What every healthcare technology leader needs to know about cloud data and security


With the explosion of new data capture devices in healthcare and the rapid evolution to the cloud, we explore what healthcare technology leaders need to know about cloud data and security.

Healthcare technology leaders need to make safety part of the conversation early on in any initiative.

As most healthcare organizations continue to digitize services and increasingly move workloads to the cloud, any healthcare technology leader must prioritize cloud data and security in this virtual environment. in expansion.

The reduction in administrative work leading to improved overall patient care, combined with the benefits of technologies such as the Internet of Things (IoT), which are changing the face of medicine and healthcare, demonstrate the importance of a digital approach.

However, as these digital transformation initiatives continue to expand an organization’s virtual ecosystem, it is imperative that cybersecurity and cloud data protection practices be prioritized and integrated into business strategy.

This is crucial, as nearly two-thirds of global healthcare organizations have experienced a cyberattack in their lifetime, and more than half have been attacked in the past 12 months, according to a Keeper Security study.

Know your data

As the organization moves to the cloud, technology leaders need to take responsibility and ownership of this journey, while creating a comprehensive security framework from the start. In the scenario of a data breach, for example, someone needs to be accountable and lead the organization through its governance and compliance requirements.

Knowing where an organization’s data resides, who owns that data and what type of data it is, will facilitate any security incident and any legal or compliance implications. It will also facilitate an organization’s ability to manage risk and improve its response over time.

Commenting on the importance of knowing your data, Guillaume Klousovski, responsible for the global cybersecurity strategy, governance, risk and compliance offering at Avanade, said, “Often times, technology leaders will forget that asset management isn’t just about tracking hardware, it means knowing where your data is, where your data is flowing, and who owns that data. “

The challenge of having a holistic view of an organization’s data landscape is heightened by the problem of shadow IT – the purchase of software and technology without the knowledge of IT. As new systems and applications are integrated by various departments, it is easy to lose track of them and the data they contain, without a solid systems acquisition process.

In healthcare in particular, the rapid introduction of IoT medical devices and all the new data they generate is one example. Every new device needs to be monitored and secured, because even a vulnerable device – which is very easy to procure – could be used as a gateway for a hacker to enter a network of healthcare providers.

Find your data

Gaining visibility and securing sensitive data held by healthcare organizations requires planning and understanding across the enterprise.

Explaining how Avanade helps its healthcare customers develop a strong security posture, Klusovsky said, “We provide services that start at the strategic or board level, before moving down to the management of individual departments.

“It’s important to start at the top. We bring in executive level experts to discuss how to develop a comprehensive security strategy, then architects to look at policies and processes within the organization, before defining what technology is needed and how. enforce. Once in place, our managed services provide ongoing risk management for effective security oversight and response. “

Providing a specific example of how Avanade works with one of its clients, Klusovsky continued, “We are currently working with a healthcare client on privacy and data protection around their artificial intelligence. Conduct impact assessments to identify customer and customer risks, document data flow, and recommend controls and processes to maintain data security and privacy. The goal is to give the customer a plan to mitigate risk and align with GDPR.

By partnering with clients in this way, instead of offering a service, there is little or no knowledge transfer required, as it has been communicated and disseminated to different levels of the business, from strategy to policy process and technology implementation.

It’s a people problem

Knowing your data and gaining visibility into it is essential for an effective cloud security strategy. However, human error must be taken into account when seeking to protect an organization’s data. The problem has only worsened in the remote working environment induced by the pandemic.

To counter this, industry leaders should invest in regular cybersecurity training, not only to avoid financial and reputational damage, but also to protect sensitive data.

“When calculating construction risks and budgets, companies often overlook or ‘cut’ training requirements to control costs. Organizations should view their staff as a risk like anything else and “do the math” to invest in mitigation, ”Klusovksy explained.

Develop a cloud security strategy in the healthcare sector

Protecting patient personal information must be a priority for any leader in healthcare technology. Here, Klusovksy provides four tips for developing an effective and holistic cloud security strategy:

1. Planning – leaders need to assess their organization, understand their current security posture and define what is achievable from the start. The plan must also “live” and be continually reassessed against the changing risk and compliance landscape.

2. Align security with business objectives – security must be integrated into the development of the commercial strategy. The two must be aligned. So technology leaders should consider business goals before making any purchasing or strategic security decisions.

3. A governance framework – Despite the wide variety of regional regulations, healthcare organizations need to develop a basic standard way of doing business, which should take into account all the things you need to do from a compliance and risk perspective. Having a governance framework in place, knowing where the risk lies, gives the organization the roadmap of what it needs to do to manage and continually improve things.

4. Qualified resources – it is important to understand your skills and abilities. If you’re a healthcare organization that doesn’t have strong cloud skills, for example, then partner with someone who does. This will help you get the job done right the first time, saving time and money.

William Klusovsky is responsible for the global cybersecurity strategy, governance, risk and compliance offering at Avanade.

The Evolution of Data Security in the Cloud: Zero Trust

Going forward, there is a need to adopt a Zero Trust framework in an IT or security strategy.

The concept of Zero Trust, assuming that businesses cannot trust anything, be it a user, device or network, means that mechanisms must be built in to create that trust.

From a healthcare perspective, looking at the explosion of IoT medical devices and wearable technologies that are now active on a provider’s network, these devices are unreliable and the data they generate and which is being generated. found in the cloud must be secure. Whatever IoT device, whether it’s a smartwatch, an MRI machine, or thermostats, they need to be monitored and security teams need to be able to detect malicious activity.

“Protecting the IoT requires the ability to be able to monitor it, which is different from typical security monitoring. Tools like Azure Defender for IoT provide the capacity and information needed to get the job done, ”explained Klusovsky.

“In a broader sense, moving to Zero Trust requires the same planning as a cloud migration strategy. Organizations need to take a look at their processes, infrastructure, data flows, and business operations and begin to chart a path to zero trust. It requires strong identity management and access controls using products like Azure Active Directory, among others, ”he continued.

The impact of Covid-19 has also created a new challenge for the security landscape. To mitigate disruption, organizations have had to embrace digital transformation faster than they’ve ever done before. Klusovsky believes this innovation should be viewed positively, but is concerned about the number of organizations that have made it possible in a secure manner. Was security dealt with after the fact?

“If you’re looking for new innovations and want to move forward, a healthcare technology leader needs to build safety into their plan early on in the transformation journey,” he added.

Leave A Reply

Your email address will not be published.