- Organizations are constantly looking for ways to gain more control over healthcare cloud security. Putting PHI into the hands of cloud service providers (CSPs) involves a high level of trust.
CSPs understand the need for heightened security and control over healthcare cloud environments so adding bring-you-own-key (BYOK) capabilities into the healthcare space can give IT administrators the opportunity to gain control and customization options over data security.
BYOK, also known as bring-your-own-encryption, allows organizations to use their own encryption software to protect their data in the cloud. CSPs typically provide encryption to their customers, but with more data being stored in and retrieved from the cloud, organizations may be looking for a unique way to encrypt their data. If there is a large hack on a major CSP their data will be protected, and they can take individual action to protect the healthcare data.
Traditionally, CSPs have the responsibility of managing cloud encryption keys. Under this model, organizations had to contact their vendor for both large and small disruptions or to communicate routine key updates. There was always a risk when IT employees left the organization and were no longer authorized to handle data.
BYOK lets organizations manage their own encryption keys. All data and applications hosted in the cloud will be processed by the encryption software as it’s being communicated. This took time which slowed organizations from sometimes taking immediate action against cyberattacks.
Many of the most popular CSPs have BYOK options that healthcare organizations can utilize, including Google, Amazon Web Services (AWS), and Microsoft Azure.
Azure and Change Healthcare announced their partnership for a healthcare specific BYOK solution at this year’s Microsoft Inspire conference. Change Healthcare Security Management is an episode analytics suite that runs on Azure. The tool gives organizations more precise control over their cloud security as more healthcare data is being stored and accessed via the cloud.
“Hospitals, payers, and providers are under constant attack from a global network of cybercriminals using advanced and evasive techniques to penetrate networks, steal data, extort healthcare organizations, and capitalize on the personal health information of patients,” Change Healthcare CIO Haddon Bennett said in a statement.
“It is of paramount importance that sensitive data be protected by proper encryption that is fully controlled by the payer or provider,” he continued, “so they can mitigate both insider and external threats on their own terms. This is a significant advancement that reduces the risk profile for all healthcare stakeholders, including health plan members and patients.”
The Change Healthcare Security Management suite allows organizations to create, update, and revoke encryption keys so they can respond to threats or implement updates much faster. The solution also includes a virtual “kill switch” that will instantly block all users from accessing protected data. While this may cause a workflow disruption, cutting off access to data can help protect PHI from being stolen by a hacker or block a hacker from taking control of the network.
More control over network security should lead to organizations having increased network visibility, but they can’t afford to task IT to be the last line of defense for a network. The amount of data and digital tools currently used in health IT infrastructure exposes vulnerable surface area to threats.
People are error-prone, with stress and fatigue increasing the likelihood of mistakes. The control afforded by BYOK must be considered realistically against resources and staff expertise. Adding one more duty to a staff already stretched too thin can lead to data breaches when encryption key management ignored.
Organizations lacking resources or those looking to gain control over their data without burdening staff with another task should consider adding a layer of automation to their encryption solution. Automating a BYOK solution will give organizations the ability to control the encryption key as they need, while letting the machine take car of mundane update and security checks.
The utilization of cloud and increased use of digital tools calls for upgraded security. Organizations need to have full view of their network and a security solution that they are confident in. BYOK offers a way for organizations to utilize the cloud while protecting themselves from outside threats.