Skip to content
SVHSoftware

Device operations

Zero trust for hospital device fleets: what it actually takes

Zero trust is easy to say and hard to retrofit. A field view of what changes when every device has to prove itself.

“Zero trust” on a slide means never trust, always verify. On a hospital network it means something more concrete: a device gets no access because of where it is plugged in — only because of what it can prove about itself. For a fleet of infusion pumps, monitors, and imaging systems accumulated over fifteen years, that’s not a policy change. It’s an engineering program.

What has to be true, device by device

Identity. Every device needs a cryptographic identity — in practice, a certificate and mutual TLS, so both the device and the server prove themselves on every connection. Shared network credentials and IP allowlists are exactly the implicit trust the model removes.

Attestation. Identity says who the device is; attestation says what it’s running. A device that can report its software inventory turns the security assessment question “how do you know what’s on your endpoints?” from a spreadsheet answer into a query.

Least-privilege data paths. A monitor that sends observations to one endpoint should be able to reach that endpoint and nothing else. Flat clinical VLANs fail this by construction; per-device policy replaces them.

A lifecycle, not a snapshot. Enrollment, key rotation, patching, revocation, decommissioning. The fleet you attest today drifts tomorrow unless the operations loop is continuous — which is why this is a platform problem, not a firewall setting.

The retrofit reality

The uncomfortable truth: some deployed devices can’t do any of this natively, and no one is replacing a fleet to get there. The practical pattern is a spectrum — agent-based identity where the device platform supports it (embedded Linux fleets usually can), gateway-mediated identity where it doesn’t, and network compensating controls for the long tail, with an explicit register of which devices sit in which tier.

This spectrum is precisely what the SVH Platform was built to operate, and deploying it across real, imperfect fleets is our flagship service. Start with the cohort that can do it fully — the posture improvement is measurable within one deployment phase, and the register makes the remaining risk honest.

← All insights

Tell us what needs to talk to what.

Bring us an integration problem, a device fleet, or a product idea — we will come back with an approach, not a slide deck.

Start a conversation