Serverless in Healthcare
The healthcare industry has a complex relationship with serverless. On the one hand, the industry is always cautious about new technologies and is especially sensitive to issues of patient and data privacy. On the other hand, the rapid proliferation of medical and health technologies that consumers can interact with is quickly driving healthcare and medical technology providers into the public cloud, and specifically to serverless architectures.
For many healthcare and medical technology use cases, serverless is an excellent architecture choice, for several reasons:
- Healthcare and medical applications often require large scale and high-availability. Serverless makes building and operating large scale highly-available application much easier and less costly.
- Compliance and data privacy protection are often critical to healthcare technology solutions. Moving to a serverless architecture can help application developers create more robust designs that can ensure that data is handled properly and stored only in the allowed geographic regions.
Serverless Security in Healthcare
The move to serverless creates new challenges and opportunities for healthcare and medical solution deployed in the cloud. The need for HIPAA compliant serverless solutions, for example, mandates that medical technology providers need to address several security needs, including:
- Medical applications deployed on a public serverless cloud often have stringent compliance requirements, such as HIPAA and GDPR. Meeting these Serverless security compliance regulations, and enabling proper certification and auditing calls for clear security controls across the entire lifecycle of the application, from development to production.
- Healthcare cloud services can comprise hundreds of serverless functions, each handling some specific transaction of users’ medical data. For each function, it is imperative that a healthcare serverless security solution ensure execution at least privilege. This is crucial to minimizing the risk of data leakage and privacy violations.
- Serverless security compliance necessitates protecting the application not only from known attacks but also unknown, so called “zero-day” attacks. Because serverless functions used in medical technology solutions are usually small and single-purpose, a serverless security solution should employ self-learning behavioral defense to detect and block undesirable behaviors that stem from cyber attacks.
Protego for Serverless Healthcare
Protego’s cloud-native application security solution is built ground-up to take advantage of the security opportunities serverless affords, and to reimagine the way AppSec is done at the speed of serverless. For healthcare and medical technology serverless cloud applications, there are several features of the solution that help make these applications far more secure than their serverful counterparts.
- Protego enables deployment of customized policies across the account that enables assurance of compliance to HIPAA and GDPR. The policies are applied during development, inside the CI/CD pipeline, during staging and testing, and in production in the cloud.
- Protego Proact automates the process of applying least-privilege to all serverless function in the healthcare application while still empowering application developers to move at the speed of serverless.
- Protego Defend provides a behavioral defense solution that seamlessly and automatically protects serverless functions, with nearly no overhead in function performance. This automatically protects functions from known and unknown attacks.