|By Gilad Parann-Nissany||
|May 25, 2012 08:00 AM EDT||
Healthcare data security has been around for a long time, but as cloud computing gains more and more traction, healthcare providers as well as healthcare software vendors, would like to use the cloud advantages and migrate healthcare data, or run healthcare software from a cloud infrastructure. In this blog I’ll focus on specific cloud computing healthcare security concerns and how cloud encryption can help meeting regulatory requirements.
The first step to securing healthcare data is to identify the type of healthcare information and the appropriate cloud storage for it. Visual healthcare data is mainly comprised of large media files such as x-ray, radiology, CT scans, and other types of video and imaging. Such files are often stored in distributed storage, such as Amazon Web Services S3 (Simple Storage Service), or Microsoft Azure blobs. Personally Identifiable Information (PII), such as patient records, is often stored in a relational database as structured data.
In many cases healthcare providers and healthcare software vendor are required to protect both data types, and their main challenge becomes the management of this diverse data environment in a cost effective and management friendly manner. As mentioned in one of my previous articles, cloud encryption should be considered a fundamental first step.
But data encryption is only one part of the equation. The most challenging issue healthcare ISVs’ and providers are facing is the issue of the encryption keys, and how to effectively and securely manage encryption keys in the cloud without sacrificing patients’ trust and meet regulatory compliance. Current key management solutions are often limited and do not provide an answer to the most important question: “who can access to patients’ data?” Or in other words – “who’s managing the encryption keys?” Existing key management solutions will either let you, the healthcare provider, manage encryption keys for your users in the cloud, or install (yet another) physical key management server back in your datacenter. Unfortunately, both of these approaches leave the encryption keys – and therefore patients’ data – in the hands of the ISV or the provider. The latter approach also reintroduces a physical data center into the equation, and so eliminates many of the cloud benefits. In our opinion, cloud key management is one of the biggest stumbling blocks standing between healthcare providers and taking advantage of the cloud.
Best practice for an effective and secure cloud key management is split-key encryption. Split key is a patent pending and innovative technology designed for key management in the cloud. It allows healthcare providers for the first time to manage encryption keys in the cloud, yet at the same time to split the encryption key, so customers (for example a hospital using medical applications hosted in the cloud) are the only ones who control their “half key”, and therefore patient data is never visible to the cloud provider, or healthcare software vendor. (For further reading about Porticor’s split-key technology click here).
Ariel Dan is co-founder at Porticor Cloud Security.
Every successful software product evolves from an idea to an enterprise system. Notably, the same way is passed by the product owner's company. In his session at 20th Cloud Expo, Oleg Lola, CEO of MobiDev, will provide a generalized overview of the evolution of a software product, the product owner, the needs that arise at various stages of this process, and the value brought by a software development partner to the product owner as a response to these needs.
Jan. 16, 2017 05:30 AM EST Reads: 1,050
SYS-CON Events announced today that Enzu will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Enzu’s mission is to be the leading provider of enterprise cloud solutions worldwide. Enzu enables online businesses to use its IT infrastructure to their competitive ad...
Jan. 16, 2017 05:15 AM EST Reads: 1,482
WebRTC services have already permeated corporate communications in the form of videoconferencing solutions. However, WebRTC has the potential of going beyond and catalyzing a new class of services providing more than calls with capabilities such as mass-scale real-time media broadcasting, enriched and augmented video, person-to-machine and machine-to-machine communications. In his session at @ThingsExpo, Luis Lopez, CEO of Kurento, introduced the technologies required for implementing these idea...
Jan. 16, 2017 04:30 AM EST Reads: 4,465
Enterprise networks are complex. Moreover, they were designed and deployed to meet a specific set of business requirements at a specific point in time. But, the adoption of cloud services, new business applications and intensifying security policies, among other factors, require IT organizations to continuously deploy configuration changes. Therefore, enterprises are looking for better ways to automate the management of their networks while still leveraging existing capabilities, optimizing perf...
Jan. 16, 2017 04:00 AM EST Reads: 3,684
Using new techniques of information modeling, indexing, and processing, new cloud-based systems can support cloud-based workloads previously not possible for high-throughput insurance, banking, and case-based applications. In his session at 18th Cloud Expo, John Newton, CTO, Founder and Chairman of Alfresco, described how to scale cloud-based content management repositories to store, manage, and retrieve billions of documents and related information with fast and linear scalability. He addres...
Jan. 16, 2017 04:00 AM EST Reads: 5,242
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform. In his session at @ThingsExpo, Craig Sproule, CEO of Metavine, demonstrated how to move beyond today's coding paradigm and shared the must-have mindsets for removing complexity from the develop...
Jan. 16, 2017 03:30 AM EST Reads: 5,203
The WebRTC Summit New York, to be held June 6-8, 2017, at the Javits Center in New York City, NY, announces that its Call for Papers is now open. Topics include all aspects of improving IT delivery by eliminating waste through automated business models leveraging cloud technologies. WebRTC Summit is co-located with 20th International Cloud Expo and @ThingsExpo. WebRTC is the future of browser-to-browser communications, and continues to make inroads into the traditional, difficult, plug-in web co...
Jan. 16, 2017 03:30 AM EST Reads: 2,825
While not quite mainstream yet, WebRTC is starting to gain ground with Carriers, Enterprises and Independent Software Vendors (ISV’s) alike. WebRTC makes it easy for developers to add audio and video communications into their applications by using Web browsers as their platform. But like any market, every customer engagement has unique requirements, as well as constraints. And of course, one size does not fit all. In her session at WebRTC Summit, Dr. Natasha Tamaskar, Vice President, Head of C...
Jan. 16, 2017 03:15 AM EST Reads: 5,709
"We are an all-flash array storage provider but our focus has been on VM-aware storage specifically for virtualized applications," stated Dhiraj Sehgal of Tintri in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Jan. 16, 2017 03:00 AM EST Reads: 2,358
The idea behind this session is my blog post - 5 Logstash Alternatives - which is unfortunately too short to do the presented log shippers justice. In his session at @DevOpsSummit at 20th Cloud Expo, Radu Gheorghe, Software Engineer at Sematext Group, will talk more about the things that matter: kinds of buffers, protocols, ways of parsing, correlating and de-duplicating messages, as well as supported inputs and outputs. And of course performance. All this should let you know which log shipper...
Jan. 16, 2017 03:00 AM EST Reads: 1,176
Who are you? How do you introduce yourself? Do you use a name, or do you greet a friend by the last four digits of his social security number? Assuming you don’t, why are we content to associate our identity with 10 random digits assigned by our phone company? Identity is an issue that affects everyone, but as individuals we don’t spend a lot of time thinking about it. In his session at @ThingsExpo, Ben Klang, Founder & President of Mojo Lingo, discussed the impact of technology on identity. Sho...
Jan. 16, 2017 02:30 AM EST Reads: 3,893
SYS-CON Events announced today that Catchpoint Systems, Inc., a provider of innovative web and infrastructure monitoring solutions, has been named “Silver Sponsor” of SYS-CON's DevOps Summit at 18th Cloud Expo New York, which will take place June 7-9, 2016, at the Javits Center in New York City, NY. Catchpoint is a leading Digital Performance Analytics company that provides unparalleled insight into customer-critical services to help consistently deliver an amazing customer experience. Designed ...
Jan. 16, 2017 01:45 AM EST Reads: 6,130
DevOps is being widely accepted (if not fully adopted) as essential in enterprise IT. But as Enterprise DevOps gains maturity, expands scope, and increases velocity, the need for data-driven decisions across teams becomes more acute. DevOps teams in any modern business must wrangle the ‘digital exhaust’ from the delivery toolchain, "pervasive" and "cognitive" computing, APIs and services, mobile devices and applications, the Internet of Things, and now even blockchain. In this power panel at @...
Jan. 16, 2017 01:45 AM EST Reads: 2,647
With all the incredible momentum behind the Internet of Things (IoT) industry, it is easy to forget that not a single CEO wakes up and wonders if “my IoT is broken.” What they wonder is if they are making the right decisions to do all they can to increase revenue, decrease costs, and improve customer experience – effectively the same challenges they have always had in growing their business. The exciting thing about the IoT industry is now these decisions can be better, faster, and smarter. Now ...
Jan. 16, 2017 01:15 AM EST Reads: 4,142
"Splunk basically takes machine data and we make it usable, valuable and accessible for everyone. The way that plays in DevOps is - we need to make data-driven decisions to delivering applications," explained Andi Mann, Chief Technology Advocate at Splunk and @DevOpsSummit Conference Chair, in this SYS-CON.tv interview at @DevOpsSummit at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Jan. 16, 2017 12:45 AM EST Reads: 1,910