Cloud Computing and Security

June 22, 2011

The idea of cloud computing has definitely taken hold in the healthcare industry. According to the Cloud Computing Tracking Poll, an assessment by CDW LLC, a technology solutions vendor, of current and future cloud use in business, government, healthcare and education, 28 percent of U.S. organizations are using the cloud today. CDW defines cloud computing as enabling on-demand access to a shared pool of configurable computing resources (networks, servers, storage, applications, services) that can be rapidly made available.

Healthcare organizations were a little above that average, with 30 percent of organizations saying they were implementing or maintaining cloud computing. According to Nathan Coutinho, enterprise server/storage/virtualization manager of CDW, says that there is a great deal of interest among potential cloud computing users, many organizations have expressed concerns over security issues. In fact, security concerns ranked as the top roadblock to implementation, with 41 percent of respondents across all segments saying it held their organization back from either adopting or further implementing the cloud.

Mac McMillan, who is chair of the HIMSS Privacy and Steering Committee, notes that cloud computing, from a business perspective, is compelling. “From a business sense, it is a smart thing to do,” he says. “From a security perspective, it is a smart thing to do if it is done correctly,” he says. That means that the provider must give a thorough vetting of any cloud provider it is considering using as a partner. For starters: what kind of a cloud model is the vendor offering? Public or private? What practices and measures does the provider have in place to make sure that the data will be managed in a secure way?

One useful source of information about securing data on the cloud is the Cloud Security Alliance, he recommends. “There is good information out there that people can use to ask the right questions of their cloud vendor, to find out if they are going to meet their needs from a compliance perspective and a data security perspective,” he says.

of 2Next