Glass Class - Security and compliance, stat!


Glass Class - Security and compliance, stat! 

Video Transcript

Hi everyone, and thanks for joining today's Glass Class, where we're going to be talking about cloud access security broker use cases in healthcare. Now, as we get started here, let's talk about the key goals that a healthcare organization has as they start thinking about security for data moving beyond their firewall. Number one is mobility. Healthcare organizations have a highly mobile workforce, and in order to support the demands of that workforce, they need to ensure that mobility is appropriately covered.

Second piece is protecting that critical information that every healthcare organization deals with, which is PHI - obviously, regulated by HIPAA. But more importantly, a lot of these organizations want to protect their reputation and prohibit things like PHI from leaking outside of the organization.

What are the main use cases we're seeing in healthcare with these goals in mind? Number one is the move to Office 365. Healthcare organizations across the United States and across the world are moving to Office 365 very rapidly, adopting this application more commonly than any other app out there in the public cloud domain. And then the second key use case is secure BYOD. Obviously if we're going to have a highly mobile workforce, a lot of these folks are not actually employees of these organizations. Securing PHI data as it moves down to unmanaged mobile devices is absolutely critical.

So we look over here at some of the key capabilities, data protection capabilities, that a cloud access security broker can bring to bear in these use cases. You'll see that most healthcare organizations are adopting pretty much all of them. Obviously identity is a key foundation for pretty much any cloud security strategy in any industry. Getting visibility (through user behavior analytics, logging, and more) into what people are doing across these cloud apps is important not only for security purposes, but, in healthcare, also for HIPAA compliance purposes - where audits and the like are very commonplace.

Third piece is access control. When that user comes in from a managed device versus an unmanaged device, there's a different level of access most organizations want to provide for that unmanaged device. Maybe they want to build more restrictions around it.

Fourth piece is threats and malware. And this is where an increasing number of bad actors are targeting cloud applications and trying to use them as a delivery vehicle for proliferation of malware across organizations like a healthcare organization. So getting a handle on that and containing it is absolutely critical in terms of maintaining cloud security.

Fifth piece is mobile data protection. As I said before, mobility is kind of a key goal that an organization like this has to enable. Secure BYOD is critical, and a lot of this cloud data coming out of an app like Office 365 is syncing or downloading to users' mobile devices, and we need to protect that. And then the last piece, and this is really a key piece in healthcare, is data leakage prevention, where we're identifying PHI and protecting it across these use cases.

So there you have it. Those are the key elements of a CASB and the key use cases we're seeing within healthcare. Thanks for joining today's Glass Class.