There is a noticeable increase in the number of healthcare providers that have enforced zero trust initiatives, as reported by Okta in its 2022 State of Zero Trust Security report. In 2022, 58% of surveyed companies said they had or have begun employing zero trust initiatives, up by 21 percentage points from the 37% a year ago. Moreover, 96% of all healthcare respondents stated they either had or are preparing to use zero trust within the next 12 to 18 months, higher than 91% last year.
The traditional method of security considers devices and apps within the network perimeter as trusted since they are behind the security of perimeter defenses; nonetheless, that strategy does not do well in the cloud, where there is no perimeter to secure. The concept of zero trust is, “never trust, always verify”. Zero trust presumes that every device and account might be malicious, irrespective of whether it is inside or outside the network perimeter. With zero trust, every device, account, application, and connection are subject to tough authentication inspections, the principle of least privilege is applied, and there’s extensive security checking.
Okta explained that “Zero Trust is a sound guiding rule, but getting there is a complicated proposition, needing several deeply integrated best-of-breed solutions working easily together. Every organization has a distinct starting situation, diverse resources, and different priorities, leading to unique journeys to get to a similar destination-true Zero Trust security.
Adopting Zero Trust in Healthcare
There’s been a substantial growth in medical and IoT devices, programs, and cloud-based tools, which has considerably expanded the attack surface. Therefore, security teams find it more challenging to protect against cyberattacks utilizing traditional protection strategies. Zero trust provides a solution and most healthcare providers that have not yet used zero trust initiatives state they have a plan in place to use zero trust in the following 6 to 12 months.
98% of healthcare survey participants mentioned identity has a significant part in their zero trust strategy, with 72% rating it essential and 27% rating it critical, with the most urgent projects using Single Sign-on for workers and securing access to APIs. Presently, merely 6% of healthcare respondents stated they have context-based access policies set up. However 40% mentioned they will be rolling these out within the upcoming 12-18 months, and all healthcare participants considering using SSO, MFA, or both for SaaS applications, internal programs, and servers in the following 12-18 months.
The most crucial factors for managing and enhancing access to internal resources were the following: device trust, geographic area, and trusted IP address, then the time of day or working hours-based access, and if the resource seeking to be accessed is very sensitive. Healthcare companies are likewise shifting away from password-based authentication. Use of passwords declined from 94% of healthcare providers in 2021 to 85% in 2022, as push authentication use increased from 16% in 2021 to greater than 40% in 2022.
Okta explained that usage of a Zero Trust framework offers a strategy that makes it less difficult for firms to continuously evaluate their security posture and the relative maturity of their model, and identify the appropriate security options to speed up their progress at each stage of their journeys. Nevertheless, there are difficulties for healthcare companies, and the most important is the present talent and skill scarcity. In view of the talent/skill deficiency experienced worldwide, organizations must find options that help them move along their Zero Trust journeys without creating the need for extra finances, headcount, or training resources. They have to find solutions that integrate with their current security ecosystems to acquire the best value.