How to balance cloud security with agility in the healthcare vertical
Back in July, a study released from the Ponemon Institute cited cloud-based storage and mobile applications as the typical sources for cloud security concerns within many healthcare organizations. However, it was not understood if this worry was around just the concept of cloud computing and mobile computing, or if these organizations are dealing with true issues. I suspect it was the former.
“The study, ‘The Risk of Regulated Data on Mobile Devices in the Cloud,’ which surveyed 781 IT and data security practitioners, found that 33 percent of respondents said that they need to access protected health information (PHI) to do their work and yet few understood how to keep data secure. For example, 15 percent of those surveyed knew about HIPAA’s security requirements, but 33 percent of respondents indicated that they work for a HIPAA covered entity.” Figure 1 is a depiction of the outcome of this study.
The perceived tradeoff here is between the agility and adherence. Can we leverage healthcare data on mobile devices from public clouds, as this study covered, and still adhere to core security best practices and comply with existing (and new) regulations?
The short answer is that you can have both. That is, if you take the time to do the required planning and leverage the right security technology and/or the right cloud providers.
There are a few things to remember when you approach cloud computing from the healthcare vertical:
- The security procedures and patterns of technology are pretty much the same as when dealing with non-cloud and non-mobile systems.
- In some instances, the servers exist in data centers you don’t control, such as public cloud providers. You need to take steps to insure security and adherence to processes and proper security mechanisms.
- This is also a matter of people and processes, as well as technology. You have to approach security, in the cloud or otherwise, holistically.
Agility is the core value of public cloud computing, or, the value of the ability to change. While there are different degrees of value that agility can provide around specific industries, healthcare seems to gain the most advantage, second only to the financial vertical.
However, with agility comes responsibility, and you can have both. The ability to quickly adjust to the needs of patients and providers, and not compromise security and legal requirements is actually not that difficult.
The problem is that you need to be savvy around the planning and implementation of security and compliance programs. Moreover, understand what changes (and what does not) when moving to public cloud computing. While there will be a bit of trial-and-error, I don’t see too many bumps in the road.
The post How to Balance Cloud Security with Agility in the Healthcare Vertical appeared first on Logicworks Gathering Clouds.
- » Cloud performance and change management cited in latest DORA DevOps analysis
- » New initiative aims to create ‘first ocean-powered data centre’ in Scotland
- » DigiPlex's data centre guide focuses on sustainability as key to digital transformation
- » The continuing rise of Kubernetes analysed: Security struggles and lifecycle learnings
- » Microsoft expands European Azure presence with Germany and Switzerland launches