How to Secure Cloud Workloads in Healthcare

By : Trisha Paine | Thursday, July 16 2020 - 20:45 IWST

Trisha Paine, Head of Cloud Marketing Programs, at Check Point Software Technologies
Trisha Paine, Head of Cloud Marketing Programs, at Check Point Software Technologies

INDUSTRY.co.id - The healthcare industry has always been more cautious when it comes to new deployment mechanisms, especially when they involve the cloud. While one appreciates all of the benefits the cloud offers, their first priority is safeguarding patient private data and records.

However, this is balanced with the need for expedited, consolidated and always available patient care data, and the easiest way to do this is by leveraging the cloud. What compounds this and makes the transition more challenging is the rules and regulatory fines that are imposed by HIPAA – in some cases, amounting to over US$1Million per incident. This leaves healthcare organisations and medical technologist in a quandary. The secret is to evolve the security approach, and better yet, automate the security protocol to ensure patient protection, application security, and compliance.

Healthcare Migration to the Modern Cloud

The rapid proliferation of medical and health technologies that consumers can interact with is quickly driving healthcare and medical technology providers into the public cloud, and specifically to new application workloads, including serverless and container architectures. For many healthcare and medical technology use cases, modern workload architectures are an excellent architecture choice, for several reasons:

Healthcare and medical applications often require large scale and high-availability. Serverless and container workloads make building and operating large-scale, highly-available applications much easier and less costly. For instance, pharmacies have mobile or online applications to process prescription requests that require on-demand scalability. On the other hand, EMR software applications used within the hospitals network can be broken out into containers for greater efficiency and security.

Compliance and data privacy protection are often critical to healthcare technology solutions. Moving to workload architectures can help application developers create even greater robust designs with nano-requirements to enhance security and privacy restrictions.

Workload Security in Healthcare

The move to modern workloads, like serverless and containers, creates new challenges and opportunities for healthcare and medical solutions—and as mentioned, they must be HIPAA compliant. Medical technology providers need to understand the various nuances in order to address security and compliance requirements, including:

Medical applications deployed on a public cloud leveraging serverless or container services have stringent compliance requirements, such as HIPAA and GDPR. Healthcare organisations need to meet these compliance regulations in accordance to the design of the workload deployed, and enable proper certification and auditing calls for clear security controls across the entire lifecycle of the application, from development to production.

Healthcare cloud services can comprise hundreds of serverless functions or several containers in a micro-services architecture, each handling some specific transaction of users’ medical data. For each function or container component, it is imperative that the cloud workload protection solution implemented ensure least privilege execution. This is crucial to minimising the risk of data leakage and privacy violations.

Cloud workload protection solutions demands protecting the application from both known and unknown threats, commonly known as “zero-day” attacks. Because serverless functions used in medical technology solutions are usually small and single-purpose, a serverless security solution should employ self-learning behavioural defence to detect and block undesirable behaviours that stem from cyber-attacks.

How to Automate Workload Security for Healthcare

Modern cloud-native application security, like those in cloud workloads, need to be built from the ground-up with the inner workings of the application in mind. Traditional application security protocols simply do not work in these modern architectures as the mechanic of the application has fundamentally changed. Healthcare organisations and medical technologist need to reimagine the way AppSec is done without negatively affecting the operational benefits of these modern workloads like efficiency, cost savings, etc.

There are several features that help make Cloud Workload application for Healthcare, far more secure than traditional applications. Some of these include:

- Centralised visibility across cloud-native environments.

- Behavioural intelligence to prevent known and unknown attacks.

- Active protection and automated security.

News Comment

Today's Industry

Friedhelm Best - Vice President Asia Pacific, HIMA (Photo by HIMA)

Rabu, 05 Agustus 2020 - 21:10 WIB

3 Essential Considerations When Modernizing the Safety System of Industrial Facilities

As countries in Asia start to ease restrictions and more businesses return to operation in the midst of the COVID-19 pandemic, industrial plant operators are strategising a return to normality…

Gil Yankovitch, Firmware Technology Lead and Ram Yonish, Firmware Security Evangelist (former co-founders of Cymplify Security, acquired by Check Point) (Photo by LinkedIn)

Rabu, 05 Agustus 2020 - 21:00 WIB

While IoT security standards lag, IoT security companies innovate – Overview of trends in IoT cyber security

While IoT and OT devices proliferate, IoT security standards and regulations are few and far between. Unsurprisingly, this puts individuals, enterprises and states at major risk.

Ilustration Brand phishing (Photo by Technonlogy For You)

Selasa, 04 Agustus 2020 - 09:15 WIB

Google and Amazon Overtake Apple as Most Imitated Brands for Phishing in Q2 2020

Brand phishing involves the attacker imitating an official website of a known brand by using a similar domain or URL, and usually a web page similar to the original website.

Tommi Makila, Senior Solutions Architect at Synopsys Software Integrity Group (Photo by LinkedIn)

Selasa, 04 Agustus 2020 - 08:20 WIB

Are you following the top 10 software security best practices?

Each and every company’s security needs are unique and ultimately the practices and policies related to such will be unique (or as I like to put it; it’s a journey).

Ardhi Bebi Laksono

Jumat, 31 Juli 2020 - 19:30 WIB

Market Trend E-Comerce in Indonesia

As many as 90 percent of internet users in Indonesia have made purchases of products and services online.