Why cybersecurity should be a total cost of ownership equation

With budgets becoming tighter every year, board members are leaning on healthcare IT teams to use free, or bundled security software. But the long term cost could be greater than you think.

The adage about ‘buy cheap, buy twice’ is never truer than in the security sector. While spending millions of pounds on security technology is out the realm of healthcare trusts, evaluating the true total cost of ownership is a valuable and often cost-saving experience.

The challenge is that free or low cost sounds good to the board and the finance chiefs. It looks great when budgets are running so far over what is normal that even pencils are expensive and biscuits in meetings have long since disappeared. This challenge is one facing many trusts, and although the board’s interest in technology, especially security technology in a post WannaCry world is welcomed, it adds pressure to an already difficult situation.

The management of security technology is a prime example of where costs can start to accumulate. When the security technology is piecemeal or bundled with additional software as part of a larger deal, it takes several individuals to manage it from various consoles or through multiple systems. That means the IT team are focusing on managing the security technology, and not on helping clinicians and healthcare practitioners understand how technology can help them drive the best patient outcomes.

Complexity in security technology, especially from a management perspective not only takes up valuable (and costly) time, but introduces additional costs in the form of headcount. The more complexity involved in managing the technology, the more people that are required to manage it. When budgets are already stretched, having more doctors, nurses and medical staff should take preference over additional IT staff to manage overly complex security technology.

That’s not to say the technology itself should be simple, quite the contrary. Another aspect to measuring total cost of ownership is the reality about the level of security that free or low cost options are able to deliver.  The cost here isn’t just financial; the cost of lost trust, of breaking consumer, patient and medical staff confidence in their data security, and the confidence of the board that WannaCry isn’t going to be repeated, has to be considered.

Given that hackers are more sophisticated than ever, malware is more prevalent and the threat landscape is changing on a daily basis, the level of complexity in helping to solve those issues is always going to be high. This is where automation comes into play to remove the management headache. Technology is becoming smarter, and elements such as Artificial Intelligence (AI) and machine learning make it possible for machines to heal themselves, for them to isolate problems and fix them automatically without human intervention. Automation today can stop malware in its tracks, mitigating risks and reducing the threat of an entire network infection. This not only leaves the IT team at the healthcare trust free to help clinicians or focus on other, patient-related tasks, it further helps to reduce management and resource costs.

And it’s not just management inside the building. With more and more healthcare providers moving to the cloud and patient care moving out of medical centres and into homes, security must be elastic – it must be able to stretch regardless of where the technology is being used.  Whether that’s for midwifery home visits, GPs in surgery or doctors working in intensive care. Medical practitioners need to be confident that the technology does what it’s supposed to do; keep patient data safe, secure and ensure there is no chance of PID being leaked no matter where they are.

Attacks are now inevitable and healthcare trusts must use all the tools available in their armory to prevent a breach. Threats need to be acted on in real time, with AI and machine learning to achieve rapid detection, isolation and remediation without any disruption to patient care or a clinician’s work. And, while there is unprecedented pressure to save money, making free or low cost security technology sound attractive, in the end you get what you pay for.

Guest blog written by Jonathan Lee, UK Director of Public Sector Relations/UK Director of Healthcare at Sophos.