Welcome!

.NET Authors: Yung Chou, Adine Deford, Jim Kaskade, Matt Hester, Elizabeth White

Related Topics: Security, SOA & WOA, .NET, Open Source, Cloud Expo, GovIT

Security: Blog Feed Post

Healthcare as a Service – Implementing a Cloud Solution

New cloud security technologies enables regulated companies a simpler path to compliance in the cloud

Cloud security and cloud compliance are one of the hottest topics in cloud computing. During the course of 2012 we’ve seen many companies, specifically software vendors providing healthcare solutions, migrating or implementing their software in the cloud. While cloud computing brings many advantages to such ISVs’ (pay per use, scalability, and automation to name a few), specific regulations, such as HIPAA in the healthcare space, forces such players to pay attention to specific cloud issues around regulatory compliance.

Cloud Encryption – not as simple as it seems
The HIPAA regulation specifically requires Protected Health Information (PHI) data to be encrypted while in motion and while at rest. Any decent security engineer will tell you that implementing cloud encryption can be easily achieved using the same tools used on-premise. Right? Wrong (or to be more exact, partially wrong):  Creating an encryption scheme is indeed an easy task to achieve, but that’s the easy part. Doing so without trusting a third party (your cloud provider or the encryption provider) is the tricky part. While implementing encryption as part of an overall software enrollment strategy, one should consider the following: Is the key management server installed on premise or in cloud? On premise is the secure option yet limits many of the cloud benefits, while a key management cloud deployment is attractive from a total-system stand point, but until recently required you to trust a third party with your encryption keys.

Cloud Security done right
New cloud security technologies enables regulated companies a simpler path to compliance in the cloud, while still implementing a 100% in-cloud solution. One example for such technology comes from Porticor cloud security. Porticor is delivering cloud encryption 100% in-cloud, while assuring to the end user that the encryption keys will be visible only to him (not to the cloud provider, nor to Porticor as the security service provider). This is achieved using a number of unique technologies, such as split-key management and homomorphic key encryption. (Click here for the white paper which contains additional in-depth information).

Summary
New and emerging cloud security technologies enable software vendors to migrate their software offering to the cloud while still comply with regulation requirements. Specifically for cloud encryption, technologies such as split-key management and homomorphic key encryption eliminate the need for a complicated and expensive on-premise solution.

(Ariel Dan is co-founder at Porticor Cloud Security).

Oh, and just in case: This white paper is not intended to constitute legal advice…

The post Healthcare as a Service – Implementing a Cloud Solution while Maintaining Compliance Requirements appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.