How safe is the cloud?
By Jay Savaiano, February 2012
All of the pieces are in place to enable secure and compliant cloud-based storage environments.
For the past several years, cloud security has been one of the biggest concerns among healthcare IT decision-makers as they consider how best to transition operational and clinical applications and data out of the healthcare IT data center and into the cloud. The real question is one of perception versus reality.
A perceived lack of cloud security can sometimes stop a healthcare IT organization dead in its tracks when it looks at the cloud as an option for data storage. Many industries, particularly healthcare, have always been held to a higher standard when it comes to regulatory compliance and data retention, which prevents them from taking a “risk” in the cloud. Also, the lack of cloud providers who are willing to sign business associate agreements (BAA) as mandated by HIPAA has limited the amount of options for healthcare organizations. This unjustified fear of lax cloud security and support of compliance requirements means healthcare IT organizations lose out on all of the business, cost and operational benefits that can come with storing data in the cloud.
The economic benefits that come with storing operational and clinical data in the cloud are too great to ignore. Because cloud storage providers leverage multi-tenant architectures, infrastructure costs are shared across many users. This helps lower costs substantially versus on-site solutions, which require additional provisioning, power, cooling costs and more.
While many organizations benefit today from keeping online, de-duplicated data copies available for fast recovery, massive growth will still require more disk and tape to contain exploding amounts of data. Cloud storage offers a low-cost tier of storage that enables several new compliance, disaster recovery and data backup solutions. More readily available than offline vaulted data, cloud-based storage delivers these key use cases to help solve today’s data management problems, including:
• Tiering data retention to cloud storage, which alleviates the need to expand data center capacity;
• Archiving stale data to cloud-based storage to free up existing space within the data center;
• Cost-effective disaster recovery for small and medium healthcare organizations without large upfront and operational investment;
• Content indexing data before moving to the cloud to meet compliance requirements and minimize search/retrieval times during e-discovery operations; and
• Remote office backup directly to cloud-based storage.
There are many aspects to securing data in the cloud. People who move application and email servers into the cloud are concerned with spam, hackers and phishing attacks. Those who are considering the cloud to store data for disaster recovery or long-term archiving/retention of operational and clinical data or PACS images are concerned with others gaining access or visibility into vital clinical data. There is also physical security and the specter of some nameless individual strolling into a cloud service provider’s data center and walking away with a jump drive full of patient data. Many healthcare IT decision-makers are worried about all of the above.
Think about the data in terms of your own data center. You have anti-virus and filtering software tools that monitor and prevent email attacks, as well as encryption and data storage technologies to meet your needs for compliance, recovery and retention. Healthcare vendors offering cloud-based services know that the support of BAA is mandatory for your organization. It is also a safe bet that cloud service providers have guards protecting their physical sites.
There are a few things that you should look for, however, to ensure that your data is being protected in the cloud. Your cloud solution should include:
• Embedded encryption that secures data backup and archive data in-flight or stored within the cloud;
• Integrated alerting, reporting and data verification functionality to help ensure that data has safely reached the cloud without the risk associated with manual scripting or standalone gateway appliances;
• Native REST/HTTP integration to deliver seamless data and information management across on-site and cloud-based storage architectures; and
• Integrated features, such as de-duplication and compression to enable efficient movement of backup and archive data across a network for long-term cloud storage.
It is inevitable that healthcare IT organizations will turn to the cloud to keep pace with the growth of data and the demands placed upon them by meaningful-use requirements. It may take time to overcome the fear inherent in handing over control of your data to someone else. But consider this: There was a time when using a credit card online invoked the same type of fear; nobody wanted to be the first to dip a toe in the pool. The technology needed to keep data secure, protected and recoverable is here today, and adoption will grow. It’s just a matter of time.
Jay Savaiano is director of healthcare business development, CommVault. For more on CommVault, click here.