SECURING HEALTH INFORMATION IN THE CLOUD. Feisal Nanji, Executive Director, Techumen feisal@techumen.com

Similar documents
Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

Security Issues in Cloud Computing

Fundamental Concepts and Models

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing

What Cloud computing means in real life

OWASP Chapter Meeting June Presented by: Brayton Rider, SecureState Chief Architect

Seeing Though the Clouds

The Cloud at 30,000 feet. Art Ridgway Scripps Media Inc. Managing Director Newspaper IT Operations

Security & Trust in the Cloud

Trust but Verify. Vincent Campitelli. VP IT Risk Management

John Essner, CISO Office of Information Technology State of New Jersey

Private Cloud Database Consolidation with Exadata. Nitin Vengurlekar Technical Director/Cloud Evangelist

Solutions as a Service N.Konstantinidis Technical Director - MNG

Cloud Security. Peter Jopling IBM UK Ltd Software Group Hursley Labs. peterjopling IBM Corporation

Commercial Software Licensing

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

A Strawman Model. NIST Cloud Computing Reference Architecture and Taxonomy Working Group. January 3, 2011

Cloud Security. Nantawan Wongkachonkitti Electronic Government Agency, Thailand Cloud Security Alliance, Thailand Chapter October 2014

Healthcare Data in the Cloud A Gathering Storm of Governance. Erik Pupo Senior Manager, Deloitte

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

How To Protect Your Cloud From Attack

East African Information Conference th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud?

Configuration Management Why we should care! Anne-Rose Suriel Senior Systems Engineer

The benefits and implications of the Cloud and Software as a Service (SaaS) for the Location Services Market. John Caulfield Solutions Director

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

Healthcare: La sicurezza nel Cloud October 18, IBM Corporation

VALUE PROPOSITION FOR SERVICE PROVIDERS. Helping Service Providers accelerate adoption of the cloud

Secure Multi Tenancy In the Cloud. Boris Strongin VP Engineering and Co-founder, Hytrust Inc.

NCTA Cloud Architecture

How To Manage Cloud Data Safely

Virtualization Impact on Compliance and Audit

Cloud Courses Description

Cloud Computing. Cloud computing:

Cloud Security. Are you on the train or the tracks? ISSA CISO Executive Forum April 18, Brian Grayek CISSP, CCSK, ITILv3

The Need for Service Catalog Design in Cloud Services Development

Securing the Physical, Virtual, Cloud Continuum

Lecture 02b Cloud Computing II

Orchestrating the New Paradigm Cloud Assurance

[Who Cares?] as a Service

Topics. Images courtesy of Majd F. Sakr or from Wikipedia unless otherwise noted.

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud

Securing the Cloud with IBM Security Systems. IBM Security Systems IBM Corporation IBM IBM Corporation Corporation

Microsoft Cloud Computing Research Centre

Oracle Cloud Computing Strategy

Purpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.

IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011

BUSINESS MANAGEMENT SUPPORT

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Cloud Service Rollout. Chapter 9

Virtualization with VMware and IBM: Enjoy the Ride, but Don t Forget to Buckle Up!

IBM PowerSC. Security and compliance solution designed to protect virtualised data centres. Highlights. IBM Systems and Technology Data Sheet

Introduction to Cloud Computing

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week

Architecting the Cloud

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter

SSAE 16 for Transportation & Logistics Companies. Chris Kradjan Kim Koch

EXIN Cloud Computing Foundation

IBM PowerSC. Security and compliance solution designed to protect virtualized datacenters. Highlights. IBM Systems and Technology Data Sheet

Security in Changing IT Ecosystem: Virtualization and Cloud Computing

Private Cloud for WebSphere Virtual Enterprise Application Hosting

Cloud & Security. Dr Debabrata Nayak Debu.nayak@huawei.com

VMware for your hosting services

Security Issues In Cloud Computing And Their Solutions

H Y T RUST: S OLUTION B RIEF. Solve the Nosy Neighbor Problem in Multi-Tenant Environments

Key Considerations of Regulatory Compliance in the Public Cloud

Regulated Applications in the Cloud

Top five lessons learned from enterprise hybrid cloud projects

CLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM

Total Cloud Protection

Cloud Computing: Opportunities, Challenges, and Solutions. Jungwoo Ryoo, Ph.D., CISSP, CISA The Pennsylvania State University

SECURITY MODELS FOR CLOUD Kurtis E. Minder, CISSP

On Premise Vs Cloud: Selection Approach & Implementation Strategies

Cloud Courses Description

Enterprise Application Enablement for the Internet of Things

Governance and Control in the Cloud. Infrastructure as a Service

CLOUD COMPUTING OVERVIEW

Building Private & Hybrid Cloud Solutions

Overview. The Cloud. Characteristics and usage of the cloud Realities and risks of the cloud

How To Get A Cloud Based System To Work For You

Moving beyond Virtualization as you make your Cloud journey. David Angradi

Protect Root Abuse privilege on Hypervisor (Cloud Security)

Information Security: Cloud Computing

Addressing Data Security Challenges in the Cloud

ISSUE BRIEF. Cloud Security for Federal Agencies. Achieving greater efficiency and better security through federally certified cloud services

Five Tactics to Hybrid Cloud Success

Cloud Computing Technology

Service Automation to implement and operate your Cloud initiatives

The Future Of Cloud Computing. Thursday, September 1, 11

Cloud Perspectives. Steven Woodward CFPS, CSQA

D. L. Corbet & Assoc., LLC

Feliciano Intini Responsabile dei programmi di Sicurezza e Privacy Microsoft Italia

The Cloud, Virtualization, and Security

Cloud Data Security. Sol Cates

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

Performance Management for Cloudbased STC 2012

White Paper: Optimizing the Cloud Infrastructure for Enterprise Applications

From Secure Virtualization to Secure Private Clouds

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

Transcription:

SECURING HEALTH INFORMATION IN THE CLOUD Feisal Nanji, Executive Director, Techumen feisal@techumen.com

Conflict of Interest Disclosure Feisal Nanji, MPP, CISSP Has no real or apparent conflicts of interest to report. 2

LEARNING OBJECTIVES Describe the advantages of Cloud computing for Health Providers Identify the major concerns of securing health information in the cloud Recognize the key steps to overcoming health information security and privacy issues in the cloud Define a suitable audit and compliance process to ensure security and privacy in the cloud 3

4

WHAT SHOULD YOU TAKE AWAY? 1. Level set Core technology for cloud computing 2. Cloud computing -- variants 3. What are the key compliance / security concerns of the cloud? 4. How should we manage security in the cloud? 5

CORE TECHNOLOGY Fast networks Web enabled eco-system The Virtual Machine 6

7

VIRTUALIZATION CONCERNS Increases complexity Strains infrastructure Can cause large-scale failure Requires special maintenance 8

THIS ALLOWS Computing capability on demand Resource pooling storage, CPU Rapid deployment and scaling of IT services Easy measurement of what s been used 9

LEADING TO CLOUD VARIANTS. Infrastructure as a service (IaaS) Platform as a service (PaaS) Software as a service (SaaS) 10

Infrastructure as a Service (IaaS) APPLICATION PROGRAMMING INTERFACES VIRTUALIZATION AND CORE CONNECTIVITY HARDWARE AND DATA CENTER FACILITIES 11

Platform as a Service (PaaS) INTEGRATION AND MIDDLEWARE APPLICATION PROGRAMMING INTERFACES VIRTUALIZATION AND CORE CONNECTIVITY HARDWARE AND DATA CENTER FACILITIES 12

Software as a Service (SaaS) PRESENTATION APPLICATIONS DATA AND CONTENT INTEGRATION AND MIDDLEWARE APPLICATION PROGRAMMING INTERFACES VIRTUALIZATION AND CORE CONNECTIVITY HARDWARE AND DATA CENTER FACILITIES 13

CLOUD: A SUMMARY Essential Characteristics Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (SaaS) Service Models Public Private Hybrid Community Deployment Models 14

CLOUD HELPING HEALTH CARE. Providers, EMR vendors, Health Plans, Government, HIE etc. Cheaper and faster Better compliance (security)??? 15

TRADITIONAL DATA CENTER SECURITY APPROACHES Physical configuration management governs deployment and control implementation --- standards for specification, configuration, and operation Physical control as the ultimate breakwater for logical access control to platforms and applications Enterprise policies and organization for separation of duties and control Patch testing and patch management physical-platform- by-physicalplatform Data and applications are wherever the machine is and networks are between machines 16

BUT AS PHYSICAL VISIBILITY IS LOST. Where is the data? Who can see the data? Who has seen the data? Has data been tampered? Where is processing performed? How is processing configured? Does backup happen? How? Where? 17

AND COMPLIANCE -- IS NOT JUST SECURITY 1 HIPAA Security 2 Medical Fraud 3 e- Prescribing 4 Mental and behavioral health 5 Health Information Exchange 6 Health Quality reporting 7 Policy, Procedure Mgt. 8 Medical Research 9 Payment Card Industry (PCI) 10 FTC Red Flags Rule 18

HEALTH CARE COMPLIANCE AND THE CLOUD 19

Information Security Compliance Processes Information Architecture Requires an interconnected strategy 20

ARE YOU CLOUD READY? Have you standardized most commonly repeated operating procedures? Have you fully automated deployment and management? Can you provide self-service access for users? Are your business units ready to share the same infrastructure? 21

MAJOR CLOUD COMPLIANCE ISSUES INCLUDE: Data ownership and control Trust,consequences and chain of custody Access and authentication Facilities and service provision e.g. shared data centers / resources Administration Policies, transparency, auditing 22

KEY CLOUD SECURITY CONCERNS Virtualization software (e.g., hypervisor) risk exposure Inability to determine location of data or processing Mobility among VM s contradicts control principles; boundaries become unreliable and blurred Limited visibility into host O/S s and virtual network (to find vulnerabilities and assess/report configuration, patching) 23

LEAD TO VERY GRANULAR ISSUES: Security policies need to shift "up the stack" to match logical attributes Network Access control and Intrusion Prevention Root kit Detection Inter VM traffic analysis 24

KEY CONSIDERATIONS Move away from physical attributes for meeting compliance Application, Identity and Content awareness 25

CORE RECOMMENDATIONS Think of information security as a set of adaptive services integrated with compliance requirements and Information Architecture/Design Get security vendors to deliver their security controls in a virtualized form Express security policy across physical, virtualized and private cloudcomputing environments Maintain separation of duties between security policy enforcement and IT operations 26

27

Feisal Nanji, Executive Director feisal@techumen.com 28

29

30

31

32

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information