What Are the Challenges of the Zero-Trust Maturity Model in Healthcare?
A challenge of implementing zero trust is the perception that it will block the work of clinicians in providing care, Baker says. Physicians may fear that security procedures could require them to spend a few extra minutes doing something, which can add up to a lot of time not seeing patients each week, Baker says.
“That’s a challenge of mindset,” Baker says. “It’s not an actual technological challenge because when you do this modernization, it makes things better for care providers. But the challenge is overcoming that mindset and that inertia.”
One solution is to speak about cybersecurity initiatives as “digital modernization” rather than as a zero-trust project, Baker suggests.
“That’s a way that I think has worked very well. We don’t even use the term zero trust because of that negative connotation,” he says.
READ MORE: Get zero trust architecture right for security and governance in healthcare.
What Are the Benefits of the Zero-Trust Maturity Model in Healthcare?
Organizations such as health systems can consolidate their work with vendors that can cover multiple pillars of zero trust, Baker suggests. Organizations will save on operational costs, including personnel.
The ZTMM provides healthcare organizations with a roadmap to track their adoption of visibility, analytics, automation and orchestration.
“As you’re enforcing your zero-trust policies, you want things to be more automated, meaning that as soon as somebody does something bad and downloads malware, for example, there has to be automation in place to stop that from spreading and moving laterally,” Baker explains.
Tech vendors can span multiple pillars of zero trust, but a partner can help take an organization to the optimal level, Baker says.
Going forward, the healthcare organizations with the largest budgets will make the quickest progress in the zero-trust roadmap, according to Kiely.
“Because there is no single tool that provides you with complete zero trust, it can take years to get tools purchased and implemented to a mature state,” Kiely says. “Healthcare companies with bigger budgets and resources could implement zero trust much quicker, in some cases in less than a year.”
