Cloud computing myths vs. risks

By Molly Merrill
09:21 AM

Cloud computing has become a hot topic among healthcare CIOs, who are divided about its benefits.

Andrew Sroka, president and CEO of Fischer International, says the debate over cloud computing is well-justified given the proliferation of soft data, new patient privacy standards and ever-changing regulation. Sroka shares with Healthcare IT News the most common myths and potential risks associated with deploying IT processes via cloud computing.

[See also: Survey: IT confidence surging, fueled by healthcare.]

Three of the most common myths:

Myth #1: Identity management in the cloud is less secure. Quite the opposite, says Sroka. The cloud is often more secure and, in most cases, offers a more reliable and more scalable facility for healthcare organizations. Most information is encrypted in the cloud, whereas when solutions are deployed on-premise it is not uncommon for sensitive information to remain unencrypted, such as administrative credentials coded into scripts or configuration files, and personally-identifiable information.

Myth #2: One has to dramatically change infrastructure to accommodate identity management (IdM) in the cloud. No infrastructure changes are necessary for an organization to take advantage of cloud-based IdM services. Integration with existing IT systems can be accomplished seamlessly, as if the IdM solution were running on-premise.

Myth #3: Cloud-based identity management solutions are less capable than on-premise solutions
Cloud-based IdM solutions don't have to be different from on-premise solutions and can deliver the same functionality. However, cloud-based IdM solutions have a business driver making them different. The hosting provider will want to drive down the cost of hosting to take advantage of hardware/software/technical resource consolidation. In order to do so, IdM solutions running in the cloud must have a better design and they must be easier to maintain.     

Sroka says that when looking at actual risks, it is important to keep in mind that transitioning to the cloud does not present any unique risks to sensitive patient and personnel data that don't already exist in an on-premise environment.

[See also:  Survey: Majority of organizations don't protect patient data during software development.]

See the next page to read the three most common risks of cloud computing.

Three of the most common risks:

Risk #1: Inadequate Access Control Policies. Failure to clearly articulate and enforce department and organization-wide IT security policies and procedures creates both internal and external confusion, which can lead to ongoing threats and vulnerabilities.

Risk #2: Lack of Education. When employees and other users are not educated on the "do's and don'ts" of IT security, they are less likely to take the proper steps to secure their own information. For a CIO and his/her IT department, an uneducated user base can quickly become your worst enemy.

Risk #3: Insider Threat. Most data breaches are the result of an internal user (yes, even employees, says Sroka) with access to sensitive information who unwittingly acts as an accomplice or an enabler to an external threat.

Gartner predicts a 20 percent CAGR (compound annual growth rate) increase in cloud services through 2014. Sroka says healthcare organizations that embrace this trend ahead of other adopters will not only achieve improved compliance and data security for their organizations, but also continue to provide patient care in a safe and secure environment.

Sroka oversees global operations for Fischer International Identity, LLC, and other holdings within the Zenerji, LLC portfolio management group, including Fischer International Systems Corporation.

For more information click here.