The adoption of cloud applications in healthcare continues to rise steadily, with organizations increasingly turning to Software as a Service platforms such as Google’s G Suite and Microsoft Office 365 to improve organizational efficiency and workflow.
At the same time, however, IT departments must be mindful of the impact of such tools as it pertains to looming cyberthreats. Despite built-in precautions, security leaders should take extra care to ensure the safety and privacy of sensitive data.
To that end, organizations would be wise to consider the strategic use of a cloud access security broker.
CASB Collaboration with IAM and MFA Is Key
Analysts from Gartner predict that by 2022, six in 10 large enterprises will use a CASB to manage at least some of their cloud services, up from 20 percent currently.
CASBs can help users find and manage holes in their cloud strategies. Working in conjunction with identity and access management tools and leveraging the multifactor authentication feature, such solutions can prevent hackers from accessing an application. For example, let’s say User A typically accesses Office 365 from Chicago. However, the CASB tracks and notices that today, User A is trying to access Office 365 from London. The CASB’s user and entity behavioral analytics triggers a MFA request to the IAM feature and sends a notification to the user. If they can authenticate, they are allowed access. If they can’t authenticate, they are not allowed access to application. This can stop unwanted access and or breaches to an SaaS application.
“As cloud applications and data proliferate, IT teams face greater challenges in managing the sprawl and maintaining an effective security posture,” explained my colleague Jeff Falcon, an inside solution architect for CDW’s security practice, in a recent blog post. “Not only does a CASB provide a deeper understanding of an organization’s cloud usage and traffic, but it also enables IT teams to enact policies for how data may be handled.”
In healthcare, CASB use is fueled primarily by three factors, according to a Bitglass.com blog post:
- Regulatory compliance and protection of sensitive patient data
- Safeguarding of information outside the cloud
- Ensuring safety of information on outside devices
That latter point is especially important as BYOD persists in the industry. “Complicating matters is the fact that clinical staff are not typically employees of the organization,” the post points out. “This means that IT’s ability to force management control over personal mobile devices is even more difficult than with employees.”
CASBs, however, have a discovery feature that allows them to identify the unsanctioned applications running throughout an organization, and then correlate a risk factor to them.
The use of cloud solutions and services no doubt is a boon for providers, particularly as precision medicine and population health grow in importance, and as the industry continues to transition to value-based care. Security, however, must always be top of mind, especially as attacks continue to evolve and hackers adjust their strategies. CASB deployment can put your organization on the right track to monitor and mitigate threats.