Get Your Healthcare Facility in Order in 2020, Part 1 of 6
Yes, there are a lot of bad actors out there and cybercriminals are rampant. If anything the more devices we connect, the more difficult it is to manage everything. So what do we do to protect ourselves in 2020 and bring some sense of order back to our enterprise? In this current series, we will dive deeper into some of the actions we can implement to take back control of our network. The way we frame our view on control is across many levels such as i) device control, ii) vulnerability control, iii) network control, iv) behavior control, v) application control, and last but not least, vi) external communication control.
First Things First, Know What You Have
Before we get started cleaning things out and bringing some harmony into our lives it helps to know what we have. Hospitals, for example, can go multiple rounds of mergers and acquisitions and oftentimes might not really have full visibility into all the assets. Think about the IT turnover in some organizations and its sometimes quite hard to find where all the IoT devices are buried, let alone which MRI machines are being used or not. And Doctors are great, we love them, they provide great care for patients… but do they need to bring all these random devices into the office and connect them to the network? Where did all these Echo Dots come from?
Doing inventory the right way means collecting all the nitty-gritty details such as the make, model, serial number and modalities of all the assets connected to the network. Everything. Once the data is collected, it’s important to know where the devices are actually connected. It’s nice to find out that these devices are out there buts it’s even better to understand where exactly the device is connected in the network, which building, and which floor. We call it visibility with precision.
We oftentimes rely on spreadsheets but it gets too unwieldy when it comes to keeping track of the growing number of devices connected to the network. Having a system to automate visibility can help update that spreadsheet and you might be surprised what else is out that didn’t make it to the that excel spreadsheet stored in Dropbox. Only after we have a complete holistic view of what’s in the network, only then can we take the next steps in our journey to bring order.
Black or Whitelisting
A quick one on blacklisting vs whitelisting. If we have a good baseline and know about all the malicious parties out there then it’s a matter of simply blacklisting to keep applications, infrastructure and the networks secure. The problem is we don’t always know if a device can be trusted so we think whitelisting might be a better approach. It’s like the approach of Zero Trust model which is rooted in the view that organizations should not automatically trust anything inside or outside the perimeter of its network. Instead, the viewpoint is to verify anything and everything that is trying to connect to the network. Whitelisting in our view is to make sure things are safe before the access is granted.
Turn that Frown Upside Down
Inform the CFO you are so busy and you need 6 more MRI machines and try not to stare at the furrowed eyebrows in response. Instead, think about the centralized asset management team or the biomedical team that informs the CFO that there are idle machines in building four which can be moved to high traffic areas. Yes, its true, device visibility can spark joy for the CFO. At Ordr we can take things even a step further, showing peak vs average utilization of expensive leased equipment and helping your hospital or healthcare system make better financial decisions.
Even More Joy
Once you know exactly what you have with proper device control multiple benefits start lining up. In case a tech calls the IT department with a problem with the CT scanner, for example, they will know exactly the location, the serial number, the IP address, everything ready to start the fix. Think of an audit, when it occurs, every device is present and accounted for making compliance something joyful, not a chore. Okay, maybe that is a stretch.
The good news is that with order, everything works what you already have. There is no need for upgrades of switches as we just monitor the data flow and we integrate with your inventory or CMMD systems. Bring some organizational harmony to the Biomed, IT and Security teams of your healthcare organization with proper device control.
Pandian has more than 20 years of product and engineering leadership experience and is also a serial entrepreneur. Before founding Ordr, he was the Chief Development Officer at Aruba, responsible for all of engineering and product management functions. Aruba, an enterprise mobile wireless company, was acquired by HPE for $3 Billion in March 2015. Before Aruba, Pandian served as the head of engineering for Cisco’s multi-billion-dollar Wi-Fi business unit and before that as VP of engineering for low-end switching product lines. He graduated with a master’s degree in Electrical Engineering from IIT, Chennai, India and holds several patents to his credit in various networking technologies.
Follow by Author