April 21, 2014
Volume XLVII, Issue 11
CLOUD COMPUTING EAST 2014: For Your Health
In recent weeks, the DCIA & CCA announced ten cloud computing leaders of top technology companies and ten rising stars of government cloud (gCLOUD) services who will speak at next month's CLOUD COMPUTING EAST (CCE:2014) in Washington, DC.
This week we offer the best reason of all for you to attend CCE:2014 — fifteen of the participating experts in the emerging healthcare cloud (gCLOUD), who will lead our exploration of that increasingly important, quality-of-life improving, and longevity boosting field of endeavor.
These are strategists and practitioners engaged in advancing cloud computing solutions for emergency responders, hospitals, patient caregivers, clinicians, pharmaceutical researchers, medical laboratories, and new areas of healthcare, which such trends as cloud mobility and big data will help facilitate
The DCIA & CCA are proud to announce that Apptix's Bob Finocchioli, BrightLine's Doug Barbin, CSC Leasing's Tom Mountcastle, Dell Healthcare and Life Sciences' Tim Quigley, Document Advantage's Dave Wiggins, IBM's Ramesh Menon, Level 3's Allen Blintz, NTP Software's Bruce Backa, Oracle's Andrew Dietrich, The PADEM Group's Allan McLennan, ServerCentral's Avi Freedman, SoftServe's Roman Pavlyuk, StoAmigo's John Papadakis, VeriStor's Justin Linenkohl, and VirtualQube's Scott Dorcester, have each joined our healthcare sector speaking faculty.
CCE:2014 will take place on Thursday and Friday, May 15th-16th, at the Doubletree by Hilton Hotel in Washington, DC.
This important gathering of thought leaders and first movers will thoroughly examine the current state of adoption and the outstanding challenges affecting two major and increasingly related sectors of the economy, whose principals are currently engaged in migrating to the cloud.
The hCLOUD will explore progress being made by the healthcare industry in adopting cloud-based solutions to become more efficient, collaborative, and interactively connected. It will also address legitimate concerns that healthcare organizations must address in implementing cloud-based services.
Managing private patient records; collecting clinical research data; big-data imaging, and remote patient monitoring will be covered.
Meanwhile gCLOUD sessions will provide similar coverage of cloud computing in the public sector at local, state, and federal levels: the explosion of data, advances in security and reliability, and options for redundant storage; challenges to natural resource management, transportation, and utility grid monitoring; and the impact of cloud services on law enforcement and emergency responsiveness.
Please contact Don Buford, CEO, or Hank Woji, VP Business Development, at the CCA to learn more about attractive conference exhibition and sponsorship opportunities.
To review conference topics and apply to join the speaking faculty for this event, please click here. If you'd like to speak at this major industry event, please contact Marty Lafferty, CEO of the DCIA, at your earliest convenience.
Report from CEO Marty Lafferty
 In recent weeks, we've reported on pending Electronic Communications and Privacy Act (ECPA) reform bills and related actions the DCIA encourages you to take to support their passage, which we fully support as part of the Digital Due Process (DDP) coalition.
Congress is getting closer to providing the American people with protection against warrantless government snooping, but the Securities and Exchange Commission (SEC) is standing in the way, and the White House has so far declined to exercise leadership.
At the heart of this issue is the question of whether government can access your private electronic communications without a warrant. That is one key test for how Fourth Amendment principles will be interpreted in the twenty-first century and vitally important to everyone involved in any capacity with data stored in the cloud.
The government generally needs a warrant to read your letters and to wiretap your phone calls, but the badly outdated ECPA says that the government can obtain digital documents with just a subpoena, issued without approval of a judge.
Subpoenas are issued by prosecutors and civil agencies — they don't require a showing of probable cause or approval by a judge.
Requiring government agents to get a warrant before they can read your private emails, social networking messages, proprietary online documents, and other confidential data stored in the cloud would significantly enhance privacy protection for individuals and businesses.
There is broad consensus that ECPA should be updated with a warrant requirement for communications content.
More than a hundred technology companies and civil society organizations (both liberal and conservative) have joined DDP to support a warrant requirement for communications contents.
In the House of Representatives, a bipartisan bill that would require a warrant for communications content — called the Email Privacy Act — has more than 200 cosponsors. That's almost a majority of the House. The Senate Judiciary Committee approved a bipartisan bill that would require a warrant for communications content.
More than 110,000 people signed a "We the People" petition to the White House that called for reforming ECPA with a warrant requirement for communications content. The White House had pledged to respond to petitions with over 100,000 signatures, but has been silent so far.
Despite all this support, progress on a warrant requirement has stalled because the SEC wants to be able to obtain digital communications without a warrant.
Whatever the SEC gets will likely apply to other regulatory agencies. What this would mean is that the federal government could obtain a person's private emails or a company's proprietary data with just a subpoena served on the Internet service provider (ISP).
The agencies want to circumvent the target of their investigation entirely, and instead demand that third-party service providers turn over private communications to the agencies.
Since the agencies would go directly to the service providers, citizens and companies would not have a chance to dispute the agencies' demand.
According to the head of the SEC, this may already be standard practice! At a House Appropriations hearing earlier this month, SEC Chair Mary Jo White said that the SEC obtains email and other private documents without a warrant.
The agencies go directly to the target of their investigations with a subpoena if they want private documents.
The White House has declined to exercise leadership.
It has not answered the We the People petition, even though that effort received well over 100,000 signatures.
The Obama Administration should lend its voice to the overwhelming support from American businesses and the public for a warrant requirement for communications content — without special treatment for federal agencies.
We urge you to weigh-in now in direct communications, posts, blogs, and newsletters. Share wisely, and take care.
Cloud Technologies Help Firms Grow Faster
Excerpted from Business Standard Report by Komal Gera
New-age small and medium entrepreneurs with and without IT background are spearheading a revolution in conventional business practices by incorporating cloud-based applications. The number of such entrepreneurs may be small today and is mainly restricted to those in service sector, but their success stories are being emulated by others.
Small players in tier-II and tier-III towns are also experimenting with these cost-effective IT solutions to proliferate their businesses and explore the fast growing markets in their respective fields. Gurmeet Singh Chawla, a Director at Ludhiana-based Master Capital Services, who was apprehensive earlier, today believes investment in cloud computing and mobile application technology support from Microsoft can give a real boost to the company's business, despite reducing margins.
"As our business and customer base has grown significantly, we have realized the benefits of using cloud based technologies, as it has introduced efficiencies while reducing manpower costs. The result is that our per-customer servicing cost has come down resulting in higher return on investment. Using the robust technology base we have been able to grow our customer base from 10,000 to 100,000 in last ten years," Chawla says.
Yogesh Shah, Director of iResearch, a market research outfit headquartered at Pune that adopted cloud computing only a year ago, says that it has helped in accelerating research and value addition to the new products.
"There is a cost saving in terms of time, no data loss in the communication and meeting organized with global clients," he says. For Shah, it's a 20% cost saving in infrastructure — the investment in servers is a dead investment, he says — 30% cost saving in manpower and growth in business by expanding at a low cost. A recent research commissioned by Microsoft and independently conducted by The Boston Consulting Group (BCG), a global management consulting firm and advisor on business strategy, shows that small-to-midsize enterprises (SMEs) that adopted information technology (IT) created more new jobs and drove more revenue growth over the past three years compared to SMEs using little technology.
The BCG report, "Ahead of the Curve: Lessons on Technology and Growth from Small Business Leaders," found that if more SMEs in India adopt the latest IT tools there is potential for SME revenue to grow by $56 billion and create 1.1 million new jobs.
"SMEs are a critical growth engine for jobs and economies today. The need for investment in hardware, software, and technical expertise was previously a large barrier for SMEs in India to benefit from IT. Today, the availability of services being delivered through pay-as-you-use cloud computing is enabling SMEs to substantially reduce upfront investments in server and networking infrastructure and direct capital to other areas that can drive growth.
The aim is to help more SMEs transition to, and benefit from the solutions that are shaping businesses today, through our geo-expansion program and extensive partner network," said Meetul Patel, General Manager, Small and Medium Solutions and Partners (SMS&P), Microsoft India.
Sharing his experience about how adopting the latest technology solutions helped grow the business, Rakesh Patni, Deputy General Manager-IT, Vaibhav Global Limited, said, "We deployed Microsoft technologies as they provide enterprise-class security, reliable and robust solutions for our operations. As our business and customer base is growing rapidly across Globe, we have realized the benefits of using Microsoft Office 365 — it has introduced efficiencies while reducing communication and travel expenses."
"Specially, Microsoft Exchange Online — a part of Office 365 — that provides a 50 GB mailbox enabling users to receive and send emails without worrying about the loss of data in the due course of time." Manoj Kanjan, CTO, Telemart Shopping Network said, "Microsoft's mobility solutions have played a significant role in helping us expand our business. It has made us more efficient and given us a better understanding of how we're performing."
"It has helped streamline customer relationships and reduced turnaround time to take advantage of more opportunities."
"All in all, it has helped us get better control over our operations, reach newer markets and grow our business. We believe investment in cloud computing and mobile application technology support has given a real boost to our business, despite the current competitive scenario."
"The cloud based technology solutions can help the SMEs who do not have the capability of supporting large IT teams so that they get enterprise-class technology solutions while lowering total cost of ownership."
Clinical Support Market Worth $558 Million by 2018
The "Clinical Decision Support System (CDSS) Market by Product - Integrated (EHR, CPOE)], Model (Knowledge-based), Applications (Drug Allergy Alerts, Drug Interactions), Delivery Mode (Web-based, Cloud-based), (Hardware, Software) - Global Forecast to 2018" provides a detailed overview of the major drivers, restraints, challenges, opportunities, current market trends, and strategies impacting the global CDSS market along with the estimates and forecasts of the revenue and share analysis.
The global CDSS market crossed $350 million in 2013 and is poised to grow at a high single-digit CAGR from 2013 to 2018.
The market is segmented based on products, models, applications, delivery modes, components, and provider entity capacity. Based on products, the CDSS market is further segmented into integrated and standalone CDSS solutions.
Based on applications, the CDSS market is segmented into drug allergy alerts, drug reminders, drug-drug interactions, clinical guidelines, clinical reminders, drug dosing support, and others. Drug allergy alerts accounted for the largest share of the global CDSS market in 2013. On the other hand, clinical reminders are expected to witness the highest growth at an estimated double-digit CAGR from 2013 to 2018. Various benefits while implementing this system, such as just-in-time alerts, prompt recommendation at the point-of-care, and improvements in quality care at low costs, will spur the market growth.
The three most important delivery modes considered for the study are web-based, on-premises, and cloud computing. Owing to the growing need to meet the requirement of enhanced security and accessibility, the cloud computing mode of delivery is expected to grow at a brisk pace in the forecast period (2013—2018). Furthermore, cloud computing also reduces the burden on healthcare systems, as the need for an IT staff is eliminated.
Geographic analysis reveals that North America was the largest contributor to the global clinical decision support system market in 2013 and will also be the fastest growing region for CDSS till 2018. Factors driving the North American market are the growing demands for integrated CDSS solution with EHR and CPOE, firm support from the US Agency for Healthcare Research and Quality (AHRQ), growth in aging population, growing healthcare cost, and growth in patient consumerism for quality care.
Globally, the CDSS market will be driven by the growing pressure to reduce healthcare costs, growing patient consumerism for quality care, rising demand for analytical solutions, and government initiatives that promote the adoption of CDSS. The major bottlenecks for this market are the growing concerns over security, interoperability, integration challenges, costs incurred while integrating, problems in implementing CDSS solutions, alert fatigue, incomplete or poor quality of data entry, poor IT skills among staff, and poor financial support from governments in certain countries in Europe and Asia. Cloud computing models offer huge growth opportunities for CDSS vendors, globally. Also, large sized hospitals (>300 bed size) will be potential growth segments for CDSS companies in the coming years.
The key players in this market are Agfa Healthcare (Belgium), athenahealth (US), Allscripts Healthcare Solutions (US), Carestream Health (US), Cerner Corporation (US), Epic (US), GE Healthcare (UK), McKesson Corporation (US), MEDITECH (US), NextGen Healthcare Information System (US), Novarad Corporation (US), Philips Healthcare (Netherlands), Siemens Healthcare (Germany), Wolters Kluwer (US), and Zynx Health (US); in 2013, MEDITECH led the market in terms of cumulative installations.
Ask for a free PDF here.
Cyber Surveillance & Healthcare Solutions Providers
Excerpted from Business Solutions Report by Gaby Friedlander
Here are some sobering facts for anyone who used the US healthcare system in 2013: 21.7 million patient records were exposed in data breaches; 847,667 records were exposed in Q1 2013 alone; 94 percent of hospitals have been exposed by a breach in the past two years; 85 percent of breaches caused by vendors are due to either negligence or lost or stolen devices; 54 percent suffered multiple breaches by third parties.
These numbers, provided by Experian, show that hospitals must evolve their cybersecurity to match the security standards and procedures they have developed and honed for their physical facilities. One key aspect of their physical security is 24/7 video surveillance: the ability to see who did what in their hospitals and the ability to go back in time to investigate incidents is an absolutely essential component of their security procedures. Healthcare providers need this same capability with regard to their critical IT and records systems which hold the most critical data of all — patient records. User activity monitoring is the technology that enables healthcare providers to do this.
By adopting user activity monitoring, healthcare providers can record every action of users that are accessing sensitive data, essentially providing them with cyber surveillance to match the video surveillance they have in the physical world. The captured actions are recorded and can literally be played back just like a DVD with the ability to back in time. This video recording of actions is also complimented with searchable, human readable meta-data that summarizes the user's actions.
Cyber surveillance based on user activity monitoring is new to most organizations. Here are four things every healthcare organization should understand about user activity monitoring:
It's not a luxury item. User activity monitoring might seem best suited to only the largest of healthcare organizations, but as the numbers above illustrate, any healthcare organization could be the target of online criminals. Similarly, no healthcare firm is immune from human error, the number one cause of data leakage. In both instances, the ability to quickly determine the exact cause of an incident is not a nice-to-have; it's essential.
Video surveillance cannot stop a crime, but it can deter it. On-site video cameras cannot guarantee a facility will be safe and neither can user activity monitoring. What cyber surveillance can do is deter illegal behavior by reinforcing in the minds of users that their actions are being monitored. This is especially true for privileged users, those with open access to the most critical systems and data.
It will shorten an audit. Earlier this year, the Department of Health and Human Services announced that HIPAA audits would increase in frequency in 2014, and so far, they have held true to their word. While the number of audits can vary, user activity will minimize the amount of time each audit requires of staff. By providing regulators with easy-to-consume video recordings of suspicious activity — instead of deciphering complex logs and code — the time-costs of an audit can be reduced significantly.
It can monitor the cloud. One of the great debates in healthcare technology these days is that of cloud computing. While some organizations have declined to make the switch due to concerns over data security and loss of control, most have either already adopted cloud in some capacity, or are in the process of doing so. It's important for the latter group to remember that while the cloud might provide encryption, anti-virus, key management, and other known security features, it is not impervious to security breaches, nor does it help with fast response should a data breach incident occur. Fortunately, user activity monitoring is easy to deploy in both on-site and cloud-based servers.
If an unauthorized person enters a healthcare facility and starts to vandalize or steal equipment, these actions would be caught and detected on video, and security officers and police would react in minutes. Now image a criminal sitting halfway around the world, hacking into your client's patient record database. User activity monitoring-based cyber surveillance enables you to record and see every action that hacker is taking in the same video and detect it as soon as it happens.
How to Avoid a HealthCare.gov Fiasco in Your Cloud
Excerpted from InfoWorld Report by David Linthicum
Last week, Kathleen Sebelius, secretary of the US Health and Human Services Department and the public face of the Affordable Care Act (aka Obamacare), announced her resignation. She had been under attack by Congress and others ever since the botched rollout of the federal Obamacare signup site, HealthCare.gov, last fall.
At launch, HealthCare.gov was able to sign up only a few subscribers per hour. These days, the site is pretty much fixed, and the total signups ultimately exceeded the government's original prediction of 7 million (8 million actually signed up). But the debacle's stain continues to dog HealthCare.gov in particular -- security concerns persist, for example -- and Obamacare in general.
How could those failures have been avoided, and what can the feds and other large organizations learn about deploying other such massive cloud services? A panel discussion recently at Penn State's Center for Enterprise Architecture tried to answer those questions.
The general conclusion was that the government and its contractors did not follow sound enterprise architecture practices, so they missed many of the issues that plagued the rollout. You can watch the panel discussion in the video below.
Although you can argue that the HealthCare.gov deadline was too aggressive, the requirements weren't understood, or the responsibilities were too distributed, the fact is that the ball was dropped long before the code was written.
The kinds of issues faced by HealthCare.gov occur in the private sector all the time, but the private sector more often manages the risk and complexity with sound design and architectural practices that ensure that the resulting system will be of good quality, scale as needed, and provide the performance and usability that the users expect. HealthCare.gov's team did none of this.
As one of the panelists noted, enterprise architecture should have been used to ameliorate the complexity and the issues around requirements, translating them into a sound solution, with a plan to design, build, test, and deploy.
What's sad is that HealthCare.gov team did include enterprise architects, but they did not seem to have the ability to make much of a difference. That problem is not unique to HealthCare.gov or the federal government -- private companies also often give their enterprise architects short shrift. Architects may have the knowledge to solve these sorts of problems, but not the power to actually solve them.
Just as Sebelius took the fall for that fundamental failure, so too does the CIO or CTO take the fall in the private sector when enterprise architecture isn't used to make sure the right things happen.
Avoid Hidden Cloud Costs: Do the Research
Excerpted from Search Cloud Applications by George Lawton
While cloud computing touts its lower-than-on-premises costs, pricing a transition to the cloud is not that simple. With traditional approaches to IT infrastructure, a manager had to consider many variables, including server and other hardware, when rolling out new software and services. Cloud providers promise to reduce application environment complexity to enable easier buying decisions. It's too bad they don't simplify pricing options, said Owen Rogers, Senior Analyst of Digital Economics for 451 Research and Author of 451's Cloud Pricing Codex.
A common mistake cloud-newcomers make is including the cost of virtual machines (VMs) in their calculations but not other cloud computing costs. The costs of the supplemental services associated with an application, like bandwidth and storage, can significantly increase the overall expense of running a new application.
It's preferable to take a holistic approach that considers the estimated use of all the components for deploying an application in the cloud. Furthermore, these costs can also vary by region, based on the type of server (expect to pay more for Windows versus Linux), time frame and other variables. There are also bundling options that in addition to a processor include RAM, local storage, bandwidth, object storage, load balancing IP addresses and block storage.
These costs are always changing thanks to competing services like AWS, Azure, Google and Rackspace. Consequently, it helps to assess the options using a tool that tracks these constantly changing numbers, much like the stock market. A good starting point for comparing providers is the CloudVertical Cloud Cost Index.
In some cases, it might be a good thing that cloud computing costs are ramping up as a result of a growth of legitimate uses. But, in others, spikes could be caused by cyber-attacks or poorly written applications.
The costs of the supplemental services associated with an application, like bandwidth and storage, can significantly increase the overall expense.
The concern is that without proper management, costs can grow out of control.
Cloud providers often provide some ability to control the scaling of VMs to set limits, and managers are wise to take advantage of these. But it is important to apply similar management to bandwidth and storage as well, said Rogers.
Because of the complex nature of cloud pricing variables, it helps to simulate the application(s) that a company intends to deploy to the cloud in order to get a more accurate assessment of the total cost of cloud ownership. It's also a good idea to have a trusted adviser recommend where cost savings can be made during application development.
In addition, a variety of third-party tools have been developed to help compare the total cost of existing, on-premises deployments to moving these to the cloud. These tools can help estimate the cost of deploying new applications as well. They can also help companies think through the dependencies and associated services that need to be enacted on a cloud environment and what it would cost on different cloud platforms.
Tools that rank usage and costs also support reporting capabilities as a service, allowing users to track trends in cloud use and estimate future costs. When a spike in costs or usage occurs, they can send alerts so that users don't end up with an unexpectedly high bill.
Examples of companies with these cloud cost analysis, monitoring and alerting tools include the following: RISC Networks, RightScale's PlanForCloud, Cloudability, and Copper.io's CloudVertical.
Please click here for the full report.
Healthcare IT a HIT in Philippines
Excerpted from SYS-CON Media Report by Roger Strukhoff
The upcoming HIT-PH Conference in Metro Manila on May 22nd-23rd focuses on the rapid advance of Information Technology in this sector.
"The Philippine healthcare industry is entering the digital age," according to the conference organizers, Exist Healthcare IT and Goldcrest Communications. "The use of IT systems in hospitals holds great potential to improve operational efficiencies, promote better clinical outcomes and enhance patient engagement."
Mobility will be a key topic at this event, covering the use of mobile devices at bedside, barcode technology employed to minimize data-entry errors, and scanning technology to improve record retrieval. Other topics include the use of portals to engage patients online, and the use of cloud computing to scale health IT infrastructures.
In the ongoing research we do at the Tau institute for Global ICT Studies, the Philippines ranks as an emerging regional leader.
Continued improvements in the area of bandwidth are needed, something that's recently been highlighted by problems with some of the submarine cables serving the country. In contrast, a local investment of US$65 million in a new cable - the "SJC" - addresses this ongoing issue.
The healthcare sector will no doubt benefit as things improve, although our research does show the country as presenting a significant challenge to its government and industry to achieve the improvement it needs. The HIT-PH Conference should provide a unique opportunity for these issues to be addressed and discussed.
A Guide to Cloud Computing for the Public Sector
Excerpted from MSDN Blog Report by Tim Bush
The UK Government is committed to encouraging public sector organizations take advantage of cloud-based computing. The aim is to drive down cost, improve efficiency, and assist the development of service transformation by taking a Digital by Default approach to public services.
In 2012, the UK Government launched the "G-Cloud" initiative. This comprised of a Framework for cloud suppliers and the first CloudStore, allowing organizations from local councils to health authorities browse pre- approved cloud products and services.
In May 2013, the Cabinet Office went a step further and announced its Cloud first policy, mandating public sector bodies consider cloud solutions before non-cloud alternatives. The target is for 50% of new public sector ICT spend to be in the cloud by 2015. There is sound business sense behind this campaign.
Moving to the cloud not only helps cut ICT spend but enables dramatic reduction in costs in other areas. It has the potential to transform the way the whole organization works. It can break down barriers, free people to work more efficiently and effectively and enable members of the public to engage government in ways that suits them best. It can also help you become more responsive and agile and allow you to make better decisions more quickly.
In this eBook we'll show you, step-by-step, how the cloud could help you cut costs, improve performance, collaborate more effectively and empower the public. On the way, we'll share some of our experience from helping public sector organizations harness the potential of the cloud.
You'll discover how:
Wiltshire Council is saving £2 million annually thanks to moving to the cloud and bringing ICT management in-house.
Local authorities across the country are keeping streets cleaner, while slashing the associated costs thanks to a handy cloud-based Smartphone app.
How a flexible collaboration tool helped Transport for London staff and volunteers work together to keep London moving during the Olympics.
If you haven't already made your first move onto the cloud, this eBook could give you the reassurance and knowledge you need to take the leap with confidence. If you're an old hand, we hope you will still be able to learn something new.
Download or view the full eBook via our SlideShare channel here.
More Government Movement to Cloud Computing
Excerpted from The News Reports
Traditionally it has been the case that governments around the world have been the last to move to or adopt new computer technology. This seems to not be the case, as increasingly a number of government and state authorities are adopting cloud computing to handle their big data management requirements ahead of most businesses.
The County and City of San Francisco was one of the first major regional government organizations to move to cloud computing and have seemingly set the trend or course showing how others can do it. San Francisco first adopted Microsoft's cloud computing solution, Office365, to handle email accounts and messaging. The success of this led to them upgrading so that all of their big data management could be handled via Office365 and cloud computing. A particular success so far has been the consolidation of data for law enforcement and courts; something which has enabled California to meet the requirements of the Criminal Justice Information Services policy of the Federal Bureau of Investigation (FBI).
The State of Queensland, Australia, looks set to follow the path of California. As part of their five year plan for a revamped IT strategy, the state government of Queensland has also turned to Microsoft and Office365 to handle messaging and email. If this is as successful there as it was in California, it is highly likely that the other States in Australia will follow suit, with Queensland also likely to move all application and data management to cloud computing within the next two years.
Many observers are saying this is a refreshing change of pace from governments. It is usually state systems which lag behind in technology; a matter highlighted by both the UK and USA governments needing to enter contracts with Microsoft to carry on supporting the now discontinued Windows XP operating system for at least another year. With moving to cloud computing, Queensland and California are moving their IT solutions at a faster, current pace than is usual for governments.
Cloud computing offers both lower IT and software licensing costs, as well as allowing for improved big data management with all documents and files consolidated in one location. As the market for cloud computing space intensifies, with Amazon and Google competing with Microsoft in respect of cloud storage space, the amount of organizations looking for cloud computing solutions is increasing at a rapid rate.
Cloud Security Affected by HIPAA Agreements
Excerpted from MedCity News Report by Gilad Parann-Nissany
The HIPAA Omnibus Rule regulations encourage business associates to healthcare companies to share responsibility for data breaches. These new regulations involve signing "Business Associate Agreements" with providers, yet are likely to strengthen trust in cloud security, and allow more healthcare entities to enjoy the benefits of the cloud while ensuring that patient privacy is maintained.
In the recent past, organizations were hesitant to move sensitive healthcare information to the cloud. The cloud was unfamiliar and seemed to be less safe than crunching data on company hardware. But now that cloud service providers are taking on a big slice of responsibility for their clients' data security, cloud computing is much more attractive. Not only is it perceived to be safer, but it transfers some of the responsibility for security from the healthcare company to the cloud provider, making it a safer choice than going it alone.
In fact, a recent study conducted in August 2013 by Imprivita shows that the use of cloud-based applications and services in healthcare is up significantly from last year. A full 30 percent of respondents said they currently use cloud computing. In 2012, the number was only nine percent. And 40 percent of those respondents said they have moved their Private Health Information (PHI) into the cloud also up from nine percent last year.
The new reality does bring with it some challenges. Business Associate Agreements (BAA's) define the relationship between the provider and the healthcare organization. Some cloud providers set their own conditions which customers must meet in order to get a BAA. And the customers themselves , are asking questions such as how the provider will react to a security breach, or about the length of incident response time.
Although each BAA is a little different, the US Department of Health and Human Services provides a list of the necessary components of a BAA. The 10 crucial elements are:
The contract must establish the permitted and required uses and disclosures of protected health information by the BA.
It must provide that the BA will not disclose any other information other than what has been permitted in the agreement.
The BA must implement safeguards to protect PHI, including electronic records.
BA must disclose to the healthcare organization any use or disclosure of information not provided for in the contract, including security breaches.
BA's must disclose private health information to the healthcare provider when the patient requests it.
The BA must follow all regulations set out in the Privacy Rule.
The BA must make available to the healthcare organization its books, records and internal practices relating to use and disclosure of PHI.
When the contract is terminated, the BA must return or destroy all PHI.
Any subcontractors engaged by the BA are required to abide by the same regulations as the BA.
If the BA violates any of the terms of the contract, the contract will be terminated.
These clear guidelines make it easier for healthcare organizations to venture into cloud computing.
Not only are more healthcare organizations looking to the cloud, but many businesses are now turning to data encryption as the most cost-effective and efficient method of data protection and breach notification. This is becoming the accepted best practice, and allows so-called "Safe Harbor" for a HIPAA compliant entity if a breach does occur.
Data encryption provides a kind of "mathematical wall" that replaces the old walls of the physical world. As long as the owner of the data keeps the encryption keys to himself, this is actually quite effective. And "Safe Harbor" rules from the Health and Human Services administration (HHS) mean that — if you can prove that the data was encrypted and the encryption keys kept safe — you will avoid many of the fines and reporting requirements should something go wrong.
As healthcare providers and their business associates adjust to the new HIPAA regulations, it is expected that more of them will take advantage of data encryption and benefit from the efficiency of cloud computing.
Turning Around Legal Industry on Cloud Adoption
Excerpted from Cloud Computing News Report by Peter Groucutt
It seems that the days of fear, uncertainty, and doubt surrounding cloud adoption will soon be well and truly behind us.
The majority of industry sectors have either already implemented, or have begun investigating, cloud services. Even the most security-conscious sectors are beginning to take their first steps into cloud computing as we have seen with central government and banking.
Cloud adoption in the UK is continuing to rise, with end-user satisfaction soaring due to the flexibility and cost-savings cloud services offer. But despite adoption levels growing rapidly over the past few years, it is only recently that the legal sector has begun to give cloud services serious consideration.
Due to the very nature of law firms, the storage of sensitive information in an external environment has naturally been met with some caution. While early-movers have been experimenting with cloud services for some time now, the majority of the sector has been hesitant to adopt until recently. In order to address the security and functionality concerns some firms still had, support and advice from respected industry bodies was needed.
Last August we released a report with Frank Jennings, Chair of the Cloud Industry Forum (CIF) Code of Practice Board, that highlighted the key challenges and benefits to law firms embracing cloud computing. The report highlighted concerns regarding the Solicitors Regulation Authority's (SRA) lack of pro-activity in providing clear guidance to firms who were considering the adoption of a cloud service.
This was especially true when compared to our neighbors across the border, the Law Society of Scotland, who had already developed a guide offering "practical advice around the risks associated with cloud computing, and how these services are best suited to the legal industry".
It was clear that change was needed. In November of last year, the SRA responded to the industry's need for guidance with the introduction of the Silver Linings report.
The report recognized the impact cloud services can have on firms; namely the increase in flexibility and cost benefits. It went on to highlight the potential risks, and how firms can protect themselves against them.
The report was a major breakthrough for the legal sector in its bid to find independent, industry-specific advice. In early April 2014, further advice was given as the Law Society followed in the SRA's footsteps, with the introduction of its cloud guidance for law firms. This advice went even further with more specific guidance surrounding cloud computing and Outcome 7.10 of the SRA Code of Conduct
Much like the Silver Linings report, the guidelines from the Law Society aim to provide the legal sector with increasing clarity and reassurance and are another step forward towards increased confidence in cloud adoption.
Further to these guidelines, there are several measures firms can undertake to ensure that they remain secure when working with a cloud service provider (CSP). Comprehensive Service Level Agreements (SLAs) are vital and are something firms will be far more adept at negotiating with service providers than most businesses.
Accreditations are an excellent way to identify reliable service providers. Working with CSPs that are compliant with specific regulations, including ISO 27001 for information security and the Cloud Industry Forum's Code of Practice, for example, will help assure end-users they are working with a capable provider, who is regularly audited.
As our report highlighted, law firms have been considering cloud services for some time now. Reports like those from the SRA and the Law Society should be the reassurance any hesitant firms need to take those first steps.
Cloud computing is already having a hugely positive impact on law firms that have already made the move, and we expect it won't be long before the rest of the industry follows.
Verizon Expands Cloud Services for Private Nets
Excerpted from Enterprise Networking Planet Report by Sean Michael Kerner
Multi-Protocol Label Switching (MPLS) ) is a widely deployed network connectivity solution that can deliver private IP to enterprises. MPLS offers the promise of better security, quality of service and performance levels over public connectivity options. But how do you get an MPLS-based enterprise network to connect seamlessly to public IP-based cloud infrastructure? That's the challenge that Verizon aims to solve with its Secure Cloud Interconnect (SCI_ technology.
Thierry Sender, Director of Product Development for Verizon, explained to Enterprise Networking Planet that the Verizon Private IP/MPLS network is a high-performance global network that is highly secure and physically separate from the public Internet.
"There are no routing elements shared between the public and the private network," Sender said. "That's really key for the 4,000-plus customers that are on the platform."
With SCI, the public cloud is now accessible from a private IP network.
"This has been a major barrier for enterprises to adopt the public cloud," Sender said. "Enterprises can now access the cloud, and with private IP we've removed the variability in connectivity."
From a cloud services perspective, the Verizon Terremark cloud will be made available to private IP users. Integration with Microsoft Azure is also on the official roadmap. Sender said that Verizon is in negotiations with other cloud service providers to add them onto the platform as well.
In terms of technology, Sender said that the solution leverages Verizon's virtual private cloud technology, which enables Verizon to extend the private IP address space into a cloud provider's public IP space.
"Some of the solutions will required some form of Network Address Translation (NAT) that is done at the edge of the network," Sender said.
The public cloud has been a market phenomenon for several years, which begs the question, Why now? Sender said that it's all about customer demand.
"What we saw last year was a shift with our customers where enterprises reached a point where they had a driver to move to the public environment," Sender said. "There was an inflection point."
BitTorrent Sync Now Supports NAS Devices
Excerpted from Ubergizmo Report by Adnan Farooqui
People love network attached storage (NAS) devices for a reason. These devices require little or no maintenance yet they offer automated and responsive access to data on a local network while safeguarding users against disk drive failure. The only downside is that NAS devices don't provide users with the ability to move data to another device outside the network it lives in. As an alternative, users can choose to put their data in the cloud but that negates the entire reason of setting up a NAS device. If you face a similar predicament fret not, a solution has been announced today.
BitTorrent Sync is an easy method of moving data between devices. Now it supports NAS devices which can offer BitTorrent built Sync app in vendor storefronts. Users will get a simple path to access and transfer their data between devices whenever and from wherever they want. NAS integration thus retains the level of device-to-device security and file transfer speeds while letting users tap into the large capacity on their NAS devices.
NetGear has signed on to be the first partner to launch a native BitTorrent Sync application, it can be accessed right away from the ReadNAS Add On page. All NetGear home and business products running OS6 will support this new feature, even Business Rackmount Storage series gets support. Additional partners will be announced in the near future.
Personal Cloud Accounts Growing 25% Per Year
The 'Personal Cloud: A Strategic Imperative for Operators' report by Pyramid Research provides an overview of operators and cloud computing, an analysis of the personal cloud market, the results of an operator online survey about their views on personal cloud and a detailed assessment of how operators are positioning their personal cloud services.
The number of global personal cloud accounts has increased 60% over the past two years, and Pyramid Research expects it to grow a CAGR of 25% from 2013 to 2018.
Apple, Dropbox, Google, and Microsoft dominate the market, together having over 85% of personal cloud accounts.
By the end of 2014, over half of all operators around the world will have launched a personal cloud service.
Personal cloud services offer many benefits and opportunities for operators that are well positioned to differentiate their services.
Browse a complete report at here.
The "Third Platform" of Computing
Excerpted from CiteWorld Report by Matt Rosoff
Toward the end of last year, IDC coined the term "third platform" to describe the current wave of technological advances shaping the workplace, including mobile devices, cloud computing, social collaboration, and data analytics.
IDC Analyst Joe Pucciarelli explains that these are more than just the hot buzzwords of the moment. To get the most of any of these technologies, you have to deploy them in conjunction with one another.
"Companies are typically combining a sales force app to include mobility based on a new cloud computing platform. They're using a big data analytics platform, but the data may be drawn from a social community they're operating. By combining technologies together, you get the real power."
The main benefit of these technologies when deployed together is a orders-of-magnitude increase in scale -- in numbers of applications, in compute power, in addressable customers.
For instance, when the computing world moved from mainframes (the first platform according to IDC) to PCs-plus-Internet (the second platform), the number of available end-user applications increased two orders of magnitude, from about 8,000 to more than 100,000. By the end of this transition to mobile devices powered by cloud services, Pucciarelli says, there could be more than 10 million applications.
In another example, look at how data centers have evolved.
"Go back two generations, a data center was two or three dozen boxes on a raised floor, you could go around and count the boxes on your fingers, or your fingers and toes," says Pucciarelli. "For the second platform, there were thousands of devices, rows and row of racks."
Nowadays, "The building is the machine, not an individual box. All the pieces interact together, there's a high degree of redundancy, failover capabilities, all defined and managed by software, managed as one device."
That massive increase in scale leads to new business models, which is great news for IT professionals who understand the new technologies and how to use them effectively.
Pucciarelli says that the biggest barrier toward adopting these new technologies is cultural: Leaders are often resistant to big sweeping changes. They'd rather make small incremental changes, but that approach will leave them behind companies -- including startups -- who have successfully transitioned. Instead, companies have to make a long-term plan, then figure out how to get there. "To succeed in a period of transformation, you first have to decide what mountain 20 miles in the distance you're trying to get to, then avoid tripping on the log 3 feet ahead."
So who's actually taking advantage of the third platform successfully? Pucciarelli points to the retail industry. Twenty years ago, some companies were using data warehouses to analyze customer purchases and design in-store marketing displays and optimize store layouts.
"Then companies began analyzing interactions with their customers on social media together with real-time transactions in the store using big data analytics products, then tailored specific offerings for sets of customers. To accomplish that analysis they needed compute power on a burst basis, so they ended up using cloud computing."
Coming Events of Interest
CLOUD COMPUTING EAST 2014 — May 15th-16th in Washington, DC. Three major conference tracks will zero in on the latest advances in the application of cloud-based solutions in three key economic sectors: government, healthcare, and financial services.
US Cyber Crime Conference — April 27th to May 2nd in Washington, DC. This unique event combines digital forensics training with an interactive forum for cyber professionals and covers the full spectrum of topics facing defenders as well as law enforcement responders. Sessions will cover intrusion investigations, cyber crime law, digital forensics, information assurance, R&D, and testing of forensics tools.
International Conference on Internet and Distributed Computing Systems — September 22nd in Calabria, Italy. IDCS 2014 conference is the sixth in its series to promote research in diverse fields related to Internet and distributed computing systems. The emergence of web as a ubiquitous platform for innovations has laid the foundation for the rapid growth of the Internet.
International Conference on Cloud Computing Research & Innovation - October 29th-30th in Singapore. ICCRI:2014 covers a wide range of research interests and innovative applications in cloud computing and related topics. The unique mix of R&D, end-user, and industry audience members promises interesting discussion, networking, and business opportunities in translational research & development.
|
