One of the most pressing issues in healthcare information technology today is the challenge of securing organizations that operate in the cloud.
Healthcare provider organizations increasingly are turning to the cloud to store sensitive data and backup confidential assets, as doing so enables them to save money on IT infrastructure and operations.
In fact, research showsthat the healthcare cloud computing market is projected to grow by $33.49 billion between 2021 and 2025, registering a compound annual growth rate of 23.18%.
To many in healthcare, the shift to cloud computing seems inevitable. But it also brings unique security risks in the age of ransomware. Indeed, moving to the cloud does not sanctify organizations from risk.
More than a third of healthcare organizations were hit by a ransomware attackin 2020, and the healthcare sector remains a top target for cybercriminals due to the wealth of sensitive information it stores.
Healthcare IT News sat down with P.J. Kirner, chief technology officer at Illumio, a cybersecurity company, to discuss securing a cloud environment in healthcare, and how the zero trust security model may be key.
Q. Healthcare provider organizations increasingly are turning to the cloud. That is clear. What are the security challenges that the cloud poses to healthcare provider organizations?
A. While healthcare cloud growth comes with certain advantages for example, more information sharing, lower costs and faster innovation the proliferation of multi-cloud and hybrid-cloud environments has also complicated cloud security for healthcare providers in myriad ways. And things will likely stay complicated.
Unlike companies that can move to the cloud entirely, healthcare organizations with physical addresses and physical equipment for example hospital beds, medical devices will permanently remain hybrid.
Though going hybrid might seem like a transient state for some organizations, most healthcare organizations will find that they need to continuously adapt to a permanent hybrid state and all the evolving security risks that come with it.
In a cloud environment, it's often difficult to see and detect security risks before they become problems. Hybrid-multi-cloud environments contain blind spots between infrastructure types that allow vulnerabilities to creep in, potentially exposing an organization to outside threats.
Healthcare providers that share sensitive data with third-party organizations over the cloud, for example, may also be impacted if their partner experiences a breach. Additionally, these heterogeneous environments also involve more stakeholders who can influence how a company operates in the cloud.
Because those stakeholders might be in different silos depending on their specialties and organizational needs for example, the expertise needed for Azure is not the same as the expertise needed for AWS this makes the infrastructure even more challenging to protect.
If you're a healthcare provider, you handle sensitive information, such as personally identifiable information and health records, on a daily basis, which all represent prime real estate for bad actors hoping to make a profit.
These high-value assets often live in data center or cloud environments, which an attacker can access once they breach the perimeter of an environment. Because of this, as more healthcare organizations move to the cloud, we're also going to see more attackers take advantage of the inherent flaws and vulnerabilities in this complex environment to gain access to sensitive data.
Q. When it comes to securing healthcare organizations in the cloud, you contend that adopting a zero trust architecture an approach that assumes breach and verifies every connection is vital. Why?
A. We're living in an age where cyberattacks are a given, not a hypothetical inconvenience. To adopt zero trust, security teams need to first change how they think about cybersecurity; it's no longer about just keeping attackers out, but also knowing what to do once they are in your system. Once security teams embrace an "assume breach" mindset, they can begin their zero trust journey in a meaningful way.
Zero trust strategies apply least privilege access controls, providing only the necessary information and access to a user. This makes it substantially more difficult for an attacker to reach their intended target in any attempted breach.
In practice, this means that ransomware cannot spread once it enters a system, because, by default, it doesn't have the access it needs to move far beyond the initial point of entry.
Another crucial component in a zero trust architecture is visibility. As I mentioned, it's difficult to see everything in a cloud environment and detect risks before they occur. The weak spots in an organization's security posture often appear in the gaps between infrastructure types, such as between the cloud and the data center, or between one cloud service provider and another.
With enhanced visibility for example, visibility that spans your hybrid, multi-cloud and data center environments however, organizations are able to identify niche risks at the boundaries of environments where different applications and workloads interact, which gives them a more holistic view of all activity.
This information is vital for cyber resiliency, and for a zero trust strategy, to succeed only with improved insights can we better manage and mitigate risk.
In a year where more than 40 million patient records have already been compromised by attacks, it's more imperative than ever for healthcare organizations to make accurate assessments in regard to the integrity of their security posture.
We'll see more healthcare organizations leverage zero trust architecture as we head into the new year and reflect on the ways the cybersecurity landscape has changed in 2021.
Q. Zero trust strategies have gained traction in the past year, especially in tandem with the Biden Administration's federal stamp of approval. From your perspective, what do you think it will take for more healthcare CISOs and CIOs to go zero trust?
A. While the awareness of and the importance placed on zero trust strategies have grown in the last year, organizations still have a long way to go in implementing their strategies. In 2020, only 19% of organizations had fully implemented a least-privilege model, although nearly half of IT leaders surveyedbelieved zero trust to be critical to their organizational security model.
Unfortunately, a ransomware attack is often the wake-up call that ultimately prompts CISOs and CIOs to rethink their security model and adopt zero trust architecture. We've seen an upsurge in cyberattacks on hospitals over the course of the pandemic, threatening patient data.
By leveraging zero trust solutions for breach containment, healthcare organizations can mitigate the impact of a breach, that way an attacker cannot access patient data even if they manage to initially breach the system.
Healthcare teams are starting to understand that proactive cybersecurity is essential for avoiding outcomes that may be even worse than compromised data: If a hospital system is impacted by a ransomware attack and needs to shut down, they're forced to turn patients away, neglecting urgent healthcare needs.
Healthcare CISOs and CIOs are beginning to realize that the traditional security measures they've had in place detection and protecting only the perimeter aren't enough to make them resilient to a cyberattack.
Even if you haven't been breached yet, you're seeing attacks seriously impact other hospital systems and realizing that could happen to you, too.
Healthcare CISOs and CIOs who recognize the limitations of a legacy security model against today's ransomware threats will understand the need to adopt a strategy that assumes breach and can isolate attacks, which is what the zero trust philosophy is all about.
Twitter:@SiwickiHealthITEmail the writer:bsiwicki@himss.orgHealthcare IT News is a HIMSS Media publication.
Follow this link:
Why the healthcare cloud may demand zero trust architecture - Healthcare IT News
- ISSCC 2024: Inside AMD's Zen 4cThe Area-Optimized Cloud Computing Core - News - All About Circuits - February 26th, 2024 [February 26th, 2024]
- Huawei Cloud: Infrastructure of Choice for AI with 10 Systematic Innovations Unveiled in MWC Barcelona 2024 - Morningstar - February 26th, 2024 [February 26th, 2024]
- Cybersecurity fears drive a return to on-premise infrastructure from cloud computing - Help Net Security - February 26th, 2024 [February 26th, 2024]
- Cybersecurity fears drive a return to on-premise infrastructure from cloud computing - HealthLeaders Media - February 26th, 2024 [February 26th, 2024]
- Huawei Cloud: Infrastructure of Choice for AI with 10 Systematic Innovations Unveiled in MWC Barcelona 2024 - PR Newswire - February 26th, 2024 [February 26th, 2024]
- South Korea Boosts Cloud Computing with $91.5 Million Investment to Propel AI and SaaS Innovation - BNN Breaking - February 26th, 2024 [February 26th, 2024]
- Science ministry to invest 121.9 bln won in cloud computing industry - Yonhap News Agency - February 26th, 2024 [February 26th, 2024]
- Why Microsoft is spending billions on AI and cloud computing in Europe - ITPro - February 26th, 2024 [February 26th, 2024]
- Universities Migrate Research Computing to the Cloud - EdTech Magazine: Focus on K-12 - February 26th, 2024 [February 26th, 2024]
- Top Cloud Computing Skills You Need to Know in 2024 - Simplilearn - February 26th, 2024 [February 26th, 2024]
- Best Cloud Tools of 2024: Unleash Maximum Productivity - Simplilearn - February 26th, 2024 [February 26th, 2024]
- Real-time Analytics News for the Week Ending February 24 - RTInsights - February 26th, 2024 [February 26th, 2024]
- Synadia Raises $25 Million Series B Funding to Meet Massive Demand for Multi-cloud and Edge Computing Driven by AI - PR Newswire - February 26th, 2024 [February 26th, 2024]
- CEO Outlook 2024: 20 Solution Providers On The Cloud Moment - CRN - February 26th, 2024 [February 26th, 2024]
- DigitalOcean beats expectations under the helm of new CEO Paddy Srinivasan - SiliconANGLE News - February 26th, 2024 [February 26th, 2024]
- Securing Kubernetes in a Cloud Native World - The New Stack - February 26th, 2024 [February 26th, 2024]
- How to Build a Chat Interface using Gradio & Vultr Cloud GPU SitePoint - SitePoint - February 26th, 2024 [February 26th, 2024]
- Microsoft to invest $2.1bn in cloud and AI infrastructure in Spain - DatacenterDynamics - February 26th, 2024 [February 26th, 2024]
- Stannah looks to enterprise cloud software to lift IT systems - ComputerWeekly.com - February 26th, 2024 [February 26th, 2024]
- AI vendor finds opportunity amid AI computing problem - TechTarget - February 26th, 2024 [February 26th, 2024]
- Nvidia Worth More Than Alphabet, Amazon - 24/7 Wall St. - February 26th, 2024 [February 26th, 2024]
- VIB spearheads banking innovation with deployment of Temenos Banking Platform on AWS cloud - VnExpress International - February 26th, 2024 [February 26th, 2024]
- Why These 7 Cloud Computing Stocks Should be on Your Radar in 2024 - InvestorPlace - December 25th, 2023 [December 25th, 2023]
- IBM to Buy Software AG's Cloud Computing and AI Assets for $2.3BN - Investopedia - December 25th, 2023 [December 25th, 2023]
- Pass the AWS Certified Cloud Practitioner Certification in One Week - Medium - December 25th, 2023 [December 25th, 2023]
- 3 Cloud Computing Stocks You'll Regret Not Buying Soon: December Edition - InvestorPlace - December 25th, 2023 [December 25th, 2023]
- Cloud Computing Market Predicted to Hit US$1,266.4 Billion by 2028 - TechiExpert.com - December 25th, 2023 [December 25th, 2023]
- AWS chief Adam Selipsky talks generative AI, Amazon's investment in Anthropic and cloud cost-cutting - Omaha World-Herald - December 25th, 2023 [December 25th, 2023]
- Mangata Networks and Microsoft Partner on AI-enabled Edge Cloud Connectivity - AiThority - December 25th, 2023 [December 25th, 2023]
- Democratization of Cloud vs AI: A Case Study - Medium - December 25th, 2023 [December 25th, 2023]
- 5 Drivers Behind the Growth of the GPU Cloud Computing Market - Visual Capitalist - December 25th, 2023 [December 25th, 2023]
- Report: AWS to reorganize sales teams amid slowing cloud revenue growth - SiliconANGLE News - December 25th, 2023 [December 25th, 2023]
- Don't underestimate vulnerabilities in the cloud. Adopt hybrid to stay protected - Best Enterprise Data Storage Software ... - Solutions Review - December 25th, 2023 [December 25th, 2023]
- Innovations, disruptions, transformations expected in 2024 Intelligent CIO Middle East - Intelligent CIO - December 25th, 2023 [December 25th, 2023]
- IBM makes $2B+ deal to add more AI, cloud computing solutions - WRAL TechWire - December 25th, 2023 [December 25th, 2023]
- How to Select the Right Industry Cloud for Your Business - How to Select the Right Industry Cloud for Your Business - InformationWeek - December 25th, 2023 [December 25th, 2023]
- Cloud Computing Market Set to Reach US$1,266.4 Billion by 2028 - Analytics Insight - December 25th, 2023 [December 25th, 2023]
- Cisco to Acquire Isovalent to Secure Cloud-Native Networking - Channel E2E - December 25th, 2023 [December 25th, 2023]
- Cloud-native applications: Unlocking the potential of scalability and agility - ETCIO - December 25th, 2023 [December 25th, 2023]
- Year-in-Review: 2023 Was a Turning Point for Microservices - The New Stack - December 25th, 2023 [December 25th, 2023]
- If AI is the future, radiology needs to look to the cloud - Health Imaging - December 25th, 2023 [December 25th, 2023]
- AI and Cloud: The Proving Ground for Regulatory Resilience in 2024 - Finextra - December 25th, 2023 [December 25th, 2023]
- Cognata Redefines Sensor Suite Selection Processes Through Digital Twin-based Sensor Simulation and Cloud ... - PR Newswire - December 25th, 2023 [December 25th, 2023]
- Microsoft and Amazon the focus of cloud computing probe - Proactive Investors USA - October 5th, 2023 [October 5th, 2023]
- Cloud cover benefits of being on the cloud - The Actuary - October 5th, 2023 [October 5th, 2023]
- AI, Cloud Computing among 36 FREE Online Courses Now ... - Philippine Information Agency - October 5th, 2023 [October 5th, 2023]
- Amazon Web Services isn't trying to win the A.I. race. It wants to own the road. - Slate - July 31st, 2023 [July 31st, 2023]
- The Machines Behind the FinOps Curtain: Operationalizing Your Strategy with AI - ITPro Today - July 31st, 2023 [July 31st, 2023]
- Strengthening security in a multi-SaaS cloud environment - TechCrunch - July 31st, 2023 [July 31st, 2023]
- Oracle Introduces First Cloud Native Secure Cloud Computing ... - PR Newswire - July 31st, 2023 [July 31st, 2023]
- The Power of Cloud Computing: How it's Transforming Database ... - Fagen wasanni - July 31st, 2023 [July 31st, 2023]
- From Headquarters to the Edge: The Future of Cloud in the Defense ... - MeriTalk - July 31st, 2023 [July 31st, 2023]
- 6 Cloud Computing Companies Navigating the Digital Storm in 2023 - GovCon Wire - July 31st, 2023 [July 31st, 2023]
- Government Cloud Computing Market Size, Status and Business ... - University City Review - July 31st, 2023 [July 31st, 2023]
- Cloud Computing in Education Market Forecast, 2023-2029: The ... - University City Review - July 31st, 2023 [July 31st, 2023]
- Global Cloud Computing IaaS In Life Science Market Size and ... - University City Review - July 31st, 2023 [July 31st, 2023]
- What is the Relationship Between IoT and Cloud Computing? - Analytics Insight - July 31st, 2023 [July 31st, 2023]
- How Data Center Interconnect Platforms are Shaping the Future of ... - Fagen wasanni - July 31st, 2023 [July 31st, 2023]
- Revolutionizing IoT: How 5G and Cloud Computing are ... - Fagen wasanni - July 31st, 2023 [July 31st, 2023]
- The Future of Cloud Computing: Database as a Service (DBaaS) in ... - Fagen wasanni - July 31st, 2023 [July 31st, 2023]
- Overcoming Data Privacy Challenges in the European Cloud ... - Fagen wasanni - July 31st, 2023 [July 31st, 2023]
- The Future of Telemedicine in India: How Cloud Computing is ... - Fagen wasanni - July 31st, 2023 [July 31st, 2023]
- Multi-Cloud and Hybrid Cloud: What is the Difference? - Analytics Insight - July 31st, 2023 [July 31st, 2023]
- A New Era of Data Management: The Growing Importance of Global ... - Fagen wasanni - July 31st, 2023 [July 31st, 2023]
- From niche to necessity: GFT's vision for cloud computing ... - Business Leader - July 31st, 2023 [July 31st, 2023]
- ERP, Cloud Computing And Digital Transformation - CIOReview - July 31st, 2023 [July 31st, 2023]
- UMD Smith Offers New January Start Date for MS in Information ... - Newswise - July 31st, 2023 [July 31st, 2023]
- The Impact of Global White-box Server Adoption on Cloud ... - Fagen wasanni - July 31st, 2023 [July 31st, 2023]
- Global Application Transformation: Unlocking the Potential of Cloud ... - Fagen wasanni - July 31st, 2023 [July 31st, 2023]
- BFSI Sector and Asia-Pacific Spearhead the Rapid Growth of Cloud ... - GlobeNewswire - July 31st, 2023 [July 31st, 2023]
- Amazon is investing another $7.8B in Ohio-based cloud computing operations, state leaders say - The Associated Press - June 28th, 2023 [June 28th, 2023]
- Google Cloud Platform: Everything you need to know about Google's suite of cloud computing services - Android Police - June 28th, 2023 [June 28th, 2023]
- Amazon is investing another $7.8B in Ohio-based cloud computing ... - Wilmington News Journal, OH - June 28th, 2023 [June 28th, 2023]
- 11 Key Executives in the Cloud Computing Industry in 2023 - Executive Gov - June 28th, 2023 [June 28th, 2023]
- 10 Multi-Cloud Myths Debunked: Exposing the Facts - TechFunnel - June 28th, 2023 [June 28th, 2023]
- How MTN and Microsoft will transform business operations with ... - TheCable - June 28th, 2023 [June 28th, 2023]
- The Power of Cloud Computing: Revolutionizing Business and IT ... - Tech Critter - June 28th, 2023 [June 28th, 2023]
- FTC Collecting Comments On Cloud Computing, CCIA Offers Input ... - Computer and Communications Industry Association - June 28th, 2023 [June 28th, 2023]
- How AI and Cloud Computing Are Revolutionizing the Insurance ... - Techopedia - June 28th, 2023 [June 28th, 2023]
- HPE Discover final analysis: Navigating the cloud computing ... - SiliconANGLE News - June 28th, 2023 [June 28th, 2023]