How to Secure Cloud Workloads in Healthcare

By : Trisha Paine | Thursday, July 16 2020 - 20:45 IWST

Trisha Paine, Head of Cloud Marketing Programs, at Check Point Software Technologies
Trisha Paine, Head of Cloud Marketing Programs, at Check Point Software Technologies

INDUSTRY.co.id - The healthcare industry has always been more cautious when it comes to new deployment mechanisms, especially when they involve the cloud. While one appreciates all of the benefits the cloud offers, their first priority is safeguarding patient private data and records.

However, this is balanced with the need for expedited, consolidated and always available patient care data, and the easiest way to do this is by leveraging the cloud. What compounds this and makes the transition more challenging is the rules and regulatory fines that are imposed by HIPAA – in some cases, amounting to over US$1Million per incident. This leaves healthcare organisations and medical technologist in a quandary. The secret is to evolve the security approach, and better yet, automate the security protocol to ensure patient protection, application security, and compliance.

Healthcare Migration to the Modern Cloud

The rapid proliferation of medical and health technologies that consumers can interact with is quickly driving healthcare and medical technology providers into the public cloud, and specifically to new application workloads, including serverless and container architectures. For many healthcare and medical technology use cases, modern workload architectures are an excellent architecture choice, for several reasons:

Healthcare and medical applications often require large scale and high-availability. Serverless and container workloads make building and operating large-scale, highly-available applications much easier and less costly. For instance, pharmacies have mobile or online applications to process prescription requests that require on-demand scalability. On the other hand, EMR software applications used within the hospitals network can be broken out into containers for greater efficiency and security.

Compliance and data privacy protection are often critical to healthcare technology solutions. Moving to workload architectures can help application developers create even greater robust designs with nano-requirements to enhance security and privacy restrictions.

Workload Security in Healthcare

The move to modern workloads, like serverless and containers, creates new challenges and opportunities for healthcare and medical solutions—and as mentioned, they must be HIPAA compliant. Medical technology providers need to understand the various nuances in order to address security and compliance requirements, including:

Medical applications deployed on a public cloud leveraging serverless or container services have stringent compliance requirements, such as HIPAA and GDPR. Healthcare organisations need to meet these compliance regulations in accordance to the design of the workload deployed, and enable proper certification and auditing calls for clear security controls across the entire lifecycle of the application, from development to production.

Healthcare cloud services can comprise hundreds of serverless functions or several containers in a micro-services architecture, each handling some specific transaction of users’ medical data. For each function or container component, it is imperative that the cloud workload protection solution implemented ensure least privilege execution. This is crucial to minimising the risk of data leakage and privacy violations.

Cloud workload protection solutions demands protecting the application from both known and unknown threats, commonly known as “zero-day” attacks. Because serverless functions used in medical technology solutions are usually small and single-purpose, a serverless security solution should employ self-learning behavioural defence to detect and block undesirable behaviours that stem from cyber-attacks.

How to Automate Workload Security for Healthcare

Modern cloud-native application security, like those in cloud workloads, need to be built from the ground-up with the inner workings of the application in mind. Traditional application security protocols simply do not work in these modern architectures as the mechanic of the application has fundamentally changed. Healthcare organisations and medical technologist need to reimagine the way AppSec is done without negatively affecting the operational benefits of these modern workloads like efficiency, cost savings, etc.

There are several features that help make Cloud Workload application for Healthcare, far more secure than traditional applications. Some of these include:

- Centralised visibility across cloud-native environments.

- Behavioural intelligence to prevent known and unknown attacks.

- Active protection and automated security.

News Comment

Today's Industry

L/R: Alwin Zecha, Founder - Pacific Leisure Group, Thailand; Hiran Cooray Chairman - Jetwing Symphony PLC, Sri Lanka; and Akbar Shareef, Chairman & Chief Executive - Rakaposhi Tours (Pvt) Ltd., Pakistan (Photo by Global Travel Media)

Jumat, 16 Oktober 2020 - 17:15 WIB

PATA Honours Industry Leaders, Pioneers and Professionals at 69th Annual General Meeting

The following awards were presented during the 69th Annual General Meeting held online PATA Gallery of Legends Award, PATA Life Membership, and PATA Chair’s Award.

Hypertherm, a U.S. Based Manufacturer of Industrial Cutting Systems and Software

Rabu, 14 Oktober 2020 - 21:30 WIB

Hypertherm Releases New CSR Report with Updates On Community Outreach, Environmental Impact, and Associate Well-Being

Hypertherm, a U.S. based manufacturer of industrial cutting systems and software, announced the release of its 2019 Corporate Social Responsibility Report.

Rena Chua, Bug Bounty Advisor at HackerOne (Photo by Linkedin)

Kamis, 24 September 2020 - 14:15 WIB

How COVID-19 Is Impacting Security

With this accelerated pace of digital transformation, CISOs had to quickly facilitate new needs — while ensuring the security of existing systems and newly-acquired collaboration tools.

Ilustration Asia-Pacific’s First and Largest Collaborative Robots Virtual Expo (Photo by Universal Robots)

Selasa, 22 September 2020 - 17:00 WIB

Universal Robots Hosts First Virtual Collaborative Robots Exhibition & Conference in Asia-Pacific

Gain actionable insights on flexible and cost-effective automation solutions addressing post-pandemic ROI and safety challenges for small & medium businesses.

Published BSIMM11, The Latest Version of The BSIMM (Photo by EEJournal)

Senin, 21 September 2020 - 18:30 WIB

Synopsys Publishes BSIMM11 Study Highlighting Fundamental Shifts in Software Security

BSIMM11 reflects the software security practices observed across 130 firms from multiple industry verticals including financial services, FinTech, independent software vendors, cloud, health…