Zero-Trust Wireless Architectures in Healthcare: Integrating Aruba ClearPass for Granular Policy Enforcement
DOI:
https://doi.org/10.63282/3050-9246.IJETCSIT-V7I2P140Keywords:
Zero Trust Architecture, Healthcare Wireless Security, Aruba ClearPass, Network Access Control, IoMT Security, IDPS, EAP-TLS, WLAN Security, Identity-Driven Segmentation, Clinical Network ResilienceAbstract
Healthcare wireless networks present a uniquely challenging security environment characterized by high device density, strict uptime requirements, and a substantial population of Internet of Medical Things (IoMT) devices incapable of supporting traditional endpoint protection. Perimeter-based and endpoint-centric security models have proven inadequate in this context. This paper proposes and evaluates a Zero Trust Architecture (ZTA) framework for enterprise healthcare wireless local area networks (WLANs), implemented through Aruba Networks ClearPass as the centralized identity and policy enforcement plane. The framework integrates Network Access Control (NAC) with wireless Intrusion Detection and Prevention Systems (IDPS) to achieve continuous identity verification, dynamic micro-segmentation, and automated closed-loop threat enforcement. Deployed across a multi-campus healthcare environment encompassing more than 7,000 access points, 120 controllers, and 20,000 users across 60+ clinical sites, the architecture reduced detection-to-enforcement latency to under 200 milliseconds, decreased unauthorized access incidents by 73–78%, and reduced manual remediation requirements by 60–85%, with zero clinical downtime during security enforcement events. Results demonstrate that network-centric Zero Trust enforcement, anchored by ClearPass-based policy orchestration, constitutes a viable and scalable security model for critical healthcare wireless environments.
Downloads
References
[1] K. Fu and J. Blum, "Controlling for cybersecurity risks of medical device software," Commun. ACM, vol. 56, no. 10, pp. 35–37, Oct. 2013.
[2] L. Coventry and D. Branley, "Cybersecurity in healthcare: A narrative review of trends, threats and ways forward," Maturitas, vol. 113, pp. 48–52, Jul. 2018.
[3] IBM Security, "Cost of a Data Breach Report 2023," IBM Corp., Armonk, NY, USA, 2023.
[4] U.S. Department of Health and Human Services, "Universal Health Services Ransomware Attack Lessons Learned," HHS Office for Civil Rights, Washington, DC, USA, 2021.
[5] S. Rose, O. Borchert, S. Mitchell, and S. Connelly, "Zero Trust Architecture," NIST Special Publication 800-207, National Institute of Standards and Technology, Gaithersburg, MD, USA, 2020.
[6] J. Kindervag, "Build Security Into Your Network's DNA: The Zero Trust Network Architecture," Forrester Research, Cambridge, MA, USA, Nov. 2010.
[7] V. Stafford, "Zero Trust Architecture," NIST Special Publication 800-207 (Draft 2), National Institute of Standards and Technology, 2019.
[8] L. Coventry and D. Branley, "Cybersecurity in healthcare: A narrative review," Maturitas, vol. 113, pp. 48–52, 2018.
[9] K. Fu and J. Blum, "Risks of medical device software," Commun. ACM, vol. 56, no. 10, 2013.
[10] C. S. Kruse et al., "Cybersecurity in healthcare: A systematic review of modern threats and trends," Technology and Health Care, vol. 25, no. 1, pp. 1–10, 2017.
[11] P. Srisuresh and M. Holdrege, "IP Network Address Translator (NAT) Terminology and Considerations," IETF RFC 2663, 1999.
[12] K. Scarfone and P. Mell, "Guide to Intrusion Detection and Prevention Systems (IDPS)," NIST Special Publication 800-94, National Institute of Standards and Technology, 2007.
[13] D. Simon, B. Aboba, and R. Hurst, "The EAP-TLS Authentication Protocol," IETF RFC 5216, Mar. 2008.
[14] U.S. Department of Health and Human Services, "HIPAA Security Rule," 45 CFR Parts 160 and 164, 2003.
[15] Aruba Networks, "ClearPass Policy Manager 6.10 User Guide," Hewlett Packard Enterprise Development LP, 2022.
[16] Institute of Electrical and Electronics Engineers, "IEEE Std 802.1X-2020: Port-Based Network Access Control," IEEE, New York, NY, USA, 2020.
[17] Institute of Electrical and Electronics Engineers, "IEEE Std 802.11i-2004: Medium Access Control (MAC) Security Enhancements," IEEE, New York, NY, USA, 2004.
[18] D. Geer, "Health care and cyber security: Increasing threats require increased capabilities," IEEE Security & Privacy, vol. 13, no. 5, pp. 78–81, Sep.–Oct. 2015.
[19] M. Nawir, A. Amir, N. Yaakob, and O. B. Lynn, "Internet of Things (IoT): Taxonomy of security attacks," in Proc. 3rd IEEE Int. Conf. Electronic Design (ICED), Phuket, Thailand, 2016, pp. 321–326.
[20] W. Stallings and L. Brown, "Computer Security: Principles and Practice," 4th ed. Pearson, Hoboken, NJ, USA, 2018.
[21] Akinapalli, S. (2026). AN AI-POWERED DATA TRUST AND QUALITY SCORING FRAMEWORK FOR ENTERPRISE DECISION INTELLIGENCE SYSTEMS. International Journal of Data Science and IoT Management System, 5(1), 946-950.
