Virtualization News

Virtualization for Secure Healthcare Data Access Control

Using virtualization and containers for secure healthcare data access control limits end user's access only to the data they need.

By Elizabeth O'Dowd

Granting network access and enforcing access protocols are a large part of healthcare network security. Access control keeps unwanted and harmful visitors from gaining access to protected health information (PHI) by having users authenticate their identity.

Virtualization for healthcare SAC

Security access control (SAC) is not a new concept for IT infrastructure in other industries but is perhaps so for healthcare. SAC permissions and authentication determine the identity of the user and the information users have access to on the network. The introduction of virtualization has helped restrict data and limit access for users who don’t need certain information.

All users are not created equal and do not need access to all network data. In larger healthcare organizations different clearance levels exist based on the duties of end users within an organization; for instance, doctor’s need more network access than clerks or orderlies.

In some cases, particularly smaller healthcare organizations, there is no separation between users and the data they are able to access. While this isn’t fundamentally a large concern as employees generally don’t intentionally leak their login information, the human element still presents a risk to protected network access, making universal user access unwise.

There has been ongoing debate over SAC where some professionals see the technology as a security problem and others, a management problem. Regardless of general opinions, exploring virtualization for access control offers no drawbacks if it can eliminate user authentication error.

The concept of containing data separately is not a new one. In the physical world, valuable or high-risk objects are kept behind locked doors or in vaults, while other items are accessible by anyone entering the building. Virtualization takes this concept and applies it to data virtually.

Traditionally, organizations manage user access with passwords or pin numbers that need to be changed over an established period. Changing passwords too frequently can lead to users forgetting them or writing them down and leaving them vulnerable. Virtualization still uses passwords, but if an unauthorized user gains access, he won’t have permissions to access the entire network.

Organizations don’t need to fully virtualize their infrastructure to use virtualization for secure access control. Isolating stored data in containers prevents sensitive data from being accessed by users who do not need it.

Virtualization uses container technology to create virtual servers within the main server, separating data based on end user need. Virtual barriers separate containers and prevent penetration from one container to another on the server. If a lower-clearance container is hacked, the hacker is limited to the information in that container and cannot access other containers on the server.

Virtualization for access control can work alongside a traditional SAC solution as another line of defense that is convenient to the user or managing IT staff, instead of adding new identity validation functions, such as voice recognition or fingerprint scans. The containers are a secure barrier rendering other user identification methods useless.

Organizations can create as many or as few containers as they feel they need depending on the amount of data and electronic health records being stored. Containers can be made for high-risk data as well as for data that is not particularly sensitive, but isn’t accessed often.

Less users accessing data means fewer chances of it being compromised. If users are logging in and granted access to all the data stored, unnecessary paths and connections are being forged between the end user and data they are never going to need.

While compromised data, even lower security data, is never a good thing, keeping sensitive and high-risk data contained from more accessible data can prevent a breach from turning into a catastrophe.

Dig Deeper: