On average, organizations have 2,6 public cloud and 2,7 private cloud. This multi-cloud complexity means that healthcare organizations can have an incomplete control over who has access to data. Identity and access management (IAM) can enable the implementation of various access levels for data, software, and systems over multi-cloud and on-premises environments.
Large networks with many members of staff, such as hospitals require robust, secure, and flexible cloud IAM systems. Cloud identity and access management makes accessing vital data and systems quicker and easier for healthcare employees and staff. Identity federation and user’s identity lifecycle management helps to streamline entitlements effectively across all environments.
A key part of cloud IAM is the use of single sign on (SSO) and multi-factor authentication. This enables users to login once and access multiple systems securely and seamlessly, for instance to view patient records and book appointments without needing to enter several passwords.
Cloud encryption works by changing data to an unreadable format, which can only be read with the correct decryption key. Data encryption is often referred to as the last line of defense. This process ensures that only authorized users have access to the data and that it is protected from unintended disclosure.
Depending on the sensitivity of the information, different key management models can be applied to maintain sovereignty and control over data by ensuring the healthcare provider’s ownership on encryption keys.
Cloud Access Security Broker (CASB)
A cloud access security broker (CASB) is used to boost threat detection and data security by monitoring cloud applications, restricting data access from the cloud and enforcing security policies (extra-territorial, national or internal). In the case of healthcare, a CASB can support organizations in their compliance journey with specific regulations including HIPAA in the US and GDPR in the UK. These regulations require the protection of PHI or protected healthcare information.
- review all third-party cloud applications,
- determines the risk levels of each application,
- identify potential risks where data loss or a breach could occur,
- can automatically adapt policies and user access levels.
Concretely, if a doctor attempts to view patient data from a different country than their usual location, CASB would automatically identify this as a potential threat. It will ask for additional authentication methods for verification before the doctor is permitted to access the patient’s data.
Cloud Security Posture Management (CSPM) :
Cloud security posture management or CSPM is a key part of cloud security in detecting potential vulnerabilities within a system’s infrastructure. CSPM works by continuously reviewing the cloud environment to identify potential configuration vulnerabilities and compliance risks.
Many of the issues identified stem from human error and misconfiguration: a CSPM can help to mitigate these risks. Examples of a potential vulnerability a CSPM system may find is an improperly configured S3 bucket that contains sensitive patient data. S3 buckets have been the cause of many data leaks including in the case of Patient Home Monitoring in 2017 when data from 150,000 patients were left unsecured in an Amazon S3 bucket[i].
Cloud Service Provider Security
Cloud environments fall into three categories: public, private, and hybrid. Most healthcare organisations use a hybrid cloud model which combines public and private cloud infrastructures. Cloud often contains sensitive information such as patient data and electronic heath records. Additional security measures must be put in place to ensure its protection.
In addition to their role in securing the cloud infrastructure, cloud service providers (CSP) often provide native security tools for an improved security posture. In this case, managed security services can help reduce the operational complexity by leveraging these native capabilities to continuously identify and remove potential threats.
At Atos, we have a comprehensive cloud security offering to help keep sensitive healthcare data safe.
For more information on how Atos can help with cloud security including Cloud IAM, Cloud Encryption, CASB, CSPM and Cloud Service Provider Security along with a full end to end cybersecurity solution for healthcare companies, contact our healthcare team.