As health insurer Wellmark Blue Cross Blue Shield migrates its systems, data and applications to the cloud, the top security lesson learned so far is the importance of involving compliance auditors in the process as early as possible, says CISO Thien La.
"Their function is to be an independent validator of what you're doing - especially transformational changes such as moving to the cloud," La says in an interview with Information Security Media Group.
"Having them included in the planning, as well as giving them the ability to invite a third party [to conduct an audit] or doing a review on their own to ensure we have all the compliance checkmarks checked as well as [ensuring] our plan doesn't deviate from the industry in terms of other companies that have moved to the cloud is enormously helpful."
La will be a featured speaker at ISMG's Healthcare Security Summit in New York on June 25. La will join more than a dozen other CISOs and security experts who will address cloud security and a host of other top security challenges.
In the interview (see audio link below photo), La also discusses:
The security pros and cons of migrating critical systems, data and applications to the cloud; His suggestions to other healthcare sector entities considering a migration to the cloud; Other important lessons learned so far during Wellmark's transition to the cloud.La joined Wellmark in 2016 as vice president and CISO. He's responsible for integrating security with the business, strategically managing information risks and continuing to work toward a culture of shared cyber risk accountability across the enterprise. Previously, La was business information security officer for global banking and markets at Bank of America, global head of application risk management and business continuity at SunGard Data Systems and vice president of risk at Goldman Sachs.