Understanding the fundamentals of cloud security for healthcare
By David Linthicum
Continuing our discussion from my last blog in July, perhaps it’s helpful to drive deeper into security approaches and technology for use within clouds that serve the healthcare vertical. We’ll start by focusing on the fundamentals of cloud security for healthcare. However, some of this is transferable to other verticals as well.
First fundamental: Understand the data that will reside in the cloud
Healthcare data has something in common. It’s dangerous to manage, unless you know exactly what you’re dealing with.
As we migrate health data to the cloud, it’s important to understand the data that will reside in the cloud-based systems, in terms of compliance and security requirements. This means understanding what is PII data, and what is not, as well as dealing with specific security requirements around encryption. This includes data in flight, and at rest.
Second fundamental: Identity-based security is typically the best approach
In the world of cloud computing, the identity-based approaches to security are typically a better fit. This is more the case when considering the healthcare vertical.
Identity-based approaches are able to assign identities to data, devices, people, services, etc., and allow those charged with security to configure each identity as authorized or not to access specific resources.
This gets out of the old approach of locking everything up and hoping for the best. Thus, the more fine-grained approach will provide more flexibility and support for the distributed nature of cloud computing, and the changing needs of healthcare compliance and security requirements.
Third fundamental: Think automation and being proactive
Most approach security using passive and reactionary approaches and technology. When considering security, healthcare, and cloud computing, you need to put tools in place to automate the management of security, as well as be proactive about getting ahead of the needs of the healthcare organization.
This means lots of advanced planning, as well as the use of security tools to automate things such as spotting risks to breaches, and taking automatic corrective action. Moreover, automate the management identities, perhaps automatically removing access privileges for people who leave the healthcare organization. Or, monitor access to cloud-based resources, looking for patterns that appear to be hacking attempts.
You can’t have healthcare systems and data in public clouds without a great deal of planning around security. While many healthcare organizations struggle with the concept cloud security, if you learn these fundamentals, you’ll find you won’t have a problem.
The post Understanding the Fundamentals of Cloud Security for Healthcare appeared first on Logicworks Gathering Clouds.