Healthcare News & Insights

Does your organization trust cloud providers too much?

Many healthcare providers are turning to cloud computing vendors for data storage, EHR software and other IT systems. And a new survey shows many organizations are trusting providers to protect information without verifying their security practices. 

cloud_computing (1)When healthcare organizations put their data in the cloud, it’s important to make sure it’s kept secure. After all, odds are good the data being held contains sensitive medical and financial information.

However, a lot of organizations are falling behind when it comes to vetting cloud security, according a recent study from the Ponemon Institute.

The good news: Cloud computing providers are getting better at protecting data — or at least, organizations are starting to trust providers more. Among the 4,200 business and IT managers surveyed, 57% of respondents said cloud providers were capable of keeping information secure, up from 41% last year.

The result: More than half of companies (53%) are putting sensitive data in the hands of cloud providers, and another 31% will do so in the next year or two.

Despite that, many organizations have no idea what — if any — steps their cloud providers are taking to protect data. Just 35% of companies in the US said they’re aware of their vendors’ security practices. That’s up just slightly from 32% last year.

Other responsibilities

It’s important to look into a provider’s security practices before signing a cloud contract.

And beyond that, organizations must be aware of their own responsibilities when it comes to protecting information in the cloud. Those might include:

  • Controlling access to cloud applications — i.e., making sure access is granted to only users who need it, enforcing strong passwords policies, etc.
  • Negotiating agreements with cloud providers that contain security requirements and penalties if they’re not met
  • Making sure services are configured in the most secure ways
  • Providing security awareness training for users
  • Monitoring traffic for suspicious activity — for example, data being downloaded by an employee who shouldn’t need it
  • Formulating incident response plans for security breaches, system downtime and other issues, and
  • Making sure sure no business units move anything to the cloud before the full security evaluation has been completed.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.