Cloud Computing in Healthcare

Webinar Today: A Practitioner’s Guide to Cloud Security and Compliance Processes

Many organizations find it difficult to keep their cloud environments secure and compliant with data protection standards as cloud usage grows. While they had effective security processes for their on-premises infrastructure, they do not always translate to the cloud and fail to mitigate risks associated with decentralized cloud usage.

Ensuring security processes are in place that are effective at identifying cloud misconfigurations that could be exploited by threat actors to gain access to cloud data is essential, but if those processes are not implemented, security becomes an impossible task.

One of the problems is that while standalone configurations may be correct, they can combine with other configurations which can potentially allow unauthorized access to sensitive data. These complex violation chains can be difficult to identify and are a common cause of cloud security breaches. Creating security policies to address risks can cause problems, as security policies can easily have an impact on productivity.

The creation of effective security policies that do not negatively affect the organization is a challenge, but one that can be easily overcome by adopting the right strategies.

The Cloud Security Alliance is running a webinar on Tuesday July 7, 2020 to help organizations scale their cloud usage while also improving their security posture. The CSA will be highlighting proven strategies that also empower teams to take full advantage of the agility benefits of the cloud.

The webinar will cover some of the most common security vulnerabilities and threats that increase security and compliance risks, how it is possible to ensure governance while maintaining the flexibility required for developer productivity, explain key steps that can be taken to improve your security posture, and cover lessons that have been learned from scaling these processes to support a growing cloud environment

The Cloud Security Alliance will be joined by Kolby Allen, Senior Architect at Zipwhip, and Jason Needham, Senior Director of Cloud Security at VMware.

Webinar Details

A Practitioner’s Guide to Cloud Security and Compliance Processes

Tuesday July 7, 2020

10 am PT / 1 pm ET

Click here to register for the webinar

The post Webinar Today: A Practitioner’s Guide to Cloud Security and Compliance Processes appeared first on HIPAA Journal.

Windows CMS Hosting Specialist ServerSide Acquired by Liquid Web

The Lansing, MI-based managed hosting and managed application service provider, Liquid Web LLC, has announced it has acquired the leading Microsoft Windows CMS hosting provider ServerSide for an undisclosed sum.

In 2019, Liquid Web launched its managed private cloud powered by VMware and NetApp. The new offering provided small- and medium-sized businesses with the features and functions of a managed private cloud that are usually only available to enterprises.

The acquisition of ServerSide will expand Liquid Web’s SMB offerings further, adding proven experience in hosting leading Microsoft Content Management solutions to Liquid Web’s portfolio, accelerating the company’s move into the Progress Sitefinity, Kentico, and Sitecore hosting market. ServerSide joins Nexcess, iThemes, and InterWorx in the Liquid Web Group of companies, which together serve more than 45,000 customers in 150 countries, managing more than 1.5 million sites.

ServerSide founder and CEO, Steve Oren, has joined the Liquid Web team and is spearheading Liquid Web’s drive to migrate customers to the Liquid Web platform.

“The acquisition of ServerSide supports Liquid Web’s mission to power leading content management platforms. With ServerSide, we are excited about building upon the relationships ServerSide had with Sitefinity, Kentico, and Sitecore and their ecosystem partners”, said Liquid Web CEO, Joe Oesterling.

“We are excited about joining the Liquid Web team. We’ve successfully migrated our customers to Liquid Web’s platform, and we are working hand and hand to deploy our VMware architecture more broadly within Liquid Web”, said Oren. “We look forward to using Liquid Web’s scale to be a bigger player in the leading Windows CMS ecosystems.”

The post Windows CMS Hosting Specialist ServerSide Acquired by Liquid Web appeared first on HIPAA Journal.

CloudHealth by VMware Platform Added to Microsoft Azure Marketplace

VMware has announced it has deepened its collaboration with Microsoft and has now added the CloudHealth multi-cloud management platform to the Microsoft Azure Marketplace.

The CloudHealth platform helps organizations quantify, understand, optimize and automate cloud infrastructure and provides full visibility into an organization’s entire multi-cloud or hybrid cloud environment. The platform unites discreet data from essential cloud tools and services to give a holistic perspective of the cloud ecosystem. The increased visibility helps with organizational governance, shows cloud usage, provides recommendations for optimization to improve resource utilization and greatly reduce wastage, resulting in significant cost savings.

“Having CloudHealth on the Azure Marketplace both strengthens and deepens our collaboration with Microsoft,” said Tom Axbey, GM, Cloud Management at VMware. “Moreover, it enables us to deliver on the promise of helping customers innovate at cloud speed, which has always been core to our DNA and serves as the foundation for all new CloudHealth features and enhancements.”

The CloudHealth platform can be used by enterprises to improve governance and control of their cloud resources, regardless of their progress on their cloud journey. Whether organizations are just developing a cloud strategy or have an advanced Cloud Center of Excellence, the CloudHealth platform will help drive accountability, improve cross-organizational collaboration, and help reduce cloud bills.

The Azure Marketplace includes a range of software solutions that have been optimized and certified for use on Microsoft Azure and makes those solutions more accessible to cloud users. Azure customers will now have easy access to the CloudHealth platform and can use it to optimize their cloud resources and enable secure and efficient cloud operations across their multi-cloud and hybrid environments.

“Microsoft Azure Marketplace lets customers worldwide discover, try, and deploy software solutions that are certified and optimized to run on Azure. Azure Marketplace helps solutions like CloudHealth by VMware reach more customers and markets,” said Sajan Parihar, Senior Director, Microsoft Azure Platform at Microsoft Corp.

The post CloudHealth by VMware Platform Added to Microsoft Azure Marketplace appeared first on HIPAA Journal.

CloudHealth by VMware Platform Added to Microsoft Azure Marketplace

VMware has announced it has deepened its collaboration with Microsoft and has now added the CloudHealth multi-cloud management platform to the Microsoft Azure Marketplace.

The CloudHealth platform helps organizations quantify, understand, optimize and automate cloud infrastructure and provides full visibility into an organization’s entire multi-cloud or hybrid cloud environment. The platform unites discreet data from essential cloud tools and services to give a holistic perspective of the cloud ecosystem. The increased visibility helps with organizational governance, shows cloud usage, provides recommendations for optimization to improve resource utilization and greatly reduce wastage, resulting in significant cost savings.

“Having CloudHealth on the Azure Marketplace both strengthens and deepens our collaboration with Microsoft,” said Tom Axbey, GM, Cloud Management at VMware. “Moreover, it enables us to deliver on the promise of helping customers innovate at cloud speed, which has always been core to our DNA and serves as the foundation for all new CloudHealth features and enhancements.”

The CloudHealth platform can be used by enterprises to improve governance and control of their cloud resources, regardless of their progress on their cloud journey. Whether organizations are just developing a cloud strategy or have an advanced Cloud Center of Excellence, the CloudHealth platform will help drive accountability, improve cross-organizational collaboration, and help reduce cloud bills.

The Azure Marketplace includes a range of software solutions that have been optimized and certified for use on Microsoft Azure and makes those solutions more accessible to cloud users. Azure customers will now have easy access to the CloudHealth platform and can use it to optimize their cloud resources and enable secure and efficient cloud operations across their multi-cloud and hybrid environments.

“Microsoft Azure Marketplace lets customers worldwide discover, try, and deploy software solutions that are certified and optimized to run on Azure. Azure Marketplace helps solutions like CloudHealth by VMware reach more customers and markets,” said Sajan Parihar, Senior Director, Microsoft Azure Platform at Microsoft Corp.

The post CloudHealth by VMware Platform Added to Microsoft Azure Marketplace appeared first on HIPAA Journal.

Lack of Visibility and Poor Access Management are Major Contributors to Cloud Data Breaches

More companies are now completing their digital transformations and are taking advantage of the flexibility, scalability, and cost savings provided by public cloud environments, but securing public clouds can be a major challenge.

One of the main factors that has stopped companies from taking advantage of the public cloud has been security. Security teams often feel protecting an on-premise data center is much easier than protecting data in public clouds, although many are now being won over and understand that public clouds can be protected just as easily.

Public cloud providers now offer a range of security tools that can help companies secure their cloud environments. While these offerings can certainly make cloud security more straightforward, organizations must still ensure that their cloud services are configured correctly, identities and access rights are correctly managed, and they have full visibility into all of their cloud workloads.

Cloud security vendor Ermetic recently commissioned IDC to conduct a survey of CISOs to explore the challenges associated with cloud security and see how well organizations were faring at securing their public clouds. More than 300 CISOs and IT decision makers took part in the survey.

79% of respondents said they had experienced a cloud data breach in the past 18 months, and 43% of respondents said they had experienced 10 or more cloud data breaches during that time, strongly suggesting they are finding securing their public cloud environments something of a challenge.

When asked about the biggest security risks, 67% said they were concerned about security misconfigurations, 64% said a lack of visibility into access settings and activities was a key factor contributing to cloud data breaches, and 61% said access management and permission errors were a major breach risk.

The complexity of public cloud environments makes security challenging. The flexibility of the cloud means it is easy to quickly provision more resources on demand, but what often happens is cloud deployments become a maze of interconnected machines, users, applications, services, and containers. If organizations do not have complete visibility into their public cloud environments, it is difficult to ensure appropriate permissions are and the principle of least privilege is correctly applied.

Setting and managing access policies is a major challenge. Access policies need to be adjusted frequently, yet 80% of respondents said they could not effectively manage excessive data access for IaaS and PaaS. Excessive permissions are frequently abused by cybercriminals, who use them for a range of malicious activities such as data theft, data deletion, and delivering malware or ransomware.

“Some of the most high-profile cybersecurity incidents in recent years were the direct result of customers failing to properly configure their cloud environments, or granting excessive or inappropriate access permissions to cloud services, rather than a failure of the cloud provider in fulfilling its responsibilities,” explained Ermetic.

When asked about the main cloud security priorities, 78% of respondents said compliance monitoring, 75% said authorization and permission management, and 73% said security configuration management (73%). One of the biggest concerns was detection of excessive permissions, which was rated important or very important by 71% of respondents; however, only 20% of respondents said they were able to identify situations when employees had been given excessive permissions.

“An overworked security or IT admin may fail to identify and remove such permissions and create a significant vulnerability that may only be detected after the fact. Furthermore, early detection doesn’t necessarily guarantee prevention; more than 13% of respondents that detected excessive permissions reported that they were unable to mitigate the risks before data was exposed,” explained Ermetic in the report.

The survey confirmed that excessive permissions are a major problem in healthcare. 31.25% of healthcare organizations said they had identified a situation where employees had been given excessive permissions.

There have been many cases where security misconfigurations have lead to the exposure of sensitive data, with misconfigured Elasticsearch instances and AWS S3 buckets a common reason for data breaches, but it is also important to ensure that identities and permissions are properly managed.

Ensuring users, applications, and services can access only the cloud data and cloud resources that are necessary for their legitimate purposes was cited as the biggest cloud data protection challenge by respondents to the survey.

“Even though most of the companies surveyed are already using IAM, data loss prevention, data classification and privileged account management products, more than half claimed these were not adequate for protecting cloud environments,” said Ermetic CEO Shai Morag. “In fact, two thirds cited cloud native capabilities for authorization and permission management, and security configuration as either a high or an essential priority.”

The post Lack of Visibility and Poor Access Management are Major Contributors to Cloud Data Breaches appeared first on HIPAA Journal.