Shifting to Software-Defined
cancel
Showing results for 
Search instead for 
Did you mean: 

Industry Interview Series: Omar Sanchez, CISO at Docutek Services

SimonLeech

This is the fourth in a series of videos and blogs speaking with both HPE and external subject matter experts on various aspects of hybrid cloud security. Today we speak with Omar Sanchez, CISO at Docutek Services, about some of the challenges that organizations in the healthcare industry need to consider when migrating to the cloud. Other videos in the series can be found by searching for the tag cloudsecinterviews.

In addition to the general security issues that organizations face when moving their business operations to the cloud, there are also many industry specific challenges that need to be addressed. One example of this is the healthcare industry – the ePHI, or electronic protected health information, that healthcare providers are responsible for protecting, and mandatory US legislation in the form of HIPAA (Health Insurance Portability and Accountability act) means that organizations have to think twice about the most suitable approach to cloud. For this video I was able to spend some time with Omar Sanchez, CISO at Docutek Services, to talk about some of the cloud security challenges that he has seen in the healthcare industry.

Omar spoke about the difficulty that healthcare providers have in keeping up to date with suppliers – especially around patch management and frequent software updates – and the role of the CSP and public cloud. In many cases, healthcare providers simply can’t use a public cloud due to restrictions in HIPAA around how ePHI can be stored, and may have to resort to keeping all data in a private cloud instance.

Omar also spoke about how compliance is not the same as security. In his experience, too many people are speaking about security from the compliance perspective, rather than focusing on securing their environments as part of an ongoing process, and putting the correct policies and procedures in place to make sure security is repeatable and efficient.

We ended our talk with Omar giving some tips for healthcare providers in the cloud – get compliant with the appropriate laws and regulations, put processes into place for implementing software securely, and keep learning, keep sharing. To watch the full video, please click on the link below.

 

 

To learn more about hybrid cloud security, download the whitepaper from 451 Research Group. You can also learn more about the HPE approach to Hybrid Cloud Security. To find out more about the HPE approach to HIPAA compliance, click here or here. Other videos in the series can be found by searching for the tag cloudsecinterviews.

0 Kudos
About the Author

SimonLeech

Simon Leech is a Certified Information Systems Security Professional with a specialisation in Security Architecture (CISSP-ISSAP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified in Cloud Security Knowledge (CCSK) and working in the Worldwide Security Center of Excellence within HPE Pointnext Advisory and Professional Services. Simon is active on Twitter as @DigitalHeMan

Events
See posts for
dates/locations
HPE at 2018 Technology Events
Learn about the technology events where Hewlett Packard Enterprise will have a presence in 2018.
Read more
See posts for dates/locations
Reimagine 2018
Join us at one of the Reimagine 2018 stops and see how we Simplify Hybrid IT, innovate at the Intelligent Edge and bring it all together with HPE Poin...
Read more
View all