Infrastructure reality check: What can go in the cloud, really?
The cloud has become ubiquitous in American business, including healthcare. It provides easy, universal access to data and systems, big plusses when dealing with large workforces and needed IT. But security remains a nagging question: Is the cloud secure enough to hold a healthcare organization’s precious data and applications? And how does a healthcare CIO balance security and ease of use?
And – and this is a big one – how does the CIO explain all this to his or her colleagues in the C-suite?
As technology becomes more of a commodity and more agnostic to the industry – in other words, less unique to healthcare – there is less of a need to own some of the technology in the traditional holistic manner, said Eli Tarlow, vice president and CIO at Brookdale University Hospital and Medical Center in Brooklyn, New York.
“So owning your own data center in a hospital is less a requirement than it was 10 or 20 years ago,” he said. “In fact, space is a necessity in hospitals, space that was previously occupied by a data center, by things that now can be hosted in the cloud.”
The experience of cloud vendors
Cloud companies have been providing services to banking, finance, e-commerce and other industries, and that has showcased good experience over time.
“Because security around healthcare can be marginally more important than other things, the challenge now is to explain clearly to the C-suite that their healthcare security will be just as secure as it was in their own hospital in the past,” Tarlow said. “If there is fraud around credit cards, then it is a one-time thing, then a card can be canceled, and so on. But if healthcare is a problem, you cannot pull it back in. It is hard for colleagues in the C-suite to accept that it still can be completely secure if not greater security than in our own building.”
When one hears the term ‘cloud security,’ the two words do not naturally go together, said Cletis Earle, senior vice president and CIO at Kaleida Health, a four-hospital health system based in Buffalo, New York.
“When you think of cloud, you don’t natively think of security,” he said. “But we’ve come to a conclusion that the cloud has now been able to have a more resilient process than we ever have because companies like AWS have invested a significant amount of dollars to bolster a solution that is somewhat secure. Today, the world is much more mature.”
The cloud has a ways to go; some of the major cloud vendors have this year had some issues where their systems went down, and that is a challenge, Earle said.
“But even though it is more mature than a few years ago, we are still at somewhat of an infancy stage in the coupling of cloud and security,” he contended.
Limited security resources
But the situation is very different for James Wellman, CIO at Comanche County Memorial Hospital in Lawton, Oklahoma, where things revolve around his current situation – limited security resources. So he relies on strong business associates agreements, contracts and service level agreements to place his organization’s applications in the remote-hosted, cloud environment.
“We feel that AWS, Google and other cloud systems are able to provide a much better security standard than we can locally,” Wellman said. “This may not fit into an organization with a strong security team with adequate support, so I don’t feel there is a one-size-fits-all answer, it always is going to be situational.”
"Just because it is in the cloud does not mean it is actually going to be cheaper for organizations."
Cletis Earle, Kaleida Health
The cloud is the best scenario for Comanche County; the organization has been moving farther down the cloud path for the past four years, and to date it has been a success, he added.
Security is such a key consideration for healthcare CIOs – and for CIOs to explain to their C-suite peers – in part because of the lure of the cloud, which is ease of use.
“Ease of use, for us, is access to applications and a higher level of uptime,” Wellman said. “As more applications become available that are web-enabled, this allows us to create an easier access profile for our users. Using this with a virtual desktop allows us to create a user experience for our providers that is the same regardless of device type and location.”
Wellman and team can swap a faulty device and get the affected user back to work instantly because they no longer have to spend time installing and uninstalling applications for each location or user. They use this in coordination with a token and two-factor authentication to provide a secure access process, especially when a user is outside the facility.
A bigger team with the cloud
From a technology perspective, ease of use means the CIO has an expanded team with a greater focus on the technologies successfully hosted in the cloud, said Tarlow of Brookdale University Hospital and Medical Center.
“When you own the infrastructure and systems locally, you have to have a team in-house that is fully dedicated to your technologies,” he explained. “When things are in the cloud and you are getting the economies of scale from a cloud vendor that hosts many customers, it is easier because you have greater depth in the team.”
A CIO is not worried if someone calls in sick or is tied up with other work – theoretically, the CIO can pay per drink, have his requirements as he needs them without having to be concerned with building and keeping the team, Tarlow said.
“You are giving away that headache,” he said. “And it is easy from a scalability standpoint. Because your cloud vendor has multiple customers, you can scale up or down a lot quicker because they have the resources available to support many. Ease of use means quicker and less expensive for the team. IT is a partner, an enabler, and if things are hosted traditionally onsite, then it can be slower to market, so to speak.”
When it comes to ease of use, for Earle of Kaleida Health, the first thing that comes to mind is having office productivity products – word processing programs, Excel spreadsheets – out in the cloud.
“It’s truly kind of a set-it and easy-to-manage process, but it’s not necessarily cheaper,” he said. “I naturally go to the ability of using cloud in solutions like that, that organizations are much more receptive to. But just because it is in the cloud does not mean it is actually going to be cheaper for organizations.”
Click on page 2 below to read about long-term costs and much more.