This Week Health

Don't forget to subscribe!

February 5, 2025: This is the first installment of our Zero Trust Hospital Series. Tamer Baker, Healthcare CTO for Zscaler, breaks down Zero Trust architecture—what it is, what it isn’t, and why it has become a necessity rather than a buzzword. Can outdated infrastructure truly support the demands of modern healthcare? How do we prevent hyperconnectivity from becoming a hacker’s playground? This conversation explores how Zero Trust can prevent lateral movement in cyberattacks, enable seamless cloud integration, and build a security framework that supports—not stifles—innovation.

Key Points:

  • 03:31 Challenges and Solutions in Zero Trust
  • 07:57 Cloud and Remote Work Considerations
  • 09:59 Practical Steps for Secure Digital Transformation



Want to get your copy of the new book "Zero Trust Hospital: The CXO Vision" by Zscaler?

Don't miss our webinar after all six Zero Trust Hospital Series episodes! 

Subscribe: This Week Health

Twitter: This Week Health

LinkedIn: Week Health

Donate: Alex’s Lemonade Stand: Foundation for Childhood Cancer

Transcript

This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

[:

And Drex DeFord, who is not one of the authors, but he's the president of the 229 Project Cyber and Risk Community. Gentlemen, welcome to the show.

Thanks for having me. Happy to be here. It's good to

see you guys. I'm looking forward to this conversation. Tamer, you wrote a book. You wrote a book with David Anderson.

So the two of you came together and wrote this book. What inspired you to write this book? specifically focus on Zero Trust for healthcare organizations?

Yeah we [:

And it's created a lot of chaos and confusion around what Zero Trust is. So we wanted to try and figure out a way to talk about Zero Trust in a healthcare setting specifically, as well as make can easily digest and understand it and bring it to their organizations.

I was going through the book and I was looking at the forward written by Cris Ross, former CIO for Mayo Clinic, and in this paragraph from reading, says, as healthcare organizations defend against cybercrime, they were also seeking to maintain the privacy of patient data while adopting more sophisticated digital services to improve care and provide a better patient experience.

ven to innovate, to push the [:

At this moment in time with so much being required.

technology that was built in:

But there's no way to innovate with our security and architectures from that old because it becomes a challenge. So this transformation effort is something that we all need today in order to be more effective as an organization. Innovate faster and better as well as be more secure while we're doing it.

it for an organization from [:

Requires a new way of putting them in your environment to make it secure and seamless and easy to do.

I'm wondering if we shouldn't start with just what is zero trust? Let's just start with that basic concept because , it could be some people listening right now who are wondering, okay this, yes, we need to be secure.

And this is part of what happened to zero trust, right? People were like, I'm not really sure what that means. I think it means we don't trust anything. And what does it actually mean?

Yeah, here's the, Because it's gotten such a negative connotation, when security people are trying to speak to other parts of the organization, I almost always take a step back from the word zero trust and just say, look, it really is transformation.

infrastructure and security [:

It also incorporates things like, reducing your attack surface and that lateral movement, et cetera. So there's a lot that goes into Zero Trust, but you can't ever get to Zero Trust at that network layer. So if you're trying to accomplish Zero Trust using traditional technologies on the network layer, That's where we struggle, right?

That's a big component of zero trust that I think people are misunderstanding when we think about what zero trust is. The network is abstracted from that.

So how does Zero Trust address the threats that healthcare organizations are experiencing right now? Specifically idea of moving laterally.

Most of these ransomware attacks we've seen, if they just attacked one device, we wouldn't read about them. It's the fact that they get in and then they move across the entire network.

And this goes back [:

The changes that have happened over the years and why we need to modernize this infrastructure and security is because now your data lives everywhere. And your users live everywhere. So when a bad actor comes in, we actually had to hyperconnect everything. We had to hyperconnect data across multiple clouds, your clouds that you don't own across users that are everywhere across all your systems and networks, everything.

erconnected things and makes [:

They can't even see the rest of that stuff to try and move laterally with.

Yeah, Drex, I want to pull you into the conversation. The pandemic was interesting for us as healthcare. And I love the fact that we keep saying the word zero trust architecture, because when the pandemic hit, we were asked to do a lot of things very quickly.

And we did a lot of things very quickly. And a lot of times architecture goes out the window for speed and expediency and those kinds of things. Talk a little bit about how we recover from moving too quickly or doing things. Because we just have to stand them up.

s a lot of exceptions to the [:

There's a big hurry to get something up and running, but then there's a bunch of broken glass. They have to go sweep up later. And that takes a lot of time and effort. And in many cases, it can be a lot of wasted time and effort. If you're built correctly up front using a zero trust architecture, you actually can.

Make those traumatic in a good way. Maybe experiences that you have to do as a CIO or a CISO, you can make those experiences actually a lot easier to implement because the agility for what you need to make security work in that environment is already in place, but it starts with the architecture.

Yeah.

You know, Tamer, I want to come back to you because Drex brings up a good point. It wasn't just the pandemic. There was a big shift to the cloud that has happened and is continuing to happen in health care. There's cloud based applications. There's remote work, significant amount of remote work that's going on.

trust addressed those kinds [:

It's a great opportunity. This is exactly why digital transformation needs to happen and how zero trust fits into that because of that explosiveness and where all your data has gone and applications as well as where all your users are. So if we think about. Where Zero Trust fits and why this transformation is imperative.

Cloud was a great example because cloud is meant to give users a quick and easy and fast way to reach applications, right? Applications that you no longer have to house in your data centers and manage. But how are we doing it today? Everything still back calls right back to your data center to be able to connect to your cloud.

threw up an expensive direct [:

It's much better for the user experience. much more cost effective for the health system much easier. So operationally speaking, it makes it so much simpler to migrate an application from your data center into the cloud because this architecture automatically shifts that traffic to that cloud application very simply and easily.

And it all happens in a more secure manner because it's all hidden from the internet. going straight to that cloud resource without backhauling, it's all hidden from the internet. as well as it's all going through there's a security stack that follows the user no matter where the user is.

e to ensure a secure digital [:

very first steps I would recommend is going to be communication because transformation has a lot of inertia within your organization, and that inertia is very difficult to overcome. So really. All the leaders have to be on board with transformation once the leader start overcoming that inertia and you know that the CTO organization needs to overcome the inner inertia.

Your CISO organization needs to overcome that inertia and everybody else needs to overcome that resistance to change because it's different once you get through those conversations, you can start overcoming that inertia. That's a very strong first step because now people are open to these changes and can start implementing some of the things that we're going to talk about in later episodes.

t either VIVE or HIMSS. Plus [:

you can't wait, register now with the. link in the video description to receive the ebook automatically in your inbox during We also have five more episodes coming up in this series and don't miss our special webinar with industry experts on March 27th. You can register at this week health dot com slash zero trust.

Thanks for listening. That's all for now.

Thank You to Our Show Partners

Our Shows

Related Content

1 2 3 303
Healthcare Transformation Powered by Community

© Copyright 2024 Health Lyrics All rights reserved