7 Reasons You’re More Secure in the Cloud
September 9, 2015
This is a guest post from our friend Gerry Miller, founder and CTO of Cloudticity, who builds and manages HIPAA-compliant solutions on Amazon Web Services.
As more and more companies continue to migrate to Cloud Computing, the pressure is high to ensure that security is given top priority.
Meanwhile, there is the frequently held – but incorrect – assumption that there’s something inherently insecure about the Cloud. In fact, most security issues are process breakdowns; whether you run in a private datacenter or in the Cloud, you still need to manage basic maintenance tasks like patching and security updates. The vast majority of publicized security breaches are preventable process breakdowns that could happen regardless of where the system is running.
Privacy and security are especially important in industries such as behavioral health care where there are significant repercussions for breaches, particularly those that are regulated by laws such as HIPAA.
Here are seven reasons why your EHR is more secure in the cloud, than the same systems running in private colocation centers:
- Ability to partition resources
Inside your own datacenter, you are constrained by how much storage you have, how your switches are configured, how many servers are available, and a host of other limitations. On the Cloud, you have almost none of these issues, making it rather simple to partition your resources more carefully. Being able to physically segregate – but easily reconfigure – things like development and production environments, or even different applications, significantly reduces the likelihood of any secure data accidentally leaking out.
- Better authentication
Because of the shared nature of Cloud Computing, companies like Amazon Web Services (AWS) have made massive investments in highly secure authentication mechanisms. Because a core element of the Cloud provider’s job is to keep their customers’ systems segregated through strong authentication, you benefit from such a highly controlled access environment.
- Everything is encrypted
Another way that Cloud providers keep their customers secure is by providing exceptionally strong and ubiquitous encryption capabilities. AWS, for example, not only provides the ability to encrypt S3 (their object storage service) and EBS (their disk volume service), but they’ve layered in a robust key management solution. AWS even offers a hardware appliance based key management and encryption system, CloudHSM.
- Everything is logged
Another significant way to maintain ongoing security – and to help identify the culprits and fallout of any security breaches that do occur – is to log everything, analyze those logs in realtime, and maintain those logs for a long time. The storage necessary to do this, and the processing power necessary to dynamically run real time analytics on log streams, is impractical anywhere other than the Cloud. Simply put, most organizations just don’t log enough unless they are in the Cloud.
- Everything is monitored
Cloud monitoring is actually two-fold. First, Cloud providers like AWS have to monitor their systems obsessively in order to provide world-class, predictable performance for millions of customers. Second, these providers make monitoring tools available to their customers (like Cloudticity and Valant) to watch for – and receive alerts on – things like DDoS attacks, configuration changes, and potential security risks such as unrotated keys.
- Cloud providers focus on compliance
Because Cloud providers are focused on a wide cross-section of customers, they need to obtain and maintain certifications in a large number of industries. As a result, for example, AWS holds certifications or attestations in PCI DSS Level 1, SOC1/ISAE 3402, SOC2, SOC3, FIPS 140-2, CSA, FedRAMP, DIACAP and FISMA, MPAA, Section 508/VPAT, HIPAA, DOC CSM Levels 1-2 & 305, ISO 9001, CJIS, FERBA, G-Cloud, IT-Grundschutz, Australian IRAP, MTCS Tier 3, and ITAR. Even if you don’t know what this alphabet soup means, you can rest assured that AWS holds more security credentials than your organization!
- Cloud providers are better than you at managing datacenters
Finally, simply put, Cloud providers like AWS are better at managing datacenters than you, me, or just about anyone else on Earth. This is their core business, and any failure no matter how small can be catastrophic across their customers, which can number in the millions. As a result, your can focus on your core competency – the thing that adds value to your customers – while letting companies like AWS secure your back-end.
With world-class infrastructure, certifications, processes, and massive worldwide investments in datacenters, Cloud providers like AWS have delivered an environment that is more reliable, performant, cost-effective – and certainly more secure – than just about any corporate datacenter on the planet.
Cloudticity is the only AWS Partner that focuses exclusively on building and managing HIPAA-compliant solutions for Amazon Web Services – the Amazon Cloud. One of only seven consulting companies worldwide that has earned Amazon’s coveted “Healthcare Competency,” Cloudticity has years of experience with solutions such as patient portals, health information exchanges, electronic health records, big-data analytics of patient, provider, and payer information, and mobile health engagement platforms. Cloudticity can migrate existing systems to AWS, or build news ones from scratch, for optimal security, reliability, performance, and cost-effectiveness, and manage those solutions once they are up and running.