Healthcare Compliance through Enterprise Segmentation
In this case study
With the increased regulatory demand for data protection in the healthcare vertical, organizations are seeking effective architectures to support privacy requirements without compromising health management services. Having an essential balance between security and privacy, while providing best-in-class quality care, requires an exceptional information technology architecture.
Challenges
A WWT healthcare customer initiated an enhanced architecture project with the objective of better protecting its critical business applications. As a healthcare entity, strict security and regulatory requirements had to be considered for cloud, enterprise segmentation, automation and migration planning.
The organization recognized from the outset there would be challenges from design, architectural and implementation perspectives, so they engaged WWT for our ACI and segmentation expertise.
The customer's strategy included defined objectives to bring segmentation capabilities to its data centers, facilities, campus, cloud and mobile devices. This set of security objectives had to tightly align with the organization's central health services goals while advancing the technical environment in the most transparent manner possible.
We recommended an enterprise approach that featured a single architecture with levels of security across the organization's brownfield environment. This strategy had to be fulfilled on time, within a tight budget and without disruption to going services while meeting regulatory requirements (e.g., HIPAA, HITRUST) at every step of the way.
Successful segmentation
To meet the customer's security objectives, WWT identified multiple security segmentation zones based on the sensitivity of application data, internal/external services, production, development and quality control. We designed a hierarchical security architecture approach featuring macro and micro segmentation, perimeter protection and host-based protection. This defense-in-depth model's consistent approach could be applied across the entire enterprise in a highly effective and repeatable manner.
Our holistic segmentation solution also evaluated the essential components of the organization's people, processes and technology:
- People: WWT assessed relevant personnel responsibilities and functions, creating essential support links in the process. Roles were redefined and expanded as needed to include the requisite skills for solution operation and maintenance.
- Processes: We helped automate key security rules, which enhanced operational services, drove clinical effectiveness and delivered managerial efficiencies across the environment.
- Technology: We improved their overall security posture by demonstrating and implementing a software-defined data center (SDDC) and next-generation firewall (NGFW). We also helped the customer integrate multiple existing security products with these new tools.
Outcomes
The healthcare organization's technical architecture now provides the appropriate balance of security capabilities and healthcare management services thanks to a well-designed and executed enterprise segmentation strategy. The organization can now demonstrate its in-time compliance with regulatory requirements — an objective that was unattainable with the previous architecture. Critical applications now have an enhanced level of protection with a defense-in-depth model to ensure data privacy. And, thanks to our repeatable and resilient methodologies, we achieved the above while meeting the customer's critical business objective of near-zero disruption to ongoing healthcare services.
For more on WWT's enterprise segmentation services, explore our Security Tools Rationalization Workshop to request a free introductory session, or enroll in our Enterprise Segmentation Workshop today.