In a recent post, bTrade’s MFT Nation explored two matters to consider when deciding between deploying your IT infrastructure on-premise (“on-prem”) or moving some or all of it to “the cloud.” We said in that post that while cybersecurity considerations are “always vital,” some industry sectors generally do not trust cloud providers to safeguard their data. Well, based on a recent report on CIO cloud perspectives, perhaps we should add the healthcare industry to the list of doubters.
The article, entitled “Healthcare Cloud Take-off: Waiting for the Fog to Clear,” summarizes the results of a survey taken at HIMSS18 Las Vegas conference of 175 healthcare IT professionals. Although nearly 60% of respondents said their organizations have placed a priority on moving some IT to the cloud, only about 30% have devised a cloud migration strategy. Why? According to the survey, HIPAA compliance, security, and privacy worries are the main reasons why healthcare IT professionals are reluctant to use the cloud. And around 50 percent of respondents cited security concerns as their primary worry associated with cloud migration.
The CEO of the company that produced the report offered this thought about the results: “Although cloud hosting for healthcare has become mainstream, the understanding of and confidence in the cloud to meet the exacting standards of the highly regulated industry is still a major concern for healthcare systems.” The report concluded with this observation: “Healthcare organizations are not 100 percent convinced that cloud storage is safe for the protected health information (PHI) of their patients and therefore remain grounded for take-off.”
bTrade’s services team routinely deals with a wide array of issues in connection with each deployment of its managed file transfer software solutions. One such issue, which affects organizations of all sizes, concerns how to structure all the hardware and software assets.
The discussion usually focuses on whether to deploy on-premise (“on-prem”) or move some or all of the IT infrastructure to “the cloud.” The principal difference between the two is how each is deployed. Cloud-based software is hosted on the vendor’s servers or a third party, whereas on-prem software is installed locally on an organization’s own computers and servers.
bTrade’s managed file transfer offerings are available for both on-prem and cloud deployments. In fact, some bTrade customers have deployed a “hybrid” system that utilizes both on-prem and cloud. For purposes of this post, MFT Nation will explore recent articles which touch upon two critical points to consider when deciding between on-prem and cloud, or some combination thereof.
When the push to the cloud began, the main reasons for moving were efficiency and cost savings. Many articles like this one continue to trumpet the virtues of cloud in terms of cost savings and efficiency. The author of the subject article pushes potential cost savings in a pitch of “pay less and get more.” The author also touts the efficiency of cloud solutions he claims can be “put to work with relative ease.” We need to temper the enthusiasm of the author, at least a bit, with a few IT realities.
The decision of whether and to what extent to move to the cloud is not done with “relative ease.” It is a complex task with many variables. And it is made all the more complicated by the overwhelming number of options, such as hybrid and multi-cloud approaches, which can blur the line between the cloud and on-prem deployment options.
As the number of cloud deployments has increased, so too have the related costs. Expect costs to continuing increasing as the big boys—Amazon, Microsoft and Google, and to a lesser extent, Rackspace—dominate the market and limit competition. As a result, a cottage industry has developed with products/services designed to cut cloud costs. For example, one company touts its products’ ability to cut cloud costs “by up to 65% in a matter of minutes.” This confirms that cloud costs are increasing if a vendor is able to eliminate 65% of waste, and accomplish the task “in a matter of minutes.”
As for the promise of increased efficiencies, you should know that resources will still be needed to manage your cloud or multi-cloud infrastructure, including tracking/controlling cloud costs, gaining visibility and control of multi-cloud infrastructure, and eliminating wasted spend by right-sizing resources and terminating idle resources. And you may feel the need to invest a portion of your IT spend in products/services related to managing your cloud infrastructure.
An article caught our eye because it claims “the future of cybersecurity is in the cloud.” Really? In our experience, customers choose on-prem systems when cybersecurity is the paramount concern. Security considerations are always vital, but some industry sectors will not trust others with important data, such as the banking/financial services industry. Also, some IT pros, regardless of industry sector, have the same type of adverse reaction when it comes to trusting cloud vendors to safeguard crucial data.
The article’s author recognizes that there are “many opponents” of cloud security. He claims to be ex-FBI and says the FBI “feared the Internet so much that agency computers functioned solely on an isolated intranet connected via hard cables.” The author also concedes that “not all cloud services are equal in their dedication to security,” and he lists specific security problems with cloud services that have led to data breaches, such as “poor configuration,” lack of “strong authentication, encryption (both in transit and at rest) and audit logging,” “[f]ailure to isolate a user’s data from other tenants in a cloud environment together with privacy controls that are not robust enough to control access,” and “[f]ailure to maintain and patch to ensure that known flaws are not exploited in the cloud service.”
So why, you might ask, is the author nonetheless pushing the cloud as the “future of cybersecurity”? It should be noted that the author works for some type of cloud company, so we can assume he is biased in favor of the cloud. But basically, he believes “[t]he cloud can leverage big data and instant analytics over a large swath of end users to instantly address known threats and predict threats that seek to overwhelm security.” The article lacks any specifics about how this unidentified, nebulous super cloud will be able to accomplish the task of “predictive security.” And in any event, after all we’ve heard lately about the “Deep State” and how Facebook and other social media platforms are using (or misusing) customer data, we question whether anyone is excited about relying on some type of super cloud system to protect confidential data.
If you want to speak with bTrade’s data security experts about deployment models, please contact us at email@example.com. If you want to keep updated on developments in the world of secure file transfer and data security, follow us on Twitter, LinkedIn, and our blog MFT Nation.
This is a clever, well-written piece proffering six common sense steps to maintain good cyber hygiene: https://ubm.io/2KsxcMW. Of course you can find the same type of, but more detailed cyber hygiene advice from free government sources, like this one: https://lnkd.in/gF3U5Wa. Here’s another good government source for cyber hygiene as it relates to small businesses: https://bit.ly/1Mimb9p.