1. Doesn’t shifting data to the cloud result in reduced security?
Letting applications leave your data center can be frightening. The loss of detailed control and ownership seems like it can invite security problems. Usually, the opposite is true: Cloud providers have the scale to deliver massive resources to secure applications and data, and they’re on the forefront of security best practices. Healthcare IT teams just don’t have that level of resource to devote to security.
2. Aren’t cloud providers responsible for my data’s security?
Shifting to the cloud, whatever type of service you’ve chosen, means a joint responsibility for security. Physical, network and infrastructure security are now the cloud provider’s problem. For Software as a Service, that extends all the way up to operating system and application security patches. But overall configuration and the selection of correct options remain your responsibility. If you don’t require multifactor authentication or leave your data storage buckets publicly accessible, the security problems you create are your own. Healthcare IT leaders have to take the time to understand what they’re configuring and pick appropriate and secure options.
3. Doesn’t shifting to the cloud relieve my compliance burden?
Cloud providers go through their own auditing and certification process, and delivering those reports to you is part of your compliance reporting plan. But final control over data access is always your responsibility, no matter where the data sits. Cloud isn’t a shortcut to bypass from HIPAA and HITECH requirements.
4. Doesn’t the cloud change identity and access management?
IAM has never been more important than in a cloud environment because traditional physical barriers (such as having to be in the hospital) disappear. Solid IAM is the basis for everything. Healthcare IT teams that rely on onsite Active Directory or cloud-based Entra ID (Microsoft’s new name for Azure AD) with MFA have a good start. But cloud does introduce some additional IAM requirements. Risk management through geofencing, break-in evasion and other posture checks needs to be integrated into IAM to maintain access control in a cloud application environment.
5. Isn’t encrypting data over the internet sufficient protection?
Encryption is necessary but by no means sufficient by itself. Tools such as SSL/TLS encryption protect cloud data in transit between data centers and users, but data at rest also needs security far beyond simple encryption. In addition to IAM and strong access controls, healthcare IT teams should add tools to help audit their configurations and to monitor security events. Data breach prevention begins with identifying and fixing human errors, which are always present. That’s just a start: Unauthorized data access must be detected and remediated in real time, at internet speeds, to prevent widespread data breaches.
Click the banner below to read the 2024 CDW Cloud Computing Research Report.
link