Cloud Security Alliance Releases 'Telehealth Data in the Cloud' Report

Cloud Security Alliance | June 19, 2020

  • The Cloud Security Alliance announced today the release of its newest report, Telehealth Data in the Cloud.

  • With the increased use of telehealth in the cloud, HDOs must adequately and proactively address data, privacy, and security issues.

  • CSA offers several resources for HDOs to help with continuous monitoring activities.


The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, announced today the release of its newest report, Telehealth Data in the Cloud. Produced by the Health Information Management Working Group, the paper examines the privacy and security concerns related to processing, storing, and transmitting patient data in the cloud, including those within the context of edge computing for telehealth solutions.

Read more: Sigma Computing Powers Community-Driven Analytics and Business Intelligence with Major Updates to Cloud Solution

In the wake of COVID-19, health delivery organizations (HDOs) have quickly increased their utilization of telehealth capabilities (i.e., remote patient monitoring (RPM) and telemedicine) to treat patients in their homes. These technology solutions allow for the delivery of patient treatment, comply with COVID-19 mitigation best practices, and reduce the risk of exposure for health care providers. Going forward, telehealth solutions — which introduce high levels of patient data over the Internet and in the cloud — can be used to remotely monitor and treat patients who have mild cases of the virus, as well as other health issues. However, this remote environment also comes with an array of privacy and security challenges.

For health care systems, telehealth has emerged as a critical technology for safe and efficient communications between healthcare providers and patients, and accordingly, it’s vital to review the end-to-end architecture of a telehealth delivery system. A full analysis can help determine whether privacy and security vulnerabilities exist, what security controls are required for proper cybersecurity of the telehealth ecosystem, and if patient privacy protections are adequate.

- Dr. Jim Angle, co-chair of CSA’s Health Information Management Working Group


With the increased use of telehealth in the cloud, HDOs must adequately and proactively address data, privacy, and security issues. The HDO cannot leave this up to the cloud service provider, as it is a shared responsibility. The HDO must understand regulatory requirements, as well as the technologies that support the system. Regulatory mandates may span multiple jurisdictions, and requirements may include both the GDPR and HIPAA. Armed with the right information, the HDO can implement and maintain a secure and robust telehealth program. Cloud Access Security Brokers, the paper notes, ensure HDOs understand what cloud connections are made and what data is sent to the cloud.

Read more: UKCloud Launches Carbon Negative Cloud Services to Advance Sustainable Technology Strategy

CSA offers several resources for HDOs to help with continuous monitoring activities. The Cloud Security Alliance Security Trust and Assurance Registry (CSA STAR)—a registry of cloud providers that have met the security requirements and are certified—provides an open-source tool for annual assessments for continuous monitoring of security controls. The annual Cloud Security Alliance Top Threats List, meanwhile, compiles the top cloud security threats and can provide HDOs with further information on the concepts highlighted in this white paper, including business impacts for each threat, key takeaways, CSA security guidance, and the controls used to help mitigate the threats.

Download the free report.

About Cloud Security Alliance:

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — providing a forum through which different parties can work together to create and maintain a trusted cloud ecosystem.

Spotlight

When running applications and services in the cloud, Splunk offers visibility across providers, operating systems and deployment types for a holistic view of your environment.


Other News
CLOUD STORAGE

UBS and Microsoft announce landmark expansion of cloud partnership

Microsoft | October 31, 2022

On Thursday, UBS and Microsoft Corp. announced a landmark expansion of their partnership to accelerate UBS's public cloud footprint over the next five years. Through this transformational initiative, UBS plans to have more than 50% of its applications, including critical workloads, running on Microsoft Azure, now UBS's primary cloud platform. The partnership furthers UBS's "cloud-first" strategy and the modernization of its global technology estate. Through this partnership, UBS will have access to the most comprehensive cloud platform, trusted by more than 95% of Fortune 500 companies, with a rich set of productivity and collaboration tools, enabling the firm to increase the speed at which it can deliver and improve upon its digital experiences for clients and employees. At the same time, Azure will help advance UBS's sustainability initiatives, drive operational efficiencies, and maintain its standards for compliance and security — providing strong foundations on which to scale UBS's rate of cloud adoption. "Our cloud strategy has fundamentally changed the way we operate, allowing us to reinvigorate our technology estate and reimagine how we build applications for our clients, Closely partnering and collaborating with Microsoft has and will continue to create tremendous value for our clients, our employees, the firm and our shareholders. The developments and learnings that stem from this partnership will benefit the financial services industry and beyond." Mike Dargan, UBS Group chief digital and information officer In 2018, when UBS announced its cloud strategy, leveraging its strategic partnership with Microsoft, it planned to move one-third of its applications to public cloud within four years, but accomplished this goal early in February 2021. Now, the partnership goes beyond just consuming cloud services to include the co-development of innovations and greater collaboration in areas like carbon reduction. "UBS is a forward-thinking leader in the financial services industry, and Microsoft has been fortunate to co-develop innovative applications that meet complex, regulatory requirements with their engineering teams over the past several years," said Scott Guthrie, executive vice president, Cloud + AI, Microsoft. "Our expanded partnership will continue to accelerate the organization's ambitious digital transformation plans, applying the power of the Microsoft Cloud to equip UBS with the agility and reliability to deliver for their clients." Advancing digital sustainability In line with the firm's sustainability goals, UBS continues to move certain technology platform workloads from its on-premises and private cloud servers to Azure. In some use cases, this has resulted in the energy consumption of these workloads to be reduced by up to 30% to date. Together, UBS and Microsoft also co-developed a Carbon Aware API, an open-source solution that provides recommendations on how to schedule workloads that require heavy compute power during times when clean, renewable or low-carbon sources of electricity are most available. They then provided their solution to the Green Software Foundation so it could be shared with large and small companies around the world. Enhancing client and employee experiences with artificial intelligence UBS and Microsoft are implementing and further exploring ways in which artificial intelligence and data can be used to enhance services for clients and employees. For example, in Switzerland, UBS is currently operating two applications that utilize conversational AI capabilities to respond to client e-mail inquiries. Unleashing innovation and driving greater business insights on a trusted platform To support UBS's "cloud-first" strategy and further drive innovation, Microsoft actively brought its Azure confidential computing services to Switzerland. This provided UBS with a new functionality to protect and secure data sharing internally across all of UBS's business divisions, while maintaining the bank's compliance and security standards. As a result, UBS can now develop additional business insights and uncover new opportunities for innovation for its clients and employees. In addition, UBS will leverage Microsoft Power Platform — including Power Apps and Power Automate — which will provide employees with the ability to quickly build professional-grade applications, create automated workflows and connect disparate data sources. About UBS UBS convenes the global ecosystem for investing, where people and ideas are connected and opportunities brought to life, and provides financial advice and solutions to wealthy, institutional and corporate clients worldwide, as well as to private clients in Switzerland. UBS offers investment solutions, products and impactful thought leadership, is the leading global wealth manager, provides large-scale and diversified asset management, focused investment banking capabilities, and personal and corporate banking services in Switzerland. The firm focuses on businesses that have a strong competitive position in their target markets, are capital efficient and have an attractive long-term structural growth or profitability outlook. UBS is present in all major financial centers worldwide. It has offices in more than 50 regions and locations, with about 30% of its employees working in the Americas, 30% in Switzerland, 19% in the rest of Europe, the Middle East and Africa and 21% in Asia Pacific. UBS Group AG employs more than 72,000 people around the world. Its shares are listed on the SIX Swiss Exchange and the New York Stock Exchange (NYSE). About Microsoft Microsoft enables digital transformation for the era of an intelligent cloud and an intelligent edge. Its mission is to empower every person and every organization on the planet to achieve more.

Read More

CLOUD SECURITY

Prisma Cloud Delivers Context-Aware Software Composition Analysis to Secure Deployment of Open Source Software

Palo Alto Network | September 23, 2022

Open source software is a critical component of cloud-native applications, allowing developers greater speed and modularity without having to reinvent the wheel each time they code. However, as the Unit 42 Cloud Threat Report, 2H 2021 found, open source software can often contain known vulnerabilities, which can open organizations up to significant risk. Palo Alto Networks (NASDAQ: PANW), the global cybersecurity leader, today introduced the industry's first context-aware software composition analysis (SCA) solution to help developers safely use open source software components. The integration of SCA into Prisma® Cloud further demonstrates why Palo Alto Networks is the leading provider of cloud-native security. Traditional SCA solutions are standalone products that can produce a large number of alerts but lack the runtime context to help fix vulnerabilities. With the addition of SCA to the Prisma Cloud platform, developers and security teams can proactively surface and prioritize known vulnerabilities that impact the application lifecycle (i.e., code, build, deploy and run). Prisma Cloud SCA delivers deep dependency detection and remediation of vulnerabilities in open source software before applications reach production. It can also help developers prioritize remediation based on software components that are already in use. These capabilities are not possible when SCA solutions are deployed as single point products. "Developers leveraging open source software should be able to build applications with the confidence they aren't opening the organization up to risk, With the average application consisting of 75% open source components, SCA on Prisma Cloud is key to protecting the organization from code to cloud and empowering developers to build with speed." Ankur Shah, senior vice president, Prisma Cloud, Palo Alto Networks As a complete cloud-native application protection platform (CNAPP), Prisma Cloud is context-aware at every stage of the application lifecycle to provide a unified view of risk across organizations' cloud environments. Where current approaches to cloud security rely on siloed products that provide intermittent visibility without remediation, Prisma Cloud approaches cloud security with a comprehensive, prevention-first framework. With 188% increase in cloud incident response cases over the past three years, this shift in approach has become mandatory. A complete code-to cloud CNAPP needs to incorporate the following five key principles in order to keep organizations safe: Security from code to cloud — protects applications at every stage of the development lifecycle — from code, build, deploy and run. Continuous, real time visibility — uses real-time and contextual security analysis of cloud environments to help prevent misconfigurations, vulnerabilities and threats. Prevention-first protection — stopping attacks and defending against zero-day vulnerabilities to drive down mean time to remediation. Choice for every cloud journey — aligning security needs with current and future cloud priorities by supporting a breadth of cloud service providers, workload architectures, continuous integration and continuous delivery (CI/CD) pipelines, integrated development environments (IDEs), and repositories with a unified platform Cloud scale security — consistently secures applications as cloud environments scale. In addition to SCA and to further increase the safety of cloud-native applications, Prisma Cloud introduced a software bill of materials (SBOM) among other capabilities for developers to easily maintain and reference a complete codebase inventory of every application component used across cloud environments. Implementing SCA and SBOM ensures Prisma Cloud aligns with these principles. "Buyers looking for cloud-native security solutions need to keep the requirements of microservices security protection in mind. The 'bolted-on' and 'whack-a-mole' approaches are a thing of the past," said Frank Dickson, program vice president, Security and Trust at IDC. "Security should be embedded throughout the application development life cycle. This means that buyers need to fundamentally change their approach to security, although they need to continue to protect their run-time environments, they must also embrace solutions that embed security in the application development process, an approach referred to as 'shift left.' Shift left requires one to think less about security products and more about continuous security processes." About Palo Alto Networks Palo Alto Networks is the world's cybersecurity leader. We innovate to outpace cyberthreats, so organizations can embrace technology with confidence. We provide next-gen cybersecurity to thousands of customers globally, across all sectors. Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we're committed to helping ensure each day is safer than the one before. It's what makes us the cybersecurity partner of choice.

Read More

CLOUD SECURITY

Presidio Expands Partnership with Microsoft to Accelerate Hybrid Cloud Innovation and Adoption

Presidio | October 14, 2022

Presidio, Inc., a global digital services and solutions provider has signed a new partnership agreement with Microsoft to co-invest to help customers advance their digital transformation and hybrid cloud innovation. The agreement drives joint collaboration to accelerate innovation and training across all Microsoft cloud technologies and platforms to serve customers even more effectively. Presidio can now further build on its team’s Microsoft expertise and expedite the implementation of hybrid cloud benefits for Microsoft customers. With the hybrid benefits that Microsoft 365, Dynamics 365, Digital Contact Center, and Microsoft Azure offer they can minimize the challenges and constraints their customers face in the supply chain and with their existing data centers. “The solution envisioned and built with Presidio on Microsoft Cloud to help enable our mills opened the door for our company to access game changing data in real-time. With this implementation we can strategically influence everything from how we serve our customers every day, how we grow our business, how we create value, and how we develop tools and patterns to help our team members be more successful,” Chris Meyerpeter, Commercial Transformation Lead and CIO, Ardent Mills “Our customers want Presidio to be a single resource to accelerate digital transformation across their existing solutions and platforms,” said Chris Cagnazzi, Senior Vice President and General Manager of Digital Business at Presidio. “Our expanded partnership with Microsoft will drive even greater collaboration between both our companies.” "Presidio is well-positioned to meet the needs of our customers on their digital transformation journey utilizing the Microsoft Cloud technologies. This agreement reflects our joint commitment to invest in Presidio's success and the success of our many mutual customers," said Tyler Bryson, CVP, Global Partner Solutions, US and Health & Public Sector Industries, US, Microsoft. As a Microsoft consulting partner within the Microsoft Partner Network (MPN), Presidio holds 13 Gold Competencies, Advanced Specializations, and is a Fast Track Ready partner. Presidio is a trusted advisor that helps organizations of all sizes best leverage cloud solutions and delivers business value at every stage of the technology lifecycle. This includes digital transformation leveraging Azure, Microsoft 365 and Dynamics 365, and on-premise technologies and applications are fully leveraged and aligned with organizational needs. Presidio’s team of engineers is committed to keeping up with best practices in security, reliability, and adoption. Through technical workshops, training, and immersion experiences, Presidio exposes customers to new technologies and best practices and how to best leverage them in their unique environment. About Presidio Presidio is a global digital services and solutions provider accelerating business transformation through secured technology modernization. Highly skilled teams of engineers and solutions architects with deep expertise across cloud, security, networking and modern data center infrastructure help customers acquire, deploy and operate technology that delivers impactful business outcomes. Presidio is a trusted strategic advisor with a flexible full life cycle model of professional, managed, and support and staffing services to help execute, secure, operationalize and maintain technology solutions.

Read More

CLOUD SECURITY

SqlDBM and Inergy Announce Partnership, Looking at Cloud as the Future of Data

SqlDBM | November 24, 2022

SqlDBM - Online Data Modeling Tool announced their partnership with Inergy, a leading provider of BI and Analytics solutions based in the Netherlands. Henceforth, Inergy will collaborate with SqlDBM as a Silver Partner, aligning on digital exposure and cloud adoption strategy. SqlDBM, itself a cloud-based SaaS database modeling platform, has witnessed firsthand the transformative power that the cloud drives for scalability and ease of use. Inergy, with over two decades of BI experience, is likewise committed to helping its customers embrace cloud-based solutions. Both SqlDBM and Inergy are official Snowflake Partners and see this synergy as a natural fit. “The Inergy-SqlDBM partnership is a powerful combination. Data environments across platforms and channels have become increasingly complex, so the tools and consultants which deal with them must evolve to meet this challenge. We believe our common understanding of cloud solutions will be pivotal in leading the industry towards the future of the cloud,” Anna Abramova, Head of Growth at SqlDBM Inergy is also a Gold Microsoft Partner, with employees certified in Azure, one of SqlDBM’s most widely-supported databases. Both companies see the cloud as the logical next step in BI and data warehousing. They will henceforth collaborate to make sure their customers are well equipped to leverage the possibilities that cloud computing has to offer. About SqlDBM SqlDBM’s mission is to provide a modern cloud-based modeling solution that enables customers to layout or create their business warehouse without writing a single line of code. SqlDBM supports leading cloud-based database providers like Snowflake, Azure Synapse, Redshift, and on-premise solutions like Postgres and SQL Server. Using an online visual interface, users can diagram their entire database through reverse engineering, create new objects, make changes, and add properties without writing SQL. SqlDBM provides additional features that facilitate data governance, data discovery (data dictionary), DevOps and CI/CD, and communication between business and technical users. About Inergy Inergy helps organizations get more returns from their core business and business processes by generating insight from all the information they may have. Inergy does not shy away from ambitious projects or demanding clients. Thanks to their many years of experience and thorough knowledge of business processes and technology, Inergy works quickly for result-oriented solutions. And thanks to those same years of experience, Inergy has developed a keen eye for innovative BI techniques and solutions that can help any business.

Read More