Home » Readers Write » Currently Reading:

Readers Write: Don’t Cut Corners in Hybrid Cloud Protection

June 21, 2021 Readers Write No Comments

Don’t Cut Corners in Hybrid Cloud Protection
by Pascal Geenens

Pascal Geenens is director of threat intelligence with Radware of Mahwah, NJ.

image

In the past few months, several high-profile ransomware attacks on healthcare facilities in Las Vegas, Oregon, and New York have resulted in delayed or suspended surgeries and interruption of other patient care, not to mention the loss of millions of dollars to the facilities themselves.

Ransomware is but one of several attack strategies that malicious actors have employed against healthcare facilities. For example, the number of distributed denial-of-service (DDoS) attacks targeting hospitals has also increased since the beginning of 2021.

Healthcare and security teams face incredible challenges following the pandemic. Although keeping patient data available and secure is critical, it is increasingly difficult due to the array of attack vectors and cybersecurity knowledge required to mitigate them. In addition, several mergers of healthcare providers have introduced additional complexity in networks that can overwhelm security teams.

Remote access and online services, such as streaming doctor/patient consultations and online electronic medical records (EMR), have seen exponential growth. Healthcare organizations have had to manage and secure large volumes of patient data and provide 24×7 access to critical applications to ensure a quality user experience and the ability to protect lives. As a result, healthcare remains one of the highest at-risk industries from cybercriminals.

Much of the issue can be traced to the transition — accelerated by COVID-19 — to public clouds, network-connected devices, and the move towards online and application-based services, which mean more vulnerabilities and data breaches. When healthcare services and applications go down, healthcare providers suffer productivity and operational losses, negative customer experiences, and intellectual property losses.

Based upon the results of several industry surveys, don’t expect this race to the cloud to revert. Hybrid cloud configurations are here to stay. Because of the new reality, IT administrators and hackers now have identical access to publicly hosted workloads, using standard connection methods, protocols, and public APIs. As a result, the whole world becomes an insider threat. Workload security, therefore, is defined by the people who can access those workloads, and the permissions they have.

The question then becomes, should healthcare enterprises focus protection on-premises or the cloud? The answer is unequivocally both.

Part of the reason is because another aspect to consider when moving applications to the cloud is the connectivity and accessibility of those applications. When the internet connection from the hospital is suffering from a degraded or total loss of connectivity, all activities come to a grinding halt. Protecting connectivity only with on-premises equipment leaves organizations too vulnerable. On-premises detection and mitigation alone prevented 85% of DDoS cyberattacks, but the other 15% required cloud DDoS protection. Because of the latency introduced by cloud DDoS protection, enterprises sometimes rely only on on-premises protection.

This is a mistake, because even though only 15% of attacks required cloud protection, those attacks represented 92% of attack volume and 84% of the packets. In hybrid deployments, the cloud handles the volumetric attacks while on-premise will typically handle low-and-slow and low-volume DDoS attacks, as well as anomalies and intrusions.

While healthcare organizations face unprecedented challenges, cutting corners in cyber protection isn’t a viable option. Especially during a rapid and complex transition to the cloud, enterprises can’t afford to neglect either on-premises or cloud protections.



HIStalk Featured Sponsors

     







Founding Sponsors


 

Platinum Sponsors


 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Gold Sponsors


 

 

 

 

 

 

 

 

 

 

 

Reader Comments

  • Elizabeth H. H. Holmes: Last provider to produce their challenge coin gets to explain that COVID is real, and yes they should have been vaccinat...
  • IANAL: If the insurance company maintains the same standard of what is medically necessary, then won’t eliminating prior auth...
  • JustAnIntern: How dense do you have to be as an administrative group to send out a "commemorative coin" to staff, knowing there is sev...
  • Sheryl Zarozny: Don Great article and as a former IDX customer it was great to work with you....
  • Brian Too: I believe that Cerner at Intermountain Healthcare was considered a success, no? It is my impression and assumption that...

Sponsor Quick Links