Close

See How Your Peers Are Moving Forward in the Cloud

New research from CDW can help you build on your success and take the next step.

Click Here to Read the Report
Nov 15 2024
Cloud

5 Questions to Dispel Myths about Cloud Security

Health systems that are re-examining their infrastructure will want to refresh what they know about security in the cloud.
Joel Snyder
by

Joel Snyder, Ph.D., is a senior IT consultant with 30 years of practice. An internationally recognized expert in the areas of security, messaging and networks, Dr. Snyder is a popular speaker and author and is known for his unbiased and comprehensive tests of security and networking products. His clients include major organizations on six continents.

Healthcare organizations are relying on the cloud to push patient care forward, optimize IT infrastructure, support real-time data exchange and deliver mobility for clinicians. As IT teams shift applications to the cloud, they also need to be well informed about cloud security and compliance requirements. Here are five questions about common cloud security myths to better guide healthcare IT leaders:

Click the banner below to learn how to optimize healthcare cloud environments with expert guidance.

xs_cloud_animated_2024_cta2_desktop xs_cloud_animated_2024_cta2_mobile

 

1. Doesn’t shifting data to the cloud result in reduced security? 

Letting applications leave your data center can be frightening. The loss of detailed control and ownership seems like it can invite security problems. Usually, the opposite is true: Cloud providers have the scale to deliver massive resources to secure applications and data, and they’re on the forefront of security best practices. Healthcare IT teams just don’t have that level of resource to devote to security. 

2. Aren’t cloud providers responsible for my data’s security? 

Shifting to the cloud, whatever type of service you’ve chosen, means a joint responsibility for security. Physical, network and infrastructure security are now the cloud provider’s problem. For Software as a Service, that extends all the way up to operating system and application security patches. But overall configuration and the selection of correct options remain your responsibility. If you don’t require multifactor authentication or leave your data storage buckets publicly accessible, the security problems you create are your own. Healthcare IT leaders have to take the time to understand what they’re configuring and pick appropriate and secure options.

Cloud TOC

Related Content:

Find out how healthcare organizations can minimize turbulence in the modern cloud.

Learn how FinOps enhances cloud financial management and optimization.

Explore how healthcare organizations can maximize cloud assessments.

Discover what a new research report tells us about healthcare and the cloud. 

 

3. Doesn’t shifting to the cloud relieve my compliance burden? 

Cloud providers go through their own auditing and certification process, and delivering those reports to you is part of your compliance reporting plan. But final control over data access is always your responsibility, no matter where the data sits. Cloud isn’t a shortcut to bypass from HIPAA and HITECH requirements. 

4. Doesn’t the cloud change identity and access management? 

IAM has never been more important than in a cloud environment because traditional physical barriers (such as having to be in the hospital) disappear. Solid IAM is the basis for everything. Healthcare IT teams that rely on onsite Active Directory or cloud-based Entra ID (Microsoft’s new name for Azure AD) with MFA have a good start. But cloud does introduce some additional IAM requirements. Risk management through geofencing, break-in evasion and other posture checks needs to be integrated into IAM to maintain access control in a cloud application environment. 

5. Isn’t encrypting data over the internet sufficient protection? 

Encryption is necessary but by no means sufficient by itself. Tools such as SSL/TLS encryption protect cloud data in transit between data centers and users, but data at rest also needs security far beyond simple encryption. In addition to IAM and strong access controls, healthcare IT teams should add tools to help audit their configurations and to monitor security events. Data breach prevention begins with identifying and fixing human errors, which are always present. That’s just a start: Unauthorized data access must be detected and remediated in real time, at internet speeds, to prevent widespread data breaches.

Click the banner below to read the 2024 CDW Cloud Computing Research Report.

na-prrcloud-static-2024-na-desktop na-prrcloud-static-2024-na-mobile
PeopleImages/Getty Images

More On

Related Articles