Security: The Cloud's Ace in the Hole, Not Its Achilles Heel And in...
healthcaretechoutlook

Security: The Cloud's Ace in the Hole, Not Its Achilles Heel And in Healthcare, the Cloud is Not Only Secure-It Costs Less

By Adam Stern, President & CEO, Infinitely Virtual

Adam Stern, President & CEO, Infinitely Virtual

In the cloud’s infancy, cloud hosting providers touted scalability, initial cost savings and speed. But the prospect of enhanced security in the cloud—indeed, that the better cloud deployments now mean that data is safer in the cloud than on a typical unsecured desktop—has altered the conversation. So let’s put this canard finally to rest: “the cloud poses security risks.”

Your data really is more secure in the cloud than parked on equipment under someone’s desk. Any cloud provider worth its salt brings to the task a phalanx of time-tested tools, procedures and technologies that ensure continuous uptime, regular backups, data redundancy, data encryption, anti-virus/ anti-malware deployment, multiple firewalls, intrusion prevention and round-the-clock monitoring. And that’s just for openers.

"In cybersecurity terms, everyone is vulnerable; there’s no such thing as a completely secure environment, but there are procedures that can make user organizations more secure over time"

Consider the healthcare industry, where, in IT terms, Anxiety #1 is security. The imperative is to ensure data integrity, maintain the sanctity of PII and respect the dictates of HIPAA: all place an extraordinary premium on security policies and procedures. In the cloud computing era, however, money doesn’t necessarily buy data security—or job security.

Larger hospitals and hospital groups aren’t lacking for resources. Most have invested heavily in IT infrastructures —but those sunk costs don’t typically make them more secure. For many, aging equipment, hosting legacy software, is the rule, not the exception. Hospitals tend to be highly insular, with IT fiefdoms protecting turf and, truth to tell, feeling increasingly threatened by the cloud. The cloud enables healthcare providers to reduce outlays for capital expenditures (no need to buy and depreciate hardware, rinse and repeat) and human capital alike (no need not to reduce IT headcount).

It’s understandable that healthcare CIOs and IT executives slap a big question mark on cloud security. They’re defending their jobs. But security turns out to be the cloud’s ace in the hole.

Data breaches at on-premises healthcare facilities are endemic. In May, the ransomware worm WannaCry fueled a massive attack that paralyzed some 300,000 computers in 150 countries, disabling systems at public hospitals throughout the U.K. along with those connected to Telefonica, the Spanish telecom provider, among other victims. WannaCry wreaked havoc— but, tellingly, not at the big public cloud providers like Microsoft Azure, Amazon’s AWS, IBM and Rackspace. And not at smartly managed midsize public cloud providers, either.

In this turn of events is a counter intuitive lesson about what was indeed a major hack. The experience of public cloud providers should put to rest the notion that the cloud isn’t safe. WannaCry makes a compelling argument that the cloud is in fact the safest place to be in a cyber hurricane. Internal IT departments, fixated on their own in-house mixology, were affected big-time, raising the very legitimate question of why hospitals and healthcare providers with roll-your-own solutions devote precious resources— including, with WannaCry, Bitcoins—to those departments in the belief that the cloud is a snake pit.

Moving cloud computing into the “safe” column doesn’t end the discussion, of course. Vigilance isn’t only a mindset—it’s an active verb. Security is a function of both awareness and work—a process, not an event. In cybersecurity terms, everyone is vulnerable; there’s no such thing as a completely secure environment, but there are procedures that can make user organizations more secure over time.

Achieving some measure of security requires a specific attitude that healthcare organizations need to understand and then internalize. It doesn’t matter if a department is engaged in “routine” tasks—every organization is more and less secure over time, since the nature of data breaches and cyber attacks constantly evolves. The process of security means adjusting and learning accordingly. A casual approach ensures that an organization will become less secure.

Security isn’t like filling out a job application; it’s not a matter of checking boxes and moving on. The dynamic extends to asking questions—lots of them. Where are threats coming from? Is the hospital looking at its environment in a holistic manner? Conducting a quarterly analysis of what’s secure, what’s not, what could be more secure, and then implementing a framework for how to deal with it?

Piecemeal approaches to security never work. Patching a hole or fixing a bug, and moving on—that’s hardly the stuff of which effective security policies are made. Because security is a moving target, scattershot repairs ignore the hundreds or even thousands of points of vulnerability that a policy of ongoing monitoring can help mitigate.

What might that policy include? Consider these guidelines, for openers (and just for openers):

• Do not write down passwords on paper.
• Do not store password in plain-text on computer or server.
• Do not share passwords with anyone inside or outside the company.
• Do not leave computer unattended while logged in.
• Do not save RDP credentials.
• Avoid logging on to server from un-trusted computers.
• Make sure anti-virus programs are up-to date and run regular scans.
• Make sure operating system and programs are updated on regular schedule.
• Do not give users admin rights, use built-in super-user account for system administration.

The cloud is a gift, not to IT, but to assertive, non-technical hospital administration outside the glass house. The cloud enables hospitals to modernize and increase efficiencies. Having fewer IT personnel may empower the healthcare organization to provide staff and services more directly applicable to patient care.

The cloud’s only job is delivering secure infrastructure 100 percent of the time—something immune from shrinking IT budgets.

Weekly Brief

Read Also

Transitioning Toward Value-Based Home Care

Transitioning Toward Value-Based Home Care

Robert Pritts, President, Home Care & Post Acute Services, SSM Health
Tools and Capabilities Required for Value-Based Care

Tools and Capabilities Required for Value-Based Care

Mark Weisman, Chief Medical Information Officer, Peninsula Regional Medical Center
Healthcare Information Security is an Imperative Segment for a CXO

Healthcare Information Security is an Imperative Segment for a CXO

Jackie Mattingly, Director of HIPAA Security, Owensboro Health
The Case for VR and Addiction Treatment

The Case for VR and Addiction Treatment

Derek Price, Chief Executive Officer, Desert Hope Treatment Center
Dripping In Data; What Does 'Cloud Computing' Mean For Patients And Pharma Collaboration In The Era Of Citizen Science?

Dripping In Data; What Does 'Cloud Computing' Mean For Patients And...

Emma Sutcliffe, Head, Patient Engagement and Innovation, NexGen Healthcare
Using Technology to Identify and Address Chronic Patients' Emotional and Social Needs

Using Technology to Identify and Address Chronic Patients'...

Bharat Tewarie, MD founder of Boston BioPharma Consultants Jennings Xu, Director, Quid