Cloud computing does not mean degraded security; in fact, the cloud is safer for storing data when you work with the right partner.
Is Data Safe in the Cloud?
Peak 10’s 2nd National IT Trends in Healthcare Study demonstrated that security and data privacy are currently major priorities for IT decision makers in healthcare, and generated feedback on common cloud computing adoption barriers.
The survey also provided a benchmark for which applications healthcare organizations are currently hosting in the cloud, and how many applications are being transitioned.
On the topic of security, healthcare organizations are definitely being challenged with figuring out how to be adequately proactive and reactive while allocating the right amount of resources. Further, many hospitals and physician’s offices are weighing the pros and cons of migrating to the cloud, but some have the false perception that security of sensitive data would be compromised, and in-house management is the best option.
The idea that data isn’t safe in the cloud seems to be a misconception heard frequently throughout the industry grapevine, but it’s not consistent with fact. There are many benefits and efficiencies to be gained in moving to the cloud, so long as your migration strategy is sound.
Security and Data Privacy Are Top Worries for Healthcare
Peak 10’s healthcare study unquestionably indicates that extreme caution is being used where security and data privacy are concerned, and with good reason.
“It’s a ‘never sleep always worry’ [situation].” – CTO at GA hospital
Obviously, the constant threat of data breaches, especially given the increase in frequency throughout the healthcare industry, is a major concern. Coupled with the potential for attacks are compliance requirements—security is a considerable aspect. All in all, healthcare organizations are very focused on avoiding being targeted and failing to comply.
Here is the main feedback we received:
- Cybersecurity is critical, but addressing it adequately can be difficult given current resources.
- Ransomware is a primary concern, and healthcare organizations are scrambling to protect themselves.
- It’s a known fact that internal staff practices expose organizations to risk, and it’s difficult to manage in an industry that’s supported by connected devices and patient self-service.
Hesitating to Join the Great Cloud Migration
“Cybersecurity is increasingly important, however it’s difficult to cover given the current talent & team bandwidth.” – CIO from a NE Health Services organization
Cloud Adoption Barriers
Despite the perception that the cloud is an inherently less secure place to store data, migrating data and applications is actually a really beneficial option for all healthcare organizations. Decision makers just need to understand their needs and requirements, and work with a partner who can optimally support the process.
The healthcare survey helped pinpoint some of the main common barriers to cloud adoption, as well as insight into the plans of those who have already begun migrating. It revealed that most organizations who have not yet taken the leap are hesitating because of data privacy and security concerns—over 80%. Other top reasons include budgetary constraints, potential loss of control over data, concern for degraded connectivity speed and successfully meeting compliance standards.
Applications in the Cloud
Although the study did reveal that security causes a lot of hesitation to migrate, some healthcare organizations are seeing the benefits. Around 25% of participants plan to have the majority of their applications in the cloud in the next year. However, the majority are keeping less than 5% of applications in the cloud and aren’t planning a migration. This is where there’s an opportunity for impactful change.
Cloud Security, Fictions and Truths
#1 Keeping Data Close
The number one reason healthcare IT leaders are so worried about cloud security is really a matter of perception. Healthcare organizations are simply accustomed to having their data close to them, with systems located on-premise, and feeling like the IT team is controlling everything that goes on. If they outsource, they’ll have to develop trust in a third-party vendor to do everything correctly, and keep data as secure as it is internally. The worry is stemming from the fact that in some ways, decision makers are personally liable for breaches, and feel that their careers hang in the balance of keeping everything secure—the belief is consistent with an If it isn’t broken, don’t fix it mentality. If everything is working fine on-premise, and the business has been doing it this way for 10 years, why disturb it just to save money or get the latest technology?
In truth, migrating to the cloud is actually a better option to address all of the above concerns than internal management. First, administrators will have access that works the same way as if systems stayed on-premise; there is no loss to visibility. Second, while the IT team won’t necessarily have granular control of all goings-on, this is actually a positive—your IT resources will have considerably more time to focus on objectives critical to their roles, rather than the repeated, stressful process of responding to alerts and blinking lights.
#2 Noisy Neighbors Will Undermine Our Performance and Security
Many healthcare organizations get caught up in the viewpoint that outsourcing intrinsically means housing environments in a multi-tenant cloud with neighbors who are sharing your resources and can negatively impact security controls, and how you operate in general. Plus, some healthcare businesses have agreements with both customers and partners stipulating that all data must be on dedicated infrastructure—not shared in any capacity, ever. Physical separation is a must, and these types of organizations tend to feel that such a level of security and separation cannot possibly be achieved in the cloud. The result is increased resistance to using the cloud.
While it is true that a public cloud environment will be multi-tenant, an alternative path for a healthcare organization that requires separated resources would be to outsource to a dedicated environment using a hosted virtual private cloud. Private clouds allow for both logical and physical separation of resources, which closely mirrors what an infrastructure would look like on-premise. There is a viable option for truly dedicated resources, and it’s just as secure as managing systems on your own (actually, more secure).
Further, a multi-tenant public cloud environment is often an ideal option for a healthcare organization, depending on requirements.
#3 We Can Handle IT Resources Better and More Safely Ourselves
So many IT decision makers feel strongly that their internal IT team can better, and more safely carry out organizational IT initiatives over a third-party vendor. This is, again, a matter of perception.
The fact is, a reputable cloud provider spends 100% of their time dedicating their efforts to every aspect of managing and storing data, from how data centers are maintained to infrastructure makeup, to how technical professionals are trained, as well as consistent security practices. A cloud provider is more than likely going to have stronger engineers than a hospital, for instance, has resources for—also, its customers have access to the best-of-breed equipment they use in a data center, including hardware, generators, backup systems, and cooling systems. The added bonus is that healthcare organizations also have access to a wide array of additional IT services, such as managed security, application support, or backups, for starters.
Outsourcing to a Cloud Vendor Is More Secure, Eliminates or Greatly Reduces the Need to Expand IT Staff, and Is Usually More Cost-Effective
…And that’s the truth. Seasoned cloud partners typically also offer data security services, which means they know how to secure your environment, and that doesn’t include the multi-layered physical security controls that are already in place. Migrating to the cloud is, without question, more secure than managing your systems in-house; not because your IT organization is inferior, but because IT is not a healthcare organization’s core business, and it shouldn’t be.
Moreover, there are a lot of added benefits. Trusting a provider with your data eliminates, or significantly reduces, your need to add to your internal IT team, and allows the employees you already have to focus on initiatives that directly impact your organization’s daily operations and growth—which in turn, makes it more cost-effective. Not having to put forth the capital expenditure for hardware refreshes and general maintenance activities also saves quite a bit for your technology budget.
More Healthcare IT Feedback, More Knowledge
Peak 10’s 2nd National IT Trends in Healthcare Study brought about quite a bit of feedback from healthcare IT decision makers in your shoes, from security concerns to compliance requirements. Find out what your peers are up against, and how you can improve your IT organization. See the Peak 10 Industry Spotlight: Healthcare IT website. Or contact us today at www.peak10.com/contact-us or (866) 473-2510 to speak with one of our experts.