Top 5 Cloud Security Threats in Healthcare
•Download as PPTX, PDF•
1 like•257 views
As more healthcare organizations move to the cloud, IT leaders must consider new solutions, like CASBs, to mitigate new threats that arise.
More Related Content
What's hot
What's hot (20)
Similar to Top 5 Cloud Security Threats in Healthcare
Similar to Top 5 Cloud Security Threats in Healthcare (20)
More from Bitglass
More from Bitglass (20)
Recently uploaded
Recently uploaded (20)
Top 5 Cloud Security Threats in Healthcare
- 1. webinar sept 7 2016 top 5 cloud threats facing healthcare firms
- 2. STORYBOAR enterprise (CASB) end-user devices visibility & analytics data protection identity & access control application storage servers network enterprise vs app vendor security responsibilities the data blind spot app vendor
- 3. poll: how are you securing data in your org?
- 4. 1: external sharing ■ Made easier by cloud apps ■ Can result in costly PHI leaks and HIPAA violations ■ Challenge is to enable sharing while maintaining control over sensitive data
- 5. STORYBOAR limit external sharing with a casb cloud access security brokers are the go-to solution for API controls ■ Cloud APIs allow for control over file sharing ■ How can enterprises know what content to block, what to limit, and what to allow? ■ Robust cloud DLP solutions are context and content aware
- 6. 2: compromised credentials ■ Privileged users, among others, have access to all corporate data ■ Healthcare orgs need a means to identify risky logins ■ Cloud apps have made identity a critical piece of the security puzzle
- 7. STORYBOAR integrated identity management centralized identity is key to securing data ■ CASBs offer integrated identity management across apps ■ Limit potential breaches with step-up multi- factor auth for high risk logins
- 8. 3: lost and stolen devices ■ The most common cause of breach events in the healthcare sector ■ What recourse do healthcare orgs have once data is lost ■ BYOD/unmanaged devices pose a new threat
- 9. 4: unmanaged device access ■ IT must enable secure access to cloud apps from any device ■ BYOD poses a threat to data security due to a lack of visibility and control after download ■ CASBs accommodate user BYOD demands and IT security needs without agents
- 10. 5: unsanctioned apps ■ Blocking access forces employees to work around IT ■ First step is discovering Shadow IT usage ■ Technical controls like firewalls and proxies are effective ■ Written policies aren’t as effective
- 11. STORYBOAR identify unsanctioned apps with casb discovery gain visibility into your org’s cloud usage ■ Understand risk profiles of frequently used apps ■ Intelligent, time-saving alerts out of the box ■ UEBA enables IT to proactively identify threats
- 12. top threats: 1: external sharing ■ use API-based controls and DLP to identify and limit sharing of sensitive data 2: compromised credentials ■ cross-app identity solutions can force step up auth in risky contexts 3: lost and stolen devices ■ choose a solution that protects data on all devices, managed and unmanaged 4: unmanaged device access ■ routing users through a proxy can provide secure access 5: unsanctioned applications ■ identify risky destinations without complex setup
- 13. poll: what are your casb deployment plans?
- 14. STORYBOAR casb security a data-centric approach ■ Cloud data doesn’t exist only “in the cloud” ■ IT must protect data at access and on any device ○ Granular DLP ○ Context-aware to distinguish between users, device type, more ○ Device controls on mobile
- 15. STORYBOA how casb security works api ■ visibility + control over sharing reverse proxy ■ unmanaged device controls without agents activesync proxy ■ secure email, calendar, etc on any mobile device ■ device level security - wipe, encryption, PIN etc
- 16. STORYBOAR managed devices application access access control data protection unmanaged devices / byod in the cloud Forward Proxy ActiveSync Proxy Device Profile: Pass ● Email ● Browser ● OneDrive Sync ● Full Access Reverse Proxy + AJAX VM ActiveSync Proxy ● DLP/DRM/encryption ● Device controls API Control External Sharing Blocked ● Block external shares ● Alert on DLP events Device Profile: Fail ● Mobile Email ● Browser ● Contextual multi-factor auth typical use case hybrid CASBs provide real-time protection on any device
- 17. STORYBOAR secure office 365 + byod challenge: ■ Inadequate native O365 security ■ Controlled access from any device ■ Limit external sharing ■ Interoperable with existing infrastructure, e.g. Bluecoat, ADFS solution: ■ Real-time data visibility and control powered by Citadel ■ DLP policy enforcement at upload or download ■ Quarantine externally-shared sensitive files in cloud ■ Controlled unmanaged device access via Omni fortune 50 healthcare firm
- 18. STORYBOAR challenge: ■ Existing solution, AT&T Toggle, was obsolete ■ HIPAA compliant BYOD ■ Migration path to Office 365 solution: ■ Agentless deployment ■ Preservation of employee privacy ■ DLP of PII, PCI & PHI ■ Selective wipe; device PIN & encryption ■ Improved mobility for care providers major US hospital system secure office 365 + byod
- 20. resources: more info about cloud security ■ whitepaper: definitive guide to casbs ■ case study: fortune 100 healthcare firm secures o365 ■ infographic: cloud adoption in healthcare
Editor's Notes
- DLP firewall proxy-based solution device management
- Competition: Skyhigh, Netskope, Adallom
- in: CA, NY, MA, IL, N Founded: Jan 2013/ HQ: Campbell, CA/ Employees: 50/ Funding: $35M, Tier 1 Venture Capital Firms