Welcome to Collaborative Strategy Guild Where insights are transformed into actions at the intersection of collaboration, information management, security, and business strategy.
|
The editors of TechTarget SearchSecurity have a new site – SearchCloudSecurity and Ed’s a regular contributor.
His latest piece looks at legacy apps and what companies can do to secure them when moving to cloud computing.
Scratch the surface in any organization and you’ll find the legacy environment is one of the most challenging issues facing IT in that organization. No matter how well planned the IT strategy, how efficient the operations, or how disciplined IT processes, there will always be technology that can’t be replaced and that doesn’t meet current standards. Because of the way many legacy applications were built, their criticality, and the expense to modify them, many… Continue reading: Moving Legacy Apps to the Cloud Securely
I came across an article this morning about cloud that got me thinking… I’ll refrain from linking to it because I don’t suggest you read it, but it did get me thinking – in particular about the intersection of institutional healthcare, security, and cloud.
Think about the challenges facing a typical hospital or health system nowadays:
- Large legacy application footprint – potentially hundreds of specialized clinical applications, supply-chain applications, scheduling applications, financial applications
- Lean IT – relatively small IT staff population and (generally) reduced budget for specialized resources like security. Food for thought here: the one place where I have never encountered a dedicated application security resource is at a health system… Continue reading: Healthcare in the cloud – slow to start, but a good fit
In his monthly column for ECT, Ed takes a look at how cloud changes the game for HIPAA’s addressable security requirements:
Cloud computing changes the dynamics of certain parts of HIPAA’s Security requirements. In a cloud computing scenario, most security activities occur in partnership between vendor and client — in other words, while ultimate responsibility for compliance always resides at the covered entity, the actual implementation of certain operational aspects of security occur at the business associate cloud provider.
For the rest of the article, please continue reading here.
Continue reading: Why Cloud Computing Changes the Game for HIPAA Security
People are all kinds of fired up about the fact that EC2 was down the other day… If you didn’t notice (how could you not?), the intertubes came to a screeching halt (OK, you got me – that is, in fact, hyperbole) yesterday as multiple sites went – and stayed – offline for about 24 solid hours.
Uh oh. The situation is obviously a huge black eye for Amazon since it hit so many (quite popular) services hard and dramatically, so that’s naturally something to pay attention to. But what’s really interesting to me about this are two… Continue reading: Cloudpocalypse? Sure, I’ll have some…
In his monthly column for SearchCloudSecurity, Ed takes a provider-focused look at what happens when providers discover after the fact that PHI (protected health information) has been moved to the cloud.
But, complexities arise when you introduce cloud computing into the mix, particularly public cloud. For example, what happens when organizations discover after the fact that live PHI has already been located to a public cloud provider without the involvement of the security team? This may sound like a nightmare scenario, but you’d be surprised how often it happens. Moving to the cloud securely requires planning and foresight, but — let’s face it — security isn’t always… Continue reading: Maintaining compliance with HIPAA security requirements in the cloud
|
|
