As providers shift from traditional data centers to cloud-based environments, they are adapting their cybersecurity strategies to address the cloud’s unique challenges and opportunities.
A critical aspect of the transition is understanding that health systems must stay proactive in safeguarding their data. That can surprise organizations that expect cloud service providers to manage cybersecurity fully, says Errol Weiss, chief security officer for Health-ISAC, a global nonprofit information sharing and analysis center focused on security in healthcare.
Health systems moving to the cloud should be prepared for a shared responsibility model, Weiss says, with each party’s roles depending on the architecture and the cloud provider involved.
“There are varying levels of responsibility, and organizations need to plan for this, have the staff to adequately manage and run it, and have the tools to manage these differences,” he adds.
For example, in a serverless environment, organizations must secure identities and access rights, while the cloud provider secures the containers or virtual machines. If a server is deployed in the cloud, the partner may secure only the physical infrastructure and network connectivity, while organizations address other exposure points, Weiss says.
With the right model in place, organizations can confidently leverage the cloud’s advantages, including greater disaster recovery and business continuity resiliency, while strengthening their defenses through cloud-native approaches such as zero trust.