hipaa requirements for complete cloud security
TRANSCRIPT
![Page 1: HIPAA Requirements for Complete Cloud Security](https://reader035.vdocuments.net/reader035/viewer/2022062900/58d1d2e61a28ab66108b47e3/html5/thumbnails/1.jpg)
STORYBOARDS
![Page 2: HIPAA Requirements for Complete Cloud Security](https://reader035.vdocuments.net/reader035/viewer/2022062900/58d1d2e61a28ab66108b47e3/html5/thumbnails/2.jpg)
STORYBOARDS
8%of healthcare orgs
had cloud apps deployed in 2014
37%of healthcare orgs
had cloud apps deployed in 2015
cloud adoption is rising fast
Bitglass Cloud Adoption Report
![Page 3: HIPAA Requirements for Complete Cloud Security](https://reader035.vdocuments.net/reader035/viewer/2022062900/58d1d2e61a28ab66108b47e3/html5/thumbnails/3.jpg)
STORYBOARDS
the traditional approach to
security is inadequate
![Page 4: HIPAA Requirements for Complete Cloud Security](https://reader035.vdocuments.net/reader035/viewer/2022062900/58d1d2e61a28ab66108b47e3/html5/thumbnails/4.jpg)
STORYBOARDS
native security features can’t be relied upon:the data blind spot
components
usage/consumption
data
application
services
servers & storage
network
layer
data
application
infrastructure
owner
enterprise
![Page 5: HIPAA Requirements for Complete Cloud Security](https://reader035.vdocuments.net/reader035/viewer/2022062900/58d1d2e61a28ab66108b47e3/html5/thumbnails/5.jpg)
STORYBOARDS
security must evolve to
protect data outside the
firewall
cloud:attack on SaaS
vendor risks sensitive data
access:uncontrolled access from any device
network:data breach - exfiltration & Shadow IT
mobile:lost device with sensitive data
5
![Page 6: HIPAA Requirements for Complete Cloud Security](https://reader035.vdocuments.net/reader035/viewer/2022062900/58d1d2e61a28ab66108b47e3/html5/thumbnails/6.jpg)
STORYBOARDS
HIPAA technical safeguards for cloud
■ access control
○ granular context-based controls over access to both managed and unmanaged devices
○ secure identity/authentication
■ transmission security
○ end-to-end encryption
■ audit and visibility
■ data integrity
![Page 7: HIPAA Requirements for Complete Cloud Security](https://reader035.vdocuments.net/reader035/viewer/2022062900/58d1d2e61a28ab66108b47e3/html5/thumbnails/7.jpg)
STORYBOARDS
access controlsthe new data reality requires a new security architecture
■ cross-device, cross-platform agentless data protection
■ granular DLP for data at rest and in motion
■ contextual access control
![Page 8: HIPAA Requirements for Complete Cloud Security](https://reader035.vdocuments.net/reader035/viewer/2022062900/58d1d2e61a28ab66108b47e3/html5/thumbnails/8.jpg)
STORYBOARDS
controlling access from unmanaged mobile devices
■ secure mobile devices without invasive profiles or certificates; support multiple affiliations
■ protect data in “unwrappable” native apps like mail, contacts, calendar
■ selectively wipe corporate data
■ enforce device security policies
■ full data control and visibility for IT
![Page 9: HIPAA Requirements for Complete Cloud Security](https://reader035.vdocuments.net/reader035/viewer/2022062900/58d1d2e61a28ab66108b47e3/html5/thumbnails/9.jpg)
STORYBOARDS
identitycentralized identity management is key to securing data
■ cloud app identity management should maintain the best practices of on-prem identity
■ SSO enables cross-app visibility into suspicious access activity
■ contextual multi-factor authentication mitigates risk
![Page 10: HIPAA Requirements for Complete Cloud Security](https://reader035.vdocuments.net/reader035/viewer/2022062900/58d1d2e61a28ab66108b47e3/html5/thumbnails/10.jpg)
STORYBOARDS
transmission securityend-to-end protection
■ cloud data doesn’t exist only “in the cloud”
■ a complete solution must provide visibility and control over data in the cloud
■ solution must also protect data on end-user devices
■ leverage contextual access controls
![Page 11: HIPAA Requirements for Complete Cloud Security](https://reader035.vdocuments.net/reader035/viewer/2022062900/58d1d2e61a28ab66108b47e3/html5/thumbnails/11.jpg)
STORYBOARDS
audit and visibility
■ detailed logging for compliance and audit.
■ identify PHI data at rest and external sharing
■ easily modify sharing permissions and quarantine files for review
■ detect and be alerted instantly of suspicious behavior
![Page 12: HIPAA Requirements for Complete Cloud Security](https://reader035.vdocuments.net/reader035/viewer/2022062900/58d1d2e61a28ab66108b47e3/html5/thumbnails/12.jpg)
STORYBOARDS
data integrity
■ secure the data in the cloud - where you
have versioning and control over
permissions
■ apply granular DLP to sensitive data with
spectrum of actions from watermarking to
encryption.
![Page 13: HIPAA Requirements for Complete Cloud Security](https://reader035.vdocuments.net/reader035/viewer/2022062900/58d1d2e61a28ab66108b47e3/html5/thumbnails/13.jpg)
STORYBOARDS
CASB: a better approach to cloud security
identity
discovery
data-centric security
mobile
![Page 14: HIPAA Requirements for Complete Cloud Security](https://reader035.vdocuments.net/reader035/viewer/2022062900/58d1d2e61a28ab66108b47e3/html5/thumbnails/14.jpg)
STORYBOARDS
secure office 365
+ byod
challenge
■ Inadequate native O365 security■ Controlled access from managed & unmanaged
devices■ Limit external sharing
■ Interoperable with existing infrastructure, e.g. Bluecoat, ADFS
solution
■ Real-time inline DLP on any device (Citadel)■ Contextual access control on managed &
unmanaged devices (Omni)■ API control in the cloud■ Discover data breach & Shadow IT
fortune 50 healthcare provider
![Page 15: HIPAA Requirements for Complete Cloud Security](https://reader035.vdocuments.net/reader035/viewer/2022062900/58d1d2e61a28ab66108b47e3/html5/thumbnails/15.jpg)
STORYBOARDS
HIPAA compliant
mobility
challenge:
■ Existing solution, AT&T Toggle, was obsolete■ HIPAA-compliant BYOD■ Migration path to Office 365
solution:
■ Agentless deployment ■ Usability, transparency & privacy
■ DLP of PII, PCI & PHI
■ Selective wipe; device PIN & encryption
■ Improved mobility for care providers
majorUS hospital system
![Page 16: HIPAA Requirements for Complete Cloud Security](https://reader035.vdocuments.net/reader035/viewer/2022062900/58d1d2e61a28ab66108b47e3/html5/thumbnails/16.jpg)
STORYBOARDS
our mission
total data
protectionest. jan 2013
100+ customers
tier 1 VCs
![Page 17: HIPAA Requirements for Complete Cloud Security](https://reader035.vdocuments.net/reader035/viewer/2022062900/58d1d2e61a28ab66108b47e3/html5/thumbnails/17.jpg)
resources:more info about cloud security
■Report: 2016 healthcare breaches
■Whitepaper: The Definitive Guide to CASBs
![Page 18: HIPAA Requirements for Complete Cloud Security](https://reader035.vdocuments.net/reader035/viewer/2022062900/58d1d2e61a28ab66108b47e3/html5/thumbnails/18.jpg)
STORYBOARDS
bitglass.com@bitglass