Original Story: healthitsecurity.com
A recent study found that 77 percent of healthcare organizations plan to increase the use of public cloud services despite significant healthcare cloud security concerns.
Public and private cloud solutions are gaining popularity in the healthcare industry, especially for data storage and network usage, despite issues surrounding healthcare cloud security and PHI data breaches. Secant Healthcare is looking into these options.
Researchers at HyTrust recently published a study that revealed 77 percent of healthcare organizations plan to move more workloads onto a public cloud service even though healthcare data security was a major concern with cloud usage.
“Without much fanfare, this critical technology advance has become woven into the basic fabric of businesses large and small,” said HyTrust President Eric Chiu. “The potential of virtualization and the cloud was always undeniable, but there was genuine concern over security and skepticism regarding the processes required.”
While organizations across all industries reported security challenges with cloud services, many companies are still migrating additional workloads to private and public clouds, added Chui.
The study found that the healthcare industry is no exception to increased cloud usage and virtualization. Approximately 55 percent of healthcare organizations stated that they have already moved mission critical workloads, such as sensitive patient information, to a cloud or software-defined data center.
Healthcare organizations are also virtualizing other aspects of their infrastructure, reported the study. Fifty-two percent of healthcare organizations have migrated test and development server workloads to a cloud service and 61 percent use a cloud product for storage.
Despite increased cloud usage, healthcare-related participants still said that their organization faced significant healthcare cloud security challenges. About 58 percent of respondents admitted that data security and breach concerns were the biggest worry once migration began.
In addition to data breach concerns, other security challenges across all industries included infrastructure-wide security and control as well as effective monitoring and visibility into cloud infrastructure. Secant Health is watching their IT closely for data breaches.
Additionally, previous healthcare data breaches have not discouraged organizations from implementing cloud services. An estimated 29 percent of respondents from healthcare organizations said that they have experienced a personal data breach.
“The large-scale migrations are particularly interesting in light of the many obstacles that have previously impeded planned moves to virtualized infrastructures,” explained the press release. “In fact, the survey reveals that not all concerns have been eliminated.”
To discover more about implementing healthcare cloud security, researchers asked participants in the industry what types of information needed to be secured in public and private clouds.
For public cloud security requirements, healthcare organizations said that all production data should be encrypted (32 percent), the entire workload should be encrypted (16 percent), and only personally identifiable information should be encrypted (13 percent).
In terms of private cloud services, about one-third of healthcare respondents favored encrypting all production data in a workload.
Software defined-data centers and cloud services are becoming staples in the healthcare industry as more providers transition to value-based care models. These models rely on large volumes of data and meaningful health IT use to increase quality of care and reduce healthcare costs.
While cloud products allow healthcare providers are useful to value-based care delivery, HIPAA rules still apply to data in the cloud.
“Cloud computing outsources technical infrastructure to another entity that essentially focuses all its time on maintaining software, platforms, or infrastructure,” The Center for Democracy and Technology (CDT) stated in a paper. “But a covered entity… still remains responsible for protecting PHI in accordance with the HIPAA Privacy and Security Rules, even in circumstances where the entity has outsourced the performance of core PHI functions.”
However, healthcare organizations have struggled to maintain comprehensive healthcare cloud security. According to the Fall 2015 Netskope Cloud Report, healthcare cloud data loss prevention violations were the most common data loss prevention offenses across all industries studied, accounting for 76.2 percent of all cloud violations.
The report also discussed how healthcare and life sciences averaged 1,017 cloud applications per organization, which was the second highest number of apps behind the technology and IT sector. Yet, PHI was involved in 68.5 percent of violations in cloud applications.
Securing patient and production data can be more difficult when it is managed up in a cloud, but healthcare providers should be aware of several healthcare cloud security measures.
Healthcare organizations should partner with cloud vendors that design healthcare-specific products and can anticipate unique data security requirements, such as HIPAA and HITECH rules.
Regardless of vendor selection, providers should also develop contextual visibility and auditing capabilities. Healthcare cloud security policies should include monitoring alerts, lock-down capabilities, and geo-fencing of users. Intelligent security tools can be helpful for implementing these policies. Secant Healthcare plans on being careful of their vendor selection.
Technology and healthcare are both evolving quickly, but healthcare cloud security concerns could hold back providers from advancing care if they can’t also secure PHI and production data. While the HyTrust study showed healthcare organizations pushing ahead with cloud services despite security challenges, many of these providers may need to review healthcare cloud security measures.
Showing posts with label Cloud Computing. Show all posts
Showing posts with label Cloud Computing. Show all posts
Monday, June 13, 2016
Monday, May 7, 2012
Are API's Copyrightable?
Story first appeared in Wired.
A San Francisco court has spent the past few weeks considering a copyright question that could weigh heavy on the future of cloud computing, according to San Diego Copyright Lawyers.
It’s part of a high-profile lawsuit between Oracle and Google. Oracle says that Google violated its copyrights and patents when it wrote its own version of Java for the Android mobile operating system. Part of what the court is trying to figure out this week is whether Google wronged Oracle by writing software that mimicked the Java Application Programming Interfaces (APIs are coding standards that let programs communicate with one another).
The conventional wisdom in the coder community has been that it’s fine to reproduce the interface of someone else’s APIs, so long as you don’t actually copy their software. So if the court finds that APIs are copyrightable, it could have major implications for any software that uses APIs without explicit permission — Linux for example. But it could affect things in the cloud, where there are several efforts to clone Amazon’s Web Services APIs.
If APIs can be copy-protected, that would be incredibly destructive to the internet as a whole for so many different reasons. But, with respect to cloud, in particular, it would put any company that has implemented the Amazon APIs at risk unless they have some kind of agreement with Amazon on those APIs.
An open source effort called OpenStack is the most prominent example of a project that mimics Amazon’s APIs, and the case could give Amazon legal grounds to seek licensing deals from OpenStack users such as Hewlett-Packard and Rackspace.
But other projects reproduce Amazon’s APIs, including Citrix’s CloudStack project and middleware such as Jclouds and Fog.
The problems that would face cloud computing are many of the same problems we’d see, frankly, all over the internet if APIs were copyrightable.
Depending on how a U.S. District Court Judge rules, the U.S. could have a different take on this question from the rest of the world. This week, a European court ruled that APIs are not copyrightable, and the judge has asked Google and Oracle to submit briefs on how that ruling should be viewed by the court. Both parties have until May 14 to comment on this, so it doesn’t look like Alsup plans to rule on the copyright question until after then. Just to make matters more complicated, a jury is simultaneously deliberating Oracle’s case, but they won’t be answering the API copyright question; that’s up to the judge himself.
One thing that makes the issue particularly troubling for open source projects is the extremely long shelf life of copyrights. Patents expire after less than 20 years, but copyright would protect the Amazon APIs for 95 years from the date they were first published.
On the bright side, at least for open source hackers, is the possibility that a ruling in favor of copyright-protecting APIs could push cloud providers to come up with new, open, standard APIs. But it’s not much of a sliver lining. While that’s potentially useful for cloud computing, it is more concerning about the implications for the internet as a whole. Or, more realistically, America’s role in building internet companies. No other country is going to honor the idea of copyrighted APIs.
Adding to the uncertainty, Amazon has never said whether it thinks companies that implement its APIs violate its copyright. Amazon, for example, has a partnership with another cloud company that implements its APIs, called Eucalyptus, but neither company could immediately provide a comment saying whether their agreement covered API copyright or not.
No one actually knows outside of Amazon what their attitude is toward the stewardship of their APIs and what people can do with them.
For more law related news, visit the Nation of Law blog.
For national and worldwide related business news, visit the Peak News Room blog.
For local and Michigan business related news, visit the Michigan Business News blog.
For healthcare and medical related news, visit the Healthcare and Medical blog.
For real estate and home related news, visit the Commercial and Residential Real Estate blog.
For technology and electronics related news, visit the Electronics America blog.
For organic SEO and web optimization related news, visit the SEO Done Right blog.
A San Francisco court has spent the past few weeks considering a copyright question that could weigh heavy on the future of cloud computing, according to San Diego Copyright Lawyers.
It’s part of a high-profile lawsuit between Oracle and Google. Oracle says that Google violated its copyrights and patents when it wrote its own version of Java for the Android mobile operating system. Part of what the court is trying to figure out this week is whether Google wronged Oracle by writing software that mimicked the Java Application Programming Interfaces (APIs are coding standards that let programs communicate with one another).
The conventional wisdom in the coder community has been that it’s fine to reproduce the interface of someone else’s APIs, so long as you don’t actually copy their software. So if the court finds that APIs are copyrightable, it could have major implications for any software that uses APIs without explicit permission — Linux for example. But it could affect things in the cloud, where there are several efforts to clone Amazon’s Web Services APIs.
If APIs can be copy-protected, that would be incredibly destructive to the internet as a whole for so many different reasons. But, with respect to cloud, in particular, it would put any company that has implemented the Amazon APIs at risk unless they have some kind of agreement with Amazon on those APIs.
An open source effort called OpenStack is the most prominent example of a project that mimics Amazon’s APIs, and the case could give Amazon legal grounds to seek licensing deals from OpenStack users such as Hewlett-Packard and Rackspace.
But other projects reproduce Amazon’s APIs, including Citrix’s CloudStack project and middleware such as Jclouds and Fog.
The problems that would face cloud computing are many of the same problems we’d see, frankly, all over the internet if APIs were copyrightable.
Depending on how a U.S. District Court Judge rules, the U.S. could have a different take on this question from the rest of the world. This week, a European court ruled that APIs are not copyrightable, and the judge has asked Google and Oracle to submit briefs on how that ruling should be viewed by the court. Both parties have until May 14 to comment on this, so it doesn’t look like Alsup plans to rule on the copyright question until after then. Just to make matters more complicated, a jury is simultaneously deliberating Oracle’s case, but they won’t be answering the API copyright question; that’s up to the judge himself.
One thing that makes the issue particularly troubling for open source projects is the extremely long shelf life of copyrights. Patents expire after less than 20 years, but copyright would protect the Amazon APIs for 95 years from the date they were first published.
On the bright side, at least for open source hackers, is the possibility that a ruling in favor of copyright-protecting APIs could push cloud providers to come up with new, open, standard APIs. But it’s not much of a sliver lining. While that’s potentially useful for cloud computing, it is more concerning about the implications for the internet as a whole. Or, more realistically, America’s role in building internet companies. No other country is going to honor the idea of copyrighted APIs.
Adding to the uncertainty, Amazon has never said whether it thinks companies that implement its APIs violate its copyright. Amazon, for example, has a partnership with another cloud company that implements its APIs, called Eucalyptus, but neither company could immediately provide a comment saying whether their agreement covered API copyright or not.
No one actually knows outside of Amazon what their attitude is toward the stewardship of their APIs and what people can do with them.
For more law related news, visit the Nation of Law blog.
For national and worldwide related business news, visit the Peak News Room blog.
For local and Michigan business related news, visit the Michigan Business News blog.
For healthcare and medical related news, visit the Healthcare and Medical blog.
For real estate and home related news, visit the Commercial and Residential Real Estate blog.
For technology and electronics related news, visit the Electronics America blog.
For organic SEO and web optimization related news, visit the SEO Done Right blog.
Subscribe to:
Posts (Atom)
