It is still one of the most common beliefs amongst IT users that cloud services are, by their very nature, fundamentally insecure. So small pieces of evidence that indicate the opposite are always worth making a note of.
Take, for example, the case of Virtustream, which specialises in enterprise-class cloud software and services provision. The company has just announced that its Infrastructure as a Service (IaaS) is now fully compliant with HIPPAA, meeting the federal standards for privacy, security and breach notification in the handling and storing of healthcare records in the USA.
Meeting the stringent requirements of HIPAA-compliance means that Virtustream is now able to use its cloud services to help organisations worldwide host and protect critical assets and information in the cloud.
“Security of our client’s data and environments is Virtustream’s top priority”
“Security of our client’s data and environments is Virtustream’s top priority,” said Pete Nicoletti, chief information security officer, Virtustream. “A number of our clients are hosting or intend to host employee or customer healthcare data in the cloud, and the security of highly sensitive information like patient records cannot be vulnerable. Healthcare enterprises and other clients with HR and medical records can confidently select our services knowing that we have the proper controls in place to safeguard their information.”
Virtustream’s HIPAA compliance, formalised through a third-party audit, further exemplifies the company’s rigorous focus on privacy, security and compliance. The certification also validates that Virtustream can ensure the confidentiality, integrity and availability of critical assets and information to its customers.
The audit is available under NDA in its entirety, as Virtustream offers all third-party audit details to its clients.
The company has also established the Virtustream `HIPAA RACI Responsibility Program’ to empower its customers to better understand, define and agree to co-managed responsibilities and accountability to ensure that all controls are in place and comply with the law.
Gaining HIPPAA compliance gives the company a wide range of compliance capabilities covering data security and integrity. These now include HIPPAA, PCI, FISMA, ISO 27000, SSAE, and SOX standards.
The company claims it is the only company to meet the security, compliance, performance and efficiency requirements needed to migrate and manage the most complex mission-critical applications across hybrid, private or public cloud environments.
