Network Security: Enhancing VisibilityIsabelle Dumont of Palo Alto Networks on Containing Threats and Costs
From access controls to intrusion detection, mobility to privacy, many organizations face similar network security challenges. Isabelle Dumont of Palo Alto networks offers a new, unique approach for healthcare organizations, and the key concepts of this approach can be applied to any security environment.
See Also: What is next-generation AML?
The list of network challenges is long: electronic health records mandates, use of mobile devices by staff and patients alike, and heightened regulatory pressure to protect the privacy of personal medical data.
"It comes from all directions, and healthcare organizations really need to rethink how security and the security products and solutions they invest in are deployed within their facility," says Dumont, Director, Industry Solutions at Palo Alto Networks.
Traditionally, healthcare network security has been handled organically - new components have been added as new challenges have emerged. "It often leads to a patchwork of different products, different solutions, that their security staff has quite a lot of trouble to deploy and maintain to the [necessary] level."
But leading-edge healthcare organizations are deploying a new, consolidated approach to network security, Dumont says, and it's paying off with improved security and manageable costs.
In an interview about new trends in healthcare network security, Dumont discusses:
- Today's unique network security challenges;
- How progressive healthcare organizations are tackling these challenges;
- Tips for other organizations to consolidate security solutions and control costs.
Dumont leads industry initiatives at Palo Alto Networks with special focus on healthcare, government, critical infrastructure and financial services. She has extensive experience in enterprise infrastructure, analytics, mobile computing and innovative, disruptive technologies in general. Prior to joining Palo Alto Networks in 2012, she held strategic marketing positions at Oracle, CollabNet, SEVEN Networks and IRI Software. She holds a Master of Artificial Intelligence.
Network Security Challenges
TOM FIELD: Healthcare organizations have unique security requirements. What do you find to be the unique network security challenges today?
ISABELLE DUMONT: Healthcare organizations today operate with a complete disruption of the technology they have to deploy to support their business, whether it's a mandate to deploy an HR system; whether it's the use of new technology like mobile for patients as well as their medical staff; or whether it's the pressure from regulators to increase the protection of patient-sensitive information. It calls for more direction, and they really have to rethink how security and the security products and solutions they invest in are deployed within their facility.
Managing Devices, Intrusions
FIELD: Traditionally, how have healthcare organizations tried to manage everything from access to devices, intrusion, and even network abuse?
DUMONT: It's very often being approached in a very organic way, where they solve one problem at a time. The network ... tends to be very flat, and they add this intrusion detection in a different part of the network, wherever they need, and it often leads to a patchwork of different products and different solutions that their security staff has quite a lot of trouble to deploy and maintain to the level of virtualization that they need to have the best possible security.
Healthcare's Evolving Approach to Network Security
FIELD: In today's changing landscape, you've got the ubiquity of remote users, mobile devices and advanced threats. How do you see healthcare organizations evolving their approach to network security?
DUMONT: First and foremost, what we hear a lot from our customers who have already deployed Palo Alto Networks is that they start to increase how they structure their network and really segment the different areas of their facility so that they can better protect, with the right level of control, areas that manage and store a different level of information with different sensitivity. For example, patient data belongs to its own area, medical equipment to its own area, so on and so forth.
FIELD: I'm glad you referenced your customers. I'd love to hear from you any examples you can offer for how your healthcare customers have specifically tackled some of these challenges?
DUMONT: First, what a lot of our customers do is try to gain better visibility into what's actually on their network: which users, which applications, which content is actually circulated on the network. An example is on the Internet gateway side. Very often what we see is customers having another load of traffic for purposes that have nothing to do with their business. For example, if you're a local hospital in northern California, do you really need to accept traffic from everywhere in the world? Probably not. Just delineating that traffic might help you reduce the scope of your security challenge.
Another aspect of that is staff within a hospital using their devices for personal use and maybe accessing the Internet, watching videos and so on. We even have facts that showed that up to 40 percent of traffic might come from applications that have nothing to do with the business of healthcare.
Benefits of Consolidating Network Security
FIELD: What tangible business benefits do you find that your customers are achieving from consolidating all of their network security?
DUMONT: It's not just a matter of consolidation; it's also about simplification. What we found is when they start using a product, like Palo Alto Networks, that offers all our sets of the security function they need, it brings natural simplification. It's one set of tools that talk to each other that are fully integrated. It's removed additional need to correlate data between your firewall and your intrusion detection system and between your compliance systems. All of it flows naturally. You get better reports, better visibility and better information without having to integrate that data. It is simplification, lower cost, and you can start to think more proactively about security when a new project comes in. How are you going to make them fit within your security framework rather than be fully reactive?
Tips to Get Started
FIELD: What strikes me is there's a lot that organizations can learn from healthcare organizations and your customers. Based on the trends that you see and the experiences of your customers, what tips do you offer other organizations, maybe even some that aren't in healthcare?
DUMONT: The first thing I would say is: Don't wait until you have a master plan for security. There are a lot of basic things you can do today without disrupting or changing anything that's in place. For example, you can install in attack mode a firewall like Palo Alto Networks and pick up on all the visibility we give you, and get visibility into applications and users that are on your network. Then you can start to shape your thinking about how you can move forward from there. But if you don't have this visibility today, you're probably going to not put in place a master plan that makes a lot of sense. You can start today and take it one step at a time.