Cloud technology, as well as its use, has grown exponentially since the early 2000s even though many still do not understand its benefits, costs, and vulnerabilities. It seems fitting and necessary that the National Security Agency (NSA) recently shared a guide about the cloud and how to utilize the technology safely.
What is the cloud?
The cloud is a virtual environment that allows easy access, computing, networking/sharing, and storage. In other words, any service that doesn’t require proximity. Cloud computing is the default for most applications; if you have a smartphone and download apps, you are utilizing the cloud.
- increased collaboration
- access to up-to-date technologies
- increased data storage capacity
- scalability of service
- cost reductions
- elimination of waste
- delivery of real-time information
The why and what of cloud security
While the advantages are obvious, the technology’s focus on shared usage increases security risks through misconfiguration/implementation, poor access controls, shared tenancy flaws, and supply chain vulnerabilities. Also, cloud threat actors—malicious/neglectful employees, customers, and cybercriminals—are still similar to those that prey on standard technology. Cloud security tools, therefore, must address typical security concerns as well as those that plague a virtual environment, protecting data in movement and in stasis. Security must be thought of in terms of shared responsibilities between the Cloud Service Provider (CSP) (responsible for cloud infrastructure and implementing logic controls) as well as the organization (responsible for configuring security on a personnel level).
Good, layered cloud security includes:
- intrusion detection systems
- data encryption
- key (password/access) management
- segmented/tiered storage and networking
- continuous monitoring/auditing
- disaster recovery
How can you use the technology safely and securely?
When choosing cloud security, it is necessary to take a risk-based, proactive approach. Related: HIPAA Cloud Computing: Top Ten Frequently Asked Questions First, an organization must research and choose suitable CSP and cloud services. Second, it is necessary to utilize appropriate security layers, hire cloud-specific personnel, and train all employees on correct usage. And finally, cloud security must be combined with cybersecurity already in place rather than separate and disjointed. The cloud is a great resource for healthcare organizations today; utilizing the technology safely, therefore, can only make your organization better.