Hospitals and healthcare organizations are in the center of a digital revolution that is allowing them to evolve the outdated ways of capturing, storing, and sharing information. Technology is constantly changing to make the healthcare industry more accurate, more innovative, and move faster. To keep up with needs for greater IT infrastructure agility and performance, many world-class healthcare organizations are exploring the benefits of the cloud.
The appeal of on-demand cloud services combined with the advances in security has healthcare IT no longer asking, “why move to the cloud?” but “when and how do we do it?” According to Healthcare IT News, the global adoption for cloud services in healthcare has grown from $3.73 billion in 2015 to an estimated $9.5 billion by next year.
Of those making the move to cloud, many are seeking out the major public cloud providers like Amazon Web Services (AWS) and Microsoft Azure. After having time to experience the public cloud, many healthcare organizations are finding a major disconnect between their expectations and the results they are experiencing. Find out about the three challenges that healthcare organizations are facing in the public cloud.
The Public Cloud Disconnect
Industry analyst firm, Enterprise Management Associates (EMA), conducted a survey of more than 400 IT professionals around the world. They were asked to share their experiences with public cloud IaaS (Infrastructure as a Service) providers, such as AWS, Azure, and Rackspace. The goal was to understand the successes and failures, achievements and challenges, wants and needs. Based on the report title, “Casualties of Cloud Wars: Customers Are Paying the Price,” you can get an idea of how the results turned out.
The analyst group’s conclusion was that companies using large public cloud vendors are experiencing failure rates nearly 60 percent of the time. According to Tech Republic, top concerns professionals have for applications deployed in the public cloud include:
- Visibility into data and application traffic (65 percent)
- Secure delivery of cloud traffic to on-premises monitoring solutions (61 percent)
- Ability to filter cloud traffic before sending to data center (34 percent)
- Access to network packet details (34 percent)
- Access to network packets flowing across containers (32 percent)
While there are a lot of different angles and categories by which these problems and failures can be categorized and evaluated, there are three major risks hospitals and other healthcare organizations should pay attention to before moving their IT workloads to a public cloud environment.
If you are in the healthcare field, do not shy away from healthcare cloud options. There are some great private or hybrid cloud services out there to help you make your healthcare operations a lot more agile.
Protecting patients’ health information is a top concern for healthcare staff and administration. If breached, the business will face financial and reputational consequences from HIPAA and HITRUST. Thankfully, cloud providers offer superior security than what most companies have available. So, how is security a major risk in public cloud? The primary public cloud security risk is a divide between the healthcare organization and cloud provider as to who is responsible for applying and managing each aspect of security.
The misunderstanding and miscommunication typically will go unnoticed until a breach in security happens. Public cloud providers may have certain security measures in place, but the majority of the security burden falls on the shoulders of the healthcare organization. This tends to introduce a new series of challenges, like overburdening IT staff.
Public cloud providers have done a great job marketing their services as a way to make your lives simpler and more secure. Unfortunately, common IT tasks like change management, capacity planning, and availability planning do not go away after workloads move to the cloud; they just evolve in the way they are handled. While public cloud providers tout their security as a selling point, healthcare organizations must fully understand who is in charge of managing what before migrating any private data.
IT professionals were surveyed by Ixia, and the results show that 90 percent of them are concerned about data and application security in public clouds.
How Private Cloud Overcomes these Security Challenges
Rather than being hosted publicly, a private cloud service provides an isolated environment for businesses looking for more stringent security to operate. ‘Private’ cloud is defined by Gartner as “a form of cloud computing that is used by only one organization, or that ensures that an organization is completely isolated from others.”
Ultimately, security and compliance experts tend to recommend private cloud because it can provide security advantages over a public cloud. Private cloud is the same service as a public cloud, but it sits behind your firewall and limits access to internal departments, customers, and other non-essential personnel. The private cloud is either run by your IT department or your data center provider.
Jeff Borek, worldwide program director for cloud computing at IBM, provided some insight into the arguments on both sides in an article for Wired magazine:
“The pro-public crowd has long argued that the ability to consume IT and related services on a pay-per-use model, the speed of access to resources, and the flexibility to add and drop capacity make their approach the only way to go. The pro-private camp is quick to remind clients that enabling private cloud capabilities—either on-site or in a private-hosted environment—provides the highest levels of management visibility, control, security, privacy, and physical data proximity. The peace of mind knowing exactly where your key business and client data resides at all times.”
While security and compliance tend to go hand in hand, they are separate categories that each provide different challenges for public cloud users. Maintaining compliance with regulations like HIPAA, HITECH, and many others is both expensive and time consuming. It is important to understand that a public cloud provider is similar to adding one IT person to the team, rather than adding an entire team of compliance experts.
When it comes to the public cloud, compliance is still a major responsibility of the healthcare organization. Again, it is important to understand who is responsible for what when it comes to compliance before signing an agreement with a public cloud provider.
Another often overlooked compliance-related risk is the audit process. It is highly recommended that healthcare organizations find out how familiar the cloud provider is with the audit process and how accommodating they will be if the healthcare organization is audited.
How Private Cloud Overcomes these Compliance Challenges
If your organization handles sensitive data, such as credit card information, medical records, intellectual property or personally identifiable information (PII), there are certain compliance standards your organization has to meet that the public cloud will not be able to adhere to. Thankfully, a private cloud service can.
Outsourcing a hospital or clinic’s information security and IT infrastructure is an important decision and transferring legacy data and applications is a sensitive task. When searching for the right HIPAA-compliant cloud hosting provider, it is best that your provider has experience with healthcare customers.
LightEdge has extensive experience in the healthcare industry and is well-versed in addressing the dynamic needs of healthcare businesses. We have the expert knowledge to keep EHR and PHI secure and have the background experience dealing with industry rules and regulations and will be able to advise you on compliance actions your organization should be taking.
3. Unexpected Expenses
Often public cloud looks like the cheaper option in comparison to a private or hybrid solution. In fact, public cloud providers’ initial price listed when you sign up is either very low or non-existent. In the short-term, public cloud can see reasonably priced, but there are catches.
The issue is not so much the cost at the beginning. Transporting massive petabytes of data into the cloud can takes weeks or months, during which critical data might be unavailable. Most public cloud providers will charge a minor fee every time you attempt to access your data.
Things can get pretty pricey down the road when your healthcare organization starts running a bunch of analytics jobs. It can be easy for a CIO looking for cost savings to simply say, “let’s put everything we have in the public cloud” when everything you have is fairly minimal. But as data use rises, and it most definitely will in healthcare, so do transactional costs.
This is when organizations start to realize that a public cloud option is not a financially sound long-term plan. Unfortunately, if you are looking to pull your data out of the public cloud and migrate it to another solution, you will also be met with fees.
Moving your data from one provider to another can be a huge pain. This act of egress can result in significant costs, creating a form of cloud provider lock-in that can be difficult to break. David Linthicum at InfoWorld describes egress fees as such, “Imagine getting into a nightclub for free, no cover. Now, imagine leaving the club later that night, and it charges you a cover charge to leave. That’s pretty much what the cloud providers do.”
How Private Cloud Overcomes these Cost Challenges
Driven by a desire to reduce public cloud costs and increase control, enterprises are looking carefully at alternatives.
When it comes to private cloud, there are several options available. You can pay a fixed monthly price for a dedicated private cloud that only your company has access to, or you can use a pay-as-you-go virtual private cloud that offers you a logically isolated environment. In a managed environment, you can offload the burden of managing and optimizing your cloud environment and gain some value-added services.
Healthcare’s Compliant Cloud Leader
Security and compliance not only protect businesses from excessive regulatory fines, they also protect critical data from threats and breaches. From a dedicated physical infrastructure to a virtual delivery model, we’ve got the compliant cloud and hosting solution for your organization. Retain the level of control you want, and the amount of data isolation you require.
LightEdge’s highly trained compliance and security experts take the guesswork out of keeping your business protected. Trust our expertise to ensure you are covered through our security and compliance services, including risk management, information security, audit preparedness, and support.
LightEdge builds security and redundancy into every detail of our data center facilities and compliant service offerings, and our engineers have the know-how to advise you on meeting your compliance requirements, regardless of industry standard.
LightEdge also offers a free risk assessment from our Director of Compliance as a free resource to all of our clients. Based on findings from the risk assessment, our experts recommend the appropriate security controls you’ll need to protect sensitive data and pass audits. We assist in gathering the evidence and documentation you need to prove you’re in compliance; we even provide support during third-party audits. LightEdge is compliant with:
If you are interested in meeting with our compliance and security experts or touring of any of our 7 world-class data centers, contact us here. We have compliant cloud experts standing by to answer your questions. Start by getting a free quote today.
- What Is Cloud Repatriation And When Does It Make Sense?
- Key Takeaways: Security And Privacy Concerns For Healthcare Data
- Healthcare IoT Adoption In The HIPAA Compliance Landscape
- Why The Cloud Is Safer Than CIOs Believe: 6 Best Practices For Data Security
- Steps To Strengthen Compliance And Security For Mid- To Enterprise-Level Businesses
- Control The Risks Of IoT And BYOD In Healthcare: Part II
- Control The Risks Of IoT And BYOD In Healthcare: Part I
- Ultimate Guide to a Highly Compliant Cloud Environment
- How to Deploy a Secure, Compliant Cloud For Healthcare
- How to Secure your Network: 5 Fundamentals of Network Security
- HIPAA Guidelines: Maintaining Security and Compliance in the Cloud
- HIPAA Compliant Private Clouds
- What to Look for in HIPAA Compliant Hosting