My company recently sent a contingent to HIMSS 2019, the Healthcare Information and Management Systems Society's national conference. I was honored to attend and speak at the event for Armor Cloud Security. While I was there I was able to engage with industry leaders on some of the latest trends in healthcare cloud security. This blog will explore those trends and what they mean for the future of the security of our healthcare ecosystem.
- Cloud is here to stay in healthcare and the growth numbers will continue to point in a positive direction. "35% or more of the healthcare industry's IT workloads will be processed by public cloud service providers by 2021," according to Forbes. The movements to the cloud is bolstered do to staffing challenges, speed of deployment for applications, and the reduction in maintenance costs. However, the #1 reason cited for not moving to the cloud is uncertainty over the security of the cloud. 65% of companies have utilized at least some form of cloud workload today and over 50% of companies are utilizing IaaS in the cloud, according to the 2017 HIMSS Analytics Essentials Brief: Cloud.
- Because of the advantages of the cloud (elasticity, consumption-based billing, economies of scale, etc), it makes sense that your security solutions should be adapted to the cloud. The consensus is that the security-as-a-service industry will see huge growth in the coming years due to their cloud native security solutions that are delivered in models that allow security to be a opex purchase consideration for companies, rather than a capital expenditure that they previously had to endure with their legacy security vendors. Security-as-a-service is also attractive because it solves the problems of tool and alert fatigue that many of these organizations cite as one of their biggest security headaches.
- Those that are going to the cloud are adopting it and its strategic advantages wholeheartedly. For example, almost every development team or IT manager I talked to said they were using some form of containers in the cloud (Docker was the most named vendor) and most were taking advantage of PaaS offerings offered by the likes of AWS, Azure, or Google Cloud Platform. Each of the companies I talked to was looking for solutions to secure containers.
- IoT has over taken healthcare. This interested me from the viewpoint of what that means in terms of the explosion of the endpoint in healthcare and how to secure it. How we secure the data on the devices, the communication of that data across the internet, and the storage of that data is an interesting question for security engineers to explore over the next few years.
- Attendees at healthcare shows are much more likely to come and engage with you in a sustained dialogue about the industry and their needs, rather than just swag surfing on the conference floor. To that effect myself and my Armor colleagues truly appreciated the engaging conversations we got to have at the various events at HIMSS 2019 including the Cybersecurity Forum, which we enjoyed sponsoring, and the Texas chapter HIMSS event.
- Everyone recognizes that the consequences of breaches are serious and that healthcare data is being stolen every day to the detrimental affects on industry and personal data privacy. Their is a serious desire to get ahead in this asymmetrical race with the hackers through a combined effort that allows you to achieve both security and compliance with the many well thought-out data security regulations. This was a central part of the speech that I gave at the show by which I was able to demonstrate how companies could spin up new application architectures in the cloud consistently, reliably and cost-effectively that helped them achieve compliance with regulations such as HIPAA with a security-first mindset. Armor launched an Automated Compliance product at HIMSS that demonstrated how you could use AWS CloudFormation technology to create architecture templates for your AWS environment that achieved HIPAA compliance from a security-first mindset.
- We recently did a follow-up webinar to HIMSS where we discussed the concept of spinning up scalable HIPAA-compliant architectures in public cloud environments. We are doing a roadshow to 6 cities to do a hands-on session with AWS developers everywhere. Join us March 26 in Dallas, March 28 in Houston, April 2 in San Francisco, April 4 in Denver, April 9 in Nashville, and April 11 in New York City.
I thoroughly enjoyed getting to participate in the HIMSS show and attend on behalf of Armor. I learned from the community their thoughts on how they are using the cloud and what concerns them from a cloud security perspective. These insights are valuable not only in my career but in my personal life as more and more of my personal health information is stored online and the privacy of that information is more of an immediate concern. I am encouraged by the momentum that I see in the industry and the desire of everyone involved to ensure that our data is protected as we utilize new technologies such as the cloud and IoT and smart devices that enhance the healthcare services the industry is able to offer as a whole. What are your thoughts on the future of healthcare and cloud security in the industry?