Cybersecurity on every one’s minds
Over the past year or so, security breaches have surged to become one of the biggest threats to healthcare organizations. Reducing the risk of patient data theft and improving the organization’s capacity to rebuild its IT environment after a potential attack are just two high-priority areas that healthcare needs to address.
There is still a lot of confusion related to cloud and cybersecurity—both between on-premises and the cloud in general and between public and private clouds. A lot of it boils down to the control of data—who will have access to the data, and who can get access to the data. The public cloud is, by definition, used by multiple tenants, whereas a private cloud is single tenant, and a private cloud is therefore, physically speaking, a more isolated entity. Since this might create a false sense of the private cloud having a higher level of security, one should remember that many security breaches are the result of poor configurations, lost passwords, poorly patched infrastructure and other mistakes that derive from the hospital’s IT environment. Security is all about building multiple layers of security, an area in which many public cloud providers possess superior expertise.
If you as a healthcare provider utilize a public cloud without a fully managed service provided by the enterprise imaging vendor, you need to understand the entire security infrastructure. Using a public cloud without a fully managed service means that some elements of security are typically provided by the cloud provider, while others are provided by third parties. This is in contrast to private cloud providers, which generally have control over all security parameters in-house.
Another thing that is often misinterpreted is that the impact of the US CLOUD Act only concerns public clouds. But it actually stipulates that US cloud providers, both private and public, are required to disclose any data they keep if instructed to do so by a US governmental agency.
Generally speaking, security is expensive and boils down to minimizing risk at the lowest cost, along with reducing the time it would take for operations to return to normal functionality after a potential breach. The larger the cloud, the more they can spend on security. This means that public clouds can generally devote more money and focus to security. In fact, many experts claim that the biggest asset among public cloud providers nowadays is the higher level of security. Mega cloud server companies have large, dedicated IT teams that monitor data security 24/7.
Implementation times vary
The time from decision until you can utilize the system and its applications is normally shorter with public clouds. The private cloud is similar to an on-premises installation, where the vendor first needs to build the environment and make suitable customizations before you can start using the service. This often results in a higher upstart cost for private clouds in comparison with public ones. The longer implementation time is the cost you pay for the higher level of customization that is possible with private clouds.
Performance should not be underestimated
The higher customization of private clouds can, in some cases, result in higher application performance since they can be tailored to maximize speed for specific needs. This is something that is highly dependent on the type of applications that will run in the environment, and whether or not they are designed for a cloud environment—often referred to as “cloud native” applications. Although a private cloud can initially offer a higher performance, this benefit will most likely play a important role in the future given that the hardware and software in public clouds are continuously upgraded.
Redundancy and elasticity
Private clouds have the ability to spread the workload over multiple servers but are limited by the amount of server space the cloud vendor owns or operates. Larger public cloud platforms can scale immediately and are essentially considered unlimited since they have a much greater capacity to scale their servers. This is a great benefit if your demand suddenly increases, for example, in connection with an acquisition of a new hospital.
Public clouds also have the advantage of being able to offer a larger variety of redundancy options and higher redundancy and can thus generally guarantee higher uptimes. Hence, public cloud providers can offer better service level agreements (SLAs) that, if breached, may result in fines as regulated in the contract. For you as a health provider, this might serve as an insurance to cover any extra costs and lost revenue if the system is inaccessible for a period.
To summarize, optimizing costs, performance and security comes down to finding a balance between scalability and the level of customization. The cost can be seen as a tradeoff between the public cloud’s economies of scale and the private cloud’s higher capacity to match specific needs.