DEV Community

Cover image for How healthcare organizations can take an agile approach towards cloud security controls?

How healthcare organizations can take an agile approach towards cloud security controls?

ayema08 on November 06, 2022

"Cloud transformation initiatives are complex endeavors with a high failure rate. A risk based approach to cloud transformation focusing on cyberse...
Collapse
 
gastonrodriguez profile image
Gaston Rodriguez

Cloud computing and virtualization are fast, interactive and flexible so that the development process runs smoothly right up to production. Cloud computing and virtualization make it easy for Agile development teams to seamlessly combine multiple development, test and production environments with other cloud services.

Collapse
 
belovedgeorgie profile image
George Kaduru

I absolutely agree with you @gastonrodriguez Cloud computing and virtualization have truly transformed the development process by delivering quick, interactive, and adaptable solutions. They provide a strong ecosystem for when Agile development teams have to delivered results under resource constraints. Their quick, interactive, and adaptable nature, combined with the seamless integration of cloud services, simplifies the management of numerous environments and provides a smooth development process all the way through to production when the agile cloud access controls best practices laid out above are used.

George Kaduru
linkedin.com/in/george-kaduru/

Collapse
 
ayema08 profile image
ayema08

Great point @gastonrodriguez! Cloud computing and cloud environments come with their unique challenges with regards to developing agile controls. A key thought while implementing agile cybersecurity controls is to understand specifically is owned by the cloud provider so that controls can be developed, tested, and moved to production.

Collapse
 
neydamaste profile image
neyda

In software development, agile methodology is an approach usually used for the efficient management of project. Through iterative and incremental work cadences, known as sprints, the agile methodology helps teams to respond to the unpredictability of building software.

Collapse
 
ayema08 profile image
ayema08

Thanks @neyda for the comment! How have you used agile development for cloud cybersecurity solutions in the healthcare context?

Collapse
 
mahendkr72 profile image
Mahender Kumar

According to Gartner, human error will account for 99% of all cloud security failures by 2025. When developing business apps, human error is an ever-present risk. On the other hand, deploying assets on the public cloud comes with significant risk.
gartner.com/smarterwithgartner/is-...

Mahender Kumar
[https://scholar.google.co.in/citations?user=4syrB4UAAAAJ&hl=en]

Collapse
 
belovedgeorgie profile image
George Kaduru

What an interesting take @mahendkr72 , however, I believe 99% might be too much of a stretch at this time when we factor in the further development of cyber related artificial intelligence in 2025. Yes, human error is indeed a big factor in protecting healthcare patient data and privacy and some studies have mentioned is upto at least 80% of cloud security breaches, but implementing agile cloud security practices into Cloud identity and access authorization security measures like encryption, MFA verifications, and privileged access management has proven to reduce cloud risk failures in organizations in my experience.

Collapse
 
sofiiasov profile image
SofiiaSov

Taking an agile approach towards cloud security controls in healthcare organizations is a crucial step. If you're interested in learning more about strategies and practices for healthcare enterprise risk management, you can find valuable insights in this article by Cleveroad. It can provide guidance on implementing effective security measures in the healthcare sector.

Collapse
 
mahendkr72 profile image
Mahender Kumar

The incorporation of agile methodologies for health care improves the dynamic health care environment and improves processes to help achieve project milestones. It also simplifies the human effort required for patient care. Dividing major projects into sprints allows healthcare professionals to maximize their tasks.

Mahender Kumar
[https://scholar.google.co.in/citations?user=4syrB4UAAAAJ&hl=en]

Collapse
 
belovedgeorgie profile image
George Kaduru • Edited

@mahendkr72 While the agile cloud control practice would allow the creation of sprints and getting more tasks done with deliverables, there are some scenarios where it should be applied strategically (and not indiscriminately) to the cloud security projects for healthcare organisations in question. The waterfall methodology may in certain scenarios do better where adherence to regulations and bureaucracy are prioritised before the next phase of the project can be tackled, however with the rapid pace of changes in healthcare in the last year and upcoming years anticipated agile cloud access controls approach will be higher caliber methodology of securing cloud environments based on my prior experience implementing the approach in the health regulatory space. It would also work better for a given set of requirements and documentation with a straightforward execution plan in mind, which is also recommended from a security standpoint.

Collapse
 
voobahor profile image
Victor Obahor

The article's focus on cloud security controls and the adoption of an agile approach is a game-changer in the field of cybersecurity. Cloud technologies are increasingly prevalent in healthcare, and traditional waterfall approaches simply can't keep up with the dynamic nature of cloud environments. Agile methodologies enable healthcare organizations to address security vulnerabilities promptly and adjust their controls in response to evolving threats.

upwork.com/freelancers/~018f64a10d...

Collapse
 
belovedgeorgie profile image
George Kaduru

What a great approach! I recently worked on a security project last year in the healthcare industry and my team implemented the security protocols and infrastructure following the agile access controls approach mentioned in this article. We realized immediate benefits of this new innovative approach. The overall security budget for the project was around $100,000 and we were able to reach our target at 50% of the budget thus saving costs and securing health data from potential breaches and attacks

Collapse
 
mahendkr72 profile image
Mahender Kumar • Edited

Yes I completely agree with cybersecurity must not be an afterthought process. In any organization, the challenges a DevOps teams is facing is that Agile methodologies can deploy small scale tasks in less time, while security expert usually takes longer time. Finding a balance between the two to is area where cyber expert is looking for.

Mahender Kumar
[https://scholar.google.co.in/citations?user=4syrB4UAAAAJ&hl=en]

Collapse
 
voobahor profile image
Victor Obahor

While I agree that agile methodologies offer advantages, we shouldn't dismiss waterfall approaches entirely. In certain contexts, such as highly regulated environments, a more structured and sequential approach can ensure compliance and accountability. It's essential to strike a balance between agility and robustness to maximize security outcomes.

upwork.com/freelancers/~018f64a10d...

Collapse
 
mahendkr72 profile image
Mahender Kumar

Agile has demonstrated excellent outcomes. The following are some of the advantages of using agile:

  • Faster Project development life cycle.
  • Predictable schedule
  • Customer/patient-focused work resulting in better outcomes,
  • Empowered team

Mahender Kumar
[https://scholar.google.co.in/citations?user=4syrB4UAAAAJ&hl=en]

Collapse
 
mahendkr72 profile image
Mahender Kumar

Risk cannot be eliminated, but it can be managed. Anticipating risks ahead of time gives opportunity to deal with them. Some cloud security risk include misconfiguration, data breach, human error, and unmanaged attack surfaces.

Mahender Kumar
[https://scholar.google.co.in/citations?user=4syrB4UAAAAJ&hl=en]

Collapse
 
belovedgeorgie profile image
George Kaduru • Edited

I completely agree with you @mahendkr72 Risk is a constant in any endeavor, and would either need to be transferred, accepted or controlled. With cloud security, a risk like misconfiguration can cause data exposure but by applying practices in the above-mentioned agile cloud control access method, an organization can accurately control the risk of it occurring. The Human Factor is another risk that can be transferred to proper training schemes and departments that will reinforce staff on the dangers that lurk outside the organization using the agile cloud controls implementation methodology. My small IT agency has seen direct benefits of taking the approach mentioned above including generation of revenue of up to $60,000 in 2022. I know several other independent industry practitioners who have received similar nature of benefits (and in some cases better than the results I have received).

Collapse
 
mahendkr72 profile image
Mahender Kumar

According to Brain and company report
bain.com/insights/how-agile-is-pow...

Healthcare organisations are under increasing pressure to innovate in terms of product innovation, services, and consumer experience. Despite the fact that nearly 80% of medical institutions believe they need to be more Agile, only 30% are familiar with Agile innovation. Seventy-five percent of business leaders believe their Agile teams perform as well as or better than traditional teams.

Mahender Kumar
[https://scholar.google.co.in/citations?user=4syrB4UAAAAJ&hl=en]

Collapse
 
mahendkr72 profile image
Mahender Kumar

A complete cloud security strategy addresses all three aspects: risks, threats, and challenges, so no bugs exist within the foundation. In order to deploy application securely on the cloud, organization leverages a solid strategy must alleviate risk (security controls), defend against threats (secure coding and deployment), and overcome challenges (implement cultural and technical solutions).

Mahender Kumar
[https://scholar.google.co.in/citations?user=4syrB4UAAAAJ&hl=en]

Collapse
 
mahendkr72 profile image
Mahender Kumar

In agile methodologies, one of the approaches to the test the automation is the agile automation testing. Its objective is to make the software development process more effective and efficient while maintaining the quality and time as well as resource consumption. However, the implementation of such a process requires a lot of coordination and collaboration between teams.

Collapse
 
mahendkr72 profile image
Mahender Kumar

Cyberthreat intelligence needs to be applied to automate the risk assessment process. Many tools in market are available. One of the innovative solutions is the EvolveAST tool. It enables cybersecurity team to automate the integration of application security testing into the software development pipeline.
threatintelligence.com/evolve-ast-...

Mahender Kumar
[https://scholar.google.co.in/citations?user=4syrB4UAAAAJ&hl=en]

Collapse
 
mahendkr72 profile image
Mahender Kumar

Adopting agile methodology to any organization may suffers with many challenges. One of the challenges is to deal with human-relation perceptions. Human-related perceptions about the change process have been the major transition challenges. People find it very easy to retain their old methods and processes except in the case when they are vividly presented with solid “whys” they need to embrace the transition to Agile.
sciencedirect.com/science/article/...

Mahender Kumar
[https://scholar.google.co.in/citations?user=4syrB4UAAAAJ&hl=en]

Collapse
 
mabubakarkaleem profile image
Abubakar Kaleem

I appreciate the article's emphasis on agile cybersecurity controls development. By incorporating security into the agile sprint cycle, healthcare organizations can achieve significant cost savings. Investing in a dedicated cybersecurity controls workstream upfront pays off by minimizing the risk of control issues, reducing audit costs, and streamlining remediation efforts. It's a strategic approach that ensures long-term cybersecurity maturity.

Collapse
 
mabubakarkaleem profile image
Abubakar Kaleem

As a cybersecurity practitioner in the healthcare industry, I have experienced the challenges of delivering robust cybersecurity using the traditional waterfall approach. The project I worked on had over 10,000 users, generated $5 million in revenue, and cost $1 million to implement. It was extremely difficult to keep up with evolving security requirements and deliver on time. The agile methodology could have provided us with more flexibility and adaptability, resulting in improved cybersecurity controls.

Collapse
 
mahendkr72 profile image
Mahender Kumar

The data related to patient is very critical as it is a matter of life and death while playing with it. It could be by shifting the cloud using agile methodologies. Cloud services with insecure APIs threaten the confidentiality and integrity of information and risk the exposure of your data and systems.

Mahender Kumar
[https://scholar.google.co.in/citations?user=4syrB4UAAAAJ&hl=en]

Collapse
 
mahendkr72 profile image
Mahender Kumar

Automating the risk assessment in cybersecurity can be solved the timeliness issue and make balance flow between what an agile method delivered, and cybersecurity team is working on.

Mahender Kumar
[https://scholar.google.co.in/citations?user=4syrB4UAAAAJ&hl=en]