Cloud technology, as well as its use, has grown exponentially since the early 2000s even though many still do not understand its benefits, costs, and vulnerabilities. It seems fitting and necessary that the National Security Agency (NSA) recently shared a guide about the cloud and how to utilize the technology safely.
The cloud is a virtual environment that allows easy access, computing, networking/sharing, and storage. In other words, any service that doesn’t require proximity. Cloud computing is the default for most applications; if you have a smartphone and download apps, you are utilizing the cloud.
Advantages include:
A 2017 HIMSS Analytics Brief states 65% of healthcare respondents utilize some form of cloud services. In fact, its use for backup and disaster recovery increased from 38% in 2017 to 60% in 2018.
While the advantages are obvious, the technology’s focus on shared usage increases security risks through misconfiguration/implementation, poor access controls, shared tenancy flaws, and supply chain vulnerabilities. Also, cloud threat actors—malicious/neglectful employees, customers, and cybercriminals—are still similar to those that prey on standard technology. Cloud security tools, therefore, must address typical security concerns as well as those that plague a virtual environment, protecting data in movement and in stasis. Security must be thought of in terms of shared responsibilities between the Cloud Service Provider (CSP) (responsible for cloud infrastructure and implementing logic controls) as well as the organization (responsible for configuring security on a personnel level).
Good, layered cloud security includes:
When choosing cloud security, it is necessary to take a risk-based, proactive approach. Related: HIPAA Cloud Computing: Top Ten Frequently Asked Questions First, an organization must research and choose suitable CSP and cloud services. Second, it is necessary to utilize appropriate security layers, hire cloud-specific personnel, and train all employees on correct usage. And finally, cloud security must be combined with cybersecurity already in place rather than separate and disjointed. The cloud is a great resource for healthcare organizations today; utilizing the technology safely, therefore, can only make your organization better.