Opinion: Cloud is more secure than traditional networks
Australian companies are keen to embrace new technologies and despite ill-informed perceptions of cloud security limitations, adoption of cloud solutions continues unabated.
In fact, as indicated in a recent Forbes article, Oracle Australia and New Zealand managing director Tim Ebbeck believes that advances in the cloud are driven by companies’ belief that the cloud aids success in a global marketplace.
However, some are reluctant to place data in the cloud, believing that the resulting lack of admin control, which can vary from provider to provider, can result in security lapses.
This is not the case. The benefits in efficiency can outweigh any disadvantages, allowing on-site IT staff to concentrate on internal tasks. OS updates, a significant drain on IT resources, are automatically handled by remote staff, for example.
Selecting a third party cloud provider may seem a daunting task but a little research can yield positive results.
Companies in the public and private sectors in Australia must adhere to legislative requirements, especially in the area of data privacy, with the main consideration being the Privacy Act 1988. In March 2014, 13 new Australia Privacy Principles (APPs) were introduced, two of which directly relate to the cloud.
APP8 regulates the transfer or disclosure of personal information outside Australia’s borders and APP11.1, which requires that companies take “take reasonable steps to protect the personal information it holds from misuse, interference and loss and from unauthorised access, modification or disclosure".
Providers of cloud services also use encryption to secure data and many are industry certified. For example, ISO certifications holders have passed an independent audit by experts in accounting, auditing and data security, with all policies and procedures tested and evaluated.
Clearly, there are other considerations when dealing with medical records, with data loss and recovery options absolute minimum requirements. Again, top tier data centres meet requirements, with multiple back-ups and disaster recovery solutions in place to prevent loss of information.
In addition, the physical security practices of the data centre are audited, to ensure on-site staff cannot access privileged information and that intruders cannot use low-tech hacking techniques to acquire data.
User permission management ensures that only authorised staff can access medical data, with software and hardware encryption at all stages of the process. In addition, secure file and folder controls prevent successful hacking attempts.
Once all of these conditions are met, under conditions that exceed those required for on-premise networks, cloud security concerns are eliminated. However, it is recommended that service-level agreements (SLAs) are analysed carefully to ensure adequate disaster recovery solutions are included, with some charging extra for off-site tape back-up, for example.
Cost is not the most important consideration when selecting a cloud provider. Instead consider the importance of securing medical data and choose a solution that exceeds those requirements, allowing a certain level of future proofing as technology advances to improve process efficiency.
There are specific factors to consider when deciding which cloud provider you wish to use. The first and most important factor is to ensure that the data centre used is located in Australia and has passed through all the relevant audits, as well as having met all the required standards.
A data breach represents a disaster for any business and likewise for any cloud technology vendor. A good start in assessing what security strategies the vendors offer is to ask how they keep your data separate from other companies' data. Ask whether your company will share the same virtual server or application server with others, and finally, ask how the vendor can ensure that people without the right credentials aren't able to access your data.
The second factor to consider would be the type of cloud service being offered by the provider. Not all cloud computing solutions are the same and they differ from one vendor to another. Some providers may offer a remote desktop-like solution (log into a virtual desktop) from a single data centre whilst other providers with more capabilities will be able to offer a complete cloud platform with redundant data centres, faster platforms and so on. We always recommend that you try the platform before committing to using it.
Another factor to consider would be to establish whether your local technology infrastructure could support a cloud-based environment. Whilst a cloud platform is hosted within high-end data centres, there are certain requirements that must be met so you can have the best possible user experience.
Some of those requirements include the Internet speed available to the business and whether it’s enough to handle the number of cloud users within your organisation.
Not requiring super computers or a server is a great benefit of using a cloud-based platform, yet a requirement that tends to be forgotten is the local hardware that is currently used. There needs to be an assessment by the vendor to confirm that the router, network cables, printers, scanners and end user devices are all sufficient to deliver the best cloud user experience.
There is no doubt that the cloud revolution is well on its way in Australia and we have some of the best security laws, technologies and resources in the world. We see new emerging niches with cloud-only IT vendors or cloud-based health businesses venturing all around Australia.
This only brings opportunity and competition to a very exciting marketplace. As we are aware, an increase in competition will bring quality in service with it.
Rob Khamas is an eHealth solutions strategist with REND Tech Associates.
Posted in Australian eHealth