Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Hybrid Cloud Computing Security: Real Life Tales

Bob Violino | March 5, 2011
Mixed IT infrastructures, including cloud and non-cloud systems, will be the norm at many companies for many years. Learn about key cloud security concerns and solutions from three early cloud users.

Schumacher began moving applications to the cloud in 2006, and Menefee estimates that 90 percent of the company's processes are in cloud-based services today.

Some are hosted services and others are software as a service (SaaS), Menefee says. "We have a hybrid approach where most of these solutions are integrated with each other via Web services or are integrated with on-premise solutions," he says.

To ensure cloud security, Schumacher worked with each of its vendors to review their security and audit procedures and ensure they were in compliance with HIPAA and the Health Information Technology for Economic and Clinical Health (HITECH) Act. "We include our business associates agreement as part of our standard contractual language with any vendor who potentially has access to patient data," he says.

A major driver for the company, which is based in Lafayette, La., to go to the cloud was the realization that its data centers were susceptible to damage by major hurricanes like Katrina and Rita, Menefee says. He says the cloud providers have multiple data centers across the country. "Review of data center footprint and geographic locations are part of our due-diligence process," Menefee says.

Other motivators include the ability to easily scale capacity up or down and the need to deliver applications to users faster.

Typically, when Schumacher is deciding whether an application should go in the cloud, "cloud wins because we can get it up and running faster than on-premise," Menefee says. "Additionally, the SLAs and quarterly updates from vendors keep us ahead of the curve on innovation, features and functions."

The Morris School District in Morristown, N.J., also applies business cases to its cloud decisions. The district is using a cloud service from AppRiver to manage its e-mail security, including spam and virus filtering. It's in the process of implementing another cloud service for its main student information system, which is used for tasks such as grading, taking attendance, scheduling, managing health records and coordinating buses.

The school district has opted to keep some portions of its IT infrastructure and applications, such as the budget, personnel and payroll systems, out of the cloud, says Tim McDade, the school district's director of technology. Part of what's holding him back is lack of staff, McDade says.

"We are in the process of launching our new cloud-based student-management system, and to do additional [critical] systems at the same time is too much to undertake at once," he says. "There is the training of many users involved, and the student information system is a major system, in reality the most important system we run."


Previous Page  1  2  3  4  5  6  Next Page 

Sign up for CIO Asia eNewsletters.