SlideShare une entreprise Scribd logo

Secure Cloud Computing for the Health Enterprise

Joel Amoussou
Joel Amoussou
Technologie
1  sur  15
Secure Cloud Computing for the Health Enterprise By Joel Amoussou, CEO, Efasoft Inc.
Contents 1 Regulatory Framework 2 Cloud Security Practices 3 Security Management 4 Auditing & Compliance www.efasoft.com
Healthcare Apps in the Cloud Cloud Services: IaaS, SaaS, PaaS Cloud Services: IaaS, SaaS, PaaS CDSS EMR 5010 Analytics ICD10 www.efasoft.com
Drivers t en ym Pa ed as ity bil -B ala ge Sc sa e U siv Mas ty Elastici e nin g Tim ovisio $ r Q uick P Low Capital Costs www.efasoft.com
Regulatory Framework HIPAA HITECH Act – HIPAA Security Updates State and Federal Laws Meaningful Use Recommendations on Patient Consent www.efasoft.com
Impact of Regulations HITECH Act US Patriot Act •HIPAA applies to Cloud Service Providers (CSPs) and online PHR •Canada Health Infoway vendors as Business Associates??? certification requirements refer •Breach Notification to HIPAA •Accounting of disclosure •British Columbia and Nova Scotia prohibit storing patient •Marketing and sale of PHI data at providers (including CSPs) located in the US •Patient access and disclosure restrictions •Minimum data set www.efasoft.com
Tiger Team Recommendations Collection, Use and Disclosure Limitation: Third party service When the decision to disclose or organizations may not collect, use exchange the patient's identifiable or disclose personally identifiable health information from the health information for any provider's record is not in the purpose other than to provide the control of the provider or that services specified in the business provider's organized health care associate or service agreement arrangement ("OHCA"), patients with the data provider, and should be able to exercise necessary administrative meaningful consent to their functions, or as required by law. participation. www.efasoft.com
Addressing HIPAA in the Cloud Access Disaster Control Audit Backup Recovery •SSH Keys •Snapshot of block storage •Monitoring •No password-based volumes •Event logs to •Availability shell access secured •Encrypt and Zones dedicated Keep backups out (geographic •Strong Encryption of server of the cloud redundancy) data and filesystems •Backup log •Cloud storage is •Clustering •Private decryption files replicated across keys out of the cloud multiple •Replication •Security groups availability zones •Secure Transport www.efasoft.com
Security Issues in the Cloud 1 2 3 •Reassigned IP •CSP staff access to VM addresses instances and guest OS •Isolation in multitenancy •BGP Prefix Hijacking •Encryption not always possible while •OWASP Top 10 •DNS Attacks processing data in the cloud (as opposed to •Data Lineage •DoS and DDoS Attacks data at rest) •Data Provenance •Security groups not physically separated •Data Remanence (NIST 800-88) www.efasoft.com
Security Controls in the Cloud 1 1 Image hardening and patching 2 2 Host based IDS/IPS such as OSSEC 3 3 Health Monitoring & Security event logs 4 4 Effective Key Management (NIST 800-57) 5 5 Default deny-all mode, Host Firewall www.efasoft.com
Identity and Access Management (IAM) SPML Provisioning B SAML 2.0 A C XACML Identity Authorization Federation/SSO IAM WS-I Security E D Oauth Profile (SOA in Authentication the Cloud) across CSPs www.efasoft.com
Security Management Standards ITIL: IT Service Management ISO 17799: Code of Practice ISO 20000: Security Techniques Overview ISO 27001: Security Techniques Requirements ISO 27002: Code of Practice www.efasoft.com
Auditing & Compliance COBIT ISO 27001 SAS 70 GRC* ISO 27002 SysTrust WebTrust *Governance, Risk Management, and Compliance www.efasoft.com
Collaboration Health Enterprise Cloud Service Provider Understand responsibilities (who does Provide transparency into what about security?) security practices and policies. www.efasoft.com
www.efasoft.com joel@efasoft.com

Recommandé

Mii Oracle Biz Map 2009
Mii Oracle Biz Map 2009Mii Oracle Biz Map 2009
Mii Oracle Biz Map 2009Dira Sabrina
 
AnyConnect Secure Mobility
AnyConnect Secure MobilityAnyConnect Secure Mobility
AnyConnect Secure MobilityCisco Canada
 
Cloud Security:Threats & Mitgations
Cloud Security:Threats & MitgationsCloud Security:Threats & Mitgations
Cloud Security:Threats & MitgationsIndicThreads
 
Topdanmark- Cisco
Topdanmark- CiscoTopdanmark- Cisco
Topdanmark- CiscoCisco Case Studies
 
PCI DSS v 3.0 and Oracle Security Mapping
PCI DSS v 3.0 and Oracle Security MappingPCI DSS v 3.0 and Oracle Security Mapping
PCI DSS v 3.0 and Oracle Security MappingTroy Kitch
 
OpSource Enterprise-Class Security
OpSource Enterprise-Class Security OpSource Enterprise-Class Security
OpSource Enterprise-Class Security OpSource
 
Protéger ses données, identités & appareils avec Windows 10
Protéger ses données, identités & appareils avec Windows 10Protéger ses données, identités & appareils avec Windows 10
Protéger ses données, identités & appareils avec Windows 10Microsoft Technet France
 
Bloombase Spitfire SOA Security Server Specifications
Bloombase Spitfire SOA Security Server SpecificationsBloombase Spitfire SOA Security Server Specifications
Bloombase Spitfire SOA Security Server SpecificationsBloombase
 

Recommandé

Mii Oracle Biz Map 2009
Mii Oracle Biz Map 2009Mii Oracle Biz Map 2009
Mii Oracle Biz Map 2009Dira Sabrina
 
AnyConnect Secure Mobility
AnyConnect Secure MobilityAnyConnect Secure Mobility
AnyConnect Secure MobilityCisco Canada
 
Cloud Security:Threats & Mitgations
Cloud Security:Threats & MitgationsCloud Security:Threats & Mitgations
Cloud Security:Threats & MitgationsIndicThreads
 
Topdanmark- Cisco
Topdanmark- CiscoTopdanmark- Cisco
Topdanmark- CiscoCisco Case Studies
 
PCI DSS v 3.0 and Oracle Security Mapping
PCI DSS v 3.0 and Oracle Security MappingPCI DSS v 3.0 and Oracle Security Mapping
PCI DSS v 3.0 and Oracle Security MappingTroy Kitch
 
OpSource Enterprise-Class Security
OpSource Enterprise-Class Security OpSource Enterprise-Class Security
OpSource Enterprise-Class Security OpSource
 
Protéger ses données, identités & appareils avec Windows 10
Protéger ses données, identités & appareils avec Windows 10Protéger ses données, identités & appareils avec Windows 10
Protéger ses données, identités & appareils avec Windows 10Microsoft Technet France
 
Bloombase Spitfire SOA Security Server Specifications
Bloombase Spitfire SOA Security Server SpecificationsBloombase Spitfire SOA Security Server Specifications
Bloombase Spitfire SOA Security Server SpecificationsBloombase
 
Secure webl gate way
Secure webl gate waySecure webl gate way
Secure webl gate wayvfmindia
 
Defending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationDefending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationCisco Security
 
From Physical to Virtual to Cloud
From Physical to Virtual to CloudFrom Physical to Virtual to Cloud
From Physical to Virtual to CloudCisco Security
 
ISA Server 2006 Administration
ISA Server 2006 AdministrationISA Server 2006 Administration
ISA Server 2006 AdministrationLearnItFirst.com
 
Select your career path
Select your career pathSelect your career path
Select your career pathMD. IFTEKARUL ALAM
 
Isa server 2006 guide
Isa server 2006 guideIsa server 2006 guide
Isa server 2006 guidevmamar
 
From Cisco ACS to ISE
From Cisco ACS to ISE From Cisco ACS to ISE
From Cisco ACS to ISE Mahzad Zahedi
 
Cyberoam cr300i
Cyberoam cr300iCyberoam cr300i
Cyberoam cr300ipuneet1990
 
Security Avalanche
Security AvalancheSecurity Avalanche
Security AvalancheMichele Leroux Bustamante
 
Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Amazon Web Services
 
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroVmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroGraeme Wood
 
Vss Security And Compliance For The Cloud
Vss Security And Compliance For The CloudVss Security And Compliance For The Cloud
Vss Security And Compliance For The CloudGraeme Wood
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesCloudPassage
 
SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsKannan Subbiah
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Amazon Web Services
 
Cloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit PlanningCloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit PlanningValdez Ladd MBA, CISSP, CISA,
 
040711 webcast securing vmachine
040711 webcast securing vmachine 040711 webcast securing vmachine
040711 webcast securing vmachine Erin Banks
 
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...Amazon Web Services
 
Smartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudSmartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudAmazon Web Services
 
How Redlock Automates Security on AWS
How Redlock Automates Security on AWSHow Redlock Automates Security on AWS
How Redlock Automates Security on AWSAmazon Web Services
 
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014Amazon Web Services
 
Will your cloud be compliant
Will your cloud be compliantWill your cloud be compliant
Will your cloud be compliantEvgeniya Shumakher
 

Contenu connexe

Tendances

Secure webl gate way
Secure webl gate waySecure webl gate way
Secure webl gate wayvfmindia
 
Defending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationDefending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationCisco Security
 
From Physical to Virtual to Cloud
From Physical to Virtual to CloudFrom Physical to Virtual to Cloud
From Physical to Virtual to CloudCisco Security
 
ISA Server 2006 Administration
ISA Server 2006 AdministrationISA Server 2006 Administration
ISA Server 2006 AdministrationLearnItFirst.com
 
Isa server 2006 guide
Isa server 2006 guideIsa server 2006 guide
Isa server 2006 guidevmamar
 
From Cisco ACS to ISE
From Cisco ACS to ISE From Cisco ACS to ISE
From Cisco ACS to ISE Mahzad Zahedi
 
Cyberoam cr300i
Cyberoam cr300iCyberoam cr300i
Cyberoam cr300ipuneet1990
 

Tendances (9)

Secure webl gate way
Secure webl gate waySecure webl gate way
Secure webl gate way
 
Defending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationDefending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the Application
 
From Physical to Virtual to Cloud
From Physical to Virtual to CloudFrom Physical to Virtual to Cloud
From Physical to Virtual to Cloud
 
ISA Server 2006 Administration
ISA Server 2006 AdministrationISA Server 2006 Administration
ISA Server 2006 Administration
 
Select your career path
Select your career pathSelect your career path
Select your career path
 
Isa server 2006 guide
Isa server 2006 guideIsa server 2006 guide
Isa server 2006 guide
 
From Cisco ACS to ISE
From Cisco ACS to ISE From Cisco ACS to ISE
From Cisco ACS to ISE
 
Cyberoam cr300i
Cyberoam cr300iCyberoam cr300i
Cyberoam cr300i
 
Security Avalanche
Security AvalancheSecurity Avalanche
Security Avalanche
 

Similaire à Secure Cloud Computing for the Health Enterprise

Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Amazon Web Services
 
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroVmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroGraeme Wood
 
Vss Security And Compliance For The Cloud
Vss Security And Compliance For The CloudVss Security And Compliance For The Cloud
Vss Security And Compliance For The CloudGraeme Wood
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesCloudPassage
 
SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsKannan Subbiah
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Amazon Web Services
 
040711 webcast securing vmachine
040711 webcast securing vmachine 040711 webcast securing vmachine
040711 webcast securing vmachine Erin Banks
 
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...Amazon Web Services
 
Smartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudSmartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudAmazon Web Services
 
How Redlock Automates Security on AWS
How Redlock Automates Security on AWSHow Redlock Automates Security on AWS
How Redlock Automates Security on AWSAmazon Web Services
 
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014Amazon Web Services
 
Risk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Crew
 
Brave new world of encryption v1
Brave new world of encryption v1Brave new world of encryption v1
Brave new world of encryption v1Khazret Sapenov
 
Security and Privacy in the Cloud - Stephen Schmidt - AWS Summit 2012 Australia
Security and Privacy in the Cloud - Stephen Schmidt - AWS Summit 2012 AustraliaSecurity and Privacy in the Cloud - Stephen Schmidt - AWS Summit 2012 Australia
Security and Privacy in the Cloud - Stephen Schmidt - AWS Summit 2012 AustraliaAmazon Web Services
 
Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012gaborvodics
 
Vincent Desveronnieres, Oracle
Vincent Desveronnieres, OracleVincent Desveronnieres, Oracle
Vincent Desveronnieres, OracleEwa Stepien
 
Gartner Catalyst Savvis Cloud API Case Study
Gartner Catalyst Savvis Cloud API Case StudyGartner Catalyst Savvis Cloud API Case Study
Gartner Catalyst Savvis Cloud API Case StudyCA API Management
 

Similaire à Secure Cloud Computing for the Health Enterprise (20)

Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012
 
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroVmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend Micro
 
Vss Security And Compliance For The Cloud
Vss Security And Compliance For The CloudVss Security And Compliance For The Cloud
Vss Security And Compliance For The Cloud
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
 
SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security Concerns
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
 
Cloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit PlanningCloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit Planning
 
040711 webcast securing vmachine
040711 webcast securing vmachine 040711 webcast securing vmachine
040711 webcast securing vmachine
 
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
 
Smartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudSmartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS Cloud
 
How Redlock Automates Security on AWS
How Redlock Automates Security on AWSHow Redlock Automates Security on AWS
How Redlock Automates Security on AWS
 
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014
 
Will your cloud be compliant
Will your cloud be compliantWill your cloud be compliant
Will your cloud be compliant
 
Risk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the Cloud
 
Brave new world of encryption v1
Brave new world of encryption v1Brave new world of encryption v1
Brave new world of encryption v1
 
Security and Privacy in the Cloud - Stephen Schmidt - AWS Summit 2012 Australia
Security and Privacy in the Cloud - Stephen Schmidt - AWS Summit 2012 AustraliaSecurity and Privacy in the Cloud - Stephen Schmidt - AWS Summit 2012 Australia
Security and Privacy in the Cloud - Stephen Schmidt - AWS Summit 2012 Australia
 
Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012
 
Vincent Desveronnieres, Oracle
Vincent Desveronnieres, OracleVincent Desveronnieres, Oracle
Vincent Desveronnieres, Oracle
 
17h30 aws enterprise_app_jvaria
17h30 aws enterprise_app_jvaria17h30 aws enterprise_app_jvaria
17h30 aws enterprise_app_jvaria
 
Gartner Catalyst Savvis Cloud API Case Study
Gartner Catalyst Savvis Cloud API Case StudyGartner Catalyst Savvis Cloud API Case Study
Gartner Catalyst Savvis Cloud API Case Study
 

Dernier

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 

Dernier (20)

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 

Secure Cloud Computing for the Health Enterprise

  • 1. Secure Cloud Computing for the Health Enterprise By Joel Amoussou, CEO, Efasoft Inc.
  • 2. Contents 1 Regulatory Framework 2 Cloud Security Practices 3 Security Management 4 Auditing & Compliance www.efasoft.com
  • 3. Healthcare Apps in the Cloud Cloud Services: IaaS, SaaS, PaaS Cloud Services: IaaS, SaaS, PaaS CDSS EMR 5010 Analytics ICD10 www.efasoft.com
  • 4. Drivers t en ym Pa ed as ity bil -B ala ge Sc sa e U siv Mas ty Elastici e nin g Tim ovisio $ r Q uick P Low Capital Costs www.efasoft.com
  • 5. Regulatory Framework HIPAA HITECH Act – HIPAA Security Updates State and Federal Laws Meaningful Use Recommendations on Patient Consent www.efasoft.com
  • 6. Impact of Regulations HITECH Act US Patriot Act •HIPAA applies to Cloud Service Providers (CSPs) and online PHR •Canada Health Infoway vendors as Business Associates??? certification requirements refer •Breach Notification to HIPAA •Accounting of disclosure •British Columbia and Nova Scotia prohibit storing patient •Marketing and sale of PHI data at providers (including CSPs) located in the US •Patient access and disclosure restrictions •Minimum data set www.efasoft.com
  • 7. Tiger Team Recommendations Collection, Use and Disclosure Limitation: Third party service When the decision to disclose or organizations may not collect, use exchange the patient's identifiable or disclose personally identifiable health information from the health information for any provider's record is not in the purpose other than to provide the control of the provider or that services specified in the business provider's organized health care associate or service agreement arrangement ("OHCA"), patients with the data provider, and should be able to exercise necessary administrative meaningful consent to their functions, or as required by law. participation. www.efasoft.com
  • 8. Addressing HIPAA in the Cloud Access Disaster Control Audit Backup Recovery •SSH Keys •Snapshot of block storage •Monitoring •No password-based volumes •Event logs to •Availability shell access secured •Encrypt and Zones dedicated Keep backups out (geographic •Strong Encryption of server of the cloud redundancy) data and filesystems •Backup log •Cloud storage is •Clustering •Private decryption files replicated across keys out of the cloud multiple •Replication •Security groups availability zones •Secure Transport www.efasoft.com
  • 9. Security Issues in the Cloud 1 2 3 •Reassigned IP •CSP staff access to VM addresses instances and guest OS •Isolation in multitenancy •BGP Prefix Hijacking •Encryption not always possible while •OWASP Top 10 •DNS Attacks processing data in the cloud (as opposed to •Data Lineage •DoS and DDoS Attacks data at rest) •Data Provenance •Security groups not physically separated •Data Remanence (NIST 800-88) www.efasoft.com
  • 10. Security Controls in the Cloud 1 1 Image hardening and patching 2 2 Host based IDS/IPS such as OSSEC 3 3 Health Monitoring & Security event logs 4 4 Effective Key Management (NIST 800-57) 5 5 Default deny-all mode, Host Firewall www.efasoft.com
  • 11. Identity and Access Management (IAM) SPML Provisioning B SAML 2.0 A C XACML Identity Authorization Federation/SSO IAM WS-I Security E D Oauth Profile (SOA in Authentication the Cloud) across CSPs www.efasoft.com
  • 12. Security Management Standards ITIL: IT Service Management ISO 17799: Code of Practice ISO 20000: Security Techniques Overview ISO 27001: Security Techniques Requirements ISO 27002: Code of Practice www.efasoft.com
  • 13. Auditing & Compliance COBIT ISO 27001 SAS 70 GRC* ISO 27002 SysTrust WebTrust *Governance, Risk Management, and Compliance www.efasoft.com
  • 14. Collaboration Health Enterprise Cloud Service Provider Understand responsibilities (who does Provide transparency into what about security?) security practices and policies. www.efasoft.com