- Cybersecurity continues to be at the forefront of the digital revolution we’re all experiencing. This spans multiple verticals, many different types of organizations, and entirely new markets as well. Most of all, we see where security challenges are impacting those where data is most valuable.
Healthcare, for example. Just this month, in August, we saw Arizona-based Banner Health become a victim of a cybersecurity attack, potentially compromising 3.7 million records in the process.
It’s critical to understand that the nature of these attacks will only continue to evolve as we digitize more healthcare records and correlate them with other systems, like payments.
The bad guys see the value of this data and find new ways to come after it. Hence the term, advanced persistent threats (APTs).
However, what usually gets lost in translation is the fact that these kinds of breaches happen at the traditional data center site. That is, have we seen a massive cloud security breach at Amazon Web Services? What about Microsoft Azure?
Yes, we’ve seen cloud outages that happen for various reasons – nothing is ever perfect – but the biggest cloud service providers have yet to see a massive security breach.
To that extent, it’s no wonder we’re seeing more healthcare shops adopt cloud services.
A new IDC Health Insights report examining the results of the 2015–2016 Healthcare Provider Technology Spend Survey reveals that 40 percent of providers reported their IT budgets are still growing.
From there, across all hospitals, top reasons for budget growth included analytics, patient engagement, customer relationship management (CRM), and security. Furthermore, the report stated that security strategies are maturing.
As IDC points out, cybersecurity is one of the new growth areas in the provider IT budget, and this growth is expected to continue in 2016. Threats are top of mind, but the increased availability of resources for IT security is allowing providers to begin to implement strategies to secure data and networks.
Top priorities included focusing on security in the cloud, monitoring the environment, and controlling shadow IT.
Finally, IDC stated that comfort levels with cloud are growing. Across all hospitals, 30 percent of the respondents said they were comfortable with cloud in 2014, while an additional 41.5 percent of respondents said they were more comfortable with cloud in 2015 than they were in 2014.
Barriers to cloud adoption, primarily comfort levels with security and compliance, are clearly coming down.
And as these barriers come down, healthcare organizations will be looking at new types of security services that will help them create better connections into the cloud.
Let’s take a look at a few of these technologies.
Virtual firewalls and security services
You don’t have to be locked down to using physical devices within your healthcare data center walls. In fact, leading security vendors offer a variety of firewall, data security, application security, and even network segmentation technologies which don’t require a physical appliance. These virtual security services (or virtual appliances) can run right on top of your hypervisor and integrate into various points within your network. Furthermore, containerized security services are right around the corner. Already you can delivery virtual load-balancers as a containerized micro-service. The bottom line is that you can better secure your entire network by using technologies which don’t rely on physical components. This gives you greater amounts of security agility; and it allows you to respond faster to possible breaches in the environment.
Cloud-specific security services
Within the cloud, you have multiple options as far as how you deploy your workloads. All major cloud vendors now have very specific, compliance-ready, offerings for a variety of organizations. Specifically, when it comes to healthcare, you can safely deploy HIPAA-compliant workloads with a cloud partner which is capable of sustaining a compliant ecosystem. Most of all, you can select the level of multi-tenancy you require, where security needs to be deployed, and how you can effectively control your data points. Cloud-specific security services can help with data encryption, application firewalls, and even entire disaster recovery and business continuity efforts. Remember, security isn’t just about protecting against possible breaches and data loss – it also means keeping your environment up and running.
Healthcare-enabled security monitoring and compliance
The saying is easy: you can’t secure what you can’t see. Whenever you’re extending your healthcare data into the cloud, you must create powerful visibility metrics around it all. Breaches and data loss occur when data repositories aren’t properly monitored or secured. This can be an exchange between payment systems or something as simple as archiving data at a cloud site. Whichever way you decide to manage your data, create data security and visibility around it. This means working with various IT teams to ensure data and application delivery are synchronized with security best practices.
Beyond anything else, make sure to keep a proactive eye on your entire healthcare cloud environment.
As new technologies, like software-defined platforms, make an impact on the modern data center, security services will be challenged to lock down even more aspects of your infrastructure.
Still, just because you’re securing a lot more of your data center, doesn’t mean you still can’t continue to empower your users and your healthcare data center. The beauty of the cloud and these various security models is your ability to deliver rich content seamlessly to the user.
Although we’re deploying more security, the ultimate goal is to empower the user and improve the healthcare services experience.
Finally, always test out your systems. This can be an extra expense, but when you’re working with cloud and data distribution, you need to have clear visibility into where your data resides and who has access.
Remember, advanced persistent threats need to be met with advanced persistent security methodologies.