Fantastic news from Microsoft this week - Azure has achieved HITRUST CSF certification status. HITRUST is designed to roll-up various healthcare-specific privacy/data protection requirements into one framework. It is a superset of HIPAA/HITECH in that it also folds in bits and pieces from various other frameworks, like ISO.It really matters that many Azure components are now certified under HITRUST. While it is common for businesses to be wary of the cloud for data protection/privacy purposes, healthcare is notoriously risk-averse in this regard. Recently, I was in a meeting with a client where the lack of HITRUST oversight in cloud services was cited as a primary reason why they will not and cannot adopt them. That no longer needs to be the case.
It's also worth remembering that Azure is already ISO 27017 and 27018 certified, which are the ISO accreditations covering InfoSec in the cloud and PII in the cloud, respectively. 27017 is a cloud-oriented extension of the control set in ISO 27002, which is itself the control set most commonly used for ISO 27001 accreditation (the most widely adopted InfoSec accreditation in the world).
The point is that workloads running in the cloud are almost always more secure and more resilient than those in on-prem service offerings, and this has never been more true than it is today. However, in my experience, businesses often do not realize the high water mark that CSPs like Microsoft must meet, to earn and maintain these data protection/privacy accreditations. If you’d like to learn more about how to leverage the cloud to strengthen your security, without compromising your compliance and regulatory requirements, give us a shout.