Cloud computing has numerous benefits for organizations in the healthcare industry, as many departments can find applications and data to host in the cloud environment, making resource provisioning easier and allowing employees to use less physical hardware to complete tasks. However, it is still common for some of these organizations to cite security as a major factor keeping them from adopting cloud services. With malicious attacks such as Heartbleed, Shellshock and a threat newly discovered by The Security Factory, it is crucial to pay attention to what is hosted in cloud environments and what security services are necessary to protect that data.
A Healthcare Information and Management Systems Society survey found that almost half of the respondents cited security as a key concern with cloud computing. Fortunately, only about 6 percent of the survey-takers told HIMSS researchers that they would not use a cloud service. The solution to working with sensitive information and applications in the cloud lies with security services. These partners can help reduce cloud computing concerns and allow IT departments to focus on protecting the organization's internal network to ensure security on all levels.
What goes into the cloud?
Before considering a cloud security service, organizations need to first understand that all applications do not belong in the cloud. By determining which programs and information can be stored in a public or private cloud, they will already reduce the risks associated with hosting Heath Insurance Portability and Accountability Act-compliant data.
Applications that are flexible in nature, which are programs that will see various amounts of users and data depending on the time of day, month or year, should be the first choice for cloud computing. On the other hand, data can and should be backed up or stored on cloud servers in order to reduce congestion on a local level, as some applications will need information transferred quickly and immediately, such as email, while others, such as user data, do not require fast and easy access.
While it is important to consider what will be hosted in a cloud environment, organizations should take full advantage of their cloud services. However, by only focusing on critical applications and data, the security risks of the cloud can be reduced and the security provider partner can dedicate even more resources to protecting that information.
Looking for a provider with access controls
A cloud security service is an ideal solution for healthcare organizations with large amounts of data in the cloud, preoccupied IT departments and HIPAA compliance requirements. The first aspect of cloud protection might be one of the most important: Limiting access for certain users.
With critical applications and information stored in the cloud, giving all employees access to everything could be detrimental. This also applies to providing and taking away access based on the task in which a staff member is engaging. The Security Factory, a Belgian cybersecurity firm, recently discovered a coding vulnerability that would allow a normal user to gain control over Windows-based servers through the creation of a directory name in any of the directories that the employee has access to.
Being a command-shell script, this vulnerability is very similar to Shellshock, and with correct placement, any user can cause malware to spread throughout a file server. Limiting employee access to servers hosting HIPAA-compliant data can prevent this, but many internal IT departments do not have the time or ability to constantly search for new vulnerabilities, while a cloud security firm will be up to date on new threats and able to patch them immediately.
Choosing the best technology
Another benefit of cloud security services is that they have the latest, cutting-edge technology. Finding a security firm with multi-tiered defense strategies will ensure that companies with high numbers of attacks will be safe. IT Pro Portal reported that with the best technology, coverage will include real-time threat monitoring, log management and denial-of-service attack mitigation. Firewalls will not be enough to stop constant threats that healthcare organizations face on a daily basis.
Additionally healthcare providers and companies will want a cloud security provider that is flexible. With innovations and trends in technology coming and going, it is crucial to have a service that can scale with the organization's needs. It can be hard to predict the future of cloud activity, and in this way security should be able to follow cloud infrastructure as it moves from being based on a public cloud to hybrid or from hybrid to private. A solution that is agile will reduce growing pains and allow the organizations to change in regard to demands.
Healthcare organizations are correct to be picky when looking for cloud solutions. Finding the best cloud host is just the beginning. By paying attention to those considerations, organizations can guarantee working with the best cloud security services for their needs.
David Bailey is Senior Vice President at Protected Trust.
Protected Trust is a sponsor of the Print4Pay Hotel. I urge members and readers to visit their site to see their full line of products and services. More and more we need to provide well rounded strategic solutions for our customers. Protected Trust offers some unique solutions that can help us in our day to day efforts. Check them out here.
Comments (0)