Governance & Risk Management , HIPAA/HITECH , IT Risk Management
Migrating to the Cloud: Top Security Lessons
CISO Thien La of Wellmark Blue Cross Blue Shield Shares InsightsAs health insurer Wellmark Blue Cross Blue Shield migrates its systems, data and applications to the cloud, the top security lesson learned so far is the importance of involving compliance auditors in the process as early as possible, says CISO Thien La.
"Their function is to be an independent validator of what you're doing - especially transformational changes such as moving to the cloud," La says in an interview with Information Security Media Group.
"Having them included in the planning, as well as giving them the ability to invite a third party [to conduct an audit] or doing a review on their own to ensure we have all the compliance checkmarks checked as well as [ensuring] our plan doesn't deviate from the industry in terms of other companies that have moved to the cloud is enormously helpful."
La was a featured speaker at ISMG's Healthcare Security Summit in New York on June 25.
In the interview (see audio link below photo), La also discusses:
- The security pros and cons of migrating critical systems, data and applications to the cloud;
- His suggestions to other healthcare sector entities considering a migration to the cloud;
- Other important lessons learned so far during Wellmark's transition to the cloud.
La joined Wellmark in 2016 as vice president and CISO. He's responsible for integrating security with the business, strategically managing information risks and continuing to work toward a culture of shared cyber risk accountability across the enterprise. Previously, La was business information security officer for global banking and markets at Bank of America, global head of application risk management and business continuity at SunGard Data Systems and vice president of risk at Goldman Sachs.