Healing America Through Innovation in Healthcare

Healthcare Innovation Journal

Subscribe to Healthcare Innovation Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Healthcare Innovation Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Healthcare Innovation Authors: Progress Blog, LeanTaaS Blog, Yoel Knoll, Mark Hoover, Ram Sonagara

Related Topics: Cloud Computing, Cloudonomics Journal, Twitter on Ulitzer, Datacenter Automation, Healthcare Innovation Journal, CIO/CTO Update, Sarbanes Oxley on Ulitzer, Java in the Cloud

Blog Feed Post

Understanding the Fundamentals of Cloud Security for Healthcare

As we migrate health data to the cloud, it’s important to understand the data that will reside in the cloud-based systems

Continuing our discussion from my last blog in July, perhaps it’s helpful to drive deeper into security approaches and technology for use within clouds that serve the healthcare vertical.  We’ll start by focusing on the fundamentals of cloud security for healthcare.  However, some of this is transferable to other verticals as well.

First fundamental: Understand the data that will reside in the cloud.

Healthcare data has something in common.  It’s dangerous to manage, unless you know exactly what you’re dealing with.

Cloud Security

Cloud Security in Healthcare is no joke, but many of the best practices can be reapplied to other industries.

As we migrate health data to the cloud, it’s important to understand the data that will reside in the cloud-based systems, in terms of compliance and security requirements.  This means understanding what is PII data, and what is not, as well as dealing with specific security requirements around encryption.  This includes data in flight, and at rest.

Second fundamental:  Identity-based security is typically the best approach.

In the world of cloud computing, the identity-based approaches to security are typically a better fit.  This is more the case when considering the healthcare vertical.

Identity-based approaches are able to assign identities to data, devices, people, services, etc., and allow those charged with security to configure each identity as authorized or not to access specific resources.

This gets out of the old approach of locking everything up and hoping for the best.  Thus, the more fine-grained approach will provide more flexibility and support for the distributed nature of cloud computing, and the changing needs of healthcare compliance and security requirements.

Third fundamental:  Think automation and being proactive.

Most approach security using passive and reactionary approaches and technology.  When considering security, healthcare, and cloud computing, you need to put tools in place to automate the management of security, as well as be proactive about getting ahead of the needs of the healthcare organization.

This means lots of advanced planning, as well as the use of security tools to automate things such as spotting risks to breaches, and taking automatic corrective action.  Moreover, automate the management identities, perhaps automatically removing access privileges for people who leave the healthcare organization.  Or, monitor access to cloud-based resources, looking for patterns that appear to be hacking attempts.

You can’t have healthcare systems and data in public clouds without a great deal of planning around security.  While many healthcare organizations struggle with the concept cloud security, if you learn these fundamentals, you’ll find you won’t have a problem.

Thoughts? Let us know on Twitter @CloudGathering.

By David Linthicum

More Stories By Gathering Clouds

Cloud computing news, information, and insights. Powered by Logicworks.