Sara Lofgren: Why IoT Matters to Healthcare

Sara Lofgren is the Channel Sales Engineering Manager at BlackBerry Cylance. She has been working in computer security for over a decade, with a focus on solving enterprise security problems through the union of technology, people, and processes.

In this video, Sara digs into the main concerns for healthcare IT pros when it comes to the Internet of Things (IoT):

About Sara Lofgren

Sara Lofgren is the Channel Sales Engineering Manager at Cylance. She has been working in computer security for over a decade, with focus on solving enterprise security problems through the union of technology, people, and processes. Besides malware, her other main areas of interest include privacy, cryptography, and technology regulations. Sara lives in Minnesota with 4 kids, 2 dogs, a cat, and many rescue horses.

Want to learn more about what is going on in the world of cybersecurity? Subscribe to the InSecurity Podcast!

Every week on InSecurity, host Matt Stephenson interviews leading authorities in the security industry to gain an expert perspective on topics including risk management, security control friction, compliance issues, and building a culture of security. Each episode provides relevant insights for security practitioners and business leaders working to improve their organization’s security posture and bottom line.

You can find us wherever you get your podcasts including Spotify, Stitcher, SoundCloud, I Heart Radio as well as:

TRANSCRIPT:

What are the main concerns when it comes to IoT?

Sara Lofgren: My name is Sara Lofgren. I'm from Minnesota, and I am a channel security engineer for Cylance and manage our team across North America. I want to talk a little bit about the Internet of Things (IoT) and why it matters to healthcare.

We have three concerns or areas of interest in IoT. There's the wide proliferation of IoT devices, the problem with non-standardization across devices, and then the obvious giant problem we have to address with securing IoT devices. If we first look at proliferation and adoption of these devices, from a healthcare perspective but also from a consumer perspective, IoT devices add a tremendous amount of value. When you think about healthcare with people in hospital beds, having a limited staffing for doctors and nurses, you can't have a doctor and nurse in the room all the time. Remote monitoring is critical, and IoT devices being small, portable, remotely connectable and offering all kinds of functionality for monitoring your health and vitals of your patients means that it makes sense from a health care cost and benefit perspective to your patients do adopt these.

This coupled with the fact that they're relatively cheap to produce and they're widely available, not just in medical but in consumer, it means that adoption is a very rapid, and we're seeing a tremendous amount of growth. 11 years ago, we started calling this IoT because we crossed the threshold from having one device for every person on the planet to more than that, and we're now at over 50 billion IoT devices. That's a tremendous amount of growth. In the same period of time, the internet grew about 1 billion over the first 11 years of consumer adoption.

What does that mean from a security perspective? This is where we are really entering an interesting territory and conversations is these devices are not standard. They exist everywhere, they're performing critical functions, and in some instances they have to be adopted. There really is no other good option for doing it, so we have to look at addressing these problems in a multifaceted way where we're looking at security in layers, to beat an abused term, whether we're looking at physical security and making sure that these small portable devices are staying on secure networks and not coming into areas they shouldn't, to looking at segmentation and even micro segmentation, stealth networks to hide these devices where they might not be able to be secured, but also looking at standardizing the underlying platform and looking at consolidation and cooperation between security vendors and the vice producers. You're going to see a lot of consolidation over the next couple of years I expect, but these are problems that we'll continue to tackle and think about in security.

Is preventative security possible?

Sara Lofgren: I'm going to hedge on that question a little bit because I was just talking about these devices being widely diverse, being different in functionality and what the underlying architecture looks like. It's very difficult to secure consumer devices from a software perspective. We can't load an agent on there. You can't just install some antivirus software. You really have to look into doing that layered security model where you're trying to limit where those things are allowed to go, having physical security, making sure those consumer devices don't come into secure networks.

When we talk about the Enterprise of Things (EoT), we start looking at IoT devices that are geared for, whether it's healthcare or manufacturing utilities or any other commercial role, we need the vendors to get on board, the device producers to get on board with building technology into the devices themselves, with using lightweight static models to analyze malware and attacks on the devices. We also need to look into network behavioral monitoring and segmentation. I do think prevention is possible, but it will take a very cohesive effort among the producers and the software vendors to get this done the right way.