Schumacher is relying on cloud-based security tools from Symplified to protect its data in the cloud, including its identity management and single-sign-on (SSO) applications. Symplified provides a centralized service that handles identity and access management, enforces security policies on all the cloud applications Schumacher uses, and audits usage for compliance reporting.
"The SSO approach leads to higher application adoption and fewer passwords being stored on sticky notes," Menefee says. "It would be impossible for our employees to remember unique credentials for all of the systems that we have licensed."
Regulatory compliance is another key issue with the cloud, particularly for companies in industries such as healthcare and financial services.
Menefee says Schumacher Group asks for assurances of privacy and confidentiality with all services that store or could store patient health information. "We ask for various compliance certifications on an annual basis as part of our due diligence process," he says.
Rawlings is also sensitive about data privacy and security because its customers are in the healthcare industry, where regulations regarding data access and storage are particularly stringent. But it goes beyond regulations, he says; Rawlings is morally obligated to protect the integrity of the information.
"The data we have in-house has a very high privacy requirement, so we would have to be absolutely sure that the websites themselves and the pipe between us and the sites is secure" before being able to seriously consider using the cloud for healthcare data, Landgrave says.
Some organizations adopting cloud computing need to figure out how to knit together cloud and non-cloud environments seamlessly so that there's no negative impact on IT services to employees and customers.
Schumacher uses integration tools from several vendors to help meld cloud and non-cloud processes, Menefee says. "The key is to be able to have a couple of options to choose from and to ensure that the cloud providers as well as on-premise solutions have strong APIs and Web services available," he says.
The company uses integration products from Cast Iron and Boomi for workflow integrations between hosted and SaaS services. "The integration tools allow us to manage data at the field level with active directory security controls," Menefee says. Single sign-on enables the company to leverage two environments with different sets of users to ensure they're active. "SSO also brings value because users have a single user name [and] password," he says. "This prevents users from writing their authentication information on sticky notes and leaving them in desk drawers. We work closely with our end users on identity- and password-management best practices."
Rawlings has no need to integrate its cloud and non-cloud environments. "The processes are totally different, they have no need to interact," Landgrave says. "In the future, given the way we partition work, the way we would use the cloud is to expand processing," so data integration would still not be a concern.
Sign up for CIO Asia eNewsletters.