Comment: Does the answer to the data security headache lie in the cloud?

By Steve Armstrong, regional director at Bitglass

The NHS has been slow at adopting cloud-based technology

The NHS faces a massive challenge to protect patient data from the threat of cyber crime.

With medical records being as much as 100 times more valuable than stolen credit card details; the incentive for criminals to target them is extremely high.

With medical records being as much as 100 times more valuable than stolen credit card details; the incentive for criminals to target them is extremely high

Additionally, the time-sensitive nature of patient information also renders the healthcare market particularly exposed to ransomware.

Accurate treatment relies heavily on up-to-date information and test results – when lives are at stake, the likelihood of ransoms being paid increases significantly.

In addition to the above, the highly-fragmented nature of the UK healthcare sector further complicates matters.

Public and private organisations interact with contractors and patients every day, but with no discernible central governance model for data. This, when combined with the rapid digitisation of patient records in recent years, has made it very difficult to implement consistent security policies and trainings that properly educate staff on keeping data safe.

The latest figures from the Information Commissioner’s Office highlight the full extent of the issue in stark detail.

In Q4 of 2017-18 alone, the healthcare sector reported 349 separate data security incidents. This was a 21% increase over the number of incidents reported in Q3, which was itself a 22% increase over Q2. Stated simply, the number of data breaches is rising at an alarming rate.

Security and compliance continue to be cited as the top concerns of healthcare organisations looking to move to the cloud

It’s clear that a new approach to security is needed.

Interestingly, as healthcare organisations desperately scramble for a solution, they may find it in a place that they had not previously considered – the public cloud.

Once feared as the slayers of security and compliance, major public cloud applications such as Office 365 have managed to steer clear of headline-grabbing breaches, cyber attacks, and outages.

The reason behind this is simple; major cloud providers spend more money on data security each year than many CEOs and CISOs will see in a lifetime.

When your entire business model is built upon data security, any kind of breach can be fatal. Well aware of this, cloud providers have invested billions of dollars in ensuring the environments they provide are as secure as possible. They also invest significant capital into protection against DDoS attacks and any other attempts to disrupt or cut service. As such, these leading cloud applications have very few vulnerabilities. Additionally, any that are found, by the army of in-house security professionals, get patched extremely quickly.

Despite the above, security and compliance continue to be cited as the top concerns of healthcare organisations looking to move to the cloud.

This is largely because the responsibility for securing access to data in cloud apps remains squarely with the enterprise – not the cloud app vendors. In other words, while vendors need to offer inherently-secure products, their customers must determine how to use and extend access to said products.

For organisations lacking well-defined security policies and access controls, efficiency-enhancing features like rapid sharing and around-the-clock mobile data access can become data leakage threats.

By combining proven cloud apps from reputable vendors with third-party tools that secure data wherever it goes, the NHS and other healthcare organisations can safely enjoy the benefits of the cloud

These risks are accentuated by the fact that employees will use a large variety of cloud apps to perform their work – including apps that are unsanctioned by IT and lack robust, built-in data protection features. As a result, IT teams must work to provide secure, compliant access to virtually any cloud app without enabling employees to inadvertently leak medical data.

In order to address the above concerns, many organisations are deploying specialised cloud security tools like cloud access security brokers (CASBs).

These innovative solutions provide enterprises with a wealth of capabilities to control cloud access from corporate as well as employee-owned devices.

Leading CASBs can even do so in an agentless fashion that requires no installations on endpoints – unlike mobile device management (MDM) tools that invade user privacy and harm device performance.

Agentless CASBs work at the cloud level to ensure visibility and control over corporate data as it is stored or accessed in any app or device. This kind of approach can significantly boost corporate data security when bring your own device (BYOD) policies are implemented.

IT teams must work to provide secure, compliant access to virtually any cloud app without enabling employees to inadvertently leak medical data

By combining proven cloud apps from reputable vendors with third-party tools that secure data wherever it goes, the NHS and other healthcare organisations can safely enjoy the benefits of the cloud. This, in turn, will help them to avoid breaches and focus on their end goal of delivering world-class healthcare to their customers.

Companies