Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Hybrid Cloud Computing Security: Real Life Tales

Bob Violino | March 5, 2011
Mixed IT infrastructures, including cloud and non-cloud systems, will be the norm at many companies for many years. Learn about key cloud security concerns and solutions from three early cloud users.

What factors did the district consider when deciding what to put in the cloud and when? "Money, time available to technically implement [the services], and time needed for training of end users," McDade says.

Using a cloud service for e-mail security saves labor costs. "The time and money to run, maintain and back up those systems in-house cost a fortune compared to hosted solutions," McDade says. In the past, when major virus outbreaks came in through e-mail, "we would more or less have to drop everything we were doing to track it down on our internal servers," he says.

The process of finding and getting rid of e-mail problems internally took hours and was disruptive to operations, McDade says. With the cloud-based application, the vendor handles all the necessary filtering. He estimates that the district is saving at least $20,000 a year by using the cloud service.

The Rawlings Group, a provider of medical and pharmacy claims-recovery services, also has a mixed IT environment. While non-cloud systems handle highly sensitive data, the company uses several clouds, including an internal one in which some 600 systems form a grid that supports database access and data-mining applications.

The internal cloud houses healthcare-client data, says Kevin Landgrave, senior vice president of IT at Rawlings. The grid, which Rawlings launched about a year ago, has helped the company handle its growing data processing demands, he says.

"This is primarily a client comfort and approval issue for us," Landgrave says. "Our agreements with our clients are very specific about how and where we store their data, and the processes used to access the data. We'll need further guidance from the government--around what 'minimum necessary' means in terms of transmitting data for HIPAA business associates under HITECH, and how it might affect the transmission of electronic health records--before we're willing to ask clients for approval to store their data outside of our facility." When a HIPAA-covered entity discloses protected health information to a cloud provider, Landgrave says, it risks exposure to federal data security breach notification requirements under the HITECH Act. 

The company has also been using an external cloud service from a major vendor, which Rawlings did not want to identify, for about a year and a half. That service supports several applications, including processing for websites Rawlings runs for some of its non-healthcare clients. The vendor enables Rawlings to easily scale capacity up or down depending on its needs, Landgrave says.

When considering the external cloud, look at the volume of data, Landgrave says. "That drives most of the cost and processing-speed issues," he says. "Security obviously is always at the top of the list, but if in the future that is determined not to be an issue, the size of the data one of the primary factors," he says.


Previous Page  1  2  3  4  5  6  Next Page 

Sign up for CIO Asia eNewsletters.