Cloud Security in the Healthcare Vertical

As we begin to study security, healthcare, and the cloud, we’re finding that cloud-based data storage systems are perhaps more secure than traditional on-premise systems.  Most in the healthcare space have yet to accept this situation, and perhaps won’t accept it until more deployments occur.

The data is beginning to appear.  According to Alert Logic’s Fall 2012State of the Cloud Security Report, the variations in the threat activity are not as important as where the infrastructure is located.  The report finds that anything that can be possibly accessed from outside, whether enterprise or cloud, has equal chances of being attacked because attacks are opportunistic in nature.

The report further finds that Web application-based attacks hit both service provider environments (53% of organizations) and on-premise environments (44% of organizations).  However, on-premise environment users or customers actually suffer more incidents than those of service provider environments.  On-premise environment users experience an average of 61.4 attacks while service provider environment customers averaged only 27.8.  On-premise environment users also suffered significantly more brute force attacks compared to their counterparts.

Clearly, there are myths out there that cloud computing is inherently less secure than traditional approaches.  Those myths are prominent in the world of Healthcare IT.  Consider the nature of the data, and the laws and regulations that typically surround that data.  The paranoia is due largely to the fact that, just the approach itself feels insecure, where your data is stored on servers and systems you don’t own or control. 

However, security is really defined by the processes and mechanisms in place.  The reality is that it matters not where your data exists, but the ways of access.  This is the case for both cloud-based systems, and traditional computing.  We’ve seen this movie before.  In the movement to smaller and more distributed systems, as well as the PC, and now devices, those charged with security screamed about the inherent risks around leveraging new technology.  Problems did exist, but they were quickly solved.  Cloud is no different.

The path to security in the cloud is not much different than the path to security for internal systems.  Why do many cloud-based systems seem to actually do better in these studies?  Typically, more planning and technology goes into securing public cloud-based systems due to the assumption that security will be an issue. 

The use of cloud-based platforms to store healthcare data is something that seems unnatural for most of those who run IT shops in the healthcare vertical.  However, the emerging data seems to pushback on this notion, albeit most healthcare organizations should approach cloud computing with a clear security plan.  If they do that, all will be well with placing data in the cloud. 

Agree/disagree? Let us know on Twitter @CloudGathering.

By David Linthicum

Leave a Reply

Your email address will not be published. Required fields are marked *