Download PDF version Contact company

Pulse Secure, the provider of software-defined Secure Access solutions, announced a new research report that highlights improving hybrid IT, BYOD, access management and IOT security as the top priorities for UK healthcare organizations. 92% report ‘Unauthorized Data Access and Data Leakage’ has led to impactful incidents within the last 12 months.

The Q1-2020 State of UK Healthcare Secure Access report by Pulse Secure surveyed more than 60 senior information security and decision-making executives from healthcare organizations in the UK with 1,000 to over 10,000 employees.

Improving access control consistency

The research examined overall IT spending strategy, incidents, control gaps, operational capacity and technology tools. The report confirms that UK healthcare industry is investing heavily in a hybrid IT strategy with an overwhelming majority expecting to increase investments by greater than 10% with usage predominately going into private cloud (94%) followed by datacentres (88%).

One in four respondents said their organization faced impact from malware, privileged user and IOT security incidents

The continued uplift in cloud adoption and reinvestment in data center resources has also introduced data breach concerns, as 60% plan to improve access control consistency across hybrid IT environments.

While a wide variety of potential secure access exposures were presented to respondents, unauthorized data access, mobile and web exposures, and vulnerable and unsanctioned endpoint device issues plagued UK health institutions.

IOT security incidents

Correspondingly, one in four respondents said their organization faced impact from malware, privileged user and IOT security incidents. The majority of midsized UK-based service providers cited significant impact with unauthorized application/resource access and use of unauthorized devices, whereas large institutions (those with 5,000 to 10,000 employees) claimed application unavailability/outage as having the highest impact.

UK Healthcare providers are embracing mobile computing to improve medical responsiveness

The report states, “Despite knowledge of their high impact incidents and access control gaps, a substantial number of respondents are less than confident, notwithstanding large investments in tools and security initiatives. Healthcare organizations’ ability to ‘orchestrate dynamic access authentication and protection’ is also in question, with 68% of respondents expressing little confidence.”

UK Healthcare providers are embracing mobile computing and taking advantage of network- and web-connected devices to improve medical responsiveness, delivery and outcomes for their patients.

BYOD access enforcement

However, a majority (82%) of survey respondents cited mobile computing exposures and weak device access compliance among their top control gaps. Equally concerning is that 70% had nominal confidence in BYOD access enforcement, and 64% expressed similar confidence with IoT devices. As a result, streamlining BYOD and web-based mobile access and enhancing IoT security were expressed among the top priorities for security professionals in healthcare.

The vast majority (96%) of respondents expressed a positive outlook towards tool set consolidation

The research also illustrated a complex picture of healthcare organizations trying to plug holes and being reactive to threats or changes in IT infrastructures. While the industry seeks to optimize investments, the survey found that UK healthcare IT security practitioners’ use, on average, at least four related tools within each category of secure access.

Standardizing integrated platforms

The vast majority (96%) of respondents expressed a positive outlook towards tool set consolidation. To this end, over 40% place one or more secure access functions in the hands of managed service providers and plan to increase outsourcing by as much as 7% over the next 18 months.

The report states, “With the evolving nature of the sector this is no big surprise with mergers, legacy technologies, modernization and shifts in working patterns and service provision all thrown into a melting pot of change. Healthcare organizations need to think about tool consolidation and standardizing on integrated platforms.”

Software Defined Perimeter (SDP) technologies

SDP enables trusted access directly between the user and their device to the application and resource

Looking at longer term strategy, the report indicates healthy investment to improve access security where the majority (56%) of UK healthcare respondents cited secure access expenditures to rise by 5% to 15% and a third expect spend to increase up to 25%. Of particular note was the interest in Software Defined Perimeter (SDP) technologies, also depicted as Zero Trust Network Access.

SDP enables trusted access directly between the user and their device to the application and resource. Like perimeter-based VPN technology, SDP invokes user, device and security state authentication controls before and during an authorized, protected connection. 62% of healthcare security decision makers anticipate an SDP project or pilot within the next 18 months.

Security infrastructure consolidation

Commenting on the report, Scott Gordon, chief marketing officer for Pulse Secure said, “The findings indicated that while workforce mobility, cloud and IoT security still threaten data privacy and service availability obligations for UK healthcare, these institutions appear to be making appropriate upcoming priorities and investments to reduce secure access risks.”

The report data suggests that hybrid IT adoption and security infrastructure consolidation in the UK healthcare segment is likely over the next few years as new approaches such as Zero Trust Network Access can serve to protect patient care advancements.”

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

In case you missed it

How Have Security Solutions Failed Our Schools?
How Have Security Solutions Failed Our Schools?

School shootings are a high-profile reminder of the need for the highest levels of security at our schools and education facilities. Increasingly, a remedy to boost the security at schools is to use more technology. However, no technology is a panacea, and ongoing violence and other threats at our schools suggest some level of failure. We asked this week’s Expert Panel Roundtable: How have security solutions failed our schools and what is the solution?

Why Visualization Platforms Are Vital For An Effective Security Operation Center (SOC)
Why Visualization Platforms Are Vital For An Effective Security Operation Center (SOC)

Display solutions play a key role in SOCs in providing the screens needed for individuals and teams to visualize and share the multiple data sources needed in an SOC today. Security Operation Center (SOC) Every SOC has multiple sources and inputs, both physical and virtual, all of which provide numerous data points to operators, in order to provide the highest levels of physical and cyber security, including surveillance camera feeds, access control and alarm systems for physical security, as well as dashboards and web apps for cyber security applications. Today’s advancements in technology and computing power not only have increasingly made security systems much more scalable, by adding hundreds, if not thousands, of more data points to an SOC, but the rate at which the data comes in has significantly increased as well. Accurate monitoring and surveillance This has made monitoring and surveillance much more accurate and effective, but also more challenging for operators, as they can’t realistically monitor the hundreds, even thousands of cameras, dashboards, calls, etc. in a reactive manner. Lacking situational awareness is often one of the primary factors in poor decision making In order for operators in SOC’s to be able to mitigate incidents in a less reactive way and take meaningful action, streamlined actionable data is needed. This is what will ensure operators in SOC truly have situational awareness. Situational awareness is a key foundation of effective decision making. In its simplest form, ‘It is knowing what is going on’. Lacking situational awareness is often one of the primary factors in poor decision making and in accidents attributed to human error. Achieving ‘true’ situational awareness Situational awareness isn’t just what has already happened, but what is likely to happen next and to achieve ‘true’ situational awareness, a combination of actionable data and the ability to deliver that information or data to the right people, at the right time. This is where visualization platforms (known as visual networking platforms) that provide both the situational real estate, as well as support for computer vision and AI, can help SOCs achieve true situational awareness Role of computer vision and AI technologies Proactive situational awareness is when the data coming into the SOC is analyzed in real time and then, brought forward to operators who are decision makers and key stakeholders in near real time for actionable visualization. Computer vision is a field of Artificial Intelligence that trains computers to interpret and understand digital images and videos. It is a way to automate tasks that the human visual system can also carry out, the automatic extraction, analysis and understanding of useful information from a single image or a sequence of images. There are numerous potential value adds that computer vision can provide to operation centers of different kinds. Here are some examples: Face Recognition: Face detection algorithms can be applied to filter and identify an individual. Biometric Systems: AI can be applied to biometric descriptions such as fingerprint, iris, and face matching. Surveillance: Computer vision supports IoT cameras used to monitor activities and movements of just about any kind that might be related to security and safety, whether that's on the job safety or physical security. Smart Cities: AI and computer vision can be used to improve mobility through quantitative, objective and automated management of resource use (car parks, roads, public squares, etc.) based on the analysis of CCTV data. Event Recognition: Improve the visualization and the decision-making process of human operators or existing video surveillance solutions, by integrating real-time video data analysis algorithms to understand the content of the filmed scene and to extract the relevant information from it. Monitoring: Responding to specific tasks in terms of continuous monitoring and surveillance in many different application frameworks: improved management of logistics in storage warehouses, counting of people during event gatherings, monitoring of subway stations, coastal areas, etc. Computer Vision applications When considering a Computer Vision application, it’s important to ensure that the rest of the infrastructure in the Operation Center, for example the solution that drives the displays and video walls, will connect and work well with the computer vision application. The best way to do this of course is to use a software-driven approach to displaying information and data, rather than a traditional AV hardware approach, which may present incompatibilities. Software-defined and open technology solutions Software-defined and open technology solutions provide a wider support for any type of application the SOC may need Software-defined and open technology solutions provide a wider support for any type of application the SOC may need, including computer vision. In the modern world, with everything going digital, all security services and applications have become networked, and as such, they belong to IT. AV applications and services have increasingly become an integral part of an organization’s IT infrastructure. Software-defined approach to AV IT teams responsible for data protection are more in favor of a software-defined approach to AV that allow virtualised, open technologies as opposed to traditional hardware-based solutions. Software’s flexibility allows for more efficient refreshment cycles, expansions and upgrades. The rise of AV-over-IP technologies have enabled IT teams in SOC’s to effectively integrate AV solutions into their existing stack, greatly reducing overhead costs, when it comes to technology investments, staff training, maintenance, and even physical infrastructure. AV-over-IP software platforms Moreover, with AV-over-IP, software-defined AV platforms, IT teams can more easily integrate AI and Computer Vision applications within the SOC, and have better control of the data coming in, while achieving true situational awareness. Situational awareness is all about actionable data delivered to the right people, at the right time, in order to address security incidents and challenges. Situational awareness is all about actionable data delivered to the right people Often, the people who need to know about security risks or breaches are not physically present in the operation centers, so having the data and information locked up within the four walls of the SOC does not provide true situational awareness. hyper-scalable visual platforms Instead there is a need to be able to deliver the video stream, the dashboard of the data and information to any screen anywhere, at any time — including desktops, tablets phones — for the right people to see, whether that is an executive in a different office or working from home, or security guards walking the halls or streets. New technologies are continuing to extend the reach and the benefits of security operation centers. However, interoperability plays a key role in bringing together AI, machine learning and computer vision technologies, in order to ensure data is turned into actionable data, which is delivered to the right people to provide ‘true’ situational awareness. Software-defined, AV-over-IP platforms are the perfect medium to facilitate this for any organizations with physical and cyber security needs.

Securing Mobile Vehicles: The Cloud and Solving Transportation Industry Challenges
Securing Mobile Vehicles: The Cloud and Solving Transportation Industry Challenges

Securing Intelligent Transportation Systems (ITS) in the transportation industry is multi-faceted for a multitude of reasons. Pressures build for transit industry players to modernise their security systems, while also mitigating the vulnerabilities, risks, and growth-restrictions associated with proprietary as well as integrated solutions. There are the usual physical security obstacles when it comes to increasingly integrated solutions and retrofitting updated technologies into legacy systems. Starting with edge devices like cameras and intelligent sensors acquiring video, analytics and beyond, these edge devices are now found in almost all public transportation like buses, trains, subways, airplanes, cruise lines, and so much more. You can even find them in the world’s last manually operated cable car systems in San Francisco. The next layer to consider is the infrastructure and networks that support these edge devices and connect them to centralized monitoring stations or a VMS. Without this layer, all efforts at the edge or stations are in vain as you lose the connection between the two. And the final layer to consider when building a comprehensive transit solution is the software, recording devices, or viewing stations themselves that capture and report the video. The challenge of mobility However, the transportation industry in particular has a very unique challenge that many others do not – mobility. As other industries become more connected and integrated, they don’t usually have to consider going in and out or bouncing between networks as edge devices physically move. Obviously in the nature of transportation, this is key. Have you ever had a bad experience with your cellular, broadband or Wi-Fi at your home or office? You are not alone. The transportation industry in particular has a very unique challenge that many others do not – mobility Can you trust these same environments to record your surveillance video to the Cloud without losing any frames, non-stop 24 hours a day, 7 days a week, 365 days a year? To add to the complexity – how do you not only provide a reliable and secure solution when it’s mobile, traveling at varying speeds, and can be in/out of coverage using various wireless technologies? Waiting to upload video from a transport vehicle when it comes into port, the station, or any centralized location is a reactive approach that simply will not do any longer. Transit operations require a more proactive approach today and the ability to constantly know what is going on at any given time on their mobile vehicles, and escalate that information to headquarters, authorities, or law enforcement if needed; which can only occur with real-time monitoring. This is the ultimate question when it comes to collecting, analyzing, and sharing data from mobile vehicles – how to get the video from public transportation vehicles alike to headquarters in real time! Managing video data In order to answer this question, let’s get back to basics. The management and nature of video data differs greatly from conventional (IT) data. Not only is video conducted of large frames, but there are specific and important relationships among the frames and the timing between them. This relationship can easily get lost in translation if not handled properly. This is why it’s critical to consider the proper way to transmit large frames while under unstable or variable networks. The Internet and its protocols were designed more than two decades ago and purposed for conventional data. Although the Internet itself has not changed, today’s network environments run a lot faster, expand to further ranges, and support a variety of different types of data. Because the internet is more reliable and affordable than in the past some might think it can handle anything. However, it is good for data, but not for video. This combination makes it the perfect time to convert video recording to the Cloud! Video transmission protocol One of the main issues with today’s technology is the degradation of video quality when transmitting video over the Internet. ITS are in dire need for reliable transmission of real-time video recording. To address this need a radical, yet proven, video transmission protocol has recently been introduced to the market. It uses AI technology and to adapt to different environments in order to always deliver high quality, complete video frames. This protocol, when equipped with encryption and authentication, enables video to be transmitted reliably and securely over the Internet in a cloud environment. One of the main issues with today’s technology is the degradation of video quality when transmitting video over the Internet Finally, transportation industry has a video recording Cloud solution that is designed for (massive) video that can handle networks that might be experiencing high error rate. Such a protocol will not only answer the current challenges of the transportation industry, but also make the previously risky Cloud environment safe for even the most reserved environments and entities. With revolutionary transmission protocols, the time is now to consider adopting private Cloud for your transportation operations.