Oct 22 2021

Microsoft Azure Extends Security to the Cloud and Protects Patient Data

Azure helps healthcare organizations exceed security standards for HIPAA and HITECH Act compliance while providing the benefits of a cloud environment.

Cloud security and compliance must go hand in hand for healthcare organizations, while next-generation databases for managing, storing and retrieving protected health information have increased data protection challenges for the healthcare industry.

Microsoft Azure’s cloud security offerings focus on exceeding security standards required for HIPAA and HITECH Act compliance (among others) without compromising protected health information.

DISCOVER: Explore how Azure guides healthcare organizations to an end-to-end cloud management strategy.

Azure Helps Healthcare Organizations Create Compliant Security

Through the Azure Security Center, users gain insight into their compliance posture with the added visibility and accessibility of regulatory compliance status. Azure also lets users make recommended fixes to improve compliance they might have otherwise missed.

“By choosing a security solution that is native to the Azure cloud and offloading the related deployment and maintenance work to Microsoft, customers avoided costs they would have otherwise incurred from on-premises solutions and potentially with third-party cloud solutions,” says Evan Doty, senior Azure security and management solution architect at CDW.

Azure also helps with compliance efforts by offering third-party audits and the ability to download compliance documentation.

“From a compliance standpoint, a lot of it is just the ability to operate. If you don't meet these compliance requirements, you can be heavily fined or shut down because you're dealing with people's very private information,” Doty says. “Having to meet a HIPAA requirement inside your home data center is terrible — and can be very expensive — as opposed to being HIPAA compliant in a data center where Microsoft is spending a billion-plus dollars a year on security compliance.”

LEARN MORE: Find out why layered security is essential to healthcare incident response planning.

The Azure Security Center can do a cloud security posture assessment of the organization’s current environment and determine whether it meets technical HIPAA compliance based on the technology being used and whether it adequately safeguards all of the protected health information in this environment.

Azure Blueprints and Azure Policy allow organizations to create frameworks for services for internal IT users, and by users.

“As the security officer or as the infrastructure manager, I have developers who say, ‘Hey, I want to develop a required business application,’” Doty says. “By using Blueprints, I can preapprove frameworks and then load them into a software-defined data center library, and developers will know they have been approved by the CISO.”

This helps dramatically reduce the time from request to delivery of access while ensuring HIPAA and HITECH compliance requirements are met.

Click the banner below for more security content from HealthTech.

Azure Extends Healthcare Security Beyond an Office’s Four Walls

In addition to the benefits gained by shifting workloads such as technology implementation, deployment and maintenance onto Azure, the company’s scale and telemetry data enable it to quickly update security recommendations and generate alerts for important threats.

Within Azure Security Center, Azure Defender helps protect hybrid cloud workloads. Defender scans for vulnerabilities in container images in Azure Container Registry and can protect managed Azure Kubernetes Service instances.

Doty points out that Azure Arc can extend security coverage to workloads outside of Azure as well. Artificial intelligence and automation tools also help to cut through false alarms and identify threats more quickly while streamlining threat investigation.

“Through applications like Blueprints, Microsoft makes it easy for security practitioners to streamline security because you can set it up so that your users just can’t do nonsecure stuff,” he says.

Doty also points out that Sentinel's Microsoft 365 Defender incident integration allows users to stream all Microsoft 365 Defender incidents into Azure Sentinel, which, when combined with the other telemetry sent to the cloud-native SEIM, allows for faster, more unified response and monitoring.

“Now you’re starting to combine your logs across multiple technologies and bumping all those instances up against one another to find weaknesses or potential areas of risk that you didn't know you had,” Doty says.

Azure Enables Healthcare Providers to Benefit from the Cloud

By improving visibility into an organization’s security posture across all of its Azure workloads, and decreasing time to threat remediation, Doty says healthcare organizations can reduce the risk of cloud security breaches.

Azure Security Center also helps reduce the amount of time spent on updating security policies and compliance-related workflows, leading to improved productivity for security administrators. Doty points out that the complex regulatory framework makes security a tall order for healthcare organizations running on shoestring budgets.

“Trying to accomplish all of these things on a low budget is difficult, and everybody is lacking in security personnel right now,” he says. “At this point, everybody needs to maintain security. Everybody is a potential target, and everybody needs to be paying more attention to security. That includes taking into consideration appropriate investment in technologies that will support a more secure framework.”

RELATED: Download this white paper to learn how security can keep pace as cloud adoption accelerates.

Doty adds that an expanding threat landscape across multiple devices requires cloud security to be extra robust, so that all data that reaches the cloud is within the security umbrella.

“At that point, we need to make sure that at all times we know who’s using the data, when they’re using it, why they’re using it, how they’re using it, what they’re doing with it and where it’s being moved,” he says. “The audit trail needs to be deep and complex and wide.”

Doty notes that’s one of the things organizations can do more efficiently and effectively in the cloud than on-premises.

“When you’re doing it in the cloud, the capabilities that are being built are not being built on an organization-by-organization basis, depending on their specific financial capabilities to develop and produce them, but they’re being built on the aggregated financial capabilities of the entire cloud framework, in this case Microsoft’s,” he says.

Brought to you by:

KanawatTH/Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT