Faced with rising threats, healthcare IT leaders are increasingly turning to zero trust. As a cybersecurity framework, zero trust requires all users, both inside and outside an organization’s network, to be authenticated, authorized and continuously validated before they gain access to applications and data. Zero trust is a strategy, not a product.
Given the inevitability of breaches, zero trust works on the assumption that cybercriminals likely have already compromised the environment and prevents them from attacking from within. In short: Never trust, always verify.
In 2023, 61% of organizations had a zero-trust initiative in place, up from just 24% two years earlier, according to a global Okta survey of information security decision-makers. In 2024, over 41% of technology and security professionals say they are in the advanced stage of zero-trust implementation, while 12% say they have achieved optimal maturity, according to a recent CDW survey of over 950 respondents.
While any large organization has a complex array of systems, devices and security tools, that complexity is exacerbated in healthcare organizations with numerous sites, users and mission-critical devices. Healthcare environments tend to have “a lack of physical security, diverse sets of users and an extremely broad set of connected devices in the form of medical IoT,” says Qiang Huang, vice president of product management for cloud-delivered security services at Palo Alto Networks.
These complications make zero trust even more necessary for health systems.
Click the banner below to read the 2024 CDW Cybersecurity Research Report.