Healthcare did not lead the charge into the cloud. But it has been making up for lost time. The use of cloud platforms has grown substantially within healthcare provider organizations.

See the Guide:Cloud computing decision guide: Breaking down 7 top solutions for healthcare

A recent HIMSS Analytics survey of provider C-suite executives found that more than half are using Infrastructure-as-a-Service (Iaas) cloud platforms to provide an environment for a wide range of uses ranging from hosting internally developed programs to a running fully functional EHR.

HIPAA privacy and security concerns were one reason for the slow start. But once HHS provided clear guidance on how to address PHI issues and work through Business Associate (BA) relationships, everything changed.

Today, very few healthcare CIOs consider security a reason to avoid the cloud. Quite the opposite. The HIMSS Analytics survey found that disaster preparedness is now one of the leading reasons why healthcare CIOs are making the decision to shift resources onto cloud platforms. The savings are compelling. Why rent storage in a redundant data center to maintain a fully functioning backup when you can pay for only what you need in the cloud?

You don't have to worry about your infrastructure and data center, said Jason Bickford, Applications Director of Health Information Management Systems at Banner Health and president of the HIMSS Arizona Chapter. Cloud-based is the right way to go.

Disaster recovery in the cloud also has value as a stepping stone on the way to moving production-level clinical applications into a cloud environment. The logic is compelling. Once the backup clinical application has been confirmed to be running smoothly in parallel, the cloud option has proved itself reliable, so why not take advantage of the potential savings?

That is not to say that security isnt a priority. After budget limitations, HIMSS Analytics survey respondents cited security concerns as a reason to move slowly toward the cloud.

Regardless of whether a solution is hosted in your own data center or in the cloud, security should be a critical factor in your review, advises Susan Snedaker, Director, IT Infrastructure & Operations at Tucson Medical Center and author of the book IT Security Management. Theres nothing inherently more or less secure about a cloud option, but some cloud-based solutions may not meet todays stringent security requirements.

In selecting a cloud platform vendor, Snedaker advises a careful review of the vendors documentation and contracts. Pay attention to the providers security program and make sure that audits take place on a regular basis.

If your database is going to be hosted on the same server as another database from another company, what happens if the other database is attacked? Can the attacker then gain access to your data? Snedaker says. Be sure to understand the specifics of the hosting solution so you are clear about your vulnerabilities. Then take steps to mitigate them select a different solution, select a different hosting model, ask the vendor to modify policies, processes, procedures, access methods, etc. or accept the risk if it cannot be overcome and there are no better options.

Security consultant Tod Ferran of Halock Security Labs has performed audits of the large cloud platforms, Microsoft, Amazon and Google, and found the services are maintaining a very high level of security. In many ways, Ferran said, the cloud is a better choice because many hospitals cant afford the staff to make their systems secure enough.

As the nature of risk has changed, so has the value equation. Strong security means constant maintenance of operating systems and applications with the healthcare enterprise. HIT managers can gain peace of mind from knowing the updates are being performed by a vendor that is guaranteeing round-the-clock support, rather than by a hospital staff already stretched with aggressive internal project loads.

Many healthcare providers use multiple cloud vendors, cherry picking among the different options to align with specific demands of each application.

Organizations are not putting all their eggs in one basket, said Sandra Yu, cloud client executive at CDW. Its a multi-cloud world. CDW partners with a wide number of cloud hosts in providing managed cloud services, so Yu has experience with many vendors.

If you have needs for hyper computing, we would recommend a public hyper-scalar for that, she said. For PHI she would recommend a private cloud.

When it comes to applications that have a heavy computational workload, you need to be sensitive to the clouds latency and so she would recommend a cloud data center that is geographically closer. But for something that is not PHI-sensitive, she would recommend a public cloud where the costs should be lower.

The clinical apps that can work well in the cloud are typically those that are not transferring large files or data streams, Snedaker says. If youre going to host a data intensive clinical application in the cloud, you should be sure you have the right connectivity solution in place.

When factoring in all of the reasons to move to the cloud, in the end, cost is still a prime motivation. The savings are derived not only from reducing the cost of maintaining data centers. The pricing for IaaS continues to go down.

Its like a race to the bottom, Yu said, noting that when one of the major vendors lowers its price, the others are quick to match it. Pricing among the leading public cloud vendors is generally on par now, so decisions should be made after shopping for the services and support that youll need. Pay as you go options are readily available, so trials are simple to setup.

Twitter:@GusVendittoEmail the writer: gus.venditto@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn

More:
Stronger security and disaster planning fuel healthcare's migration to the cloud - Healthcare IT News

A cyber attack that affected a cloud-hosting and service provider resulted in access to patient data of Surgical Dermatology Group in Alabama, a specialty practice that has offices in Birmingham, Montgomery and Huntsville.

Hackers were able to penetrate TekLinks, which provides cloud services to Surgical Dermatology; the cloud provider notified the practice of the about the intrusion in early June.

TekLinks has assured us that all unauthorized access was terminated on May 1, 2017, and that monitoring by TekLinks from April 22 through May 1 showed no further malicious activity during that time period, the practice told patients in a notification letter.

Also See: Dermatology practice struck by ransomware attack

Information that was compromised included patient names, addresses, home and mobile telephone numbers, email addresses, Social Security numbers, medical record numbers, physician names, health plans, and charges and payments for services rendered.

Drivers license numbers and financial information were not affected. Surgical Dermatology Group is offering affected individuals one year of credit monitoring and identity theft protection services.

The practice declined to provide additional details about the incident, including the number of affected individuals. If the information of more than 500 individuals was compromised, the practice will be reporting further details of the breach on the website of the HHS Office for Civil Rights.

The rest is here:
Hackers hit dermatology practice through cloud vendor - Health Data Management

You already know the many lauded benefits of the cloud it saves paper, equipment and raw materials, while also providing employees and workplace teams an easier means to access important documents and files. But you may have also heard about how cloud data servers pack a punch in terms of environmental impact.

To minimize their carbon footprint, data centers are going green. Here are the ways companies behind some of the latest cloud-based technologies are working to reduce their environmental impact in the rollout of new products and services.

Like within many other industries, business owners who have previously invested in cloud data centers are starting small with their eco-friendly efforts. But this isnt to say their current efforts arent making a difference. For example, many data centers are swapping out old, incandescent light bulbs for energy-efficient LEDs, which conserve energy and provide massive cost savings on monthly utility bills.

Cloud computing is also a more environmentally friendly practice compared to investing in on-site servers. Thats because these cloud data centers simply dont need the same amount of infrastructure and space compared to their on-site server counterparts.

In fact, businesses that invest in on-site servers typically have more space than they need to house this bulky infrastructure, particularly if they plan to grow or expand operations. This leads to a number of drives sitting empty in the short or long term that still need to be powered and cooled.

In comparison, cloud data center operators can optimize the number of servers they own and use depending on their client and storage needs. For example, instead of running an on-site, physical customer service department, businesses can invest in a cloud contact center that requires less space and infrastructure.

Some leading cloud computing companies, like Facebook, Google and Apple, are also paving the way when it comes to investing in renewable energy in their data centers. In fact, all of Apples data centers are powered entirely by solar energy, while Facebook installed some of its newest servers in Iowa so the company could take advantage of the areas wind energy. Microsoft is using both types of renewable energy for its cloud centers: solar energy in Virginia and wind energy in Texas.

These giant corporations have a lot of political power and community clout, and theyre using it to not only enforce stricter regulations on energy use, but to also move the entire industry toward renewable energy.

One of the biggest electricity sucks for on-site servers includes maintaining cool temperatures in the spaces that house this infrastructure to prevent overheating. According to REIT.com, an average office space uses three to five watts of power per square foot, whereas a physical data center uses 100 to 300 watts per square foot.

Thats why many on-site data centers are housed in buildings or spaces specifically designed for their use. As the major tech giants have shown, locating operations near water and other renewable energy sources is optimal for conserving energy. However, if thats not in the cards, some companies are going a different, forward-thinking route: working with contractors to build energy-efficient and even LEED-certified warehouses.

Data center operators have also been examining the airflow in their buildings, so they can separate hot and cold air streams. By keeping cool air near their servers and moving hot air away from this expensive equipment companies dont need to run as many fans to maintain them.

The cloud continues to get greener. Not only is this technology saving companies space, time and money on hosting their own servers and saving them a lot of paper and filing cabinets its now leading the way in renewable energy and energy optimization. These are the first steps to a more connected, eco-conscious world.

Feature image courtesy of Shutterstock

Read More:How 5G Technology Will Power a Greener Future5 Top Tips for Recycling Old TechnologyHow to Finally Go Paperless in the Office

Were serious about helping our readers, consumers and businesses alike, reduce their waste footprint every day, providing quality information and discovering new ways of being even more sustainable.

See the original post here:
Earth911.com - Earth911.com

The Commerce Department wants to migrate three main cybersecurity programs to the cloud so that those security components can be run more efficiently.

The agency last month issued a request for information to industry on how it can best go about doing so. According to the RFI, the department wants to allow its CIO office to more easily get access and make changes to its cybersecurity monitoring environment.

Specifically, Commerce wants to move the applications and capabilities of its Enterprise Security Operations Center (ESOC), Enterprise Cybersecurity Monitoring and Operations (ECMO) and parts of its Continuous Diagnostic and Mitigation (CDM) program to the cloud. The environment will need be a high impact level from a cloud service provider approved by the General Services Administrations Federal Risk and Authorization Management Program.

ESOC is the principal security operations center for the agency, and its responsible for coordinating communication with the Department of Homeland Security, the U.S. Computer Emergency Readiness Team, the Office of Management and Budget and other agencies. ECMO fulfills an OMB requirement to continuously monitor security-related information from across the agency.

Currently, the programs are hosted in data centers and overseen by staff at two separate locations run by department components ESOC at a National Oceanic and Atmospheric Administration facility in Fairmont, W.Va., and ECMO at a National Institute of Standards and Technology location in Germantown, Md.

However, because those facilities are focused on the responsibilities and priorities of NOAA and NIST, they are not solely dedicated to responding to the Commerce Departments modifications, and agency staff cannot get access to make those changes, according to the RFI.

This has resulted in delays in configuration requests and in implementing new functionality, the RFI notes. Additionally, bandwidth adequacy and scalability has impacted the ESOCs capacity to quickly and efficiently analyze transmitted log data.

CDM gives agencies capabilities and tools that provide network administrators with real-time information about the state of their networks in order to describe the relative risk of specific cybersecurity threats and make it possible for agencies to rapidly identify and mitigate vulnerabilities. Currently, the CDM program is funded by DHS, which manages CDM for the government. However, the RFI notes, Commerce is required to begin funding components of the CDM program in 2018 and is considering migrating at least some of its storage and computing requirements to the cloud.

Migrating ESOC, ECMO and some parts of its CDM toolsets will allow Commerce to improve its access and ability to make timely changes to its cybersecurity monitoring environment. The cloud hosting environment would have the flexibility to easily scale in order to accommodate additional functionality and data log feeds as needed, and would offer a transparent pricing model to make costs predictable, the RFI adds.

Commerce has some specific ideas in mind for what it wants a cloud provider to bring to the table by hosting its cybersecurity, according to the RFI.

The winning contractor will analyze the agencys current hosting environments to determine the operating requirements of its current cybersecurity operations infrastructure. The winner will also recommend a cloud hosting architecture, considering the agencys current and future cybersecurity operations capabilities.

Additionally, the cloud provider will, in consultation with the agency, develop a project plan and oversee the migration of Commerces cybersecurity applications and operations to the federal cloud.

Further, the cloud provider will perform all necessary system security assessment and authorization activities in accordance with theFederal Information Security Modernization Act of 2014, NIST Special Publications, the departments Information Technology Security Program Policy, Commerce Information Technology Requirements and departmental policy memos.

To meet other security requirements, the cloud provider will need to collect all information required to conduct a supply chain risk assessment, provide ongoing maintenance and administration of the cloud hosting service, and help the agency develop a service-level agreement and appropriate metrics for cloud hosting availability, operations management and cost efficiency.

View original post here:
Commerce Department Plans to Move Cybersecurity to the Cloud - FedTech Magazine