Grounded in the Cloud
cancel
Showing results for 
Search instead for 
Did you mean: 

Industry Interview Series: Omar Sanchez, CISO at Docutek Services

SimonLeech

This is the fourth in a series of videos and blogs speaking with both HPE and external subject matter experts on various aspects of hybrid cloud security. Today we speak with Omar Sanchez, CISO at Docutek Services, about some of the challenges that organizations in the healthcare industry need to consider when migrating to the cloud. Other videos in the series can be found by searching for the tag cloudsecinterviews.

In addition to the general security issues that organizations face when moving their business operations to the cloud, there are also many industry specific challenges that need to be addressed. One example of this is the healthcare industry – the ePHI, or electronic protected health information, that healthcare providers are responsible for protecting, and mandatory US legislation in the form of HIPAA (Health Insurance Portability and Accountability act) means that organizations have to think twice about the most suitable approach to cloud. For this video I was able to spend some time with Omar Sanchez, CISO at Docutek Services, to talk about some of the cloud security challenges that he has seen in the healthcare industry.

Omar spoke about the difficulty that healthcare providers have in keeping up to date with suppliers – especially around patch management and frequent software updates – and the role of the CSP and public cloud. In many cases, healthcare providers simply can’t use a public cloud due to restrictions in HIPAA around how ePHI can be stored, and may have to resort to keeping all data in a private cloud instance.

Omar also spoke about how compliance is not the same as security. In his experience, too many people are speaking about security from the compliance perspective, rather than focusing on securing their environments as part of an ongoing process, and putting the correct policies and procedures in place to make sure security is repeatable and efficient.

We ended our talk with Omar giving some tips for healthcare providers in the cloud – get compliant with the appropriate laws and regulations, put processes into place for implementing software securely, and keep learning, keep sharing. To watch the full video, please click on the link below.

 

 

To learn more about hybrid cloud security, download the whitepaper from 451 Research Group. You can also learn more about the HPE approach to Hybrid Cloud Security. To find out more about the HPE approach to HIPAA compliance, click here or here. Other videos in the series can be found by searching for the tag cloudsecinterviews.

  • HPE Cloud
0 Kudos
About the Author

SimonLeech

Simon Leech is a Certified Information Systems Security Professional with a specialisation in Security Architecture (CISSP-ISSAP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified in Cloud Security Knowledge (CCSK) and Chief Technologist Security within the Hewlett Packard Enterprise EMEA Hybrid IT Team. Within Hewlett Packard Enterprise, Mr Leech is responsible for influencing and evangelising the security strategy of the Hybrid IT team. Simon is active on Twitter as @DigitalHeMan

Events
28-30 November
Madrid, Spain
Discover 2017 Madrid
Join us for Hewlett Packard Enterprise Discover 2017 Madrid, taking place 28-30 November at the Feria de Madrid Convention Center
Read more
See posts for dates
Online
HPE Webinars - 2017
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all