For highly collaborative industries like healthcare, there is no doubt cloud computing can be a positive force if harnessed correctly. Cloud-based electronic health records (EHRs), for example, can give doctors a better ability to access records quickly, understand their patients at deeper levels and more easily diagnose diseases. For patients, this can increase the access they have to their own medical records and make treatment easier. However, cloud security is a question that remains for many healthcare organizations, especially as it concerns the physical location of these cloud servers where health data lies.
EHR Intelligence said there is less comfort with the notion of cloud computing when it comes to storage and the use of servers that are not onsite. Dan Haley, Vice President Government and Regulatory Affairs for Athenahealth, said that secure clouds strike many executives as something of an oxymoron, since it is supposed to be free, easy and accessible. However, he said his company has a function in place to make sure healthcare records are kept secure.
“But as a cloud-based provider, we have a team people whose only job is to make sure that our network is secure and we comply with all those rules that you’re talking about,” Haley said. “So they have current and comprehensive knowledge of the rules we have to comply with and active, literal 24/7 attention to functional compliance with those rules.”
EHR Intelligence said looking at stories of where healthcare breaches have come from over the past few years shows that data loss or theft is almost always the problem. Cloud computing can eliminate that risk, as the chance for losing a device containing key information is no longer a possibility when the data is being held and secured on another site. While no system is completely without deficiencies or errors, the website said, the cloud can in many cases improve upon the previous security situation a company had.
Physical security taken seriously
While every situation comes down to a company looking into a provider and their own situation and deciding where to go from there, Dark Reading highlighted a recent post by data center operator Rackspace which highlights how seriously physical security of their data center is taken. The company outlined some of the standard security features that it puts in place in efforts to make sure outsiders and insiders alike do not have complete access to customer files and information.
“We require two-factor authentication to access all data center facilities to ensure only authorized personnel can enter,” Jim Battenberg, cloud evangelist for Rackspace, wrote on the company website. “Our data centers also feature electromechanical locks controlled by biometric authentication (hand geometry or fingerprint scanner) and key-card/badge. And access to secure sub-areas is granted on a role-specific basis – if you’re not supposed to be in there, you won’t be allowed in there.”
All of this is necessary because, as Dark Reading puts it, insiders can be a big threat at any company. A physical breach may not be the biggest breach worry, but it is a significant issue when dealing with data center security. Rocky DeStafeno, CEO of security consultancy VisibleRisk, said the problem is the cost of bribing someone to get data is so small compared to the value of top secret information that no cloud hosting center can ever be too careful.
Oded Horovitz, co-founder and CEO of startup PrivateCore, said while companies move to the cloud to have a more efficient and better way of data management, they also give up an aspect of control over access to the data. Even encrypted data can be accessed, so businesses must make sure they are working with a trusted provider.
“Cloud providers might claim that they have the best physical security in the world, but how do you know that?” Horovitz asks. “It’s not that physical security is different because it’s in the cloud, the difference is that you are no longer doing it, someone else is doing it for you, and now you have trust somebody with physical security.”
Cloud Security News from SimplySecurity.com by Trend Micro.