This is reportedly the biggest concern in any organization looking to a cloud transition, even more so for healthcare providers handling sensitive, personal information. With conflicting opinions and a dizzying amount of information, it isn't hard become skeptical on cloud information security. Particularly for healthcare professionals, this is the first time facing the situation of putting sensitive patient records in someone else’s hands. This would understandably cause hesitation, and the term ‘cloud’ never evoked a sense of fortified security. However, the more one looks into cloud infrastructure, the more it becomes clear that:
- Attacks compared between traditional and cloud data centers vary mainly at the web application level, which is currently the least secure layer of cloud infrastructure. According to the most recent AlertLogic State of Cloud Security report, traditional data centers categorically received more attacks than data centers belonging to Cloud Hosting Providers, save for the web application attack category. These web app attacks are often the result of human error or negligence for security, otherwise attackers found it easier to enter on-premise, traditional environments.
- Threats are opportunistic in nature. Years from now, there will still be unpredictable vulnerabilities and threat opportunities when considering sensitive information in IT. Rather than finding an excuse to push off change, look toward the rapid advancement already occurring in cloud security, and the rise of Security as a Service as an addition to the categories of cloud service models. They move faster, respond better,and can operate with more agility using cloud infrastructure.
- It makes your job much easier as a healthcare provider when you let experts handle everything from hardware and virtualization to security and backup. Your costs can be reduced, your hardware will never become obsolete, and you can lose the headache of internally managed infrastructure. This makes keeping up with compliance easier and less of a burden on your behalf, as a good chunk of it is passed off to the hosting provider. If an item in HIPAA compliancy changes, a security professional from a managed services team can apply updates and alert you to changes while you focus on the organization.
Research reports and opinion leaders can explain the state of security in cloud infrastructure, but it may not impress one who isn't an IT enthusiast. There’s a simple rule that can be applied to this concern; it’s a bit crude, but it drives straight to the point. While a data breach would be a disaster for you, it would spell annihilation for a cloud services provider. They simply have more to lose than you do, as they are responsible not only for protection of your information but that of other businesses with sensitive data. This puts security as a monumental concern, and their data centers deploy almost military-grade security when you get down to the specifications. Compared to owned IT, a cloud-based service model is much more practical because you can offload increasingly complicated compliancy concerns and maintenance.