There’s Safety in the (Computer) Clouds

Moving files and programs into clouds sounds great, but how secure will they be? Business and organization leaders everywhere are asking this, and many remain undecided on the answer. They wonder whether they really should trust the cloud with their most sensitive records.

Any business leader is right, nowadays, to worry about data security. And some need to worry more than others: If they run a hospital, for instance, or a bank, they hold huge volumes of information that less-than-benign outside parties want to steal. And if they work in law firms, then they might not only lose business, but also face legal repercussions, if someone gets a hold of the communiqués between them and their clients.

However, the prognosis on cloud safety appears to be getting better and better, so much so that hospitals, banks, and even law firms are now adopting cloud platforms or seriously planning on it. They’ve looked at the risks, but they’ve also eyed the potential gains: increased efficiency, lower overhead costs, and greater customer satisfaction. And they’ve decided to take their chances. More will follow them, according to experts, who look forward to each industry undergoing major changes as cloud technology continues expanding.

Source: blog.networkboxusa.com

Health Care

Lindsay Nelson, content curator and digital-strategy team member for SAP’s Business Innovation Web site, has a prediction for 2013, and it’s that cloud computing will shake up the health-care industry in huge ways. That’s because growing numbers of hospitals and clinics, she writes, will deploy mutually accessible clouds in which they will store patients’ medical information for any medical facility, anywhere to access it if the patient is in its care. These cloud deployments, she hopes, will cut time patients spend in waiting rooms, eliminate many duplicate tests, and reduce costs associated with utilizing locally maintained hardware.

Nelson offers this scenario. You get an MRI, it turns up an underlying condition, and your doctor prescribes you a medication for it. Your symptoms subside. Two months later, while you’re visiting another state, your symptoms return. You check in at a nearby hospital. Typically, you would need for your home doctor to phone-conference with the hospital and ship it your MRI results and your medical history. All this takes time and money. Whereas, if all your information were in a shared cloud, the hospital would simply look up your e-files and treat you instantaneously.

Finance

Over the last few years, Australia’s National Australia Bank (NAB) has been replacing much of its IT infrastructure to make itself more competitive and customer-friendly. Last fall, this IT-overhaul process headed straight into the clouds. NAB implemented the cloud-based Oracle Banking Platform to serve as its core banking system, with “infrastructure on demand” from IBM to support it (infrastructure-on-demand means that the IT provider makes available its own hardware, server, software, and services; while the client pays only a set fee for usage).

This infrastructure-on-demand arrangement stands to save the bank substantially on IT hardware and maintenance, in that the bank will only have to pay for hardware that it is actually using. Infrastructure-on-demand services typically charge a monthly fee per usage level per gigabyte or megabyte of usage. If usage goes up, then the monthly fee goes up. If usage stays level, so do the fees.

"We can pay for what we use, and IBM will charge for what we use," said Adam Bennett, NAB’s executive general manager for enterprise transformation and group business services (he heads up IT and is overseeing the IT-overhaul process). "If we don't need it, we won't use it."

Adam Bennett of National Australia Bank
Source: www.itnews.com.au

NAB’s internal private cloud went fully online in December 2012. It hosts the new Oracle system and the rest of the bank’s main production environment, and NAB will start counting on it to support upcoming marketing campaigns and other short-term, computer-intensive projects.

After launching Oracle, the bank was able to upgrade UBank, its online banking system, by streamlining the processes for opening an account and for transferring money from one account to another, and thereby lowering the overall costs of ownership. As an additional perk, they also get their funds processed in real-time.

Also in December, the bank started using Salesforce Marketing Cloud out of a new social-media command center in Melbourne to field 5,000 comments and 600 customer-service request every month. They hope that the new cloud architecture will improve the customer experience and in general make the bank more competitive.

“We're getting away from a bespoke legacy environment onto a more upgradable and current set of technology applications, infrastructure, and network that we feel are necessary to make us competitive going forward," said Bennett.

Law

The New York State Bar Association’s Committee on Professional Ethics gave cloud computing a qualified vote of confidence in September 2010, when it stated in Opinion 842 that “using an outside online storage provider to store client confidential information” was an acceptable practice for a lawyer, provided that the lawyer took “reasonable care” to ensure that confidentiality is maintained, that the lawyer “stay abreast of technological advances to ensure that the storage system remains sufficiently advanced to protect the client’s information,” and that the lawyer pay continuous attention to any changes in laws surrounding attorney-client privilege to make sure that storing information online complies with them.

And in recent years, an array of new programs for lawyers has debuted in the cloud-services market, according to Stephanie Kimbro, a North Carolina lawyer who runs a virtual law office; and Tom Mighell, a Contoural Inc. records management and electronic-discovery consultant. The list includes:

• apps that streamline the billing and invoicing process, such as Bill4Time;
• apps that electronically sign documents and (in some cases) store them, such as RightSignature;
• apps such as Clio that automate case and client management by storing documents, calendaring, arranging records into easily searchable virtual files, and other such functions;
• apps such as NetDocuments that enable a lawyer to access documents from any online computer and share them with clients and partners;
• comprehensive programs such as Total Attorneys that facilitate the online delivery of legal services and online interactions between lawyers and their clients;
• programs for project management, such as Basecamp, whose suite of features includes message boards, time-tracking, task lists, project templates; and file storage;
• apps such as Mozy that create and store backup copies of documents;
• apps for remote-accessing office computers, such as GoToMyPC; and
• apps for secure lawyer-client messaging and document exchanges, such as RPost.

Stephanie Kimbro, JD
source: www.burton-law.com

The purchases of many of these programs come with uniquely crafted service-level agreements that more heavily stress security and liability—the manufacturers understand that lawyers, even more than most, have to guard against breaches of data.

Due Caution Still Required

None of this is to say that a company doesn’t have to stay vigilant against bad guys when moving into the clouds. Security breaches are real and will happen if a company goes about its cloud technology installation too cavalierly. And unfortunately, there are signs that some companies are doing just that.

In a recent SailPoint survey of U.S. and UK businesses, only 38% of U.S. IT department heads and 31% of UK IT department heads workers said that their employers included them in the decision-making process surrounding selecting a cloud-service vendor and cloud-service platform specifications. Another 29% said that they were engaged only in the deployment-planning process, and nothing else.

IT staffers are the first line of responsibility for system security. So companies that keep them in the dark about the specifics of their new cloud platforms are indisputably starting off on the wrong foot.

And to an extent, the company executives themselves are in the dark. The survey found that 15% of company executives did not even know if they had sensitive data in their company clouds or not.

Compounding this situation, more and more cloud-deployed companies’ employees routinely access their company cloud platforms not through their office desktop computers but through their own personal computers and mobile devices. This phenomenon, popularly known as Bring Your Own Device (BYOD), is a significant cost saver and efficiency-booster, but it can create new risks of data breaches—not every mobile device or personal computer is fully secure. Think about it. How many people do you know have had their email hacked?

These matters cause IT department leaders on both sides of the Atlantic much consternation. They don’t necessarily know which devices their coworkers are using, much less the parameters under which those devices are operating.

Even worse, the survey found that half of UK business leaders and 40% of U.S. business leaders admit to using the same passwords for their work applications as they do for their personal applications.

A company will be safer, however, if its IT department keeps consistently up-to-date on which applications can compromise company security, and that it set and enforce rules for the applications that employees use and how they use them. That implies, of course, that a company had better keep its IT staff fully clued-in to the cloud-deployment process from beginning to end.

“Any lack of governance or failing to have the right security in place can leave an organization exposed to this sensitive information being accessed by the wrong user,” the report states.

A Work in Progress

In the same Sharepoint survey, three-quarters of respondents cited security risks as their biggest concern about moving to the cloud. Certainly, a determined hacker stands a chance of infiltrating data that’s stored in a cloud. But consider that he or she could likewise nab the data that one stores on a standard computer hard drive—hackers have been breaking into personal computers’ physical memory banks for as long as there have been personal computers. No data is truly 100% safe data.

The only difference is that standard computer hard drives and the software that interoperate with them have been around a lot longer than cloud services, and as such, their makers have had much more time to continuously improve their internal safeguards against unwarranted access.

Given cloud technology’s relative youth, one might suppose that it needs more time to bring its own security up to speed—and, more importantly, to assure those still-skeptical potential customers that it really can keep their data secure. And perhaps time is all that it will take.

The technology is clearly making progress already, or law firms and banks such as NAB would not yet be using it. And if the history of technology development is any indicator, then when the consumer interest and private investment are there—and in cloud technology, both are, very much so—then great strides forward can happen in very short spans of time.