Cloud Security Alliance Releases 'Telehealth Data in the Cloud' Report

Cloud Security Alliance | June 19, 2020

  • The Cloud Security Alliance announced today the release of its newest report, Telehealth Data in the Cloud.

  • With the increased use of telehealth in the cloud, HDOs must adequately and proactively address data, privacy, and security issues.

  • CSA offers several resources for HDOs to help with continuous monitoring activities.


The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, announced today the release of its newest report, Telehealth Data in the Cloud. Produced by the Health Information Management Working Group, the paper examines the privacy and security concerns related to processing, storing, and transmitting patient data in the cloud, including those within the context of edge computing for telehealth solutions.

Read more: Sigma Computing Powers Community-Driven Analytics and Business Intelligence with Major Updates to Cloud Solution

In the wake of COVID-19, health delivery organizations (HDOs) have quickly increased their utilization of telehealth capabilities (i.e., remote patient monitoring (RPM) and telemedicine) to treat patients in their homes. These technology solutions allow for the delivery of patient treatment, comply with COVID-19 mitigation best practices, and reduce the risk of exposure for health care providers. Going forward, telehealth solutions — which introduce high levels of patient data over the Internet and in the cloud — can be used to remotely monitor and treat patients who have mild cases of the virus, as well as other health issues. However, this remote environment also comes with an array of privacy and security challenges.

For health care systems, telehealth has emerged as a critical technology for safe and efficient communications between healthcare providers and patients, and accordingly, it’s vital to review the end-to-end architecture of a telehealth delivery system. A full analysis can help determine whether privacy and security vulnerabilities exist, what security controls are required for proper cybersecurity of the telehealth ecosystem, and if patient privacy protections are adequate.

- Dr. Jim Angle, co-chair of CSA’s Health Information Management Working Group


With the increased use of telehealth in the cloud, HDOs must adequately and proactively address data, privacy, and security issues. The HDO cannot leave this up to the cloud service provider, as it is a shared responsibility. The HDO must understand regulatory requirements, as well as the technologies that support the system. Regulatory mandates may span multiple jurisdictions, and requirements may include both the GDPR and HIPAA. Armed with the right information, the HDO can implement and maintain a secure and robust telehealth program. Cloud Access Security Brokers, the paper notes, ensure HDOs understand what cloud connections are made and what data is sent to the cloud.

Read more: UKCloud Launches Carbon Negative Cloud Services to Advance Sustainable Technology Strategy

CSA offers several resources for HDOs to help with continuous monitoring activities. The Cloud Security Alliance Security Trust and Assurance Registry (CSA STAR)—a registry of cloud providers that have met the security requirements and are certified—provides an open-source tool for annual assessments for continuous monitoring of security controls. The annual Cloud Security Alliance Top Threats List, meanwhile, compiles the top cloud security threats and can provide HDOs with further information on the concepts highlighted in this white paper, including business impacts for each threat, key takeaways, CSA security guidance, and the controls used to help mitigate the threats.

Download the free report.

About Cloud Security Alliance:

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — providing a forum through which different parties can work together to create and maintain a trusted cloud ecosystem.

Spotlight

This white paper examines the evolution of Manufacturing Execution Systems (MES) and explains why the cloud is the best platform for synchronization of MES with ERP systems. Learn about a common ecosystem that supports a single source of data in real-time, and end-to-end detailed traceability that ties inventory to quality.


Other News
CLOUD APP DEVELOPMENT

DLA Piper advises ICF in acquisition of Creative Systems and Consulting

DLA Piper | January 07, 2022

DLA Piper represented ICF a global consulting and digital services provider, in its acquisition of Creative Systems and Consulting, a premier provider of IT modernization and digital transformation solutions to US federal agencies. Creative provides federal agencies with a full suite of capabilities, including digital strategy, cloud and infrastructure solutions, customer experience and data analytics. Creative's 270-person team brings substantial expertise in Salesforce, as well as the Microsoft and ServiceNow platforms, complementing ICF's leading ServiceNow and Appian capabilities. ICF provides deep domain expertise and the latest digital, cyber, low-code platform and cloud-based modernization services to deliver responsive, scalable solutions. ICF is a leading ServiceNow implementor and was named ServiceNow's #1 Federal Partner of the Year in 2019. "We were honored to bring to bear our deep digital transformation capabilities, our proven ability to guide complex M&A transactions and our extensive experience in the federal sector to facilitate this key strategic acquisition, which will allow ICF to continue to build on its already impressive innovative capabilities in the digital services space. We previously worked with ICF to advise on its acquisition of Incentive Technology Group, and it was a pleasure to once again utilize our experience in the consulting and tech space to ensure a successful result." Jeffrey Houle, co-chair of DLA Piper's Aerospace, Defense and Government Services Transactional practice, who led the firm's deal team In addition to Houle, the DLA Piper team advising ICF included partners Julia Kovacs, Tracy Weir, Thomas Pilkerton, Jordan Bailowitz and Penny Minna, Paolo Morante and Brad Jorgensen; of counsel Christopher Armstrong, James Rusert and Nia Brown; senior managing attorney Braden Penhoet; and associates Wenxi Li, Mary Claire Blythe and Joshua Feldman. With more than 1,000 corporate lawyers globally, DLA Piper helps clients execute complex cross-border transactions seamlessly while supporting clients across all stages of development. The firm has been rated number one in global M&A volume for ten consecutive years, according to Mergermarket. About DLA Piper DLA Piper is a global law firm with lawyers located in more than 40 countries throughout the Americas, Europe, the Middle East, Africa and Asia Pacific, positioning us to help clients with their legal needs around the world. In certain jurisdictions, this information may be considered attorney advertising.

Read More

CLOUD APP DEVELOPMENT

SGI CANADA Subscribes to Guidewire Cloud to Enable Digital Transformation

Guidewire | January 13, 2022

Guidewire announced that SGI CANADA has subscribed to Guidewire InsuranceSuite and Guidewire Live Predict on Guidewire Cloud to power its core operations. SGI CANADA will use the cloud-based InsuranceSuite application to house their corporation’s insurance products. As a cloud-based solution, Guidewire provides increased flexibility and configurability to adapt to changing market needs and customer expectations. In addition, Guidewire Live Predict will provide SGI CANADA actuaries build insights into the company’s business, providing SGI CANADA with a competitive advantage in the market. “By moving to Guidewire, we’re taking a giant step toward a technology solution that will enable SGI to become a true digital insurer. In the competitive market, we sell our products exclusively through our network of broker partners. Our partnership with Guidewire will allow us to best support our brokers in meeting customer expectations and responding to their changing needs.” SGI CANADA Vice President of Digital and Corporate Projects Darlene Schultz Schultz continued, “A cloud-first approach has always been paramount for our digital strategy. What sets SGI CANADA apart from our competitors is our commitment to our broker partners and our strong customer focus. The customer truly is at the center of our business. We see great opportunities to improve and enhance the customer experience.” “We are pleased to welcome SGI CANADA to the Guidewire customer community and Guidewire Cloud,” said Guidewire Group Vice President of Americas Sales Ken Shapiro. “We are humbled by the company’s confidence in our cloud services capabilities to help it adapt to the demands of a rapidly changing marketplace in order to pursue their vision of transforming the insurance experience to promote peace of mind and safer communities.” Guidewire PartnerConnect Consulting member Deloitte is leading the implementation project, leveraging its InsurCloud platform accelerator to implement InsuranceSuite and Live Predict in Guidewire Cloud. Deloitte Canada Industry Solutions partner David Kerr said, “We are honored that SGI CANADA is putting its trust in Deloitte and Guidewire as the foundation for the next phase of their business transformation.” InsurCloud is pre-configured for the Canadian insurance industry and is built to improve speed to market in personal lines, farm, and small commercial product lines, while reducing costs and risk. About SGI CANADA SGI CANADA is the trade name of the property and casualty insurance division of SGI, which offers products in five of Canada's provinces. It operates as SGI CANADA in Saskatchewan, British Columbia, Alberta, Manitoba, and Ontario, and also as Coachman Insurance Company in Ontario. Products are sold through a network of independent insurance brokers. About Guidewire Software Guidewire is the platform P&C insurers trust to engage, innovate, and grow efficiently. ​We combine digital, core, analytics, and AI to deliver our platform as a cloud service. More than 450 insurers, from new ventures to the largest and most complex in the world, run on Guidewire. As a partner to our customers, we continually evolve to enable their success. We are proud of our unparalleled implementation track record, with 1,000+ successful projects, supported by the largest R&D team and partner ecosystem in the industry. Our marketplace provides hundreds of applications that accelerate integration, localization, and innovation.

Read More

CLOUD COMPLIANCE AND AUDIT

Qumulo Launches Cloud Now Program; Gives Cloud Builders One Free Petabyte of Storage

Qumulo | April 26, 2022

-Qumulo, the leader in data storage and management at scale, today unveiled “Cloud Now,” a new program that offers cloud builders the ability to create and test up to one petabyte (PB) of multi-cloud file storage at no cost*. As the only multi-cloud file platform able to run massive data workloads with radical simplicity, Qumulo designed the Cloud Now Program to eliminate barriers to unstructured data storage in the cloud while speeding time to deployment. Customers can now build a proof of concept (POC) at scale with no Qumulo licensing costs, no underlying cloud storage infrastructure costs, and a white-glove deployment experience. are already turning to the cloud to scale rapidly. Recent macroeconomic challenges, such as supply chain delays and labor shortages, have accelerated cloud adoption. According to recent independent analyst reports, organizations are increasing annual cloud spending by 20.7% through 2025, and more than 40% of enterprises surveyed are moving workloads to the cloud to mitigate supply chain disruption. “Today’s enterprises need to manage their data and keep their business moving forward. We believe every business should experience the benefits of cloud, which is why we are offering to build proof of concept environments for our customers free of charge in the cloud of their choice,” said Bill Richter, CEO at Qumulo. “The Cloud Now Program removes concerns of cost and infrastructure lock-in – something legacy vendors simply can’t do.” As the only multi-cloud provider that runs on AWS, GCP, and Azure infrastructure at massive scale, Qumulo gives customers the ability to manage massive amounts of unstructured data, regardless of which cloud it is in, for instant freedom and flexibility. Customers frequently turn Qumulo POCs into production workloads and with Cloud Now, have a free cloud storage environment to run real-world production workloads with confidence. As a software defined, multi-cloud unstructured data solution, Qumulo runs in data centers, private clouds and all three major public clouds. Deploying the Qumulo single software stack across on-prem and the public cloud reduces complexity with a single management experience wherever a customer’s data resides. Qumulo also offers the same award-winning customer support experience across all deployments. About Qumulo, Inc. Qumulo is the breakthrough leader in simplifying data management in its native file form at a massive scale across hybrid-cloud environments. Its high-performance file data platform is designed to store, manage and create workflows and applications with data in its native file form at massive scale on prem and in the public cloud. Qumulo is trusted by Fortune 500 companies, major film and animation studios, and some of the largest research facilities in the world to easily manage the full data lifecycle from ingestion, transformation, publishing and archiving with cost-effective capacity, dynamic scalability, automatic encryption, real-time visibility and an advanced API that enables customers to easily integrate Qumulo into their ecosystem and workflows.

Read More

CLOUD APP DEVELOPMENT

Lacework Enhances Partner Program to Better Enable Cloud Service Providers, Alliance Partners and the Channel

Lacework | February 03, 2022

Lacework, the data-driven security company for the cloud, announced it has strengthened investment in its growing partner ecosystem with the introduction of the new Lacework Partner Program. Partners are critical to fueling the company's continued momentum and scale, and the release of today's new program will help simplify how they can work with Lacework to uncover new revenue opportunities. Organizations of all sizes choose the Lacework Polygraph® Data Platform because it helps automatically uncover suspicious activity across a multicloud environment, so they can detect and address true threats and risks to their business from build time through runtime. The Lacework Partner Program enables channel partners with dedicated technical enablement, joint marketing resources, and a go-to-market framework across three new tiered program levels. Partner program levels determine a partner's access to a spectrum of benefits including dedicated channel managers, MDF program dollars, SPIFF eligibility, training and technical content, and more. Lacework has also established a Partner Advisory Board to help ensure the company is meeting the strategic needs of its partners. This flexible program lets partners choose the investment that works for their business and grow with Lacework over time. The program also formalizes the company's commitment to technology partners, cloud service providers and system integrators. Through technology integrations with partners, Lacework is making it easier for customers to integrate security practices deeper in the development process. It will also enable Lacework to better support customers with multicloud environments through partnerships with AWS and now Google Cloud, making it easier to purchase Lacework through the cloud providers' respective Marketplaces. The companies will also tightly integrate into co-selling and co-building activities. Lacework will continue to add global partners, which includes channel partners Presidio, Trace3, EVOTEK, Tevora, Optiv, GuidePoint Security, Expel, GlobalDots, and Tracer Cloud; technology partners Snowflake, New Relic, Tines, and Atlassian; global technology service providers like Wipro; and cloud service providers AWS, Microsoft Azure, Red Hat, and Google. "We are excited to partner with Lacework as they further their investment in their partner ecosystem. The Lacework Polygraph Data Platform provides best-of-breed cloud security tools we recommend to our clients to improve upon their cloud security posture, secure critical workloads, and accelerate digital transformation." Jon Jensen, Vice President, Cybersecurity Sales at Presidio "GlobalDots keeps hunting for security innovation to support its customers in their large-scale cloud operations. We are keen on cloud-native security solutions that safeguard data while allowing full exploitation of the cloud's speed and efficiency," said Yuval Rachlin, CEO at GlobalDots. "The Lacework Polygraph Data Platform is just that type of innovation, allowing our customers to build quickly, safely, and securely. The Lacework Partner Program will make it easier for us to deliver this exciting technology to them." "Today's world is powered by modern, digital experiences, and the quality of those experiences depend on empowering your engineers with a data-driven approach to planning, building, deploying, running, and securing great software. When security, application, infrastructure, and end-user performance data is scattered across disconnected monitoring tools, it can be hard to identify issues quickly, and troubleshooting can be needlessly complex and time-consuming," said Buddy Brewer, GVP & GM, Product Partnerships, New Relic. "By bringing together the power of New Relic and Lacework, organizations can spend less time investigating and troubleshooting, and more time building." "Our customers are enthusiastically moving to the cloud and they need a security solution that keeps their data safe while continuing to deliver the speed and efficiency the cloud provides," said Siva VRS, Global Practice Head of Cloud and Infrastructure Security Practice, Wipro Limited. "The Lacework Polygraph Data Platform was built in the cloud, for the cloud, so customers can continue to build quickly, safely, and securely." "We're investing in our partner ecosystem today because we know that Lacework cannot realize its full potential as the next great security company without the support of outstanding and diverse channel and technology partners," said Andrew Byron, President, Lacework. "The Lacework Partner Program was painstakingly designed to give these vital partners all the tools they need to be successful so together we can deliver customers the only data-driven cloud security platform designed specifically for the cloud." About Lacework Lacework is the data-driven security company for the cloud. The Lacework Polygraph® Data Platform automates cloud security at scale so our customers can innovate with speed and safety. Only Lacework can collect, analyze, and accurately correlate data across an organization's AWS, Microsoft Azure, Google Cloud, and Kubernetes environments, and narrow it down to the handful of security events that matter. Customers all over the globe depend on Lacework to drive revenue, bring products to market faster and safer, and consolidate point security solutions into a single platform. Founded in 2015 and headquartered in San Jose, Calif., Lacework is backed by leading investors like Sutter Hill Ventures, Altimeter Capital, D1 Capital Partners, Tiger Global Management, Counterpoint Global (Morgan Stanley), Franklin Templeton, Durable Capital, GV, General Catalyst, XN, Coatue, Dragoneer, Liberty Global Ventures, and Snowflake Ventures, among others.

Read More

Spotlight

This white paper examines the evolution of Manufacturing Execution Systems (MES) and explains why the cloud is the best platform for synchronization of MES with ERP systems. Learn about a common ecosystem that supports a single source of data in real-time, and end-to-end detailed traceability that ties inventory to quality.

Resources