SolarWinds Survey Showcases the DevOps Disconnect

SolarWinds Survey Showcases the DevOps Disconnect

Survey Showcases the DevOps Disconnect The increasingly distributed nature of today’s tech environments has amplified the demand for DevOps practitioners in the workplace. But are DevOps teams, developers, and web product managers (WPMs) doing the work their job titles intend? SolarWinds Cloud Confessions: The Trouble
/
Aruna Cisco

2019 Predictions for Innovating, Transforming and Enabling Workplace Transformation

My Predictions for 2019 As we think of the top Collaboration trends for the coming year, we should start by taking a look back at 2018. In 2018, Team collaboration solutions became the norm. More than just an application, it has become the principal interface
/
Ken Adamson

The Cloudification of Healthcare: Benefits and Risks

Cloud Healthcare: Benefits and Risks

Many organizations are moving most of their business-critical applications and workloads to the cloud. The healthcare industry is no exception – hospitals, payers and other organizations also are making moves to the cloud.

While they’re working hard to improve their security measures and making great strides to better protect their data, security challenges continue to evolve.

Healthcare, everywhere

Healthtech

As the organizational structure of healthcare facilities continues to advance, cloud adoption brings numerous benefits for these institutions. Not long ago, patient files were all on paper – placed into a folder that never left the physician’s office. But with the consolidation and reorganization of many healthcare organizations, this approach has become outdated and replaced by electronic records.

The cloud helps address this structural shift by solving many problems, such as the ability to store information off-site and allowing patients to access their records from home. In addition, physicians, nurses and administrators, who may need to work remotely or at multiple locations within a healthcare group, now have the freedom to track their work in real time by accessing and uploading critical information. Cloud-based storage and applications can boost collaboration and information sharing, leading to better communication between departments and specialties.

With the proliferation of connected healthcare devices that collect and transmit patient data, the scalability and larger storage capacity of the cloud helps drive this change. Organizations can cut down on operating and physical storage costs, while also streamlining efficiencies.

Do no harm

While there are many benefits of moving to the cloud, there also are inherent risks. The HIPAA Omnibus Rule requires patient data to be properly protected, regardless of where it is stored – and this includes cloud applications. Even vendors or healthcare partners that are working as a third-party firm, and do not necessarily view the stored data on a regular basis, must adhere to the same HIPAA regulations.

With the digitalization of patient data, new threats are putting hospitals increasingly at risk of compliance violations related to patient privacy violations, among other things. Simply storing data in the cloud is not enough. Similar to cloud-based data centers in business, security systems and policies need to be put in place to protect patient data and critical applications.

Many healthcare organizations consider implementing in-house security solutions to protect their cloud-based data, but this means they need around-the-clock staff to properly manage and respond to alerts – and finding and building this team is no easy task. IT teams are often already overwhelmed due to the large volume of security alerts generated each day, many of which are false positives, which means many hospital IT teams simply don’t have enough hours in the day to investigate each threat thoroughly. This opens up the organization to tremendous risk.

Why outsource?

So, how can a healthcare organization maximize the rewards of cloud-based data and applications while minimizing the security risks associated with these systems? One solution is to consider outsourcing the security monitoring, response, and compliance reconciliation to a managed security service provider (MSSP).

MSSPs are growing in popularity in healthcare, along with many other highly regulated industries such as banking and utilities. Their unique skillset and convenient service model is appealing to organizations with limited resources trying to meet stringent requirements. Plus, the costs associated with an MSSP are significantly less than building your own Security Operations Center (SOC) and maintaining the same level of service in-house.

However, not all MSSPs are created equal. That’s why it’s important to thoroughly evaluate MSSP candidates and cross-reference their healthcare expertise to ensure a seamless transition to the cloud.

Six questions for your MSSP

Here are some key questions to ask any potential MSSP prospect:

  1. Do you offer service level agreements (SLA) that provide the proper level of security needed for regulatory compliance and system availability?
  2. Can you provide an Attestation of Compliance for HIPAA?
  3. Does your company have a dedicated SOC? If so, can we have a tour?
  4. Does your mix of security services include 24/7 monitoring, breach detection and incident response?
  5. Will you agree to comply with our organization’s internal information security policies, as well as any data backup requirements, retention requirements and vulnerability scans required by regulation(s)?
  6. Does your standard contract include a termination clause, a right to audit clause and a limitation of liability clause?

For healthcare organizations with limited budgets and small IT teams, the MSSP model backed by a qualified partner can serve as an extension of their team, help close the security gap and make the most of moving to the cloud.

###

By Ken Adamson

Ken Adamson

Ken is VP of Product Management at Proficio, a market leading managed security service provider (MSSP). He brings over 23 years of experience in IT management software, both as a customer and vendor, and was previously the Vice President, Product Management for the Infrastructure Management Business Unit at CA Technologies and a Data Center Director for Solectron and Amdahl.

View Website
Steve Prentice CloudTweaks

Why Certification Matters for Cloud Service Providers

Certification for Cloud Service Providers The concept of “cloud” has become more of a norm for companies and organizations worldwide. Most now use cloud service ...
Infographic - The Internet Of Things In 2020

Infographic – The Internet Of Things In 2020

The Internet Of Things In 2020 The growing interest in the Internet of Things is amongst us and there is much discussion. Attached is an ...
5 Recommendations for Effective Governance, Risk and Compliance Management

5 Recommendations for Effective Governance, Risk and Compliance Management

Effective Governance, Risk and Compliance Cloud adoption continues to grow, which is evident from the fact that annual 2016 revenues for cloud vendors were “within ...
Big Data Trends

Ringing The Alarm Bells – Preparing For The Potential Dark Future of A.I

The Future of A.I On Friday 21st October, the world witnessed the largest cyber-attack in history. The attack set a new precedent for the size, ...
Vice

Vice: Researchers Trick Cylance’s AI-Based Antivirus Into Thinking Malware Is ‘Goodware’

/
By taking strings from an online gaming program and appending them to malicious files, researchers were able to trick Cylance’s AI-based antivirus engine into thinking programs like WannaCry and other ...
huawei

Huawei to invest $3.1 billion in Italy but calls for fair policy on 5G: country CEO

/
MILAN (Reuters) - China’s Huawei Technologies said it will invest $3.1 billion in Italy over the next three years, as the Chinese telecoms giant called on Rome to ensure the ...
Accenture News

Cost of Cybercrime Continues to Rise for Financial Services Firms

/
Malicious insider attacks are the most expensive and lengthy attacks to resolve NEW YORK; July 16, 2019 – The cost to address and contain cyberattacks is greater for financial services ...