HITRUST partners with AWS and Microsoft to clarify shared responsibility in cloud security

HITRUST’s shared responsibility model addresses security and privacy challenges in the cloud

Cloud with various IT components inside

The Health Information Trust Alliance (HITRUST) has announced the release of its new Shared Responsibility Matrix program to help cloud vendors better communicate their security and privacy assurances.

Developed in collaboration with Amazon Web Services (AWS) and Microsoft Azure, HITRUST’s Shared Responsibility Matrices clearly define security and privacy responsibilities between cloud service providers and their customers, streamlining processes for risk management programs.

Furthermore, the HITRUST Shared Responsibility Matrix for AWS and the HITRUST Shared Responsibility for Microsoft Azure align perfectly with each cloud service provider’s unique solution offering.

“Leading cloud service providers have long supported shared responsibility models, whereby the provider assumes some security responsibility for hosting applications and systems, while the organization deploying its solutions in the cloud assumes partial or shared responsibility for others,” said HITRUST. 

“The challenge, however, is that many shared responsibility models are loosely defined and vary based on the solution. For businesses deploying solutions in the cloud, this ambiguity creates an added layer of complexity related to achieving broader risk management objectives.”

HITRUST’s new shared responsibility model for cloud security is a part of HITRUST’s Shared Responsibility and Inheritance Program, which was introduced in 2018 to address the many misunderstandings, risks, and complexities organizations face when engaging with their cloud service providers.

“HITRUST launched this Program with the goal of providing greater clarity regarding the ownership and operation of security controls between organizations and their cloud service providers,” said Becky Swain, director of standards and shared responsibility program lead, HITRUST.

Swain continued, “The introduction of the Shared Responsibility Matrix is another HITRUST resource that underscores our ongoing commitment to simplifying and enhancing offerings to address our customers' most pressing risk management challenges.”

Lastly, HITRUST announced its information risk management platform MyCSF can now inherit controls from AWS and Microsoft Azure. According to the company, the ability to automatically inherit controls helps save time, money, and resources as organizations pursue their risk management and compliance objectives.

Featured Resources

Become a digital service provider

How to transform your business from network core to edge

Download now

Optimal business results with the cloud

Evaluating the best approaches to hybrid cloud adoption

Download now

Virtualisation that enables choices, not compromises

Harness the virtualisation technology that's right for your hybrid infrastructure

Download now

Email security threat report 2020

Four key trends from spear fishing to credentials theft

Download now

Recommended

How LogPoint uses MITRE ATT&CK
Whitepaper

How LogPoint uses MITRE ATT&CK

15 Jan 2021
How LogPoint uses MITRE ATT&CK
Whitepaper

How LogPoint uses MITRE ATT&CK

15 Jan 2021
How LogPoint uses MITRE ATT&CK
Whitepaper

How LogPoint uses MITRE ATT&CK

15 Jan 2021
Microsoft unveils its new retail-focused cloud service
Cloud

Microsoft unveils its new retail-focused cloud service

14 Jan 2021

Most Popular

How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

12 Jan 2021
150,000 arrest records accidentally deleted from police database
data management

150,000 arrest records accidentally deleted from police database

15 Jan 2021