7 Myths of Healthcare Cloud Security Debunked



Similar documents
Big Data, Big Risk, Big Rewards. Hussein Syed

How To Secure Cloud Computing

FOR THE FUTURE OF DATA CENTERS?

How To Protect Your Data From Being Hacked

Security Issues in Cloud Computing

EXECUTIVE BRIEF SPON. File Synchronization and Sharing Market Forecast, Published May An Osterman Research Executive Brief

Building Secure Cloud Applications. On the Microsoft Windows Azure platform

Security and Managed Services

WHITE PAPER. 5 Ways Your Organization is Missing Out on Massive Opportunities By Not Using Cloud Software

How to use the Alertsec Service to Achieve HIPAA Compliance for Your Organization

How To Find Out What People Think About Hipaa Compliance

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com

Executive s Guide to Cloud Access Security Brokers

How to ensure control and security when moving to SaaS/cloud applications

Why can you trust Google?

Security Controls for the Autodesk 360 Managed Services

Hedge Funds & the Cloud: The Pros, Cons and Considerations

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

Privacy + Security + Integrity

2014 HIMSS Analytics Cloud Survey

Security Considerations

THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS

Sean Horne CTO EMC UKI. The leakage of Intellectual Property.. .and the risk of Privacy, Trustworthiness, Governance and Data Breaches

ALERT LOGIC FOR HIPAA COMPLIANCE

Encryption, Key Management, and Consolidation in Today s Data Center

Executive Summary P 1. ActivIdentity

PROTECTING YOUR VOICE SYSTEM IN THE CLOUD

For more information on how to build a HIPAA-compliant wireless network with Lutrum, please contact us today!

Moving to the Cloud: Truth or Dare? Debunking 5 Myths of Hosted Contact Centers

全 球 資 安 剖 析, 您 做 確 實 了 嗎? Albert Yung Barracuda Networks

Cloud Contact Center. Security White Paper

Security from a customer s perspective. Halogen s approach to security

Mapping Your Path to the Cloud. A Guide to Getting your Dental Practice Set to Transition to Cloud-Based Practice Management Software.

Retention & Destruction

Making the leap to the cloud: IS my data private and secure?

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

HIPAA Compliance: Efficient Tools to Follow the Rules

Access Control BUSINESS REQUIREMENTS FOR ACCESS CONTROL

Data Flow and Management in Radiation Therapy

Secure networks are crucial for IT systems and their

A CIO s Guide To Mobility Management

Enterprise Data Protection

A Decision Maker s Guide to Securing an IT Infrastructure

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Compliance for the Road Ahead

Secure Cloud Hosting for Healthcare Organizations

Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst

Ensuring security the last barrier to Cloud adoption

Deploying Firewalls Throughout Your Organization

a new approach to IT security

Preemptive security solutions for healthcare

HIPAA Compliant Infrastructure Services. Real Security Outcomes. Delivered.

Network/Cyber Security

A COMPLETE GUIDE HOW TO CHOOSE A CLOUD-TO-CLOUD BACKUP PROVIDER FOR THE ENTERPRISE

PREP Course #25: Hot Topics in Cyber Security and Database Security. Presented by: Joe Baskin Manager, Information Security, OCIO

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

BKDconnect Security Overview

1 The intersection of IAM and the cloud

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Putting Web Threat Protection and Content Filtering in the Cloud

With Eversync s cloud data tiering, the customer can tier data protection as follows:

A Strategic Approach to Enterprise Key Management

External Supplier Control Requirements

BEST PRACTICES RESEARCH

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency

Utilizing Cloud Storage for Mainframes

Transcription:

BUSINESS WHITE PAPER 7 Myths of Healthcare Cloud Security Debunked Don t let these common myths stall your healthcare cloud initiative

7 Myths of Cloud Security Debunked Table of Contents 2 The Cloud is beginning to gain favor 3 Myth #1: The cloud isn t secure enough for healthcare 3 Myth #2: All cloud-based infrastructures are created equal 4 Myth #3: Data in the cloud is more vulnerable to hackers 4 Myth #4: Data in the cloud is accessible to other organizations using the same cloud 5 Myth #5: Data that resides in the cloud can t be controlled or mined by providers 5 Myth #6: Identity and access management is a headache with cloud-based systems 6 Myth #7: I can t trust a cloud provider like I can trust my own people Cloud computing could be the next game-changer in healthcare but not if healthcare IT professionals don t overcome their deep-rooted aversion to the cloud. A conventionally risk-averse industry, healthcare has been relatively slow to adopt the cloud, citing security and privacy concerns. According to MarketsandMarkets, despite a slow start, healthcare providers are predicted to spend $5.4 billion on cloud services by 2017. The Cloud is beginning to gain favor As regulation pushes the industry toward storage, collaboration and accessibility, the cloud becomes even more attractive since it s often safer and more versatile than on-premises solutions. Health information exchanges also are contributing to the need for interconnected electronic medical record systems to ensure easy access to patient data. As a result, cloud-based software-as-a-service models are beginning to grow. According to a June 2014 HIMSS Analytics Cloud Survey, 83 percent of 150 industry respondents said they currently use at least some cloud services. Another 9 percent plan to use the cloud, and just 6 percent don t plan to try cloud services. Despite the growth in cloud-based services, 61 percent of healthcare IT respondents indicated security is still a top concern. Many of the concerns about cloud computing security are more myth than fact. Let us debunk seven of them. 2

Myth #1: The cloud isn t secure enough for healthcare A long-held perception exists in healthcare that cloud systems are inherently less secure than traditional on-premises systems. While both enterprise systems and cloud systems have an equal chance of being attacked, data shows that cloud-based systems are actually more secure than their on-premises counterparts. According to Alert Logic s 2012 Cloud Security Report, on-premises users experience an average of 61.4 attacks per year while service-provider/cloud customers experience an average of only 27.8 attacks annually. The reason there are fewer attacks is because of better safeguards in the cloud, says Chris Bowen, chief privacy officer, ClearDATA. With the cloud, the data centers have specialized safeguards such as perimeter controls, cameras, armed guards, biometrics, interconnected room locks, man traps, multiple pipes for bandwidth, massive UPSs and multiple power grids, which are things even large hospital systems have a hard time providing, he says. Myth #2: All cloud-based infrastructures are created equal The cloud infrastructure can generally be boiled down to three components: network, storage, and computing. Each component must be purpose built for healthcare and with the use case in mind. In healthcare, networks must be secure, highly redundant, and designed to support burstability and have communications ports designed for shared use, Bowen says. But they must also be actively monitored and logged. Some cloud environments may be built with many of these features, but the logging requirements in healthcare often require other solutions to enable the logs to be kept, protected and archived according to specific data retention policies dictated by Health Information Trust Alliance (HITRUST), Omnibus and the Privacy and Security Rules. 3

Myth #3: Data in the cloud is more vulnerable to hackers In reality, data in the cloud is less susceptible when it is properly encrypted and secured. But it really depends on the cloud provider. Understanding how the provider approaches defense in depth from an administrative, technical and physical perspective is critical, Bowen says. Just as essential are the operating principles that the organization has developed to support a healthcare cloud. On-premises strategies are challenged to provide similar levels of service. Because IT security is not the core competency of most healthcare providers, turning to cloud providers can pay off since they focus on security extensively particularly cloud providers that focus on healthcare clients. The investment of resources and staffing by cloud-based providers is difficult to match with in-house employees. Additionally, HITRUST-certified vendors are particularly attractive given the rigorous certification process vendors endure. Myth #4: Data in the cloud is accessible to other organizations using the same cloud This myth is often unfounded since cloud providers take every precaution to secure the data. But since data in the cloud may be hosted on the same physical environment as others, it is important to choose a provider with the experience and know-how to ensure your data is segregated from other organizations data at all stages of the lifecycle. It is important to focus on isolation tactics for added protection of data in the cloud. Isolation is really a core function of a lot of the virtual infrastructure that cloud providers are using, says Rob Sadowski, of RSA, The Security Division of EMC. Most providers are going to be segmenting customer networks into virtual LANs. They re going to make sure that there is no cross-pollination over these virtual networks of customers. Another element to implement for isolation is the use of encryption. 4

Myth #5: Data that resides in the cloud can t be controlled or mined by providers This myth might be the most important to debunk. What contributes to the perception that the cloud may not be as secure or may have some level of risk is the lack of visibility and the loss of control, Sadowski says. The best way to ensure you have control is to extend the internal controls that you already trust into the cloud. For instance, make sure you have the same authentication, user management and access management capabilities in the cloud that you do with your on-premises solution. Any cloud environment should allow you to maintain an auditable chain of custody for your data. Any cloud provider that cannot guarantee this for you will put you at risk if you are ever audited by the ONC or investigated by the OCR, Bowen says. Once data enters the cloud, it might traverse many different data centers and geographic regions, be hosted multiple places simultaneously or be dynamically relocated as needed. Myth #6: Identity and access management is a headache with cloud-based systems In truth, it s not difficult to extend a provider s existing identification and authentication framework to a cloud environment. There are specific technologies (such as LDAP, SAML, Cloud Access Security Brokers, etc.) in the marketplace that can enable central identity management in the cloud. Network traffic settings also can help enable these technologies. Based on research we ve seen, we know that healthcare providers have to increasingly adopt the cloud in order to meet the infrastructure requirements mandated by regulations and to cope with rising costs, Bowen says. They can t necessarily meet infrastructure requirements with hardware-based solutions in their basement. 5

Myth #7: I can t trust a cloud provider like I can trust my own people This might be the most misguided myth of all since most data breaches to date are the result of employee negligence. According to a California Data Breach Report, in 2012 13, the majority of breaches in the healthcare sector (70 percent) were caused by lost or stolen hardware or portable media containing unencrypted data, in contrast to just 19 percent of such breaches in other sectors. Healthcare organizations are moving to secure cloud computing technologies such as virtual desktop infrastructure to allow practitioners easy access to patient data without ever storing protected health information on mobile or remote devices such as smartphones and laptops. But there are ways to avoid this vulnerability by using the cloud. Some of the biggest risks we see still go back to a person. But you can actually put controls in place so that even on a mobile device the data will never be stored locally, he says. It can be viewed, but it can be completely controlled from a cloud-based environment. To learn more about healthcare cloud security, please call (888) 899-2066 or visit www.cleardata.com 2014.12 v1

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information