Highly regulated industries need a better approach to improving cybersecurity without sacrificing productivity.
Industries like healthcare and manufacturing can rely on a digital identity strategy to achieve compliance and improve productivity.
By Gus Malezis
Think back to maybe ten years ago: you’re at the doctor’s for your annual appointment. A clerk checks you in, you fill in the obligatory forms (again), a nurse asks you a series of possibly redundant questions, completes your chart, and eventually, the doctor arrives…who spends a few precious minutes with you, until they rush off to the next patient. Throughout the appointment, it feels like everyone spent more time on the computer than they did with you, assessing your health.
That’s because, over the last decade, several state and federal policies have been introduced to manage and protect sensitive patient data and be compliant. This has transformed healthcare into one of the most highly regulated – and targeted – industries. While compliance is certainly important, technology implemented to achieve this can be a roadblock if not done properly – and healthcare has learned a few lessons on what works best and what doesn’t. Fortunately, some useful solutions have emerged to help healthcare meet cyber regulations, though admittedly, not every health system is perfect.
But now, with increased cyber threats to national infrastructure, this regulatory pattern is repeating itself, this time in other mission-critical industries like manufacturing. Despite many policies pointing businesses in the right direction, highly regulated industries need a digital identity strategy to achieve compliance without sacrificing productivity. To better understand the threat landscape, let’s dive into the changes that are remodeling critical infrastructure’s digital environment.
Digitalization’s Double-Edged Sword
The Industrial Internet of Things (IIoT) and advanced, interconnected technologies have transformed production lines and processes to materially enhance visibility and enable efficiencies. For businesses like manufacturers, these new capabilities have enabled productivity that’s become essential to many companies’ bottom lines.
That being said, digitalization is a double-edged sword. Hyperconnectivity brings increased cyber risks – the fallout from which can range from operational disruption to compromised human safety. This leaves critical industries, especially healthcare and manufacturing, with a broadened attack surface facing more cyber threats.
Although federal regulations are meant to help both critical industries, meeting them without affecting workflow productivity is not easy. The Biden Administration’s executive order requiring all critical infrastructure to adopt zero trust principles imposes some of the biggest cybersecurity requirements manufacturers have ever seen. These might seem daunting at first, but the biggest misstep an organization could make is rushing to ‘check the box.’ Healthcare has learned the hard way, as this method could cause more harm in the long run.
The Danger of IT Workarounds
Think back to the scenario we started with. As you waited, clinicians spent over 15 minutes interacting with the electronic health record (EHR) just to access the applications and information necessary for your appointment. Imagine how frustrating that process is for the clinician who sees over a dozen patients every day, repeating that same process each time.
Although many healthcare regulations require enhanced identity verification, if it’s not done correctly, employees are likely to find workarounds, (like writing passwords on sticky notes next to workstations or leaving them unlocked) opening more vulnerabilities to your network.
This exact scenario could cause productivity delays in manufacturing, too. Plant workers often need to access on-premises legacy technology and applications to maintain critical operations. Like healthcare, these workers are repeatedly logging into applications and are often decked out in personal protective equipment like gloves and safety gear. So, it’s unrealistic to implement extra authentication practices, like entering credentials a dozen times a day, without delaying productivity.
You can imagine the disastrous outcomes of a compromised username and password in this situation – we actually got a taste of it with the infamous Colonial Pipeline hack, where stolen credentials were put up for sale on the dark web. The impacts of the attack were felt almost immediately, triggering a fuel shortage across the country. While meeting these regulations might seem overwhelming, there are some key takeaways manufacturers can learn from how healthcare has coped with these struggles.
Achieving Compliance with Digital Identity
After feeling the pain of repeated logins to workstations and applications, many health systems realized the difference that digital identity management can make in enabling, controlling, and monitoring access. By implementing single sign-on alone, studies show that clinicians gain substantial time back.
Innovative identity and access management solutions like single sign-on, especially those via no-click access and biometrics, became the key to liberating clinicians from computers and allowing them to focus on patient care. Now, consider this approach in manufacturing and just imagine the productivity benefits. Similar to healthcare, fast user switching between workstations is vital in manufacturing. A plant employee could seamlessly access shared workstations, mobile devices, cloud, and legacy applications with a single tap of their ID badge versus the complex access barriers so common in organizations today.
Already proven effective in healthcare, this evolution from “check the box” security to trusted digital identity management is one that manufacturing organizations must adopt to remain compliant and productive. Because ultimately, technology is only as good as your ability to use it.
This article is sponsored by Imprivata.
Gus Malezis is the President and Chief Executive Officer of Imprivata. Gus is widely recognized as a visionary leader in the information technology security industry where he brings more than 30 years of experience driving innovation and growth while building market leading organizations.
The post Healthcare Cyber Lessons Manufacturers Can Learn From appeared first on Industry Today.