How to Stretch Resources to Secure Health Data

You may grow weary of health data breaches splashing news headlines, but it’s not going away. In fact, it’s on the rise with the number of compromised patient records climbing each quarter for the first 9 months of 2018. But countering the threat does not come cheap. While the cost of preventing a data breach is relatively insignificant compared to the cost of remediating an incident, the increasing complexity of the health IT ecosystem is requiring greater financial and operational investments.

Consequently, healthcare provider organizations are increasingly adopting cloud platforms to lower costs and gain IT and operational efficiencies. According to Black Book Research, 93 percent of hospital CIOs are actively acquiring new staff to configure, manage and support a HIPAA-compliant cloud infrastructure. But to effectively protect sensitive data housed in cloud-based applications, healthcare organizations must securely govern all digital identities that have access to this information. And now, governing access rights can be done from the cloud.

A cloud-based identity governance platform enables organizations to secure cloud applications and data files by only allowing those identities that require access to their jobs to have access.  This is achieved through:

  • provisioning and de-provisioning user access as roles and responsibilities change;
  • automating access reviews to certify that user access is appropriate;
  • monitoring access behavior to identify suspicious outlier activity;
  • and proving compliance to internal and external auditors with detailed system generated reports.

Depending on how cloud identity is deployed, the solution may be customized to meet unique use case requirements while reducing capital expenditure costs. Other potential benefits include best-practice identity framework, fast time-to-value and deployment, and minimal-to-zero maintenance.

Govern Cloud to Cloud and Cloud to Ground

Cloud-based identity is not limited to governing only cloud applications. Wherever digital identities go, access policies must apply. Thus, a comprehensive cloud-based identity governance solution must govern access to both cloud and on-prem applications. Additionally, the ability to enforce access must apply to data stored in files. This enables the 360 degrees of visibility and control necessary for a truly secure environment.

Beware of ‘One-Size Fits All’

There are many flavors of the ‘cloud’. While there are common use cases for identity governance in healthcare, each provider organization typically has additional, unique requirements that would dictate the most appropriate type of cloud deployment. For instance, some organizations have minimal customization and lack the expertise and resources to manage a comprehensive identity solution. In this case, they may find a true SaaS identity platform perfectly suitable for their needs. Others may prefer a hosted solution via public cloud or managed services to address the sophisticated use cases that they require. And then there are healthcare providers that may find the hybrid approach to be most appropriate. The point is, one size rarely fits all. While the cloud provides universal benefits, how healthcare organizations leverage the cloud impacts the desired results. Thus, it’s important to beware of platforms that are inflexible.

To learn more about how to and why deploy a flexible, comprehensive cloud-based identity governance program, stop by SailPoint’s booth in the Cybersecurity Pavilion during the HIMSS 19 annual conference in Orlando, Fla. between Feb. 11-14. Or book a private visit.