institution , it can be nearly impossible to put the genie back in the bottle .
Spotting and stopping potential insider threats
Regardless of the intent of the departing individual , healthcare organizations need to protect themselves from this kind of common insider threat . To do that , security teams need modern tools that establish comprehensive visibility across the organization . They must be aware of everything that needs to be protected and have the ability to instantly identify potential risks . This should include capabilities such as :
Integrated data context . To assess the risk to sensitive or proprietary data , you first need to gather some contextual information . You need to know more about both users and the surrounding details of how and why they ’ re interacting with the organization ’ s data and applications . This may include :
• What business group is the user in ?
• What ’ s their device posture – is it a managed versus unmanaged device ?
• What resources are they requesting access to ?
• Once access is granted , what activities are they trying to perform ?
Data classification . Data classification makes data visibility a reality . Healthcare organizations should be making an inventory of all their data – tagging it according to type , sensitivity and location . Once you can see and sort data according to those tags , you can then put policies in place to ensure sensitive information never leaves the organization .
And this classification system can not only help you keep good files inside the organization – it can simultaneously help you keep bad files out . Files that violate policy ( such as cloud-stored malware ) can be blocked from coming in based on their classification .
Instance awareness . With the recent three-fold increase in data thefts , 74 % of incidents have occurred via personal instances of Google Drive . Healthcare security teams need to be able to identify whether their users are accessing personal instances of common web / cloud applications ( e . g ., Google Workspace , Microsoft 365 , Dropbox ) instead of those that are licensed and managed by the organization . Without the ability to detect and block personal application instances from accessing sensitive data , sanctioned cloud applications can easily be used for exfiltration .
Once health organizations establish a comprehensive visibility of users , applications , data and traffic across their extended organizations , they ’ re in an informed position to measure the risks and implement granular policy-based controls that can help keep private information and proprietary data safely within the organization .
Balancing security priorities through continuous adaptive trust
Whether you ’ re looking at staffing shortages caused by the Great Resignation , data exfiltration , or even lack of security team funding – it all leads down that same path . Healthcare security leaders are being asked to do more with less .
They have to protect their organizations as new digital tools expand the attack surface , while at the same time improving operational efficiency and keeping both end users and customers happy . It ’ s a daunting task .
Healthcare CISOs can balance the competing priorities of maintaining compliance , managing risks , and long-term architecture planning by choosing security that supports the concept of continuous adaptive trust .
Regardless of the intent of the departing individual , healthcare organizations need to protect themselves from this kind of common insider threat .
This simply means security tools that can apply contextual information about ( user status , data sensitivity , device type , time of day , etc .) to continuously measure risks and manage access to resources on an ongoing basis .
Using this context , healthcare security leaders can better monitor and protect sensitive data against growing potential insider threats as a result of the Great Resignation . p
84 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com