Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: The health of cloud security

Koh Eng Kheng | March 28, 2012
Healthcare organisations cannot afford to ignore the economic benefits of storing operational and clinical data in the cloud.

In recent years, one of the biggest stumbling blocks among healthcare IT decision-makers, as they consider how best to transition operational and clinical applications and data out of the healthcare IT data centre and into the cloud, has been the issue of security.

The perceived lack of security has led many healthcare IT organisations to have an unjustified fear of cloud adoption as a data storage option.  The healthcare industry has always been held to a higher standard when it comes to regulatory compliance and data retention which prevents them from taking a "risk" in the cloud. Healthcare organisations may also face limited options with the lack of cloud providers willing to sign business associate agreements (BAA) as mandated by HIPAA. The result is that healthcare IT organisations lose out on all of the operational benefits that can come with storing data in the cloud.

Healthcare organisations cannot afford to ignore the economic benefits of storing operational and clinical data in the cloud, benefits that are the result of cloud storage providers leveraging multi-tenant architectures, and thus sharing infrastructure costs across many users. This helps lower costs substantially versus on-site solutions, which require additional provisioning, power, cooling costs and more.

Low-cost tier

Cloud storage also offers a low-cost tier of storage that enables several new compliance, disaster recovery and data backup solutions.

More readily available than offline vaulted data, cloud-based storage delivers these key use cases to help solve today's data management problems including,

  • Tiering data retention to cloud storage,
  • Archiving stale data to free up existing space within the data centre,
  • Cost-effective disaster recovery for small and medium healthcare organisations without large upfront and operational investment
  • Content indexing data before moving to the cloud to meet compliance requirements and minimise search/retrieval times during e-discovery operations, and
  • Remote office backup directly to cloud-based storage.

There are many aspects to securing data in the cloud and healthcare IT decision-makers are naturally worried about spam, hackers and phishing attacks when moving application and e-mail servers into the cloud. Those who are considering the cloud to store data for disaster recovery or long-term archiving/retention of operational and clinical data or PACS images are concerned with others gaining access or visibility into vital clinical data. There is also physical security and the spectre of some nameless individual strolling into a cloud service provider's data centre and walking away with a jump drive full of patient data.

To help put things in perspective, think about the data as you would in your own data centre. You have anti-virus and filtering software tools that monitor and prevent e-mail attacks, as well as encryption and data storage technologies to meet your needs for compliance, recovery and retention. Healthcare vendors offering cloud-based services know that the support of BAA is mandatory for your organisation. It is also a safe bet that cloud service providers have guards protecting their physical sites.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.