IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

HITRUST partners with AWS and Microsoft to clarify shared responsibility in cloud security

HITRUST’s shared responsibility model addresses security and privacy challenges in the cloud

Cloud with various IT components inside

The Health Information Trust Alliance (HITRUST) has announced the release of its new Shared Responsibility Matrix program to help cloud vendors better communicate their security and privacy assurances.

Developed in collaboration with Amazon Web Services (AWS) and Microsoft Azure, HITRUST’s Shared Responsibility Matrices clearly define security and privacy responsibilities between cloud service providers and their customers, streamlining processes for risk management programs.

Furthermore, the HITRUST Shared Responsibility Matrix for AWS and the HITRUST Shared Responsibility for Microsoft Azure align perfectly with each cloud service provider’s unique solution offering.

“Leading cloud service providers have long supported shared responsibility models, whereby the provider assumes some security responsibility for hosting applications and systems, while the organization deploying its solutions in the cloud assumes partial or shared responsibility for others,” said HITRUST. 

“The challenge, however, is that many shared responsibility models are loosely defined and vary based on the solution. For businesses deploying solutions in the cloud, this ambiguity creates an added layer of complexity related to achieving broader risk management objectives.”

HITRUST’s new shared responsibility model for cloud security is a part of HITRUST’s Shared Responsibility and Inheritance Program, which was introduced in 2018 to address the many misunderstandings, risks, and complexities organizations face when engaging with their cloud service providers.

“HITRUST launched this Program with the goal of providing greater clarity regarding the ownership and operation of security controls between organizations and their cloud service providers,” said Becky Swain, director of standards and shared responsibility program lead, HITRUST.

Swain continued, “The introduction of the Shared Responsibility Matrix is another HITRUST resource that underscores our ongoing commitment to simplifying and enhancing offerings to address our customers' most pressing risk management challenges.”

Lastly, HITRUST announced its information risk management platform MyCSF can now inherit controls from AWS and Microsoft Azure. According to the company, the ability to automatically inherit controls helps save time, money, and resources as organizations pursue their risk management and compliance objectives.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Accelerate your business with hybrid cloud
Whitepaper

Accelerate your business with hybrid cloud

25 May 2022
Mastering endpoint security implementation
Security

Mastering endpoint security implementation

18 May 2022
The Total Economic Impact™ of Apple Mac in Enterprise: M1 update
Whitepaper

The Total Economic Impact™ of Apple Mac in Enterprise: M1 update

12 May 2022
Understanding the economics of in-cloud data protection
Whitepaper

Understanding the economics of in-cloud data protection

12 May 2022

Most Popular

Open source packages with millions of installs hacked to harvest AWS credentials
hacking

Open source packages with millions of installs hacked to harvest AWS credentials

24 May 2022
Europe's first autonomous petrol station opens in Lisbon
automation

Europe's first autonomous petrol station opens in Lisbon

23 May 2022
Nvidia pauses hiring to help cope with inflation
Careers & training

Nvidia pauses hiring to help cope with inflation

23 May 2022