HITRUST partners with AWS and Microsoft to clarify shared responsibility in cloud security

HITRUST’s shared responsibility model addresses security and privacy challenges in the cloud

Cloud with various IT components inside

The Health Information Trust Alliance (HITRUST) has announced the release of its new Shared Responsibility Matrix program to help cloud vendors better communicate their security and privacy assurances.

Developed in collaboration with Amazon Web Services (AWS) and Microsoft Azure, HITRUST’s Shared Responsibility Matrices clearly define security and privacy responsibilities between cloud service providers and their customers, streamlining processes for risk management programs.

Furthermore, the HITRUST Shared Responsibility Matrix for AWS and the HITRUST Shared Responsibility for Microsoft Azure align perfectly with each cloud service provider’s unique solution offering.

“Leading cloud service providers have long supported shared responsibility models, whereby the provider assumes some security responsibility for hosting applications and systems, while the organization deploying its solutions in the cloud assumes partial or shared responsibility for others,” said HITRUST. 

“The challenge, however, is that many shared responsibility models are loosely defined and vary based on the solution. For businesses deploying solutions in the cloud, this ambiguity creates an added layer of complexity related to achieving broader risk management objectives.”

HITRUST’s new shared responsibility model for cloud security is a part of HITRUST’s Shared Responsibility and Inheritance Program, which was introduced in 2018 to address the many misunderstandings, risks, and complexities organizations face when engaging with their cloud service providers.

“HITRUST launched this Program with the goal of providing greater clarity regarding the ownership and operation of security controls between organizations and their cloud service providers,” said Becky Swain, director of standards and shared responsibility program lead, HITRUST.

Swain continued, “The introduction of the Shared Responsibility Matrix is another HITRUST resource that underscores our ongoing commitment to simplifying and enhancing offerings to address our customers' most pressing risk management challenges.”

Lastly, HITRUST announced its information risk management platform MyCSF can now inherit controls from AWS and Microsoft Azure. According to the company, the ability to automatically inherit controls helps save time, money, and resources as organizations pursue their risk management and compliance objectives.

Featured Resources

Choosing a collaboration platform

Eight questions every IT leader should ask

Download now

Performance benchmark: PostgreSQL/ MongoDB

Helping developers choose a database

Download now

Customer service vs. customer experience

Three-step guide to modern customer experience

Download now

Taking a proactive approach to cyber security

A complete guide to penetration testing

Download now

Recommended

A guide to cyber security certification and training
Careers & training

A guide to cyber security certification and training

22 Apr 2021
What is hacktivism?
hacking

What is hacktivism?

22 Apr 2021
Geico data breach leads to stolen driver’s license numbers
data breaches

Geico data breach leads to stolen driver’s license numbers

21 Apr 2021
UK’s IoT security regulation will also include smartphones
Internet of Things (IoT)

UK’s IoT security regulation will also include smartphones

21 Apr 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
REvil threatens to release Apple’s hardware schematics
ransomware

REvil threatens to release Apple’s hardware schematics

21 Apr 2021