Contact Us

Cloud Security in the Healthcare Vertical

As we begin to study security, healthcare, and the cloud, we’re finding that cloud-based data storage systems are perhaps more secure than traditional on-premise systems.  Most in the healthcare space have yet to accept this situation, and perhaps won’t accept it until more deployments occur.

The data is beginning to appear.  According to Alert Logic’s Fall 2012State of the Cloud Security Report, the variations in the threat activity are not as important as where the infrastructure is located.  The report finds that anything that can be possibly accessed from outside, whether enterprise or cloud, has equal chances of being attacked because attacks are opportunistic in nature.

The report further finds that Web application-based attacks hit both service provider environments (53% of organizations) and on-premise environments (44% of organizations).  However, on-premise environment users or customers actually suffer more incidents than those of service provider environments.  On-premise environment users experience an average of 61.4 attacks while service provider environment customers averaged only 27.8.  On-premise environment users also suffered significantly more brute force attacks compared to their counterparts.

Clearly, there are myths out there that cloud computing is inherently less secure than traditional approaches.  Those myths are prominent in the world of Healthcare IT.  Consider the nature of the data, and the laws and regulations that typically surround that data.  The paranoia is due largely to the fact that, just the approach itself feels insecure, where your data is stored on servers and systems you don’t own or control. 

However, security is really defined by the processes and mechanisms in place.  The reality is that it matters not where your data exists, but the ways of access.  This is the case for both cloud-based systems, and traditional computing.  We’ve seen this movie before.  In the movement to smaller and more distributed systems, as well as the PC, and now devices, those charged with security screamed about the inherent risks around leveraging new technology.  Problems did exist, but they were quickly solved.  Cloud is no different.

The path to security in the cloud is not much different than the path to security for internal systems.  Why do many cloud-based systems seem to actually do better in these studies?  Typically, more planning and technology goes into securing public cloud-based systems due to the assumption that security will be an issue. 

The use of cloud-based platforms to store healthcare data is something that seems unnatural for most of those who run IT shops in the healthcare vertical.  However, the emerging data seems to pushback on this notion, albeit most healthcare organizations should approach cloud computing with a clear security plan.  If they do that, all will be well with placing data in the cloud. 

Agree/disagree? Let us know on Twitter @CloudGathering.

By David Linthicum

Posted on July 18, 2013 in Cloud Perspectives

Share the Story

About the Author

Responses (2)

  1. Cloud EHR Lessons Learned in Haiti
    July 30, 2013 at 12:39 am ·

    […] The healthcare industry also has preconceived notions about cloud computing, too-namely, that the cloud isn’t secure enough for patient data. […]

  2. […] Continuing our discussion from my last blog in July, perhaps it’s helpful to drive deeper into security approaches and technology for use within clouds that serve the healthcare vertical.  We’ll start by focusing on the fundamentals of cloud security for healthcare.  However, some of this is transferable to other verticals as well. […]

Leave a reply

Back to Top