@CloudExpo Authors: Yeshim Deniz, Elizabeth White, Pat Romanski, Liz McMillan, Zakia Bouachraoui

Related Topics: @CloudExpo, Java IoT, Microservices Expo, Cloud Security, @DXWorldExpo, SDN Journal

@CloudExpo: Blog Feed Post

Understanding the Fundamentals of Cloud Security for Healthcare

As we migrate health data to the cloud, it’s important to understand the data that will reside in the cloud-based systems

Continuing our discussion from my last blog in July, perhaps it’s helpful to drive deeper into security approaches and technology for use within clouds that serve the healthcare vertical.  We’ll start by focusing on the fundamentals of cloud security for healthcare.  However, some of this is transferable to other verticals as well.

First fundamental: Understand the data that will reside in the cloud.

Healthcare data has something in common.  It’s dangerous to manage, unless you know exactly what you’re dealing with.

Cloud Security

Cloud Security in Healthcare is no joke, but many of the best practices can be reapplied to other industries.

As we migrate health data to the cloud, it’s important to understand the data that will reside in the cloud-based systems, in terms of compliance and security requirements.  This means understanding what is PII data, and what is not, as well as dealing with specific security requirements around encryption.  This includes data in flight, and at rest.

Second fundamental:  Identity-based security is typically the best approach.

In the world of cloud computing, the identity-based approaches to security are typically a better fit.  This is more the case when considering the healthcare vertical.

Identity-based approaches are able to assign identities to data, devices, people, services, etc., and allow those charged with security to configure each identity as authorized or not to access specific resources.

This gets out of the old approach of locking everything up and hoping for the best.  Thus, the more fine-grained approach will provide more flexibility and support for the distributed nature of cloud computing, and the changing needs of healthcare compliance and security requirements.

Third fundamental:  Think automation and being proactive.

Most approach security using passive and reactionary approaches and technology.  When considering security, healthcare, and cloud computing, you need to put tools in place to automate the management of security, as well as be proactive about getting ahead of the needs of the healthcare organization.

This means lots of advanced planning, as well as the use of security tools to automate things such as spotting risks to breaches, and taking automatic corrective action.  Moreover, automate the management identities, perhaps automatically removing access privileges for people who leave the healthcare organization.  Or, monitor access to cloud-based resources, looking for patterns that appear to be hacking attempts.

You can’t have healthcare systems and data in public clouds without a great deal of planning around security.  While many healthcare organizations struggle with the concept cloud security, if you learn these fundamentals, you’ll find you won’t have a problem.

Thoughts? Let us know on Twitter @CloudGathering.

By David Linthicum

More Stories By Gathering Clouds

Cloud computing news, information, and insights. Powered by Logicworks.

CloudEXPO Stories
Andi Mann, Chief Technology Advocate at Splunk, is an accomplished digital business executive with extensive global expertise as a strategist, technologist, innovator, marketer, and communicator. For over 30 years across five continents, he has built success with Fortune 500 corporations, vendors, governments, and as a leading research analyst and consultant.
Most DevOps journeys involve several phases of maturity. Research shows that the inflection point where organizations begin to see maximum value is when they implement tight integration deploying their code to their infrastructure. Success at this level is the last barrier to at-will deployment. Storage, for instance, is more capable than where we read and write data. In his session at @DevOpsSummit at 20th Cloud Expo, Josh Atwell, a Developer Advocate for NetApp, will discuss the role and value extensible storage infrastructure has in accelerating software development activities, improve code quality, reveal multiple deployment options through automated testing, and support continuous integration efforts. All this will be described using tools common in DevOps organizations.
"When you think about the data center today, there's constant evolution, The evolution of the data center and the needs of the consumer of technology change, and they change constantly," stated Matt Kalmenson, VP of Sales, Service and Cloud Providers at Veeam Software, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like "How is my application doing" but no idea how to get a proper answer.
Today, we have more data to manage than ever. We also have better algorithms that help us access our data faster. Cloud is the driving force behind many of the data warehouse advancements we have enjoyed in recent years. But what are the best practices for storing data in the cloud for machine learning and data science applications?