Cloud providers: it’s their business to be the security experts

While there are still a number of critical steps that hospital IT shops must consider as part of their overall healthcare cloud security strategy, says one expert, the cloud providers are the real security experts.

Jeff Rowe | Nov 07, 2017 12:00 am

Hospital CIOs are well aware that building and managing data centers within their facilities and may not be the most cost-effective way to deliver services to their end users and support their systems. But despite the scalability and speed of implementation when it comes to cloud computing, IT executives are still not fully comfortable with healthcare cloud security. 

The irony, informatics consultant Rida Chouffani recently wrote at TechTarget, is that the environments at cloud service providers are increasingly far more secure and protected than most hospitals systems. 

As he sees things, there are four reasons cloud service providers can offer better healthcare cloud security. 

First, cloud providers are able to invest heavily into building strong security tools to protect their environment and their clients' environments from attackers, largely because it’s in the interests of their core business to do so.

“When it comes to hospitals, it would be naïve to think they are able to meet the dollar investments that are being made by these hosting providers,” Chouffani argues. “With these types of expenses, cloud service provider security tools will be much more effective at stopping attackers than a hospital with basic protections.”

Similarly, says Chouffani, another area in which service providers tend to invest more for health is around meeting regulatory compliance requirements. “These include numerous attestation and certification requirements from the government and specific verticals that vendors must meet in order to do business with some entities. To meet these requirements, service providers must undergo rigorous testing and adopt specific healthcare cloud security practices that ensure the protection of the data they are hosting.”

The third reason for trusting cloud providers, in Chouffani’s view, is that they know monitoring and threat detection better than hospitals. While many hospitals “are still using tools that are limited to attempting to block known viruses from infecting systems and giving remote control to attackers . . . cloud service providers are known for using advanced threat protection technology to monitor and block any suspicious activities using machine learning.”

Finally, there’s data recovery and system failure protection. Says Chouffani, “Cloud backup and recovery can also prevent corruptions of critical operating system files that can cripple the systems where EHR or billing systems reside. While not directly related to healthcare cloud security, this approach addresses several regulatory compliance requirements in which sensitive data must be backed up.”