A Model for ‘Zero Trust’ in HealthcarePanel of Experts Offers Insights on the Implementation Steps
Implementing a "zero trust" framework for the healthcare sector requires gaining board support for implementing the right access management controls, according to a panel of experts.
Australia-based Jo Stewart-Rattray, CSO at Silver Chain Group, provider of hospital and healthcare services, says the foremost challenge in implementing the zero trust model is to gain buy-in from the risk committee.
Another panelist, India-based Agnidipta Sarkar, group CISO at Biocon, a pharmaceutical company, says a key component of implementing a zero trust strategy is making sure access controls are consistent across all touch points.
But before getting started with the zero trust journey, organizations must build awareness of and support for the concept, adds Singapore-based Min Chee Liew, director, of the cyber defense group at Integrated Health Information Systems, or IHiS, the technology agency for the public healthcare sector.
In this video panel discussion, a part of Information Security Media Group's recent Virtual Cybersecurity Asia Summit: Healthcare, the experts discuss:
- Major stumbling blocks in the zero trust implementation process;
- How to get started with the zero trust journey in an enterprise;
- Integrating people, processes and technologies in building a zero trust framework for enhanced security.
Stewart-Rattray, CSO at Silver Chain Group, has more than 25 years of experience in the IT field, including serving as a CIO in the utilities and tourism sectors and as a CISO in the healthcare sector.
Sarkar, group CISO for the Biocon Group, has spent three decades working for global companies, including HP, HPE, DXC, HCL, Wipro, and CMS IT services. He has been an auditor and consultant, advising business leaders on cybersecurity, business continuity, privacy, risk optimization, standardization and resilience.
Liew, director of the cyber defense group at IHiS, is responsible for information and communications technology and medical device security policies and risk management. He also oversees cybersecurity capability development.