The hospitality and healthcare sectors are experiencing tremendous growth in the Middle East. With that growth comes an increasing amount of confidential information that needs to be secured and protected.
Among the region’s fastest growing verticals are the healthcare and hospitality sectors. As these sectors continue their upward swing, more and more information is being created, particularly about patients and guests, which is not only valuable but also frequently of a confidential nature. It is up to the region’s IT professionals and vendors to provide the safe and secure environments users expect and demand.
“The valuable data and information assets related to patients, medical research and intellectual properties are making it necessary for healthcare organisations to be on guard and apply the principle of control, confidentiality, integrity and accountability,” explains Harish Chib, vice president of new business development at Cyberoam.
“I think that there are two specific aspects of data security that hospitality and healthcare are looking at. One is the traditional security when securing access from outsiders into the internal network through traditional securities like firewalls, access prevention, anti-virus and anti-spam,” says Judhi Prasetyo regional channel manager, Fortinet Middle East.
“The second one is from a compliance and data leakage and data theft perspective. There needs to be a lot more done in the second aspect which is dealing with data leakage and information prevention,” Prasetyo continues.
Up to now
Security in the healthcare and hospitality industries has been undergoing a steady evolution in recent times, as data that was previously not collected or held in hard copy format only, has been transferred to electronic form. Many enterprises though continue to protect themselves through traditional technologies but the rapid escalation of the demands made by regulation and compliance is changing that.
The valuable data and information assets related to the patients, medical research and intellectual properties are making it necessary for healthcare organisations to be on constant guard and apply the principle of control, confidentiality, integrity and accountability.
Greg Day, security analyst EMEA for McAfee has seen the emphasis begin with technology and the subsequent shift in understanding around security. “Technology can be used in every area, from critical to trivial, and in each instance, it is essential that there is an understanding of how and why it is being used, what the potential threats are and what they would mean in terms of business impact. Over the course of the last few years, we have seen a growing focus on understanding and managing the data being collected, stored and shared.”
According to Bulent Tescoz, security expert at Symantec, just a few years ago the prevailing wisdom was that having a firewall at the perimeter was good enough but the focus has since moved towards end-point solutions and building on the standard technologies.
“The industries now realise that having an anti-virus solution is not enough because they acknowledge that this is actually a reactive way of doing this. The healthcare industry is a business today; in the region network access control (NAC) is a hot topic right now with industry standards also becoming more important,” elaborated Tescoz.
Many end-users still rely on the best available technology while making a pre-emptive move to reach international standards of compliance. “We have strict access list on router level, secure anti-virus as well as restricted USB access. We are in compliance with the highest EU standards of communication and data privacy,” points out Dinto Joseph, IT Manager at the Radisson SAS Hotel, Dubai Media City. Weapons chest
There is no doubt that the threats faced by healthcare and hospitality are not just on the increase but become more sophisticated almost by the day. In response to this security vendors have to deliver more effective solutions and technologies to assist the IT professional in the battle against malicious attack.
“Across the world there is a major push to move towards electronic medical records, the availability of these electronic records is enabling medical professionals to access these records from wherever they want, they no longer need to be at their desks. What they want is a secure solution so that they are able to log in and get access to it no matter where they are. So a secure remote access solution is becoming very important,” says Sanjeev Gupta, general manager, enterprise business solutions, Nortel.
Technology can be used in every area, from critical to trivial, and in each instance, it is essential that there is an understanding of how and why it is being used and what the threats are. We have seen a growing focus on understanding and managing the data being collected, stored and shared.
Fortinet’s Prasetyo discussed his company’s newest security products aimed at the healthcare market. “We are seeing a lot of interest in our database security and firewall products. FortiDB is aimed at database security and is an assessment as well as auditing and monitoring tool for the database. FortiWEB is special firewall built to defend net application servers.”
Guru Prasad, general manager for networking at FVC says that the value added distributor now offers a number of solutions aimed at data leakage issues. “On the data leakage side and the data privacy side we have partnerships with Google where we offer DLP as well as e-mail and web security technologies. On the compliance side we have a product that addresses the data vulnerability as well as the data leakage compliance access control issue.”
When it comes to looking at what products have found, the most traction with users Prasad has seen a mature progression in terms of adoption. “We have seen a lot of traction with e-mail and web security, I think a lot of the leakage and threats that healthcare and hospitality see are from trojans, spams and phishing attacks. The natural progression from that point is towards looking into data loss prevention,” Prasad elaborated.
“Organisations face many blended threats today so they are favouring a unified approach that protects their networks and business users from the blended attacks and technology misuse,” says Chib of Cyberoam.
According to Chib another factor driving the overall UTM security industry today is compliance. “The basic tenet of all compliance acts demands that a security process be in place to guard against unauthorised access, use, disclosure, modification, or interference with system operations. In fact, UTM like Cyberoam makes compliance unbelievably easy as it provides the ability to collect, aggregate, correlate, and report the event data with its on-appliance reporting module,” says Chib.
Vendors of security products aimed at the healthcare and hospitality sectors admit that there are a number of challenges that they are faced with when it comes to providing solutions to the region.
“The biggest threat is the pace at which they adapt to protecting their network as opposed to the pace at which the threats are emanating. It’s a case of how quickly they can ensure that the data and networks are secure,” says Prasad.
Prasad notes that while the bigger healthcare providers are gradually adopting security standards, it remains an issue with the smaller organisations who are less focused on ensuring processes and standards are implemented.
“The unique security challenges actually begin with the compliance itself. When there are no regulations, be they industry regulations or security regulations that enforce compliance, problems begin to occur,” says Prasetyo.
Tescoz though, believes that challenges facing the region are not unique but instead faced worldwide. “Businesses are looking to optimise their existing security deployments to maximise the budget available for new projects, such as tackling the data control issue. The regional variation is often the result of the level of pressure being applied by local legislation and geo-political considerations,” says Tescoz.
Money, money, money
Spending on IT solutions and products is less robust than in recent years with the financial situation for many organisations tenuous at best. The industry veterans though do not anticipate a significant decrease in spending.
“I believe security is not something that you can compromise. You do not want to compromise the security and potentially lose your business. It is now more than ever though a matter of assessing your assets and deciding which one requires more protection,” says Prasetyo of Fortinet.
Nortel’s Gupta agrees that the security market will remain relatively untouched by the global slowdown. “Despite the current market conditions healthcare is still growing. There are projects being put on hold but if you talk to anyone in healthcare you will hear that security is such an essential part of what they do and they will not readily compromise on it.”
When it comes to allocating budget towards security spending there are a number of equations and recommendations out there.
“I would say that security budgets are anywhere between 20 to 25% of the overall IT budget and we see that increasing more and more. I think that especially in the current environment we will see a lot more continued spending on security whereas infrastructure has slowed down quite a bit,” says Prasad.
McAfee’s Tescoz, believes that a thorough assessment needs to be done before settling on a percentage to be allocated. “Spending is dependent on the current state of security in each country and on the risks identified by the organisation as part of its specific risk assessment process,” he says.
Over at the Radisson SAS Dinto Joseph and his team have, after careful consideration, allocated approximately 10% of the total IT investment toward securing the network and systems.
“Quite simply put security is as important as a disaster recovery plan. In the hospitality sector we operate 24/7 hence any interruption related to a security breach will affect our business,” emphasises Joseph.
The hospitality and healthcare sectors are clearly amongst the fastest growing industries in the region The security industry together with the IT professionals face unique and complex challenges but by working together they can, and must, form a strong united front against future attacks.
For all the latest tech news from the UAE and Gulf countries, follow us on Twitter and Linkedin, like us on Facebook and subscribe to our YouTube page, which is updated daily.
Subscribe to Arabian Business' newsletter to receive the latest breaking news and business stories in Dubai,the UAE and the GCC straight to your inbox.