Cloud Security Authors: Elizabeth White, Zakia Bouachraoui, Pat Romanski, Yeshim Deniz, Liz McMillan

Related Topics: Cloud Security, Java IoT, Microservices Expo, Containers Expo Blog, Agile Computing, @CloudExpo

Cloud Security: Blog Feed Post

Cloud Encryption and Healthcare “as a Service” Solutions

Common aspects of Healthcare SaaS solutions

Healthcare “as a Service” providers are coming up strong in the market right now. It’s a growing segment, attracting a lot of interest from businesses and investors, but as expected, cloud security, and more specifically cloud encryption and HIPAA requirements, is critical customers considering a healthcare application as a service. In this article I’ll review some aspects as well as relate to data security solutions such as split-key management.

Common aspects of Healthcare SaaS solutions
Our recent conversations with Healthcare SaaS providers have highlighted several common aspects, across many solutions.

Obviously, they all need to be “cloudy” (else they would not be SaaS providers). Their customer will access them through the web and their business model includes a pay-as-you-go component. They need their underlying infrastructure to support this model.

Healthcare SaaS providers want to use IaaS and PaaS (Infrastructure as a Service and Platform as a Service). This is helpful for their business model. If your solution is offered pay-as-you-go, it really helps if your infrastructure cost is also pay-as-you-go.

Healthcare SaaS providers have serious security needs. The data they hold is invariably of a sensitive and private nature, therefore cloud encryption and cloud security must be part of the architecture. To this end, they are focused on complying with measures such as HIPAA.

One obvious need is for secure infrastructure. A growing number of cloud providers offer infrastructure that can be secured and made compliant. This does not by itself mean the solution is secure and compliant, it means that the infrastructure can be secured; but the SaaS provider must use it correctly.

Another necessary set of security measures is cloud encryption and cloud key management. This is required for compliance, and even more important: it is the one strong way to achieve strong protection even when breaches occur. If a data store is breached yet the data is encrypted, the attacker cannot get their hands on the sensitive data.

Data Ownership and Healthcare SaaS

A more subtle requirement relates to Data Ownership. Many Healthcare SaaS providers want to promise their customers that even the SaaS provider itself – cannot read their data. Let’s take a look at some business cases that illustrate this:

  • A Healthcare “Big Data” provider wants to analyze the information from multiple health case studies, and provide analytics on top of them. Their typical customer can be a health organization gathering clinical data on thousands of people. The SaaS provider wants to promise the customer that they will provide the service, yet their own SaaS staff will not be able to read the data they analyze.
  • A Health Benefits provider wants to provide a tool so end-users (individuals) can manage their health benefits. They want to promise the end-user that only she sees her personal data; the staff of the SaaS provider cannot

These Data Ownership issues can be tricky. The SaaS provider offers a fully managed environment (“as a Service”) yet should not be able to read the data in its own environment.

Emerging solutions for Healthcare Data Ownership, Cloud Encryption and Cloud Key Management

Such issues are at the cutting edge of Cloud Security technology. Fortunately we are seeing some work in these areas emerging, which allows some critical aspects to be addressed. One example is split-key management, which allows a SaaS provider to offer a “master key” to their customers and users (read more about it on this whitepaper). This can be combined with additional measures, protecting access to memory and permissions, to ensure SaaS providers can do their work with the data, but the customer (or end user) owns it.

These breakthroughs enable an emerging business model. Healthcare SaaS providers can achieve secure, compliant solutions.

The post Cloud Encryption and Healthcare “as a Service” solutions appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

IoT & Smart Cities Stories
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science," is responsible for setting the strategy and defining the Big Data service offerings and capabilities for EMC Global Services Big Data Practice. As the CTO for the Big Data Practice, he is responsible for working with organizations to help them identify where and how to start their big data journeys. He's written several white papers, is an avid blogge...
Nicolas Fierro is CEO of MIMIR Blockchain Solutions. He is a programmer, technologist, and operations dev who has worked with Ethereum and blockchain since 2014. His knowledge in blockchain dates to when he performed dev ops services to the Ethereum Foundation as one the privileged few developers to work with the original core team in Switzerland.
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more busine...
Whenever a new technology hits the high points of hype, everyone starts talking about it like it will solve all their business problems. Blockchain is one of those technologies. According to Gartner's latest report on the hype cycle of emerging technologies, blockchain has just passed the peak of their hype cycle curve. If you read the news articles about it, one would think it has taken over the technology world. No disruptive technology is without its challenges and potential impediments t...
If a machine can invent, does this mean the end of the patent system as we know it? The patent system, both in the US and Europe, allows companies to protect their inventions and helps foster innovation. However, Artificial Intelligence (AI) could be set to disrupt the patent system as we know it. This talk will examine how AI may change the patent landscape in the years to come. Furthermore, ways in which companies can best protect their AI related inventions will be examined from both a US and...
Bill Schmarzo, Tech Chair of "Big Data | Analytics" of upcoming CloudEXPO | DXWorldEXPO New York (November 12-13, 2018, New York City) today announced the outline and schedule of the track. "The track has been designed in experience/degree order," said Schmarzo. "So, that folks who attend the entire track can leave the conference with some of the skills necessary to get their work done when they get back to their offices. It actually ties back to some work that I'm doing at the University of San...
When talking IoT we often focus on the devices, the sensors, the hardware itself. The new smart appliances, the new smart or self-driving cars (which are amalgamations of many ‘things'). When we are looking at the world of IoT, we should take a step back, look at the big picture. What value are these devices providing. IoT is not about the devices, its about the data consumed and generated. The devices are tools, mechanisms, conduits. This paper discusses the considerations when dealing with the...