|By Gilad Parann-Nissany||
|May 13, 2014 11:08 AM EDT||
At healthcare events throughout the world, we have met many health tech companies who are considering migrating to the cloud, but have serious concerns about protecting electronic protected health Information (e-PHI) and maintaining HIPAA compliance as they virtualize their environments.
We are seeing a serious gap between healthcare companies’ security and compliance needs, and the solutions offered by their cloud providers.
Below, a summary of the questions we are continually asked at shows, events, and meetings with healthcare professionals.
Cloud Computing Security Considerations
Q. What cloud computing security considerations should healthcare companies examine?
HIPAA compliance is comprised of multiple technologies and processes. When it comes to data encryption, securing e-PHI that your company creates, receives, maintains or transmits electronically is critical in infrastructure clouds. Clouds obviously don’t have walls – which is why encryption has become the best practice for creating “mathematical walls” in the cloud.
Since your cloud project will have both servers and data in the cloud, you need a solution that:
- Has an “everything cloud” approach: No “gateways” or hardware required
- Maintains HIPAA/HITECH Compliance
- Ensures data security – going beyond a “check the box” approach
- Is simple, easy to use, flexible, and cost-effective
It is your responsibility to secure your sensitive patient data, to encrypt data at rest and in transit and, importantly, to ensure that only you (not even your cloud provider) control your encryption keys. This is both security common sense and also important from a regulatory point of view.
Q. Is it possible to achieve “safe harbor” in cloud scenarios?
The Secretary of Health and Human Services published guidance on “technologies and methodologies that render protected health information unusable, unreadable, or indecipherable to unauthorized individuals.” The guidance emphasizes that data encryption is not only a best practice for protecting privacy and security – it also provides a safe harbor to the organization in case of data loss.
Q. How is the Porticor cloud encryption solution different?
Porticor did not re-invent the data encryption wheel. We use the strongest industry standards for data encryption like AES. Our system is unique, however, in how it handles the keys to your encrypted data. Porticor is the only system that keeps control of encryption keys in the hands of the end customer while providing a pure cloud model – without any hardware requirements.
With Porticor, once your e-PHI is encrypted, our system splits the encryption key it into two parts (here’s how in 90 seconds). One part stays within our system and one part, the “master key” stays with you at all times. Both parts are required to access your data. With this split-key encryption approach, Porticor ensures that only you control access to your data. Your cloud provider cannot access it, Porticor cannot access it, and hackers cannot access it. Only you control your data. This is what makes the system HIPAA compliant while maintaining the “pure cloud” approach. You can read more about it here.
Q. Does this kind of cloud security slow down performance?
No. We’ve gone to some length to keep performance top notch, by introducing efficient streaming. We also make sure that encryption happens inside your cloud account so there are no latency issues around network hops. You have a choice between a “Virtual Appliance” that you can bring up inside your own cloud account, and an “agent” that you can install on your own.
As a result in some use cases we actually speed you up a bit! Detailed benchmarks are available here.
Q. What does homomorphic encryption mean?
Homomorphic encryption is a technique that enables encrypting data, and keeping it encrypted even if it is used in calculations. As it relates to our system, Porticor homomorphically encrypts your master key before it enters the cloud, and it stays encrypted – never decrypted – when it is used in the cloud. This means your entire project works without anyone knowing your master key – not Porticor, not AWS, no computing element at all. This way, you retain control of your key at all times. Your key is safe even when it is in use in the cloud.
Q. Which companies need Porticor’s cloud security?
If your company or its clients face regulations like HIPAA, PCI DSS, or many others – you need Porticor.
Q. Which clouds are supported by Porticor?
You can use Porticor in any cloud scenario: public clouds (AWS, VMware, IBM, HP, etc.), private clouds (VMware again), or hybrid scenarios.
SYS-CON Events announced today that IceWarp will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. IceWarp, the leader of cloud and on-premise messaging, delivers secured email, chat, documents, conferencing and collaboration to today's mobile workforce, all in one unified interface
Aug. 31, 2015 04:00 AM EDT Reads: 399
SYS-CON Events announced today that DataClear Inc. will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. The DataClear ‘BlackBox’ is the only solution that moves your PC, browsing and data out of the United States and away from prying (and spying) eyes. Its solution automatically builds you a clean, on-demand, virus free, new virtual cloud based PC outside of the United States, and wipes it clean...
Aug. 30, 2015 11:45 PM EDT Reads: 396
Too often with compelling new technologies market participants become overly enamored with that attractiveness of the technology and neglect underlying business drivers. This tendency, what some call the “newest shiny object syndrome,” is understandable given that virtually all of us are heavily engaged in technology. But it is also mistaken. Without concrete business cases driving its deployment, IoT, like many other technologies before it, will fade into obscurity.
Aug. 30, 2015 10:00 PM EDT Reads: 346
Any Ops team trying to support a company in today’s cloud-connected world knows that a new way of thinking is required – one just as dramatic than the shift from Ops to DevOps. The diversity of modern operations requires teams to focus their impact on breadth vs. depth. In his session at DevOps Summit, Adam Serediuk, Director of Operations at xMatters, Inc., will discuss the strategic requirements of evolving from Ops to DevOps, and why modern Operations has begun leveraging the “NoOps” approa...
Aug. 30, 2015 06:45 PM EDT Reads: 369
SYS-CON Events announced today that G2G3 will exhibit at SYS-CON's @DevOpsSummit Silicon Valley, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Based on a collective appreciation for user experience, design, and technology, G2G3 is uniquely qualified and motivated to redefine how organizations and people engage in an increasingly digital world.
Aug. 30, 2015 05:00 PM EDT Reads: 464
SYS-CON Events announced today that Micron Technology, Inc., a global leader in advanced semiconductor systems, will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Micron’s broad portfolio of high-performance memory technologies – including DRAM, NAND and NOR Flash – is the basis for solid state drives, modules, multichip packages and other system solutions. Backed by more than 35 years of tech...
Aug. 30, 2015 01:30 PM EDT Reads: 223
This Enterprise Strategy Group lab validation report of the NEC Express5800/R320 server with Intel® Xeon® processor presents the benefits of 99.999% uptime NEC fault-tolerant servers that lower overall virtualized server total cost of ownership. This report also includes survey data on the significant costs associated with system outages impacting enterprise and web applications. Click Here to Download Report Now!
Aug. 30, 2015 01:30 PM EDT Reads: 191
SYS-CON Events announced today that Pythian, a global IT services company specializing in helping companies leverage disruptive technologies to optimize revenue-generating systems, has been named “Bronze Sponsor” of SYS-CON's 17th Cloud Expo, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Founded in 1997, Pythian is a global IT services company that helps companies compete by adopting disruptive technologies such as cloud, Big Data, advance...
Aug. 30, 2015 01:00 PM EDT Reads: 291
Introducing Containers & Microservices Bootcamp at @CloudExpo Silicon Valley | #Containers #Microservices
SYS-CON Events announced today the Containers & Microservices Bootcamp, being held November 3-4, 2015, in conjunction with 17th Cloud Expo, @ThingsExpo, and @DevOpsSummit at the Santa Clara Convention Center in Santa Clara, CA. This is your chance to get started with the latest technology in the industry. Combined with real-world scenarios and use cases, the Containers and Microservices Bootcamp, led by Janakiram MSV, a Microsoft Regional Director, will include presentations as well as hands-on...
Aug. 30, 2015 12:00 PM EDT Reads: 271
Cloud and datacenter migration innovator AppZero has joined the Microsoft Enterprise Cloud Alliance Program. AppZero is a fast, flexible way to move Windows Server applications from any source machine – physical or virtual – to any destination server, in any cloud or datacenter, using its patented container technology. AppZero’s container is also called a Virtual Application Appliance (VAA). To facilitate Microsoft Azure onboarding, AppZero has two purpose-built offerings: AppZero SP for Azure,...
Aug. 30, 2015 11:00 AM EDT Reads: 175
Organizations from small to large are increasingly adopting cloud solutions to deliver essential business services at a much lower cost. According to cyber security experts, the frequency and severity of cyber-attacks are on the rise, causing alarm to businesses and customers across a variety of industries. To defend against exploits like these, a company must adopt a comprehensive security defense strategy that is designed for their business. In 2015, organizations such as United Airlines, Sony...
Aug. 30, 2015 10:30 AM EDT Reads: 444
SYS-CON Events announced today that HPM Networks will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. For 20 years, HPM Networks has been integrating technology solutions that solve complex business challenges. HPM Networks has designed solutions for both SMB and enterprise customers throughout the San Francisco Bay Area.
Aug. 30, 2015 10:30 AM EDT Reads: 877
Red Hat is investing in Tesora, the number one contributor to OpenStack Trove Database as a Service (DBaaS) also ranked among the top 20 companies contributing to OpenStack overall. Tesora, the company bringing OpenStack Trove Database as a Service (DBaaS) to the enterprise, has announced that Red Hat and others have invested in the company as a part of Tesora's latest funding round. The funding agreement expands on the ongoing collaboration between Tesora and Red Hat, which dates back to Febr...
Aug. 30, 2015 10:00 AM EDT Reads: 340
IBM’s Blue Box Cloud, powered by OpenStack, is now available in any of IBM’s globally integrated cloud data centers running SoftLayer infrastructure. Less than 90 days after its acquisition of Blue Box, IBM has integrated its Blue Box Cloud Dedicated private-cloud-as-a-service into its broader portfolio of OpenStack® based solutions. The announcement, made today at the OpenStack Silicon Valley event, further highlights IBM’s continued support to deliver OpenStack solutions across all cloud depl...
Aug. 30, 2015 10:00 AM EDT Reads: 235
Through WebRTC, audio and video communications are being embedded more easily than ever into applications, helping carriers, enterprises and independent software vendors deliver greater functionality to their end users. With today’s business world increasingly focused on outcomes, users’ growing calls for ease of use, and businesses craving smarter, tighter integration, what’s the next step in delivering a richer, more immersive experience? That richer, more fully integrated experience comes ab...
Aug. 30, 2015 09:15 AM EDT Reads: 622
With the proliferation of connected devices underpinning new Internet of Things systems, Brandon Schulz, Director of Luxoft IoT – Retail, will be looking at the transformation of the retail customer experience in brick and mortar stores in his session at @ThingsExpo. Questions he will address include: Will beacons drop to the wayside like QR codes, or be a proximity-based profit driver? How will the customer experience change in stores of all types when everything can be instrumented and a...
Aug. 30, 2015 09:15 AM EDT Reads: 442
Culture is the most important ingredient of DevOps. The challenge for most organizations is defining and communicating a vision of beneficial DevOps culture for their organizations, and then facilitating the changes needed to achieve that. Often this comes down to an ability to provide true leadership. As a CIO, are your direct reports IT managers or are they IT leaders? The hard truth is that many IT managers have risen through the ranks based on their technical skills, not their leadership ab...
Aug. 30, 2015 08:45 AM EDT Reads: 342
WSM International, the pioneer and leader in server migration services, has announced an agreement with WHOA.com, a leader in providing secure public, private and hybrid cloud computing services. Under terms of the agreement, WSM will provide migration services to WHOA.com customers to relocate some or all of their applications, digital assets, and other computing workloads to WHOA.com enterprise-class, secure cloud infrastructure. The migration services include detailed evaluation and planning...
Aug. 30, 2015 08:45 AM EDT Reads: 164
In today's digital world, change is the one constant. Disruptive innovations like cloud, mobility, social media, and the Internet of Things have reshaped the market and set new standards in customer expectations. To remain competitive, businesses must tap the potential of emerging technologies and markets through the rapid release of new products and services. However, the rigid and siloed structures of traditional IT platforms and processes are slowing them down – resulting in lengthy delivery ...
Aug. 30, 2015 08:45 AM EDT Reads: 581
The Internet of Things (IoT) is about the digitization of physical assets including sensors, devices, machines, gateways, and the network. It creates possibilities for significant value creation and new revenue generating business models via data democratization and ubiquitous analytics across IoT networks. The explosion of data in all forms in IoT requires a more robust and broader lens in order to enable smarter timely actions and better outcomes. Business operations become the key driver of I...
Aug. 30, 2015 08:30 AM EDT Reads: 396