How to Secure Cloud Workloads in Healthcare

By : Trisha Paine | Thursday, July 16 2020 - 20:45 IWST

Trisha Paine, Head of Cloud Marketing Programs, at Check Point Software Technologies
Trisha Paine, Head of Cloud Marketing Programs, at Check Point Software Technologies

INDUSTRY.co.id - The healthcare industry has always been more cautious when it comes to new deployment mechanisms, especially when they involve the cloud. While one appreciates all of the benefits the cloud offers, their first priority is safeguarding patient private data and records.

However, this is balanced with the need for expedited, consolidated and always available patient care data, and the easiest way to do this is by leveraging the cloud. What compounds this and makes the transition more challenging is the rules and regulatory fines that are imposed by HIPAA – in some cases, amounting to over US$1Million per incident. This leaves healthcare organisations and medical technologist in a quandary. The secret is to evolve the security approach, and better yet, automate the security protocol to ensure patient protection, application security, and compliance.

Healthcare Migration to the Modern Cloud

The rapid proliferation of medical and health technologies that consumers can interact with is quickly driving healthcare and medical technology providers into the public cloud, and specifically to new application workloads, including serverless and container architectures. For many healthcare and medical technology use cases, modern workload architectures are an excellent architecture choice, for several reasons:

Healthcare and medical applications often require large scale and high-availability. Serverless and container workloads make building and operating large-scale, highly-available applications much easier and less costly. For instance, pharmacies have mobile or online applications to process prescription requests that require on-demand scalability. On the other hand, EMR software applications used within the hospitals network can be broken out into containers for greater efficiency and security.

Compliance and data privacy protection are often critical to healthcare technology solutions. Moving to workload architectures can help application developers create even greater robust designs with nano-requirements to enhance security and privacy restrictions.

Workload Security in Healthcare

The move to modern workloads, like serverless and containers, creates new challenges and opportunities for healthcare and medical solutions—and as mentioned, they must be HIPAA compliant. Medical technology providers need to understand the various nuances in order to address security and compliance requirements, including:

Medical applications deployed on a public cloud leveraging serverless or container services have stringent compliance requirements, such as HIPAA and GDPR. Healthcare organisations need to meet these compliance regulations in accordance to the design of the workload deployed, and enable proper certification and auditing calls for clear security controls across the entire lifecycle of the application, from development to production.

Healthcare cloud services can comprise hundreds of serverless functions or several containers in a micro-services architecture, each handling some specific transaction of users’ medical data. For each function or container component, it is imperative that the cloud workload protection solution implemented ensure least privilege execution. This is crucial to minimising the risk of data leakage and privacy violations.

Cloud workload protection solutions demands protecting the application from both known and unknown threats, commonly known as “zero-day” attacks. Because serverless functions used in medical technology solutions are usually small and single-purpose, a serverless security solution should employ self-learning behavioural defence to detect and block undesirable behaviours that stem from cyber-attacks.

How to Automate Workload Security for Healthcare

Modern cloud-native application security, like those in cloud workloads, need to be built from the ground-up with the inner workings of the application in mind. Traditional application security protocols simply do not work in these modern architectures as the mechanic of the application has fundamentally changed. Healthcare organisations and medical technologist need to reimagine the way AppSec is done without negatively affecting the operational benefits of these modern workloads like efficiency, cost savings, etc.

There are several features that help make Cloud Workload application for Healthcare, far more secure than traditional applications. Some of these include:

- Centralised visibility across cloud-native environments.

- Behavioural intelligence to prevent known and unknown attacks.

- Active protection and automated security.

News Comment

Today's Industry

Construction of RISHA housing units. Photo by: PR of Ministry of Public Works and Public Housing.

Selasa, 18 Mei 2021 - 23:05 WIB

Gov’t Builds Houses for Disaster-Hit Communities in East Nusa Tenggara

Ministry of Public Works and Public Housing has started the reconstruction of permanent housing for communities affected by flash floods and landslides in the Province of East Nusa Tenggara.

Coordinating Minister for Human Development and Culture Muhadjir Effendy and Minister of Transportation Budi Karya Sumadi (Photo by: PR of Ministry of Transportation)

Selasa, 18 Mei 2021 - 22:00 WIB

Transportation Minister Urges Passengers Passing Through Bakauheni Port to Take COVID-19 Antigen Test

In a bid to anticipate reverse flow traffic after Eid al-Fitr, passengers passing through Bakauheni Ferry Port are required to take a mandatory rapid antigen test prior to their departure as…

The signing situation of an offtake agreement, PT Citra Borneo Utama (CBU) and Grand Resources Group (Singapore) Pte, Ltd. (Photo: PT Sawit Sumbermas Sarana Tbk Public Relations)

Selasa, 18 Mei 2021 - 20:55 WIB

Citra Borneo and Grand Resources Sign Stearin and Olein Offtake Agreement

Pangkalan Bun - PT Citra Borneo Utama (CBU) and Grand Resources Group (Singapore) Pte, Ltd. (GRGS) virtually signed an Offtake Agreement for the provision of palm oil derivative products, namely…

Coordinating Minister for Economic Affairs Airlangga Hartarto

Selasa, 18 Mei 2021 - 20:01 WIB

Chief Economic Minister: Economic Recovery Continues in Q2

Indonesia’s national economy will continue to recover and show an upward trend in the second quarter of 2021, according to Coordinating Minister for Economic Affairs Airlangga Hartarto.

A virtual press conference on the anticipation of people mobility and prevention of the COVID-19 spread after Eid al-Fitr period, Saturday (15/05). Photo by: PR of Coordinating Ministry for Economic Affairs

Selasa, 18 Mei 2021 - 19:08 WIB

Gov’t Imposes COVID-19 Random Test, Mandatory Check Policy for Reverse Exodus Travelers

In a bid to anticipate reverse-exodus after Eid al-Fitr period and prevent the spread of COVID-19, the Government has announced it will impose a policy on COVID-19 random-test and mandatory-check…