The Cloud Doesn’t Need to Be a Healthcare Headache
Cloud technology emerged within the healthcare industry with a couple of advantages. Not only has it enabled CIOs to save lots of money by decreasing the necessity for more infrastructure, but it's also proved to be a low-cost solution that helps clinicians provide easier and better look after patients. In fact, recent research predicts that global healthcare organizations will increase their spending on cloud computing services by 20% a year until 2020 when the worth of the investments is going to be quite £8.3bn.
Back in 2013, UK health secretary Jeremy Hunt challenged the NHS to be entirely paperless by 2018 during a bid to “save billions, improve services and help meet the challenges of an aging population”. One element of this plan was to form everyone ready to access their own health records online by March 2015. Whilst we've seen some UK hospitals emerge as innovators and leaders during this initiative, there has also been a high level of reluctance from healthcare organizations to maneuver entirely online given the risks involved in cloud migration.
IoT and your vital sign woes
Despite the wealth of advantages cloud technology offers healthcare professionals and their patients, the challenges involved have proven to be an obstacle to moving forward with the NHS’s plans to travel paperless.
Here’s a glance at a number of the precise challenges healthcare organizations face when adopting cloud solutions and, more importantly, how these hurdles are often overcome:
Compliance: With a web, connected healthcare system, now quite ever it's crucial clinicians work with vendors who understand and cling to the 1998 Data Protection Act also because the more specific healthcare acts like the NHS Act 2006 and therefore the Health and Social Care Act 2012. Failure to follow these could lead on to not only embarrassing hacks but also potentially expensive and dear legal proceedings.
Privacy & Security: because the health sector outstripped all other industries in last year’s Information Commissioner’s Office report with 747 individual data breaches, there's clearly a problem with privacy and security. to undertake and lower the number of incidents, clinicians are turning more and more to network providers to secure data. With the web providing a fast and straightforward channel for information, even the tiniest of knowledge breaches can suddenly become national headline stories.
Evolving Role of IT: With the explosion of devices and technology in healthcare, there has also been a rise in inpatient data. In turn, this has placed heightened demands thereon to supply better performing cloud solutions during a more agile environment. Today’s healthcare IT professionals are grappling with a shift in their responsibility from “keepers of the infrastructure” to “managers of application service delivery.”
clinicians are turning more and more to network providers to secure data
While there are undoubtedly challenges with cloud-based technology, it also presents an immense opportunity for hospitals to save lots of money, decrease their infrastructure, and supply better patient experiences. However, doing so requires organizations to possess complete visibility and a transparent understanding of what's happening on their networks.
Network-powered application analytics solutions allow clinicians to make policies supported by network data. More importantly, these solutions can give clinicians and their teams a bird’s eye view into their network, ensuring they need visibility into all network applications and activity. this suggests they will see who’s utilizing the network and what information they're accessing, in order that patient data is kept private and only shared with authorized viewers.
patient data is kept private
In addition, network-powered application analytics solutions are simplifying the role of IT. because it professionals shift into the role of “manager of application service delivery,” new analytics solutions allow them to look at and manage all network devices and activity from one centralized location.
The benefits of cloud technology for healthcare organizations can't be overlooked; however, unleashing these benefits means overcoming several hurdles. Working with suppliers who understand these demands makes the implementation and deployment of a seamless operation.
Seeding the worldwide Public Sector Cloud:
46Data Classification, Security Frameworks, and International Standards
All of a sudden, everywhere you look, the cloud is that the new normal. Top service providers’ cloud revenues are doubling year on year at the beginning of what's predicted to be a sustained period of growth in cloud services. because its workloads have migrated to the cloud, the private sector has led the charge. Governments are towards the rear, with cloud spend so far generally accounting for fewer than five percent of a given country’s public sector IT budget. This looks likely to extend quickly because the public sector starts to beat the blockers to cloud uptake.
The classic NIST definition of the Cloud specifies Software (SaaS), Platform (PaaS), and Infrastructure (IaaS) because the main Cloud services (see figure 1 below), where each is supplied via network access on a self-service, on-demand, one-to-many, scalable and metered basis, from a personal (dedicated), community (group), public (multi-tenant) or hybrid load balancing) Cloud data center.
The benefits of the Cloud are real and evidenced
The benefits of the Cloud are real and evidenced, especially between the private and public cloud where public cloud economies of scale, demand diversification, and multi-tenancy are estimated to drive down the prices of the same private cloud by up to ninety percent.
Equally real are also the blockers to public sector cloud adoption, where studies consistently show that management of security risk is at the center of practical, front-line worries about cloud take-up, which removing them are going to be indispensable to unlocking the potential for growth. Demonstrating effective management of cloud security to and for all stakeholders is therefore central to cloud adoption by the general public sector and a key driver of state cloud policy.
Figure 1: Software as a Licence to Software as a Service: the Cloud Service Model Continuum
A number of governments are at the forefront of developing an efficient approach to cloud security management, especially the united kingdom which has published a full suite of documentation covering the essentials. The key elements for effective cloud security management have emerged as:
a structured and transparent approach to data classification;
a transparent and published cloud security framework supported the info classification; and
the use of international standards as an efficient thanks to demonstrating compliance with the cloud security framework.
Data classification is the real key to unlocking the cloud. this enables organizations to categorize the info they possess by sensitivity and business impact so as to assess risk. the united kingdom has recently moved to a 3 tier classification model (OFFICIAL → SECRET → TOP SECRET) and has indicated that the OFFICIAL category ‘covers up to ninety percent of public sector business’ like most policy development, service delivery, legal advice, personal data, contracts, statistics, case files, and administrative data. information technology consulting OFFICIAL data within the UK ‘must be secured against a threat model that's broadly almost like that faced by an outsized UK private company’ with levels of security controls that ‘are supported good, commercially available products within the same way that the best-run businesses manage their sensitive information’.
Data classification enables a cloud security framework to be developed and mapped to the various sorts of data. Here, the united kingdom government has published a full set of cloud security principles, guidance, and implementation[i] handling the range of relevant issues from data in transit protection through to security of supply chain, personnel, service operations, and consumer management. These cloud security principles are haunted by the supplier community, and tier-one providers like Amazon and Microsoft have published documentation supported them so as to help UK public sector customers in making cloud service buying decisions consistent with the mandated requirements.
Compliance with the published security framework, successively supported the info classification, can then be evidenced through procedures designed to assess and certify the achievement of the cloud security standards. The UK’s cloud security guidance on standards references ISO 27001 as a typical to assess the implementation of its cloud security principles. ISO 27001 sets out for managing information security certain control objectives and therefore the controls themselves against which an organization is often certified, audited, and benchmarked. Organizations can request third party certification assurance and this certification can then be provided to the organization’s customers. ISO 27001 certification is usually expected for approved providers of UK G-Cloud services.
This pragmatic but comprehensive combination of knowledge classification and cloud security framework with the reassurance that evidenced compliance with generally accepted international standards provides will go an extended thanks to unlocking the advantages, removing the blockers, and enabling the general public sector cloud round the world to realize its potential.
If you'd wish to see further information on this subject, please see our October 2015 white papers on Seeding the worldwide Public Sector Cloud, Part I – a task for International Standards and Part II – The UK’s Approach as Pathfinder for Other Countries. The Power of Cloud: Helping SMEs specialize in rock bottom Line
With money, livelihood, and reputation on the road, running a little business is often tough. a day may be a careful balancing act of sales, solvency, and customer satisfaction beat an often unpredictable bid for fulfillment. It takes hard graft, an understanding of the way to get a thought off the bottom – and crucially, the way to keep a business running. As a result, SME owners need to be laser-focused on rock bottom line so as to stay their heads above water.
Poor financial management is one of the key reasons numerous firms fail in their youth, with 44 percent of SMEs either running out of money or coming very on the brink of doing so within the primary three years. Despite this, research shows that fifty of SME owners postpone doing the books. Whether it’s keeping on top of invoices or managing income, financial management isn't why most of the people plan to start their own business. It is often costly, time-consuming, and sophisticated, and as a result, it's something that always gets pushed to the rear of the queue.
Anything to form this process easier goes an extended way. Hiring an accountant is one option and maybe an incredibly valuable asset, but sometimes, particularly within the early stages, this is often a luxury many SMEs cannot afford.
Many SME owners believe spreadsheets to try to their books. However, SME owners we spoke to said this often leaves them stuck during a cycle of paying hours monthly, trawling through reams of paper-based records. In fact, many will waste up to every week a year solving issues like understanding formulas, getting the numbers to feature up, and maintaining version control.
But advances in technology are making it possible for SME owners to maneuver their finances online to figure anytime and anywhere, making their bookkeeping far more efficient.
Taking control of the cloud
Most consumers use the cloud a day, probably without even realizing it. From buying goods through Amazon, taking note of music on Spotify, or sharing files via DropBox – all are impossible without the cloud. Many SMEs are beginning to manage their finances within the cloud, conducting back paperwork like bookkeeping and accounting. A study found that 37% of SMEs are already adapting to the cloud, a figure that's set to rise to 78% by 2020. The advantages are obvious: equivalent simple access, to urge the proper information at the proper time, also applies to cloud accounting, and maybe a true game-changer for business owners.
Getting an entire overview of the corporate finances at the touch of a button enables them to form better-informed business decisions very quickly. for instance, they could reminisce at their half-moon and choose it’s time to pay their staff a bonus or plow more investment into a replacement technology solution. At the opposite end of the size, they might avoid a nasty surprise by realizing they have to build up sales quickly.
The business benefits of cloud
Not only does cloud accounting provide the owner with the larger picture, but it also helps within the day-to-day maintenance of the business. The software automatically syncs and categorizes bank data, saving time, and reducing data entry errors. It also removes the headache of VAT by providing the knowledge a user must complete their VAT return quarterly . Having a cloud-based solution also means employees are not any longer confined to their desks. Logging in to work systems and files via the cloud on a smartphone, tablet, or laptop, employees can check the real-time status of an invoice while still with a client, collaborate with suppliers in real-time from a coffee house, run payroll from the road, or maybe accept MasterCard payments for a purchase.
One of the most important pain points for an SME owner to tackle is income – how does one control what’s going out when it’s uncertain what proportion is coming in? this will cause problems when new infrastructure or upgrades to business processes are needed, as these often require a significant upfront investment. But with cloud tools, this capital investment isn’t needed because the business is subscribing to the utilization of a product during a pay-as-you-go model. The owner typically only pays a hard and fast monthly fee, with some services even allowing them to buy only what they use.
Running the accountancy side of little business has the potential to be a time-consuming and dear process. By taking advantage of the technology available, SMEs can use the cloud to alleviate themselves of much of the burden of monetary management. and therefore the silver lining? Getting SME owners back to doing what they are doing best; designing new products and services, meeting customers and prospects, and ultimately, driving their business forward.
Building strong links within the retail security chain
Most people are aware that Mastercard fraud may be a real concern, but what percentage know just how extensive a drag it is? Do they know, for instance, that quite half the most important security incidents ever recorded have involved card data? Take the Heartland breach in 2009 which compromised up to 100 million cards and quite 650 financial services companies. Or the house Depot breach in 2014 involving a five-month attack on the retailer’s payment tills that's estimated to possess compromised as many as 56 million credit cards.
Credit card fraud is additionally widely targeted, affecting a variety of various sectors. The Trustwave 2014 Global Security Report found that the majority of breaches last year targeted the retail (38%), food and beverage (18%), hospitality (11%), finance (9%), and professional services (8%) sectors. the majority of these attacks were aimed toward those organizations’ e-commerce platforms (54%), point of sale (33%), and data centers (10%).
There has also been a dramatic shift within the sort of Mastercard fraud over the past few years, consistent with Financial Fraud Action UK 2013 stats. In 2002, 35% of fraud losses were from counterfeit cards and 26% from card-not-present fraud. information technology education By 2012, the figure for counterfeit cards had declined to 11% but losses from ‘card-not-present’ fraud accounted for 65% of the entire. the explanations for this are often the emergence of chip and pin, which has made it harder to commit fraud with counterfeit cards in tandem with an enormous increase in e-commerce activity that has made card-not-present fraud more attractive.
The fight against MasterCard fraud has been spearheaded by the PCI SSC
Relying on PCI
That’s why the payment industry has taken standards and compliance approach to the matter, asking the industry as an entire, and retailers who believe it, to formalize their approach to security. The fight against MasterCard fraud has been spearheaded by the Payment Card Industry Security Standard Council (PCI SSC), which was established to assist businesses process card payments securely and reduce card fraud. The organization developed the worldwide PCI Data Security Standard (PCI DSS), a group of requirements designed to make sure merchants and repair providers adequately protect cardholder data. Europe PC DSS requirements apply to all or any payment channels, including retail shops, mail/ telemarketing companies, and e-commerce businesses. There are different requirements counting on a variety of criteria, like cardholder data storage, processing channels, security protocols transaction volumes then on.
For example, merchants processing quite six million transactions a year are subject to an annual on-site audit and a quarterly vulnerability scan. Those with fewer transactions got to participate in an annual self-assessment questionnaire and a quarterly vulnerability scan.
Organizations are required to put in and maintain a firewall to guard cardholder data, encrypt the transmission of cardholder data across open public networks, and develop and maintain secure systems and applications. They also got to restrict access to cardholder data on a ‘need-to-know’ basis (when access rights are granted to only the minimum amount of knowledge necessary to perform a task), track and monitor all access to network resources and cardholder data, regularly test security systems and processes and maintain an outlined formal information security policy. Enforcement measures like audits and penalties for non-compliance could also be necessary.
Security is merely as strong because the weakest link
For most retailers, the safety challenge goes well beyond their own internal systems and efforts to suits important standards like PCI. The increasing importance of cloud computing,, means retailers got to look towards their technology partners and suppliers to make sure there are not any weak links in their security chain.
But closing the loop internally and dealing with the very best of security standards will ultimately represent little or no if vulnerabilities exist within technology partners. within the case of the Target breach, for instance, it’s thought by many to possess originated via a 3rd party vendor linked to focus on. It’s perhaps the foremost status illustration of the necessity for retailers to also draw their partners into their security circle, and to make sure consistency of approach.
Retailers can’t just build a virtual ‘wall’ around their own systems
Retailers can’t just build a virtual ‘wall’ around their own systems and rest easy believing their defenses are strong. cloud technology because the importance of third-party technology partners grows – particularly in areas like cloud computing – retailers got to understand and trust the safety standards of each partner providing a link to the surface world.
PCI DSS compliance is often a posh, time-consuming, and expensive business, especially for smaller companies that have enough on their hands trying to satisfy the obligations of running their day-to-day operations. In many instances, they could be better served working with a service provider that's already PCI compliant and may deduct tons of the burden related to achieving the PCI DSS requirements.
This can provide organizations with access to secure networks that protect cardholder data and meet the key security requirements of PCI DSS while guaranteeing best practice within the face of an unwelcome increase in external threat to data – and customer – security.