Guest Column | June 15, 2020

Worried About PaaS Security? 4 Steps To Protect Your Healthcare Organization

By Pete Thurston, RevCult

How To Price Your Security Solutions

Cloud adoption is gaining momentum across industries, and healthcare is no exception. Data from Global Market Insights indicates the market for cloud computing in healthcare exceeded $8.5 billion in 2018 and the global figure could top $55 billion by 2025.

Despite the growth, however, there have been complications with the cloud — some 73 percent of decision makers surveyed for the 2019 Nutanix Enterprise Cloud Index were bringing key applications back on-premises to better meet their needs. Flexibility is one of those needs, but the move also reflects a misguided notion that housing data on-site increases security.

Can You Secure The Cloud?

The reality is that cloud-based platforms offer unmatched data protection capabilities. That shouldn’t be a surprise, considering the last thing any cloud provider needs is a headline about a breach. To this end, the platforms are hardwired for authentication and can tie directly into a mobile push device. Try getting your developers to put together a two-factor authentication system in a week and you’re out of luck. If you’re relying on Salesforce, on the other hand, it’s as simple as turning on a feature.

Scalability and portability are other huge advantages. Whether you’re a payer that’s been around for 100 years or a small dental practice somewhere, scalability is important to your organization. HIPAA spawned high tech, but everyone forgets that the “P” stands for portability — something that cloud-based systems are built on. Portability isn’t just a feature; it’s about meeting patients where they expect to be met.

Take telehealth as an example. It’s already significant, especially for mental health professionals who need the context of body language and eye contact with their patients. The technology is still in its relative infancy, but it’s going to take off. To take advantage of it, organizations will need to be operating in the cloud.

Making A Migration Happen Securely

Migrating to the cloud can be incredibly complex but establishing an effective security posture doesn’t have to be. Many organizations have dropped the ball by skipping one of the following simple steps. Taking them seriously will help keep your own company out of the next breach headlines.

1. Align Organizational Leadership. Security and organizational leadership must be aligned from the very beginning of your cloud migration. Forgoing this step can cost hundreds of thousands of dollars when a system is built that doesn’t accomplish all the necessary goals. Meet and establish those goals, and only then should you begin construction.

2. Put Boundaries Around Data. You don’t have to move all your organization’s data to the cloud at once. It’s recommended that you migrate in stages. Learn to operate within certain security parameters such as user permissions and access policies with your less critical data, and then gradually upload more sensitive documents.

3. Accept A Rapid Evolution. The cloud moves quickly. If you’re expecting a new release or update every six months, you won’t be able to keep up. Stay connected and review your security posture early and often to ensure that it evolves with the times. With a vigilant process of reevaluation, you’ll also be able to take advantage of all the latest security innovations.

4. Don’t Botch The Basics. So many of the mistakes that organizations make with cloud security are the same ones that have been made repeatedly. For example, instead of taking the time to assign specific permissions, someone takes a shortcut and makes all users administrators by default. Then a disgruntled employee gets poached by a competing organization and takes your most valuable data with them. This scenario (and many others like it) can be prevented by following basic best practices in the cloud.

The cloud offers lots of incredible advantages, including security, but it’s up to you to use it properly. The four steps above will protect you against most security issues that can arise in the cloud and allow your organization to reap big operational benefits along the way. Before you fork over critical funds to bring or keep data on-premises, realize it’s very likely that information is safer in a properly configured cloud environment.

About The Author

Pete Thurston has spent more than 15 years at the intersection of business and technology. He prides himself on understanding the complexities of enterprise business as well as the intricacies of running a small company. He has worn many hats (often at the same time) throughout his career including data analyst, product owner, business analyst, software engineer, team leader, QA engineer, and probably several others he’s forgotten. Out of all of this, he’s discovered his passion is really in identifying simple and effective applications of technology to the problems all businesses face. This has driven his leadership of the technology team at RevCult since day one and has proven to be enjoyable, sustainable, and productive for the company.