SlideShare una empresa de Scribd logo
1 de 5
Descargar para leer sin conexión
CloudMask thinks differently in the secure-cloud landscape.
Securing sensitive data for the health care industry
The economic value proposition of Software as a Service (SaaS) is undeniable. SaaS is disrupting industry after industry,
making accessible to sole proprietors and small businesses software functionality that historically required significant
investment in hardware, software, and annual maintenance fees. This, in turn, is making smaller players even more agile
and efficient than they used to be, allowing them to run competitive circles around larger or laggard players.
The good news is that rich software functionality is often available for less than $100 per month, enabling high levels of
business management and administrative efficiencies.
The bad news is that the tempting sky of cloud and SaaS computing is filled with thunderclouds of cybersecurity concerns.
Despite the best efforts of traditional cybersecurity experts, the adoption of cloud computing has been accompanied by an
ever-growing number of egregious data breaches. These breaches damage brands and drive up significant costs for
investigations, notification, and identity-theft protection for clients whose personal information has drifted into malicious
hands.
So, what’s going on? Why do even the largest enterprises struggle with securing their data? Wouldn’t the National
Security Agency be one of the most rigorous security practitioners in the world? What leaks have we not yet detected?
One thought leader at a major global cybersecurity consultancy explained it like this: “We’re trying to examine every packet
that flows across the perimeter of the network and notice IP addresses that don’t make sense. This is incredibly hard.
There’s a ridiculous amount of data, and we’ve entered an age where the network no longer has clear boundaries. We
really haven’t solved that problem.”
What is the problem?
The problem lies in the way traditional security thinkers have defined the problem. They’re working with a castle-and-moat
metaphor, where the internal network is protected with a set of security rings. Each ring, however, has costly hardware and
software searching for malevolent inbound and outbound data. But it’s like looking for needles in a haystack. And even if
security experts are successful at protecting the perimeter, there is little protection against insiders (employees or others
with access to the internal network).
Securing sensitive data for
the health care industry
CloudMask thinks differently.
We see the problem in simpler terms: protecting sensitive data and ensuring that only authorized users, using known
devices, can see data in the clear. We’re happy to let the traditional security experts work on their perimeters, knowing that
when they fail, our customers’ data remains secure. And, in contrast with products designed for big enterprises, we’ve
created a solution that can be installed, configured, and afforded by small businesses without IT staff.
The SaaS Security Problem – Simplified
SaaS applications use best-practice security protocols and rely on their cloud provider to secure the infrastructure the
application runs on.
One vendor explains it this way: “We ensure that your communications are secure using bank-grade 256-bit SSL
encryption. All of our infrastructure is hosted using physically secure, managed data centers that meet the rigid SSAE 16
specifications. Geo-redundant backups are performed multiple times per day, and site security and privacy are routinely
audited by respected third parties.”
By means of 256-bit SSL encryption, the connection between your browser or app and database servers is secured. When
you submit a query or update, the data is encrypted as it transits the internet. Once the data reaches the data center, it is
decrypted for insertion into the app’s database.
The data center itself (e.g., Amazon Web Services) has a rigorous set of security controls and protocols, meaning that only
employees with the proper identification and access passwords can physically or virtually access the servers that hold the
application’s data. SSAE 16 is a standard according to which data centers are audited for their degree of compliance with
policy.
There are three vulnerabilities that should concern executives:
1. Anyone who tricks a user into revealing their username and password can impersonate that user and log in
from any browser in the world.
Such a hacker can impersonate the user and perform administrator functions. You don’t have to be a fool to have this
happen to you. Even a sophisticated user like CIA Director John Brennan has fallen prey to high school-age hackers.
2. Any insider (employee of the data center) can turn from “good” to “bad” overnight or have their credentials
stolen, meaning that an authorized system administrator could access application data for malevolent purposes.
Insiders don’t need to be “bad” to present a threat. They can simply be careless.
A recent report on cybersecurity suggests that less than 50 percent of organizations have adequate policies in place to
mitigate insider-threat risks. The challenge here is that executives depend on their SaaS provider, who in turn rely on their
cloud service providers to maintain security hygiene. That’s a lot of blind faith.
3. Governments have the desire, capacity and experience to tap into the cloud-service providers who hold the
world’s data.
The problem here is manifold. On the one hand, the government can access specific information based on a warrant. On
the other hand, it is an entirely different matter to access everything on an as-needs basis, under cover of National Security
Letters or their equivalent. Despite their best efforts to security screen and oversee intelligence and law enforcement
operations, the government also falls prey to “trusted” staff performing unauthorized actions. These vulnerabilities impact
the firm’s liability for data breaches and the capacity to deliver on a promise of client confidentiality and privacy.
In storing sensitive personal and other data, the firm is considered a data controller. As a data controller, the firm is subject
to a variety of data protection laws and regulations. Such regulations increasingly create a costly burden to notify
individuals affected by data breaches and to purchase several years of identity-theft protection. Emerging European laws
impose heavy fines on firms who violate data protection regulations.
If you think the solution is not to use cloud, think again.
The concerns outlined above have caused many organizations to have misgivings about adopting cloud-based solutions,
presuming that an on-premise solution (a server running in your office) is safer. Unfortunately, that is not the case. Your
office or server room isn’t nearly as secure as an access-controlled data center.
CloudMask: a silver lining for SaaS
CloudMask addresses these vulnerabilities in a way that enables executives to immunize their firms against data-
breaches, differentiate by offering highly secure data management and communications, and using economical cloud
services with confidence.
CloudMask can provide SaaS users with an easy-to-install browser extension that automatically masks sensitive data
before it enters the 256-bit encryption channel to the data center. When that data arrives at the data center where the 256-
bit protection ends, CloudMask data stays masked.
This process also works in reverse, as in the case when the user requests sensitive data. Here the masked data is double-
encrypted as it moves through the secured communications channel. When it arrives in the browser, the 256-bit encryption
is removed, and CloudMask seamlessly unmasks to present the data in the clear.
Alongside controlling users and their access rights, practice management account owners/administrators have the capacity
to select specific fields to be masked. Not all data needs to be masked and protected, but data categorized as sensitive
personal data, personally identifying, or otherwise confidential, can be selected for automated, seamless masking and
unmasking.
CloudMask Technology in Health Care
Both 1) the growing adoption of Electronic Health Records (EHR) and personal health records and 2) technologies that
ensure better patient safety, improved care and inputs for clinical decision-making are being made possible by the adoption
of cloud technology in health care. It has become critical to ensure that complete medical data is made available to health
care providers irrespective of where the patient or clinician is located.
Doctors and clinics need to access voluminous imagery and patient data. There is also an increasing requirement to share
health care information between physicians. Most clinics do not have the technical expertise to handle such information in
house and will wish to avoid related expenses on hardware, application software and skilled manpower.
Cloud-based medical applications provide an excellent means of catering to these requirements at minimal cost. However,
there are significant security and privacy issues associated with the use of cloud resources to handle health care information.
Concerns of security, privacy, data jurisdiction and compliance are affecting the adoption of cloud technology in health care.
While the cloud offers numerous advantages to patients and health care workers, the government has been very demanding
when it comes to the protection of patients’ personal health information. Very rigid requirements of security and privacy have
been defined by the US Government in the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA
privacy requirements demand that hospitals secure and protect confidential, protected health information. The American
Medical Association states that in some cases, failure to comply with HIPAA requirements can lead to fines that are as high
as $1.5 million.
Besides HIPAA, the Health Information Technology for Economic and Clinical Health (HITECH) Act also controls how
information technology is to be used in the health care industry. The HITECH act also supports HIPAA in protecting medical
data pertaining to individuals. Unfortunately, as reported by CNBC, there are serious shortcomings in the health care industry
when it comes to data security.
As per HIPAA, the data fields that are required to be protected are:
 Names;
 Addresses (all fields smaller than States);
 Dates (except year values) that are related to personal or medical history;
 Fields listing phone numbers, fax numbers, email IDs, etc.;
 Various identifying / indexing numbers such as Social Security Numbers, license numbers, etc., and several
other details.
HIPAA requires breaches to be made public. However, if the data was adequately encrypted and anonymized, then it is
exempt from breach notification requirements.
HIPAA and HITECH provisions can be met if critical parts of medical data being processed, stored or transmitted are
encrypted. Encryption will permit greater use of cloud technology in health care. However, with conventional methods, it is
not possible to process any kind of data that has been encrypted. For example, if you encrypt the date of birth of the patient,
you will not be able to subtract the date of birth from the current date and calculate the age of the patient. If the medicine
being prescribed is encrypted, your software will not be able to check if the patient is allergic to any one of the medicines
being prescribed.
For this processing to take place, encrypted data will have to be decrypted before it is given to the application. If an attacker
has inserted malicious code or obtained access to the application, he will be able to access data during this processing
period when the encryption has been removed. Such fear is holding back greater use of cloud technology in health care.
The solution lies in a unique data protection application that understands how to encrypt data selectively to ensure that it
does not have to be decrypted for processing. For fields that cannot be encrypted, the choice is to opt for tokenization. In
the date example given above, the date of birth would have been replaced by another date value that is not related to the
date of birth of the patient. This will ensure that any operations on the date field will not crash the application. Similarly, if the
name of the medicine being prescribed is replaced by a token, then the allergy check can be carried out without disclosing
the real name of the medicine.
Later, when the data is presented back to the user, the security solution will convert back the token to the original value and
ensure that any data operations carried out are adjusted to give the correct output. This will ensure that data fields that have
very rigidly defined formats can be protected and yet permit processing to be carried out.
Such a security solution also ensures that data is anonymized before being transmitted. Anonymization removes identifying
information from the data and ensures that even if a hacker is able to obtain access to data – either in the cloud or on
premises – the intruder will not know the person to whom the data belongs and therefore the requirement of privacy and
security will have been met.
Therefore, securing sensitive data such as protected health information is a three-step process. Some data can be safely
encrypted using conventional methods. Other data needs to be tokenized or masked, and the complete record has to be
anonymized.
When these actions have been properly implemented, even if the hacker has obtained complete and uninterrupted access
to the database, the intruder will not be able to obtain any meaningful value from the data. In such a situation the health care
provider will not be required to disclose any loss of data and will not attract the penal provisions envisaged under HIPAA.
In many cases, data encryption requires complex and expensive encryption gateways to be installed and major changes to
be made to the application and data that has to be protected. The high cost and complexity of these actions deter many
health care providers from adequately protecting their data. Fortunately, the CloudMask data protection solution is here to
cut through the complexity and the need for help.
CloudMask is a Canadian Cyber Security company that understands these issues in depth. It is our fundamental premise
that there will be an eventual breach in the defenses of any database. We provide data security solutions to protect your
data inside your clinic’s internal networks, on the public network and in public, private and hybrid clouds. Once set up,
CloudMask will recognize which data fields can be encrypted and which fields need to be masked or tokenized so as to
ensure that your applications work exactly as before and your data is never left unprotected – even when it is being
processed.
Our solutions can be deployed rapidly and at minimal cost, taking user privileges into account while ensuring that application
functionality is not impaired in any way. Use any EHR / EMR solution, and CloudMask will provide it complete protection
without your having to modify your application and data in any way.
CloudMask is a major player in the data protection space. We have been recognized for our innovation and have successfully
implemented our solutions for the Government of Canada in one of the most stringent security environments. We have
specialized solutions for the health care industry and can ensure that your organization can work with protected health
information to provide better health care to patients, all while staying fully compliant with HIPAA / HITECH and minimizing
costs. Contact us today to get valuable insights into securing your data whether on your own servers or in the cloud.
From a functional perspective, CloudMask resolves the concerns that executives
might have with respect to using SaaS applications:
1. Each user authorized to access the SaaS account installs a CloudMask browser extension that is activated through a
simple process generating the personal, private and public keys required for the encryption process. What’s more, the
extension can be installed on multiple personal devices, each of which is personalized with a private key. Thus, even if a
username and password are somehow compromised, which under normal circumstances would allow anyone anywhere in
the world to log into the account and see data in the clear, the unauthorized user cannot do so without access to the
specific devices configured with the personalized browser extension.
2. The data stored under care of the data center remains masked while at rest or in motion. Neither the practice
management SaaS vendor, nor CloudMask administrators, nor data center administrators, have keys that can be used to
unmask the data. If the data center suffers a breach (e.g., an unauthorized insider penetrates the database, or a
government agency serves a National Security Letter), data the user has designated as sensitive remains protected.
3. The data stored under care of the data center is masked in such a way (“tokenization”) that anonymizes what was
previously sensitive data. Thus, even if that data is stolen, it is no longer considered sensitive personal information or
personally identifying information, so it no longer falls under data protection regulations or requirements. In other words,
breaches of systems holding tokenized data do not trigger the costly response and remediation efforts associated with
breaches of systems holding sensitive personal information.
The Technical Story
A separate e-book explains the technical details behind this process and the software that automates it, as well as
describing the benefits of encrypting and tokenizing data, which we collectively refer to as “masking.” The e-book also
provides a brief explanation of the well-established public/private key methods used by the encryption process.
Grounded Confidence
CloudMask is unique in having its “CloudMask engine” certified through a Common Criteria for Information Technology
Security Evaluation (Common Criteria) process, which is used by twenty-six federal governments to evaluate security
products for their own use. The process of independent evaluation assesses whether a product’s functional claims live up
to the way it is coded and performs. Many products claim to be “bank-grade” or “military-grade,” both of which are
subjective assessments.
CloudMask is the only data-masking product capable of working with SaaS offers to achieve Common Criteria certification.
More expensive competitors like Cipher Cloud and Ionic have not achieved such objective criteria. Technical advisors can
access CloudMask’s Common Criteria Assessment here.
It’s easy to get started with CloudMask. Visit www.cloudmask.com

Más contenido relacionado

La actualidad más candente

Data Privacy Readiness Test
Data Privacy Readiness TestData Privacy Readiness Test
Data Privacy Readiness TestDruva
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityAhmed Banafa
 
Identified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIdentified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIOSR Journals
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataEMC
 
A Survey on Access Control Scheme for Data in Cloud with Anonymous Authentica...
A Survey on Access Control Scheme for Data in Cloud with Anonymous Authentica...A Survey on Access Control Scheme for Data in Cloud with Anonymous Authentica...
A Survey on Access Control Scheme for Data in Cloud with Anonymous Authentica...IRJET Journal
 
Data centric security key to cloud and digital business
Data centric security key to cloud and digital businessData centric security key to cloud and digital business
Data centric security key to cloud and digital businessUlf Mattsson
 
A Novel Information Accountability Framework for Cloud Computing
A Novel Information Accountability Framework for Cloud ComputingA Novel Information Accountability Framework for Cloud Computing
A Novel Information Accountability Framework for Cloud ComputingIJMER
 
A proficient 5 c approach to boost the security in the saas model's technical...
A proficient 5 c approach to boost the security in the saas model's technical...A proficient 5 c approach to boost the security in the saas model's technical...
A proficient 5 c approach to boost the security in the saas model's technical...ijccsa
 
Protect your confidential information while improving services
Protect your confidential information while improving servicesProtect your confidential information while improving services
Protect your confidential information while improving servicesCloudMask inc.
 
Steven Meister GDPR and Regulatory Compliance and Big Data Excelerator Profes...
Steven Meister GDPR and Regulatory Compliance and Big Data Excelerator Profes...Steven Meister GDPR and Regulatory Compliance and Big Data Excelerator Profes...
Steven Meister GDPR and Regulatory Compliance and Big Data Excelerator Profes...Steven Meister
 
Cloud Security (CASB) for Slack
Cloud Security (CASB) for SlackCloud Security (CASB) for Slack
Cloud Security (CASB) for SlackSachin Yadav
 
McMahon and Associates Cloud Usage Policy Paper
McMahon and Associates Cloud Usage Policy PaperMcMahon and Associates Cloud Usage Policy Paper
McMahon and Associates Cloud Usage Policy PaperMatthew J McMahon
 
aOS Monaco 2019 - S3 - Présentation Varonis - Cloud Data Protection - Benjami...
aOS Monaco 2019 - S3 - Présentation Varonis - Cloud Data Protection - Benjami...aOS Monaco 2019 - S3 - Présentation Varonis - Cloud Data Protection - Benjami...
aOS Monaco 2019 - S3 - Présentation Varonis - Cloud Data Protection - Benjami...aOS Community
 
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...Steven Meister
 
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection   ulf mattsson - oracle nyoug sep ...Practical advice for cloud data protection   ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Ulf Mattsson
 
Isaca journal - bridging the gap between access and security in big data...
Isaca journal  - bridging the gap between access and security in big data...Isaca journal  - bridging the gap between access and security in big data...
Isaca journal - bridging the gap between access and security in big data...Ulf Mattsson
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Preventiondj1arry
 
Varonis - DSS @VILNIUS 2010
Varonis - DSS @VILNIUS 2010Varonis - DSS @VILNIUS 2010
Varonis - DSS @VILNIUS 2010Andris Soroka
 
Is your infrastructure holding you back?
Is your infrastructure holding you back?Is your infrastructure holding you back?
Is your infrastructure holding you back?Gabe Akisanmi
 

La actualidad más candente (20)

Data Privacy Readiness Test
Data Privacy Readiness TestData Privacy Readiness Test
Data Privacy Readiness Test
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Identified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIdentified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud Computing
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud Data
 
A Survey on Access Control Scheme for Data in Cloud with Anonymous Authentica...
A Survey on Access Control Scheme for Data in Cloud with Anonymous Authentica...A Survey on Access Control Scheme for Data in Cloud with Anonymous Authentica...
A Survey on Access Control Scheme for Data in Cloud with Anonymous Authentica...
 
Data centric security key to cloud and digital business
Data centric security key to cloud and digital businessData centric security key to cloud and digital business
Data centric security key to cloud and digital business
 
A Novel Information Accountability Framework for Cloud Computing
A Novel Information Accountability Framework for Cloud ComputingA Novel Information Accountability Framework for Cloud Computing
A Novel Information Accountability Framework for Cloud Computing
 
A proficient 5 c approach to boost the security in the saas model's technical...
A proficient 5 c approach to boost the security in the saas model's technical...A proficient 5 c approach to boost the security in the saas model's technical...
A proficient 5 c approach to boost the security in the saas model's technical...
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Protect your confidential information while improving services
Protect your confidential information while improving servicesProtect your confidential information while improving services
Protect your confidential information while improving services
 
Steven Meister GDPR and Regulatory Compliance and Big Data Excelerator Profes...
Steven Meister GDPR and Regulatory Compliance and Big Data Excelerator Profes...Steven Meister GDPR and Regulatory Compliance and Big Data Excelerator Profes...
Steven Meister GDPR and Regulatory Compliance and Big Data Excelerator Profes...
 
Cloud Security (CASB) for Slack
Cloud Security (CASB) for SlackCloud Security (CASB) for Slack
Cloud Security (CASB) for Slack
 
McMahon and Associates Cloud Usage Policy Paper
McMahon and Associates Cloud Usage Policy PaperMcMahon and Associates Cloud Usage Policy Paper
McMahon and Associates Cloud Usage Policy Paper
 
aOS Monaco 2019 - S3 - Présentation Varonis - Cloud Data Protection - Benjami...
aOS Monaco 2019 - S3 - Présentation Varonis - Cloud Data Protection - Benjami...aOS Monaco 2019 - S3 - Présentation Varonis - Cloud Data Protection - Benjami...
aOS Monaco 2019 - S3 - Présentation Varonis - Cloud Data Protection - Benjami...
 
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
 
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection   ulf mattsson - oracle nyoug sep ...Practical advice for cloud data protection   ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
 
Isaca journal - bridging the gap between access and security in big data...
Isaca journal  - bridging the gap between access and security in big data...Isaca journal  - bridging the gap between access and security in big data...
Isaca journal - bridging the gap between access and security in big data...
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
 
Varonis - DSS @VILNIUS 2010
Varonis - DSS @VILNIUS 2010Varonis - DSS @VILNIUS 2010
Varonis - DSS @VILNIUS 2010
 
Is your infrastructure holding you back?
Is your infrastructure holding you back?Is your infrastructure holding you back?
Is your infrastructure holding you back?
 

Destacado

presentation_Hadoop_File_System
presentation_Hadoop_File_Systempresentation_Hadoop_File_System
presentation_Hadoop_File_SystemBrett Keim
 
E conhecereis a verdade, e a verdade
E conhecereis a verdade, e a verdadeE conhecereis a verdade, e a verdade
E conhecereis a verdade, e a verdadeLuan Augusto Duarte
 
ระบบสารสนเทศสำหรับผู้บริหาร
ระบบสารสนเทศสำหรับผู้บริหารระบบสารสนเทศสำหรับผู้บริหาร
ระบบสารสนเทศสำหรับผู้บริหารPrapon Pimsawat
 
Fauna vertebrada representativa de la Reserva de Producción de Fauna Manglare...
Fauna vertebrada representativa de la Reserva de Producción de Fauna Manglare...Fauna vertebrada representativa de la Reserva de Producción de Fauna Manglare...
Fauna vertebrada representativa de la Reserva de Producción de Fauna Manglare...Dieguito Aslalema
 
Normas de etiqueta en internet
Normas de etiqueta en internetNormas de etiqueta en internet
Normas de etiqueta en internetldssergio
 
CopyofYouTubeMarketingFINALFORLINKEDIN-2
CopyofYouTubeMarketingFINALFORLINKEDIN-2CopyofYouTubeMarketingFINALFORLINKEDIN-2
CopyofYouTubeMarketingFINALFORLINKEDIN-2Jenny Do
 
David Rendón Velarde: E book valor y coraje gracia bajo presión.
David Rendón Velarde: E book  valor y coraje gracia bajo presión.David Rendón Velarde: E book  valor y coraje gracia bajo presión.
David Rendón Velarde: E book valor y coraje gracia bajo presión.David Rendón
 
ملاحظات على استخدام الادوية البيطرية ا د حامد عطية
ملاحظات على استخدام الادوية البيطرية ا د حامد عطيةملاحظات على استخدام الادوية البيطرية ا د حامد عطية
ملاحظات على استخدام الادوية البيطرية ا د حامد عطيةhamed attia
 

Destacado (9)

presentation_Hadoop_File_System
presentation_Hadoop_File_Systempresentation_Hadoop_File_System
presentation_Hadoop_File_System
 
E conhecereis a verdade, e a verdade
E conhecereis a verdade, e a verdadeE conhecereis a verdade, e a verdade
E conhecereis a verdade, e a verdade
 
ระบบสารสนเทศสำหรับผู้บริหาร
ระบบสารสนเทศสำหรับผู้บริหารระบบสารสนเทศสำหรับผู้บริหาร
ระบบสารสนเทศสำหรับผู้บริหาร
 
Fauna vertebrada representativa de la Reserva de Producción de Fauna Manglare...
Fauna vertebrada representativa de la Reserva de Producción de Fauna Manglare...Fauna vertebrada representativa de la Reserva de Producción de Fauna Manglare...
Fauna vertebrada representativa de la Reserva de Producción de Fauna Manglare...
 
Porter_NMJ
Porter_NMJPorter_NMJ
Porter_NMJ
 
Normas de etiqueta en internet
Normas de etiqueta en internetNormas de etiqueta en internet
Normas de etiqueta en internet
 
CopyofYouTubeMarketingFINALFORLINKEDIN-2
CopyofYouTubeMarketingFINALFORLINKEDIN-2CopyofYouTubeMarketingFINALFORLINKEDIN-2
CopyofYouTubeMarketingFINALFORLINKEDIN-2
 
David Rendón Velarde: E book valor y coraje gracia bajo presión.
David Rendón Velarde: E book  valor y coraje gracia bajo presión.David Rendón Velarde: E book  valor y coraje gracia bajo presión.
David Rendón Velarde: E book valor y coraje gracia bajo presión.
 
ملاحظات على استخدام الادوية البيطرية ا د حامد عطية
ملاحظات على استخدام الادوية البيطرية ا د حامد عطيةملاحظات على استخدام الادوية البيطرية ا د حامد عطية
ملاحظات على استخدام الادوية البيطرية ا د حامد عطية
 

Similar a Securing sensitive data for the health care industry

Global Security Certification for Governments
Global Security Certification for GovernmentsGlobal Security Certification for Governments
Global Security Certification for GovernmentsCloudMask inc.
 
eBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data GovernanceeBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data GovernanceKim Cook
 
Is data sovereignty the answer to cloud computing risks
Is data sovereignty the answer to cloud computing risksIs data sovereignty the answer to cloud computing risks
Is data sovereignty the answer to cloud computing risksCloudMask inc.
 
Cloud computing - Assessing the Security Risks - Jared Carstensen
Cloud computing - Assessing the Security Risks - Jared CarstensenCloud computing - Assessing the Security Risks - Jared Carstensen
Cloud computing - Assessing the Security Risks - Jared Carstensenjaredcarst
 
SaaS Security.pptx
SaaS Security.pptxSaaS Security.pptx
SaaS Security.pptxchelsi33
 
saassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdfsaassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdfSahilSingh316535
 
9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloud9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloudkairostech
 
10 Tips for CIOS Data Security in the Cloud
10 Tips for CIOS Data Security in the Cloud10 Tips for CIOS Data Security in the Cloud
10 Tips for CIOS Data Security in the CloudIron Mountain
 
Hybrid & Multi-cloud Environment.pdf
Hybrid & Multi-cloud Environment.pdfHybrid & Multi-cloud Environment.pdf
Hybrid & Multi-cloud Environment.pdfmanoharparakh
 
What is Cloud Security and How it Works?
What is Cloud Security and How it Works?What is Cloud Security and How it Works?
What is Cloud Security and How it Works?Paul Wood
 
Security and the cloud
Security and the cloudSecurity and the cloud
Security and the cloudFREVVO
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudKumar Goud
 
Asset 1 security-in-the-cloud
Asset 1 security-in-the-cloudAsset 1 security-in-the-cloud
Asset 1 security-in-the-clouddrewz lin
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDSweta Kumari Barnwal
 
Cloud computing seminar report
Cloud computing seminar reportCloud computing seminar report
Cloud computing seminar reportshafzonly
 
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix LLC
 
Research Report on Preserving Data Confidentiality & Data Integrity in ...
Research Report on Preserving  Data  Confidentiality  &  Data  Integrity  in ...Research Report on Preserving  Data  Confidentiality  &  Data  Integrity  in ...
Research Report on Preserving Data Confidentiality & Data Integrity in ...Manish Sahani
 

Similar a Securing sensitive data for the health care industry (20)

Global Security Certification for Governments
Global Security Certification for GovernmentsGlobal Security Certification for Governments
Global Security Certification for Governments
 
eBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data GovernanceeBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data Governance
 
Is data sovereignty the answer to cloud computing risks
Is data sovereignty the answer to cloud computing risksIs data sovereignty the answer to cloud computing risks
Is data sovereignty the answer to cloud computing risks
 
Cloud computing - Assessing the Security Risks - Jared Carstensen
Cloud computing - Assessing the Security Risks - Jared CarstensenCloud computing - Assessing the Security Risks - Jared Carstensen
Cloud computing - Assessing the Security Risks - Jared Carstensen
 
Fy17 sec shadow_it-e_book_final_032417
Fy17 sec shadow_it-e_book_final_032417Fy17 sec shadow_it-e_book_final_032417
Fy17 sec shadow_it-e_book_final_032417
 
4.5.cloud security
4.5.cloud security4.5.cloud security
4.5.cloud security
 
SaaS Security.pptx
SaaS Security.pptxSaaS Security.pptx
SaaS Security.pptx
 
saassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdfsaassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdf
 
9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloud9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloud
 
10 Tips for CIOS Data Security in the Cloud
10 Tips for CIOS Data Security in the Cloud10 Tips for CIOS Data Security in the Cloud
10 Tips for CIOS Data Security in the Cloud
 
Hybrid & Multi-cloud Environment.pdf
Hybrid & Multi-cloud Environment.pdfHybrid & Multi-cloud Environment.pdf
Hybrid & Multi-cloud Environment.pdf
 
What is Cloud Security and How it Works?
What is Cloud Security and How it Works?What is Cloud Security and How it Works?
What is Cloud Security and How it Works?
 
Security and the cloud
Security and the cloudSecurity and the cloud
Security and the cloud
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the Cloud
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safe
 
Asset 1 security-in-the-cloud
Asset 1 security-in-the-cloudAsset 1 security-in-the-cloud
Asset 1 security-in-the-cloud
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUD
 
Cloud computing seminar report
Cloud computing seminar reportCloud computing seminar report
Cloud computing seminar report
 
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdf
 
Research Report on Preserving Data Confidentiality & Data Integrity in ...
Research Report on Preserving  Data  Confidentiality  &  Data  Integrity  in ...Research Report on Preserving  Data  Confidentiality  &  Data  Integrity  in ...
Research Report on Preserving Data Confidentiality & Data Integrity in ...
 

Más de CloudMask inc.

Case Study - Global Collaboration Multidisciplinary Professional Services
Case Study - Global Collaboration Multidisciplinary Professional ServicesCase Study - Global Collaboration Multidisciplinary Professional Services
Case Study - Global Collaboration Multidisciplinary Professional ServicesCloudMask inc.
 
Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)CloudMask inc.
 
Renewed Context for the Defense and Security Sector
Renewed Context for the Defense and Security SectorRenewed Context for the Defense and Security Sector
Renewed Context for the Defense and Security SectorCloudMask inc.
 
Improve service while cutting cost
Improve service while cutting costImprove service while cutting cost
Improve service while cutting costCloudMask inc.
 
Protect your data against the Risk of unauthorized intrusions
Protect your data against the Risk of unauthorized intrusionsProtect your data against the Risk of unauthorized intrusions
Protect your data against the Risk of unauthorized intrusionsCloudMask inc.
 
Data breaach mitigation
Data breaach mitigationData breaach mitigation
Data breaach mitigationCloudMask inc.
 
Securing data in the cloud: A challenge for UK Law Firms
Securing data in the cloud: A challenge for UK Law FirmsSecuring data in the cloud: A challenge for UK Law Firms
Securing data in the cloud: A challenge for UK Law FirmsCloudMask inc.
 

Más de CloudMask inc. (7)

Case Study - Global Collaboration Multidisciplinary Professional Services
Case Study - Global Collaboration Multidisciplinary Professional ServicesCase Study - Global Collaboration Multidisciplinary Professional Services
Case Study - Global Collaboration Multidisciplinary Professional Services
 
Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)
 
Renewed Context for the Defense and Security Sector
Renewed Context for the Defense and Security SectorRenewed Context for the Defense and Security Sector
Renewed Context for the Defense and Security Sector
 
Improve service while cutting cost
Improve service while cutting costImprove service while cutting cost
Improve service while cutting cost
 
Protect your data against the Risk of unauthorized intrusions
Protect your data against the Risk of unauthorized intrusionsProtect your data against the Risk of unauthorized intrusions
Protect your data against the Risk of unauthorized intrusions
 
Data breaach mitigation
Data breaach mitigationData breaach mitigation
Data breaach mitigation
 
Securing data in the cloud: A challenge for UK Law Firms
Securing data in the cloud: A challenge for UK Law FirmsSecuring data in the cloud: A challenge for UK Law Firms
Securing data in the cloud: A challenge for UK Law Firms
 

Último

BODYPACK DIGITAL TECHNOLOGY STACK - 2024
BODYPACK DIGITAL TECHNOLOGY STACK - 2024BODYPACK DIGITAL TECHNOLOGY STACK - 2024
BODYPACK DIGITAL TECHNOLOGY STACK - 2024Andri H.
 
Checklist to troubleshoot CD moisture profiles.docx
Checklist to troubleshoot CD moisture profiles.docxChecklist to troubleshoot CD moisture profiles.docx
Checklist to troubleshoot CD moisture profiles.docxNoman khan
 
HHUG-03-2024-Impactful-Reporting-in-HubSpot.pptx
HHUG-03-2024-Impactful-Reporting-in-HubSpot.pptxHHUG-03-2024-Impactful-Reporting-in-HubSpot.pptx
HHUG-03-2024-Impactful-Reporting-in-HubSpot.pptxHampshireHUG
 
AI-based audio transcription solutions (IDP)
AI-based audio transcription solutions (IDP)AI-based audio transcription solutions (IDP)
AI-based audio transcription solutions (IDP)KapilVaidya4
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceMartin Humpolec
 
LinkedIn optimization Gunjan Dhir .pptx
LinkedIn optimization Gunjan Dhir .pptxLinkedIn optimization Gunjan Dhir .pptx
LinkedIn optimization Gunjan Dhir .pptxGunjan Dhir
 
20200723_insight_release_plan
20200723_insight_release_plan20200723_insight_release_plan
20200723_insight_release_planJamie (Taka) Wang
 
LLM Threats: Prompt Injections and Jailbreak Attacks
LLM Threats: Prompt Injections and Jailbreak AttacksLLM Threats: Prompt Injections and Jailbreak Attacks
LLM Threats: Prompt Injections and Jailbreak AttacksThien Q. Tran
 
Dev Dives: Master advanced authentication and performance in Productivity Act...
Dev Dives: Master advanced authentication and performance in Productivity Act...Dev Dives: Master advanced authentication and performance in Productivity Act...
Dev Dives: Master advanced authentication and performance in Productivity Act...UiPathCommunity
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxYounusS2
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?SANGHEE SHIN
 
DS Lesson 2 - Subsets, Supersets and Power Set.pdf
DS Lesson 2 - Subsets, Supersets and Power Set.pdfDS Lesson 2 - Subsets, Supersets and Power Set.pdf
DS Lesson 2 - Subsets, Supersets and Power Set.pdfROWELL MARQUINA
 
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...Precisely
 
Unleashing the power of AI in UiPath Studio with UiPath Autopilot.
Unleashing the power of AI in UiPath Studio with UiPath Autopilot.Unleashing the power of AI in UiPath Studio with UiPath Autopilot.
Unleashing the power of AI in UiPath Studio with UiPath Autopilot.DianaGray10
 
ict grade 12 lesson 2 sinhala medium notes pdf
ict grade 12 lesson 2 sinhala medium notes pdfict grade 12 lesson 2 sinhala medium notes pdf
ict grade 12 lesson 2 sinhala medium notes pdfruhisiya9
 
Retrofitting for the Built Environment - IES
Retrofitting for the Built Environment - IESRetrofitting for the Built Environment - IES
Retrofitting for the Built Environment - IESIES VE
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 

Último (20)

BODYPACK DIGITAL TECHNOLOGY STACK - 2024
BODYPACK DIGITAL TECHNOLOGY STACK - 2024BODYPACK DIGITAL TECHNOLOGY STACK - 2024
BODYPACK DIGITAL TECHNOLOGY STACK - 2024
 
Checklist to troubleshoot CD moisture profiles.docx
Checklist to troubleshoot CD moisture profiles.docxChecklist to troubleshoot CD moisture profiles.docx
Checklist to troubleshoot CD moisture profiles.docx
 
HHUG-03-2024-Impactful-Reporting-in-HubSpot.pptx
HHUG-03-2024-Impactful-Reporting-in-HubSpot.pptxHHUG-03-2024-Impactful-Reporting-in-HubSpot.pptx
HHUG-03-2024-Impactful-Reporting-in-HubSpot.pptx
 
AI-based audio transcription solutions (IDP)
AI-based audio transcription solutions (IDP)AI-based audio transcription solutions (IDP)
AI-based audio transcription solutions (IDP)
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your Salesforce
 
LinkedIn optimization Gunjan Dhir .pptx
LinkedIn optimization Gunjan Dhir .pptxLinkedIn optimization Gunjan Dhir .pptx
LinkedIn optimization Gunjan Dhir .pptx
 
20200723_insight_release_plan
20200723_insight_release_plan20200723_insight_release_plan
20200723_insight_release_plan
 
LLM Threats: Prompt Injections and Jailbreak Attacks
LLM Threats: Prompt Injections and Jailbreak AttacksLLM Threats: Prompt Injections and Jailbreak Attacks
LLM Threats: Prompt Injections and Jailbreak Attacks
 
Dev Dives: Master advanced authentication and performance in Productivity Act...
Dev Dives: Master advanced authentication and performance in Productivity Act...Dev Dives: Master advanced authentication and performance in Productivity Act...
Dev Dives: Master advanced authentication and performance in Productivity Act...
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptx
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?
 
DS Lesson 2 - Subsets, Supersets and Power Set.pdf
DS Lesson 2 - Subsets, Supersets and Power Set.pdfDS Lesson 2 - Subsets, Supersets and Power Set.pdf
DS Lesson 2 - Subsets, Supersets and Power Set.pdf
 
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
 
Unleashing the power of AI in UiPath Studio with UiPath Autopilot.
Unleashing the power of AI in UiPath Studio with UiPath Autopilot.Unleashing the power of AI in UiPath Studio with UiPath Autopilot.
Unleashing the power of AI in UiPath Studio with UiPath Autopilot.
 
ict grade 12 lesson 2 sinhala medium notes pdf
ict grade 12 lesson 2 sinhala medium notes pdfict grade 12 lesson 2 sinhala medium notes pdf
ict grade 12 lesson 2 sinhala medium notes pdf
 
Retrofitting for the Built Environment - IES
Retrofitting for the Built Environment - IESRetrofitting for the Built Environment - IES
Retrofitting for the Built Environment - IES
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 

Securing sensitive data for the health care industry

  • 1. CloudMask thinks differently in the secure-cloud landscape. Securing sensitive data for the health care industry The economic value proposition of Software as a Service (SaaS) is undeniable. SaaS is disrupting industry after industry, making accessible to sole proprietors and small businesses software functionality that historically required significant investment in hardware, software, and annual maintenance fees. This, in turn, is making smaller players even more agile and efficient than they used to be, allowing them to run competitive circles around larger or laggard players. The good news is that rich software functionality is often available for less than $100 per month, enabling high levels of business management and administrative efficiencies. The bad news is that the tempting sky of cloud and SaaS computing is filled with thunderclouds of cybersecurity concerns. Despite the best efforts of traditional cybersecurity experts, the adoption of cloud computing has been accompanied by an ever-growing number of egregious data breaches. These breaches damage brands and drive up significant costs for investigations, notification, and identity-theft protection for clients whose personal information has drifted into malicious hands. So, what’s going on? Why do even the largest enterprises struggle with securing their data? Wouldn’t the National Security Agency be one of the most rigorous security practitioners in the world? What leaks have we not yet detected? One thought leader at a major global cybersecurity consultancy explained it like this: “We’re trying to examine every packet that flows across the perimeter of the network and notice IP addresses that don’t make sense. This is incredibly hard. There’s a ridiculous amount of data, and we’ve entered an age where the network no longer has clear boundaries. We really haven’t solved that problem.” What is the problem? The problem lies in the way traditional security thinkers have defined the problem. They’re working with a castle-and-moat metaphor, where the internal network is protected with a set of security rings. Each ring, however, has costly hardware and software searching for malevolent inbound and outbound data. But it’s like looking for needles in a haystack. And even if security experts are successful at protecting the perimeter, there is little protection against insiders (employees or others with access to the internal network). Securing sensitive data for the health care industry
  • 2. CloudMask thinks differently. We see the problem in simpler terms: protecting sensitive data and ensuring that only authorized users, using known devices, can see data in the clear. We’re happy to let the traditional security experts work on their perimeters, knowing that when they fail, our customers’ data remains secure. And, in contrast with products designed for big enterprises, we’ve created a solution that can be installed, configured, and afforded by small businesses without IT staff. The SaaS Security Problem – Simplified SaaS applications use best-practice security protocols and rely on their cloud provider to secure the infrastructure the application runs on. One vendor explains it this way: “We ensure that your communications are secure using bank-grade 256-bit SSL encryption. All of our infrastructure is hosted using physically secure, managed data centers that meet the rigid SSAE 16 specifications. Geo-redundant backups are performed multiple times per day, and site security and privacy are routinely audited by respected third parties.” By means of 256-bit SSL encryption, the connection between your browser or app and database servers is secured. When you submit a query or update, the data is encrypted as it transits the internet. Once the data reaches the data center, it is decrypted for insertion into the app’s database. The data center itself (e.g., Amazon Web Services) has a rigorous set of security controls and protocols, meaning that only employees with the proper identification and access passwords can physically or virtually access the servers that hold the application’s data. SSAE 16 is a standard according to which data centers are audited for their degree of compliance with policy. There are three vulnerabilities that should concern executives: 1. Anyone who tricks a user into revealing their username and password can impersonate that user and log in from any browser in the world. Such a hacker can impersonate the user and perform administrator functions. You don’t have to be a fool to have this happen to you. Even a sophisticated user like CIA Director John Brennan has fallen prey to high school-age hackers. 2. Any insider (employee of the data center) can turn from “good” to “bad” overnight or have their credentials stolen, meaning that an authorized system administrator could access application data for malevolent purposes. Insiders don’t need to be “bad” to present a threat. They can simply be careless. A recent report on cybersecurity suggests that less than 50 percent of organizations have adequate policies in place to mitigate insider-threat risks. The challenge here is that executives depend on their SaaS provider, who in turn rely on their cloud service providers to maintain security hygiene. That’s a lot of blind faith. 3. Governments have the desire, capacity and experience to tap into the cloud-service providers who hold the world’s data. The problem here is manifold. On the one hand, the government can access specific information based on a warrant. On the other hand, it is an entirely different matter to access everything on an as-needs basis, under cover of National Security Letters or their equivalent. Despite their best efforts to security screen and oversee intelligence and law enforcement operations, the government also falls prey to “trusted” staff performing unauthorized actions. These vulnerabilities impact the firm’s liability for data breaches and the capacity to deliver on a promise of client confidentiality and privacy. In storing sensitive personal and other data, the firm is considered a data controller. As a data controller, the firm is subject to a variety of data protection laws and regulations. Such regulations increasingly create a costly burden to notify individuals affected by data breaches and to purchase several years of identity-theft protection. Emerging European laws impose heavy fines on firms who violate data protection regulations.
  • 3. If you think the solution is not to use cloud, think again. The concerns outlined above have caused many organizations to have misgivings about adopting cloud-based solutions, presuming that an on-premise solution (a server running in your office) is safer. Unfortunately, that is not the case. Your office or server room isn’t nearly as secure as an access-controlled data center. CloudMask: a silver lining for SaaS CloudMask addresses these vulnerabilities in a way that enables executives to immunize their firms against data- breaches, differentiate by offering highly secure data management and communications, and using economical cloud services with confidence. CloudMask can provide SaaS users with an easy-to-install browser extension that automatically masks sensitive data before it enters the 256-bit encryption channel to the data center. When that data arrives at the data center where the 256- bit protection ends, CloudMask data stays masked. This process also works in reverse, as in the case when the user requests sensitive data. Here the masked data is double- encrypted as it moves through the secured communications channel. When it arrives in the browser, the 256-bit encryption is removed, and CloudMask seamlessly unmasks to present the data in the clear. Alongside controlling users and their access rights, practice management account owners/administrators have the capacity to select specific fields to be masked. Not all data needs to be masked and protected, but data categorized as sensitive personal data, personally identifying, or otherwise confidential, can be selected for automated, seamless masking and unmasking. CloudMask Technology in Health Care Both 1) the growing adoption of Electronic Health Records (EHR) and personal health records and 2) technologies that ensure better patient safety, improved care and inputs for clinical decision-making are being made possible by the adoption of cloud technology in health care. It has become critical to ensure that complete medical data is made available to health care providers irrespective of where the patient or clinician is located. Doctors and clinics need to access voluminous imagery and patient data. There is also an increasing requirement to share health care information between physicians. Most clinics do not have the technical expertise to handle such information in house and will wish to avoid related expenses on hardware, application software and skilled manpower. Cloud-based medical applications provide an excellent means of catering to these requirements at minimal cost. However, there are significant security and privacy issues associated with the use of cloud resources to handle health care information. Concerns of security, privacy, data jurisdiction and compliance are affecting the adoption of cloud technology in health care. While the cloud offers numerous advantages to patients and health care workers, the government has been very demanding when it comes to the protection of patients’ personal health information. Very rigid requirements of security and privacy have been defined by the US Government in the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA privacy requirements demand that hospitals secure and protect confidential, protected health information. The American Medical Association states that in some cases, failure to comply with HIPAA requirements can lead to fines that are as high as $1.5 million. Besides HIPAA, the Health Information Technology for Economic and Clinical Health (HITECH) Act also controls how information technology is to be used in the health care industry. The HITECH act also supports HIPAA in protecting medical data pertaining to individuals. Unfortunately, as reported by CNBC, there are serious shortcomings in the health care industry when it comes to data security.
  • 4. As per HIPAA, the data fields that are required to be protected are:  Names;  Addresses (all fields smaller than States);  Dates (except year values) that are related to personal or medical history;  Fields listing phone numbers, fax numbers, email IDs, etc.;  Various identifying / indexing numbers such as Social Security Numbers, license numbers, etc., and several other details. HIPAA requires breaches to be made public. However, if the data was adequately encrypted and anonymized, then it is exempt from breach notification requirements. HIPAA and HITECH provisions can be met if critical parts of medical data being processed, stored or transmitted are encrypted. Encryption will permit greater use of cloud technology in health care. However, with conventional methods, it is not possible to process any kind of data that has been encrypted. For example, if you encrypt the date of birth of the patient, you will not be able to subtract the date of birth from the current date and calculate the age of the patient. If the medicine being prescribed is encrypted, your software will not be able to check if the patient is allergic to any one of the medicines being prescribed. For this processing to take place, encrypted data will have to be decrypted before it is given to the application. If an attacker has inserted malicious code or obtained access to the application, he will be able to access data during this processing period when the encryption has been removed. Such fear is holding back greater use of cloud technology in health care. The solution lies in a unique data protection application that understands how to encrypt data selectively to ensure that it does not have to be decrypted for processing. For fields that cannot be encrypted, the choice is to opt for tokenization. In the date example given above, the date of birth would have been replaced by another date value that is not related to the date of birth of the patient. This will ensure that any operations on the date field will not crash the application. Similarly, if the name of the medicine being prescribed is replaced by a token, then the allergy check can be carried out without disclosing the real name of the medicine. Later, when the data is presented back to the user, the security solution will convert back the token to the original value and ensure that any data operations carried out are adjusted to give the correct output. This will ensure that data fields that have very rigidly defined formats can be protected and yet permit processing to be carried out. Such a security solution also ensures that data is anonymized before being transmitted. Anonymization removes identifying information from the data and ensures that even if a hacker is able to obtain access to data – either in the cloud or on premises – the intruder will not know the person to whom the data belongs and therefore the requirement of privacy and security will have been met. Therefore, securing sensitive data such as protected health information is a three-step process. Some data can be safely encrypted using conventional methods. Other data needs to be tokenized or masked, and the complete record has to be anonymized. When these actions have been properly implemented, even if the hacker has obtained complete and uninterrupted access to the database, the intruder will not be able to obtain any meaningful value from the data. In such a situation the health care provider will not be required to disclose any loss of data and will not attract the penal provisions envisaged under HIPAA. In many cases, data encryption requires complex and expensive encryption gateways to be installed and major changes to be made to the application and data that has to be protected. The high cost and complexity of these actions deter many health care providers from adequately protecting their data. Fortunately, the CloudMask data protection solution is here to cut through the complexity and the need for help.
  • 5. CloudMask is a Canadian Cyber Security company that understands these issues in depth. It is our fundamental premise that there will be an eventual breach in the defenses of any database. We provide data security solutions to protect your data inside your clinic’s internal networks, on the public network and in public, private and hybrid clouds. Once set up, CloudMask will recognize which data fields can be encrypted and which fields need to be masked or tokenized so as to ensure that your applications work exactly as before and your data is never left unprotected – even when it is being processed. Our solutions can be deployed rapidly and at minimal cost, taking user privileges into account while ensuring that application functionality is not impaired in any way. Use any EHR / EMR solution, and CloudMask will provide it complete protection without your having to modify your application and data in any way. CloudMask is a major player in the data protection space. We have been recognized for our innovation and have successfully implemented our solutions for the Government of Canada in one of the most stringent security environments. We have specialized solutions for the health care industry and can ensure that your organization can work with protected health information to provide better health care to patients, all while staying fully compliant with HIPAA / HITECH and minimizing costs. Contact us today to get valuable insights into securing your data whether on your own servers or in the cloud. From a functional perspective, CloudMask resolves the concerns that executives might have with respect to using SaaS applications: 1. Each user authorized to access the SaaS account installs a CloudMask browser extension that is activated through a simple process generating the personal, private and public keys required for the encryption process. What’s more, the extension can be installed on multiple personal devices, each of which is personalized with a private key. Thus, even if a username and password are somehow compromised, which under normal circumstances would allow anyone anywhere in the world to log into the account and see data in the clear, the unauthorized user cannot do so without access to the specific devices configured with the personalized browser extension. 2. The data stored under care of the data center remains masked while at rest or in motion. Neither the practice management SaaS vendor, nor CloudMask administrators, nor data center administrators, have keys that can be used to unmask the data. If the data center suffers a breach (e.g., an unauthorized insider penetrates the database, or a government agency serves a National Security Letter), data the user has designated as sensitive remains protected. 3. The data stored under care of the data center is masked in such a way (“tokenization”) that anonymizes what was previously sensitive data. Thus, even if that data is stolen, it is no longer considered sensitive personal information or personally identifying information, so it no longer falls under data protection regulations or requirements. In other words, breaches of systems holding tokenized data do not trigger the costly response and remediation efforts associated with breaches of systems holding sensitive personal information. The Technical Story A separate e-book explains the technical details behind this process and the software that automates it, as well as describing the benefits of encrypting and tokenizing data, which we collectively refer to as “masking.” The e-book also provides a brief explanation of the well-established public/private key methods used by the encryption process. Grounded Confidence CloudMask is unique in having its “CloudMask engine” certified through a Common Criteria for Information Technology Security Evaluation (Common Criteria) process, which is used by twenty-six federal governments to evaluate security products for their own use. The process of independent evaluation assesses whether a product’s functional claims live up to the way it is coded and performs. Many products claim to be “bank-grade” or “military-grade,” both of which are subjective assessments. CloudMask is the only data-masking product capable of working with SaaS offers to achieve Common Criteria certification. More expensive competitors like Cipher Cloud and Ionic have not achieved such objective criteria. Technical advisors can access CloudMask’s Common Criteria Assessment here. It’s easy to get started with CloudMask. Visit www.cloudmask.com