Related
Recommended

Healthcare: How Safe Is the Public Cloud for UK NHS Organizations? Part I

paul.parker
2 minute read time

By Paul Parker, SolarWinds Federal & National Government Chief Technologist

Here’s an interesting article from SolarWinds associate, David Trossell, where he dives into cloud security concerns at National Health Service (NHS).

Moving to the cloud is not a be-all-end-all security solution for NHS organisations.

Several press reports claim that NHS Digital now recognizes public cloud services as a safe way of storing health and social care patient data. In January 2018, the UK’s National Health Service Digital press statement cited Rob Shaw, Deputy Chief Executive at NHS Digital.

It’s hoped that the standards created by the new national guidance document will enable NHS organizations to benefit from the flexibility and cost savings associated with the use of cloud facilities. However, Shaw says: "It is for individual organisations to decide if they wish to use cloud and data offshoring and there are a huge range of benefits in doing so. These include greater data security protection and reduced running costs, when implemented effectively.” 

With compliance to the EU’s General Data Protection Regulations (GDPR) in mind, which came into force in May 2018, the guidance offers greater clarity on how use to cloud technologies. With a specific focus on how confidential patient data can be safely managed, NHS Digital explains that the national guidance document “highlights the benefits for organisations choosing to use cloud facilities.”

These benefits can include “cost savings associated with not having to buy and maintain hardware and software, and comprehensive backup and fast recovery of systems.” Based on this, NHS Digital states it believes that these “features cut the risk of health information not being available due to local hardware failure.” However, at this juncture, it should be noted that the cloud is not a one-size-fits-all solution, and so each NHS Trust and body should examine the expressed benefits based on their own business, operational, and technical audits of the cloud.

ROI concerns

A report by Digital Health magazine suggests that everything is still not rosy with the public cloud. Owen Hughes headlines that, “Only 17% of NHS trusts expect financial return from public cloud adoption.” This figure emerged from a Freedom of Information request that was sent to over 200 NHS trusts and foundation trusts by the Ireland office of SolarWinds, an IT management software provider. The purpose of this FOI request, which received a response from 160 trusts, was to assess NHS organisation’s plans for public cloud adoption.

“The gloomy outlook appears to stem from a variety of concerns surrounding the security and management of the cloud: 61% of trusts surveyed cited security and compliance as the biggest barrier to adoption, followed by budget worries (55%) and legacy tech and vendor lock-in, which scored 53% respectively,” writes Hughes.

Key challenges

The research also found that the key challenges faced by the trusts in managing cloud services were caused by determining suitable workloads (49%), and 47% expressed a concern that they might have a lack of control of performance. The primary concern expressed by 45% of the respondents was about how to protect and secure the cloud.

To be continued…

Find the full article on ITProPortal.

The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates.  All other trademarks are the property of their respective owners.

  • As others have mentioned it seems that so many business decisions are made on trend and finances. There are so many other elements that must be considered for a wise decision. On the other hand, like so many things Tech, as businesses adopt new technologies the price comes down for the consumer. But again, the consumer often looks for things that are "cool" and jump on it when the price is "right." An example of that is the whole IoT arena. (insert long discussion here)

  • We had Microsoft come in here and pitch for us to move servers and data to Azure.  I pointed out that some of the data had to stay in the UK and MUST not be stored outside.  They said that wouldn't be a problem as they could guarantee the data would stay in their Dublin data centre.  I quite naturally exploded.  Dublin is NOT in the UK.

    The problem with the cloud is that you are just storing stuff on somebody else's tin.  You have no control over the underlying architecture.  We have a test / dev environment in the IBM Softlayer cloud in Amsterdam.  This week IBM made a config change on their network and our test / dev environment was unavailable for almost the whole day.  They couldn't fix the problem so we had to talk them through it after discovering what they had done.  That couldn't have happened internally because we have a change process.  IBM didn't include us in their change. 

  • The NHS also need to be wary of UK data protection laws and the European GDPR. Geolocation will need to be specified to keep the data within the UK and the data will easily identify an individual.

  • Sometimes I think businesses, governments, organizations, and individuals may not realize how moving things to the cloud may simplify unauthorized and unknown access to their data by criminals.

    Moving so much to the cloud, (well, moving ANYTHING to the cloud) makes the cloud that much more of a prize to compromise.

    And when it's out of your control, when you have no physical or logical security that you can reach out and touch and point to and say "I control access HERE.  None shall pass without my permission AND my knowledge!", then you really don't have anything besides words on a paper from a cloud provider.

    When I hold a dollar or a diary in my hand, I control its use and access.  When I put it in the cloud . . .   well, I didn't need that dollar, or I don't care if someone reads that diary anyway.

  • I think you're correct on all points.

    And yes, I have seen that same type of Capital-versus-Expense accounting going on.  It's fluctuated wildly where I've worked in the past.  At one time $2000 was the delineation, then later it dropped to $1000, and eventually down to $200.

    In following years it went up to $10,000.  It seems to depend on who the head bean counter is, and what accounting practices they learned or prefer.

    I can see benefit in consistency in this across all accounts in any industry, but . . . we'll let George Orwell's nightmares take care of that on their own.

Thwack - Symbolize TM, R, and C

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.