In order to take advantage of the financial and productivity benefits of lower-cost labor centers allowing companies to operate 24/7, many industries in the United States began offshoring their IT and application management services to other countries.
The healthcare industry didn’t join the IT offshoring game immediately – with strict security and privacy regulations for protected health information (PHI), many healthcare providers had long viewed offshore outsourcing as too risky. Those risks are real: Attacks continue to grow in size, complexity, and frequency at an alarming rate. According to Juniper Research, the rapid digitization of consumers’ lives and enterprise records will quadruple the cost of data breaches to $2 trillion by 2019.
However, those risks are now coming under tremendous pressure amidst mandates to reduce costs and deliver new types of technology services, support new kinds of users, and deliver even better healthcare services. Cloud-facing applications and Electronic Health Records (EHR) systems are becoming the new normal as healthcare organizations support new use cases.
The demand for managing growing applications portfolios amidst an IT skills shortage in the U.S. is now forcing healthcare organizations to explore whether they can outsource application management services (AMS) to offshore providers while still keeping their PHI, intellectual property, and personally identifiable information secure.
As healthcare organizations investigate working with AMS partners overseas, there are five key considerations that must be defined:
- The IT systems and nature of access needed to provide offshore services
- The specific staff members – for both the healthcare organization and AMS partner – who will have access to the data
- Governance and administrative processes (e.g. provisioning access)
- Mechanisms for reviewing the AMS partner’s security measures periodically
- Incident response plans
AMS providers understand there is a tremendous market opportunity, and are bending over backwards to implement physical, administrative, and technology controls to protect clients’ sensitive data. They are creating clean rooms inside offshore operations centers with video surveillance and access monitoring and intrusion detection systems, not even allowing workers to bring bags and smartphones inside.
While this gives the appearance of safety, it also requires a great deal of time and expense to create these clean rooms. Desktop computers can’t have USB port capabilities so workers could download data onto external drives. Printers are generally excluded. Email systems don’t support attachments, and instant messaging systems only permit text communication between the clean room and clients. Phones oftentimes have voice mail disabled because of the potential for clients accidentally leaving messages containing sensitive data. The idea is that the AMS partner’s networks are completely isolated from the clients’ networks.
There are two problems with this approach. First, when you relinquish control to a third party – especially one overseas – you lose the ability to have complete control over your data and applications. Once that data leaves U.S. borders, you cannot truly validate or control the security of that data. Second, these strict information security controls makes collaboration with geographically dispersed teams far more difficult. There must be a balance between security and collaboration, particularly as it relates to application development.
With US Cyber Vault, you can strike that balance and keep complete control over your most important intellectual property within U.S. borders. US Cyber Vault’s secured environments not only protect you from external threats, they also act as clean rooms for isolated testing and secure disaster recovery.
US Cyber Vault is an on-demand fortified extension of your own network – giving you complete control over your most valuable assets. You can quickly spin up a clean room for your own secure application development needs while keeping your new code safe from malware, corporate espionage, and hackers.
Visit our website today to learn how we set up a safe place for you to create web applications that can grow your business while having the peace of mind that your data is secure from cyberattacks.
Written by Rob LaMear, CEO, US Cyber Vault
Once a month we share where we will be speaking in the world as well as expert opinions on cyber security, data loss prevention, and information security that we like from the larger community. Receive our next issue by signing up here.