IT administrators in every vertical seem to be doing their own brand of due diligence on how identify and address the risks associated with cloud computing. Even the healthcare industry, which is traditionally a late-adopter in terms of investing in new technology, is looking at the cost-benefit analysis of the cloud and taking the security issue head on, according to Health IT Security.
"Cloud computing can be a very powerful platform for healthcare organizations when deployed and utilized properly – but as this type of environment gains popularity, security will continue to be a top priority," Bill Kleyman wrote on the website. "In utilizing cloud computing, there are some core security considerations that must be analyzed."
Health IT Security calls this a "no brainer" for the healthcare industry, as breaches could mean patient data leaking and regulations and laws being violated. Organizations should be looking into any potential areas of vulnerability to see how they can better prepare for a safe introduction of cloud services.
Securing the cloud becomes especially important as operations begin to scale, according to the website. This has become apparent as the years have gone on, with a graph from Arbor Networks showing that the size of distributed denial-of-service (DDoS) attacks more than doubled from 2007 to 2009 and again from 2009 to 2010. These could introduce serious trouble for any business, but in a healthcare company that relies on the cloud, it could be disastrous as information inaccessibility could have clinical consequences for patients.
Kleyman said data loss and infrastructure breaches are the two most serious threats from a lack of security in the cloud and both can end up being extremely messy if not accounted for.
"Negative publicity and the resulting investigations cost even more time and money," the website said. "One of the best ways to help secure the cloud is to be aware of the existing threats and how they continue to change. For example, DDoS attacks have changed greatly from simply volumetric strikes into much more advanced, HTTP and application-layer attacks. In creating truly agile cloud environment – the focus will have to revolve around data integrity and infrastructure security. For a healthcare organization, the upfront security costs can greatly outweigh the price for a potential breach."
Compliance in the cloud remains critical
On the Cloud Security Alliance's website, it said cloud computing technology has been useful for healthcare organizations due its enablement of agile financial applications, messaging platforms and app consolidation in a way that previously was not possible. Even so, companies need to make sure they are taking the cloud's proverbial hand and walking it every step of the way through the security and compliance process.
The first step CSA said healthcare IT executives should take toward compliance is to understand what the organization itself needs to be able to relay it to the cloud provider. This will go a long way in making sure the company knows what it has to do in order to help and will spell out anything extra the IT department has to do on their end. After this, there needs to be a provider search that takes into account who the best fit is for the organization by understanding the data, traffic flow, network and which applications are being used.
Once a provider is chosen, roles can be defined within the organization to help keep up with the cloud security and compliance and there should be an ongoing process to make the solution as efficient and compliant as possible.
Cloud Security News from SimplySecurity.com by Trend Micro