What Healthcare Organizations Need To Know About Cloud Drift

Deep Dive Background and integrations with Sonrai Security

Cloud computing has modernized the way healthcare and life science organizations build, operate, and manage infrastructure and applications. Cloud computing has helped healthcare cloud professionals to quickly spin up or spin down a resource to fulfill the increased demand of new healthcare application workloads. However, when working in a cloud environment, monitoring the security state of multiple workloads while meeting the growing number of Health Insurance Portability and Accountability Act (HIPAA) compliance requirements can be challenging.  Many hospitals, clinics, nursing homes, and other healthcare providers have turned to Cloud Security Posture Management (CSPM) to help in their public cloud environments. 

Cloud Security Posture Management is Important, but what is it?

CSPM is a relatively new term in the world of security capabilities. In the last few years, CSPM has become popular as more organizations have adopted a cloud-first methodology. CSPM allows an organization to monitor public cloud security risks and fix some security issues automatically.  In simple terms, it governs the cloud environment and alerts the team about issues and possible risks.

As the cloud environment grows, it is always important to track and protect sensitive data against misconfigurations, but as your public cloud increases so does the complexity to manage the identities and data within that organization. Organizations can use CSPM to consolidate any possible misconfigurations and create end-to-end visibility for information relay. With CSPM, healthcare oganization can comply with frameworks such as HIPAA, SOC2, PHI, HiTrust, and CIS.

CSPM can detect issues like lack of encryption, improper encryption key management, extra account permissions, and others, like configuration drift.

Cloud Configuration Drift Happens

For any healthcare organization, using applications and cloud services happens every day. As with all technology, new features need to be added and existing functions updated. Whenever any type of change or configuration occurs, gaps can develop and accumulate over time, resulting in configuration drift. Without effective configuration drift detection, the impact to the business can be great, whether from configuration drift in microservices, DevOps, or cloud security.

Your healthcare organizations infrastructure, when implemented, is mapped out so that a DevOps or Cloud team knows every aspect of the infrastructure. When changes are made, whether for strategic purposes, like enhancing patient experience, or for tactical reasons, like adding or consolidating databases, the team members may not be aware of those changes. As a result, this new infrastructure varies from the original security baseline, and the team no longer has full visibility into the complete cloud environment because of these undetected and unknown changes.

Configuration drift can have a number of impacts on identities, roles, systems, databases, access, and more throughout an organization. As drift increases, so does the need for efficient resource allocation, support from operations, streamlined collaboration and coordination across multiple teams, and governance. The lack of visibility only compounds these issues over time. 

Mistake Can Happen

Anytime a system drifts from its original state, crucial changes can go undetected by key operations groups, whether DevOps, CloudOps, or other infrastructure management teams. But what does that really mean for IT leaders, users, patients, and the healthcare organization as a whole?

As changes continue to go undetected and unmanaged, the number of adjustments grow within the public cloud over time. If Security lacks insight into how the system has continued to evolve this can lead to a number of issues that impact operational efficiency, security, access, and a variety of other critical functions.

Below are a few basic examples of how configuration drift can occur on a daily basis within a healthcare organization.

Common Drift Mistake: Resource Changes

A user adds a AWS EC2 instance, which impacts the organization’s cloud compliance posture. The change violates your organization’s own internal security baselines as well as HIPAA regulatory benchmarks. Ideally, you need a tool that will identify the EC2 instance as noncompliant, and remediate the issue.

Common Drift Mistake: Employee Mistake

It’s Friday and resources are spun up in a special project. Your employee doesn’t need the resource for long so they negligently unprotected the AWS S3 bucket.. Without protection, information stored in open Amazon S3 buckets can be browsed by scripts and other tools. Since the information in the bucket may be sensitive, this poses a critical security risk.

Common Drift Mistake: Non-Human Mistake

One of your developers uses the Lambda console to configure function settings and add triggers to another service that the Lambda console integrates with like DynamoDB. In order to set-up a serverless service developers must define which components are to be used (i.e. Lambda code, API, DNS, database, static web pages, etc) and define the permission policies regarding how these components interact with one other. However, the developers want to go fast, and make a mistake defining the Resource-based and Execution role policies – resulting in an “allow all actions for everybody”. This is an easy shortcut to get serverless components to communicate with each other, but it has created a clear security violation .

Managing Cloud Configuration Drift

While the idea of configuration drift can seem overwhelming, the good news is that configuration drift can be managed effectively. Any steps taken by a business to monitor system changes will help reduce some of the headaches that drift can cause. 

In addition to addressing issues that arise as a result of configuration drift, management can impact other areas of the business as well. Effective drift management can ensure your infrastructure stays compliant, whether from a security or regulatory standpoint, and enables proper management of your cloud resources, especially across a multi-cloud environment. Drift management also ensures that the resources in place are being used appropriately and efficiently, giving teams greater capacity to collaborate and coordinate, whether in person or remotely, resulting in a better experience for both internal clients and external stakeholders.

Whether leadership’s biggest concern is compliance and risk, or the effect on patient experience, having a solution in place to address configuration drift once it is detected will reduce its overall impact on your company.

To learn more about CSPM for healthcare and how you can effectively manage cloud drift and configuration drift, join our upcoming webinar. In this webinar, presented by Dan Woods, technology analyst and founder of Early Adopter Research, and Eric Kedrosky, Director of Cloud Security Research and CISO of Sonrai Security, we’ll share how healthcare organizations are securing their modern cloud application workloads while maintaining control over their compliance and cloud posture.

The post What Healthcare Organizations Need To Know About Cloud Drift appeared first on Sonrai Security.


*** This is a Security Bloggers Network syndicated blog from Blog - Sonrai Security authored by Eric Kedrosky. Read the original post at: https://sonraisecurity.com/blog/what-healthcare-organizations-need-to-know-about-cloud-drift/