PRESENTED BY:
HEALTHCARE IT NEWS & HIMSS MEDIA
news

Rise in cloud-based apps adds data security risks

Among other things, says one legal expert, determining employee access requirements is critical when assessing and selecting a service provider.

Jeff Rowe | Aug 22, 2017 05:11 pm

When it comes to apps, the cloud is the new normal. According to IDG¹s Enterprise Cloud Computing Survey 2016, 70 percent of all organizations having at least one app in the cloud.

But what does that mean for data security?

Well, for one thing, as Shaun Murphy, a former government security consultant and the CEO of sndr.com, a messaging and cloud provider, recently pointed out in an interview, “The term cloud quite literally refers to someone else’s computer. Increasingly the apps and services used today utilize some form of cloud computing. Whether its app data, location tracking or private messages, most individuals do not know where their data is being stored and are not able to safeguard it.”

The fact is, Murphy explained, cloud services providers and moving to incorporate some levels encryption within their offering, they are generally focused on in-transit (securing the data between your devices and their servers) and at rest (when they save your data to their storage). Consequently, data is protected if a third party is intercepting communications to servers or if a storage device is stolen but that same data is not protected from the service itself or the employees that have access to it.

“A malicious party can easily gain entry to and access your messages through spear phishing tactics, he explained. “These types of attacks may appear to come from a reliable source such as a coworker or a vendor requesting sensitive information or providing a link to click. Internet security training, penetration testing and two-factor authentication should be implemented across employee internet usage policies.”

So, how can cloud-stored data be better protected?

According to Murphy, “data integrity is only as strong as its weakest link and any person or device with access to the cloud can be compromised. Safeguards like two factor authentications can help mitigate risk against compromised credentials or devices with access - all should be encrypted with 256 encryption rest, in-transit and end to end.”