Moving Healthcare to the Cloud: Operationalizing Security
Part 5 of 5 of “Moving Healthcare to the Cloud”
In the last blog of our Moving Healthcare to the Cloud series, we presented how organizations can assess, manage and reduce the risk of security attacks. In this blog, we discuss how to operationalize security in order to ensure digital assets remain protected.
After migrating IT systems to the cloud, integrating your cloud environment with on-premises systems, and assessing your security risks, the next step is to operationalize your on-going security program. By following the best practices presented in our previous blogs, you should already have the framework for a robust system in place.
The program should include a consistent security policy to help you determine everything you need related to protection, audits and remediation. A robust policy serves as a bedrock for establishing a strong security posture and helps you make sure you can answer all the key questions as you delve deeply into the details. Here’s just one example of the many scenarios you will need to consider:
- How long can patient records be stored on-premises?
- Does the length of time for storage change if you move records to the cloud?
- Are there privacy and regulatory issues to be concerned about in one cloud platform versus another?
As this example illustrates, security and compliance become more complex when you move part of your IT infrastructure to the cloud and integrate it with on-premises systems and other cloud environments. But with a proper robust framework in place, you can make sure you ask all the right questions so that the answers identify any security policies and controls you need to change.