The challenge of implementing SDA in healthcare environments
There are several ways that your organisation can plan its next LAN refresh. If the existing network is based on the legacy design it would typically be either Layer 2 or Layer 3 access model. If you are upgrading this kind of network with a new hardware you will inevitably face a design decision to either keep it the same or use the opportunity to make some improvements.
Those improvements can be relatively simple like implementing Virtual Core switch to eliminate Spanning-Tree Blocking ports or introducing wired 802.1x at the edge to improve access security. You could also try and improve the configuration templates of the access switches or even tidy up some IP addressing but how about a complete new mindset and introducing Software Defined Access and how about doing it in the most challenging of environments like healthcare sector?
While any typical office environment may include end user devices like laptops, mobile phones, printers and maybe some security cameras or door controllers, things get much more complicated in a hospital environment. A growing number and a variety of endpoints — from blood pressure monitors, imaging systems, electrocardiograms, MRI machines to IV pumps are being added to the hospital networks. All of these devices become more standard in healthcare settings while collecting an increasing amount of patient data, making it even more important to secure.
In addition to this, any of those devices may access the network over the wire or wirelessly making it even more difficult to provide end to end security and segmentation. Mobility of various medical endpoints is in most cases a fundamental requirement to provide a cost effective patient care. On top of all that complexity it is quite common to see various 3rd party vendors charging large amounts of money for re-configuring the existing devices or simply changing their IP addresses.
Having briefly discussed the complexity surrounding endpoints we can’t forget about the users. That includes staff, patients, guests, visitors, 3rd parties, etc. with each group potentially being further divided into smaller groups like IT teams, doctors, nurses, university students, estates and many others. Many of those users may also be accessing the network via either wired, wireless or VPN connection and move around the network on a regular basis.
From the cyber security point of view using the legacy approach where each endpoint is identified by its network address makes it almost impossible to effectively secure this type of environment. This is where SD-Access is a solution but this doesn’t make the design and implementation process any easier. SDA provides a framework where user or endpoint identity rather than IP address can dictate the level of access but it is very important to plan the new network with segmentation in mind for the most effective policy enforcement.
Each project of this type starts with multiple design workshops involving many different departments including but not limited to IT network & servers teams, cyber security, estates, critical application owners, change control board etc. EDNX architects not only design and implement the solution but play a pivotal role in bridging the gap between various stakeholders and driving the project forward. We are a trusted partner that ensures that the project doesn’t only satisfy the hardware refresh requirements but most importantly it provides all additional benefits of the modern intent based network.