The Health IT community has embraced an accelerated progression to cloud-based services and capabilities. Health facilities, Medical Device Equipment (MDE), and other major applications are collectively evolving in this direction. Legacy technology is gradually migrating into hybrid cloud solutions and further into full cloud Platform as a Service (PaaS) environments. Undoubtedly, future technology will be increasingly developed against cloud native requirements. With this progression comes a necessary question: ”What do we do next” when addressing critical cyber activities like Continuous Monitoring (CM) and persistent Risk Management (RM) “as a Service”?
Currently, Cloud Service Providers’ (CSP) delivery of Security as a Service addresses aspects of this equation, but few do so holistically, addressing a subset of relevant security controls. Moreover, many lack connections to authoritative threat intelligence resources to keep pace with active, dynamic threat variables and mitigate impact effectively and efficiently. And, Even fewer can present an integrated Enterprise risk picture, which could lead to conflicting leadership risk management responses to both cloud-based and traditional on-premises cyber concerns.
In response, established CM/RM capabilities, such as Commercial and Federal Security Operations Centers (SOCs) and Cyber Security Service Providers (CSSPs), are working to recalibrate their services to better sync with CSP Infrastructure (IaaS), PaaS, and Software (SaaS) variables. Representative examples include how SOCs and CSSPs adapt their cyber analytics approach to cloud-centric scanning: threat intelligence, hunting and analysis; data authentication, and endpoint management.
Industry leaders and cybersecurity professionals need to find ways of identifying and resolving CM and RM response gaps such as those noted above. Specifically, the cyber-intelligence industry can and should work with CM/RM resources like SOCs and CSSPs to find ways to design and employ agent-based algorithms that are tailored to alert/protect given technologies and CSP variants. When done well, each algorithm can produce a greater understanding of specific risks, threats, and requisite cloud-based protections and vulnerability remediations. Industry leaders should further seek to address the “difficult math” needed to incorporate AI/ML solutions to address distinct identity and privilege assurance challenges. And the Health IT community should seek ways to leverage approaches, such as containerization, to target-specific SOC/CSSP micro-services based on what each CSP and cloud-based technology requires.
Migration to the “cloud” represents the future for many within the Health IT community. As such, cyber professionals on each side of the CSP-SOC/CSSP support dynamic should work collectively to identify legacy gaps and future state solutions such as those noted above as early as possible.