|By Gilad Parann-Nissany||
|May 25, 2012 08:00 AM EDT||
Healthcare data security has been around for a long time, but as cloud computing gains more and more traction, healthcare providers as well as healthcare software vendors, would like to use the cloud advantages and migrate healthcare data, or run healthcare software from a cloud infrastructure. In this blog I’ll focus on specific cloud computing healthcare security concerns and how cloud encryption can help meeting regulatory requirements.
The first step to securing healthcare data is to identify the type of healthcare information and the appropriate cloud storage for it. Visual healthcare data is mainly comprised of large media files such as x-ray, radiology, CT scans, and other types of video and imaging. Such files are often stored in distributed storage, such as Amazon Web Services S3 (Simple Storage Service), or Microsoft Azure blobs. Personally Identifiable Information (PII), such as patient records, is often stored in a relational database as structured data.
In many cases healthcare providers and healthcare software vendor are required to protect both data types, and their main challenge becomes the management of this diverse data environment in a cost effective and management friendly manner. As mentioned in one of my previous articles, cloud encryption should be considered a fundamental first step.
But data encryption is only one part of the equation. The most challenging issue healthcare ISVs’ and providers are facing is the issue of the encryption keys, and how to effectively and securely manage encryption keys in the cloud without sacrificing patients’ trust and meet regulatory compliance. Current key management solutions are often limited and do not provide an answer to the most important question: “who can access to patients’ data?” Or in other words – “who’s managing the encryption keys?” Existing key management solutions will either let you, the healthcare provider, manage encryption keys for your users in the cloud, or install (yet another) physical key management server back in your datacenter. Unfortunately, both of these approaches leave the encryption keys – and therefore patients’ data – in the hands of the ISV or the provider. The latter approach also reintroduces a physical data center into the equation, and so eliminates many of the cloud benefits. In our opinion, cloud key management is one of the biggest stumbling blocks standing between healthcare providers and taking advantage of the cloud.
Best practice for an effective and secure cloud key management is split-key encryption. Split key is a patent pending and innovative technology designed for key management in the cloud. It allows healthcare providers for the first time to manage encryption keys in the cloud, yet at the same time to split the encryption key, so customers (for example a hospital using medical applications hosted in the cloud) are the only ones who control their “half key”, and therefore patient data is never visible to the cloud provider, or healthcare software vendor. (For further reading about Porticor’s split-key technology click here).
Ariel Dan is co-founder at Porticor Cloud Security.
SYS-CON Events announced today that Machkey International Company will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Machkey provides advanced connectivity solutions for just about everyone. Businesses or individuals, Machkey is dedicated to provide high-quality and cost-effective products to meet all your needs.
Oct. 10, 2015 09:00 AM EDT Reads: 380
WebRTC converts the entire network into a ubiquitous communications cloud thereby connecting anytime, anywhere through any point. In his session at WebRTC Summit,, Mark Castleman, EIR at Bell Labs and Head of Future X Labs, will discuss how the transformational nature of communications is achieved through the democratizing force of WebRTC. WebRTC is doing for voice what HTML did for web content.
Oct. 10, 2015 09:00 AM EDT Reads: 1,432
Docker is hot. However, as Docker container use spreads into more mature production pipelines, there can be issues about control of Docker images to ensure they are production-ready. Is a promotion-based model appropriate to control and track the flow of Docker images from development to production? In his session at DevOps Summit, Fred Simon, Co-founder and Chief Architect of JFrog, will demonstrate how to implement a promotion model for Docker images using a binary repository, and then show h...
Oct. 10, 2015 09:00 AM EDT Reads: 208
As a CIO, are your direct reports IT managers or are they IT leaders? The hard truth is that many IT managers have risen through the ranks based on their technical skills, not their leadership ability. Many are unable to effectively engage and inspire, creating forward momentum in the direction of desired change. Renowned for its approach to leadership and emphasis on their people, organizations increasingly look to our military for insight into these challenges.
Oct. 10, 2015 09:00 AM EDT Reads: 222
The IoT is upon us, but today’s databases, built on 30-year-old math, require multiple platforms to create a single solution. Data demands of the IoT require Big Data systems that can handle ingest, transactions and analytics concurrently adapting to varied situations as they occur, with speed at scale. In his session at @ThingsExpo, Chad Jones, chief strategy officer at Deep Information Sciences, will look differently at IoT data so enterprises can fully leverage their IoT potential. He’ll sha...
Oct. 10, 2015 09:00 AM EDT Reads: 585
Today air travel is a minefield of delays, hassles and customer disappointment. Airlines struggle to revitalize the experience. GE and M2Mi will demonstrate practical examples of how IoT solutions are helping airlines bring back personalization, reduce trip time and improve reliability. In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect with GE, and Dr. Sarah Cooper, M2Mi's VP Business Development and Engineering, will explore the IoT cloud-based platform technologies driv...
Oct. 10, 2015 09:00 AM EDT Reads: 151
SYS-CON Events announced today that DataClear Inc. will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. The DataClear ‘BlackBox’ is the only solution that moves your PC, browsing and data out of the United States and away from prying (and spying) eyes. Its solution automatically builds you a clean, on-demand, virus free, new virtual cloud based PC outside of the United States, and wipes it clean...
Oct. 10, 2015 09:00 AM EDT Reads: 597
The enterprise is being consumerized, and the consumer is being enterprised. Moore's Law does not matter anymore, the future belongs to business virtualization powered by invisible service architecture, powered by hyperscale and hyperconvergence, and facilitated by vertical streaming and horizontal scaling and consolidation. Both buyers and sellers want instant results, and from paperwork to paperless to mindless is the ultimate goal for any seamless transaction. The sweetest sweet spot in innov...
Oct. 10, 2015 08:00 AM EDT Reads: 240
SYS-CON Events announced today that Key Information Systems, Inc. (KeyInfo), a leading cloud and infrastructure provider offering integrated solutions to enterprises, will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Key Information Systems is a leading regional systems integrator with world-class compute, storage and networking solutions and professional services for the most advanced softwa...
Oct. 10, 2015 07:30 AM EDT Reads: 442
"Matrix is an ambitious open standard and implementation that's set up to break down the fragmentation problems that exist in IP messaging and VoIP communication," explained John Woolf, Technical Evangelist at Matrix, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
Oct. 10, 2015 07:00 AM EDT Reads: 5,939
The modern software development landscape consists of best practices and tools that allow teams to deliver software in a near-continuous manner. By adopting a culture of automation, measurement and sharing, the time to ship code has been greatly reduced, allowing for shorter release cycles and quicker feedback from customers and users. Still, with all of these tools and methods, how can teams stay on top of what is taking place across their infrastructure and codebase? Hopping between services a...
Oct. 10, 2015 06:00 AM EDT Reads: 528
Containers are changing the security landscape for software development and deployment. As with any security solutions, security approaches that work for developers, operations personnel and security professionals is a requirement. In his session at @DevOpsSummit, Kevin Gilpin, CTO and Co-Founder of Conjur, will discuss various security considerations for container-based infrastructure and related DevOps workflows.
Oct. 10, 2015 06:00 AM EDT Reads: 275
WebRTC has had a real tough three or four years, and so have those working with it. Only a few short years ago, the development world were excited about WebRTC and proclaiming how awesome it was. You might have played with the technology a couple of years ago, only to find the extra infrastructure requirements were painful to implement and poorly documented. This probably left a bitter taste in your mouth, especially when things went wrong.
Oct. 10, 2015 06:00 AM EDT Reads: 819
DevOps and Continuous Delivery software provider XebiaLabs has announced it has been selected to join the Amazon Web Services (AWS) DevOps Competency partner program. The program is designed to highlight software vendors like XebiaLabs who have demonstrated technical expertise and proven customer success in DevOps and specialized solution areas like Continuous Delivery. DevOps Competency Partners provide solutions to, or have deep experience working with AWS users and other businesses to help t...
Oct. 10, 2015 06:00 AM EDT Reads: 247
Enterprises can achieve rigorous IT security as well as improved DevOps practices and Cloud economics by taking a new, cloud-native approach to application delivery. Because the attack surface for cloud applications is dramatically different than for highly controlled data centers, a disciplined and multi-layered approach that spans all of your processes, staff, vendors and technologies is required. This may sound expensive and time consuming to achieve as you plan how to move selected applicati...
Oct. 10, 2015 05:00 AM EDT Reads: 734