Famous Medical Company and nonprofit organization that caters to 11,000 inpatients each year deployed Virtualization. It is a bit unusual for a hospital to feature in a Cloud Computing blog but this is not a coincidence.
In today’s post, we will discuss how the company has employed virtualization to secure its health data and medical devices. The implementation model will act as a guideline for organizations in general and health sector companies in particular.
It is widely believed that virtualization poses security challenges and this fear is not ill founded. So a holistic approach needs to be adopted when we look at the convenience and flexibility virtualization brings to the table. These benefits need to be pitched against the potential security concerns for a clear picture.
Approach to Virtualization
Well-known Medical Company has adopted the zero-trust approach to network security. Before we discuss the specifics of this implementation, let’s discuss what the zero-trust approach is. This is one of the most stringent implementations in terms of network and data security.
Zero-trust Security Policy
In plain words, no one is allowed access into the core network of the organization unless an elaborate access authentication has been performed. Even the internal stakeholders of the organization such as management and employees will be part and parcel of this approach.
Sensitivity of Health Records
Medical records are a very sensitive information from the standpoint of both the patients and the health center. A person’s medical history is a highly personalized affair and at times, even the closest relatives of a patient are not fully aware of the gravity of some medical issues.
From the standpoint of the health center, its very reputation relies on how well guarded are the medical records of its patients. Secondly, thousands and millions of dollars are spent each year on medical research to devise new cures and solutions to medical problems.
Implementation of Virtualization
We will touch the key steps to illustrate the journey in implementing the zero-trust security model across its facilities.
Network Prospecting
As with any major process, planning and prospecting are the first and foremost priority. IMC was no exception and they started the whole implementation with an elaborate study of their entire network. The network was mapped down to each and every individual component / node.
Once the entire network was successfully mapped, Company’s implementation team started studying the interactions or traffic flow between each network component. This enabled the team to identify the linkages between each component of the network.
Input from Network Administrators
The virtualization team did not merely rely on its expertise alone, rather proper input was sought from the existing network administrators and end users. This not only improved the understanding of the existing infrastructure but also highlighted its inherent weaknesses.
Documentation of Network
Based on empirical and historical understanding entire network, a detailed blueprint of the network was formulated. This documentation of the entire network served as a benchmark document to track and monitor the progress on virtualization of Company’s IT infrastructure.
When the mapping of network was complete, the following three key processes were completed:-
Network Segmentation
Based on the interactions between the network components, company’s entire network was segmented into smaller and logical portions. Due care was given that this segmentation was not overlapping in nature.
Application Level Control
Each department of the company was using a different set of applications and programs to execute its tasks. So, when virtualization was being planned, access to only the process relevant productivity software was ensured.
Behavioral Monitoring
As the company’s network was well segmented by this phase, it was easier for network administrators to identify the normal interactions over the network. This enabled them to develop the network level rules and protocols.
Challenge with Network Segmentation
A key challenge faced in implementing network segmentation was intra segment security. A classic example of this problem was that when two virtual machines connected to the same physical server interacted with each other, they were not subjected to any firewall or switch.
Hence, this highlighted a notable vulnerability within the segmented network. IMC had to deploy a hybrid security mechanism to cope with this security challenge which is discussed below.
Virtual Firewall Concept
In the case of IMC, as network segment level firewalls were rendered incapacitated, the company deployed a virtual firewall for every virtual machine within the network segment. In other words, a micro level firewall was deployed as an ingenious solution to this vulnerability.
Key Takeaways
- Map the existing IT infrastructure right down to each individual network component.
- Understand the interactions between each segment of the network.
- Document the existing network and use it as a base document for the new virtualization.
- Preferably use the more common and well known network protocols to design the rules.
- Accord priority to the high risk segments of the network and leave the easier bits for last.
The Zero Trust Model
As Interfaith Medical Center opted for the zero trust approach to virtualization, it had the implication that no network communication or process would take place without pre-approved protocols / rules. Any interaction or access, even from within, would be denied if it was beyond the scope of predefined rules.
Network Access Control
The NAC or Network Access Control appliance was incorporated by the company to add an additional layer of security over the virtualized network. This component’s role in the network was to assign policies to all the individual ports based on the type of device.
Conclusion
Firm’s team stressed on two key aspects that were critical to the success of their virtualization initiative. Firstly, take ample time to properly understand the existing network and its complex interactions with various components. Secondly, it is critical to map the flow of traffic across the network.
If the above two considerations are given due importance, the virtualization will not only be streamlined, but will also ensure minimal to zero downtimes especially post implementation. The insights shared by IMC along its virtualization journey are by no means limited to the health care industry.
Any organization that is in the process of virtualization or even in the prospecting phase will hugely benefit from this roadmap. In the end, it is stressed again that cloud solutions are highly customized these days and each entity must take into account its unique needs and security preferences before going all in for any solution.
This is all for now, if you want to ask anything please Contact Us and our team will get back to you soon. Also, you can visit our Blog Section and News Section where you will find latest happenings related to Cloud Technology
