Clinically Speaking, What Shouldn’t You Do In The Cloud?
Software companies, device manufacturers, Internet services specialists and just about everybody you can think of is excited about the cloud. For the record, there is of course no ‘actual cloud’ – but it’s a nice expression to explain how web-connected data-centers now serve us with a whole bunch of computing juice that only needs a connection to bring on line.
But moving to cloud (the industry likes to use the term ‘migrating’ to tell us that we’re off to a better place) is not without its pitfalls and dangers. As we now start to adopt handy new ‘wearable’ fitness trackers and other types of devices to help us monitor our personal health, do we really know where all that data is going?
The health and fitness industry sits as a closely connected cousin to the professional healthcare industry in terms of its usage of cloud computing. There’s simple logic here i.e. many of the ‘devices’ we are talking about are going to be mobile and so they are essentially quite low grade in terms of their computing power. Being able to connect these devices (via Bluetooth and/or a mobile connection) to the back end analytics that is available in the cloud is great news, but only if the data that our bodies help create remains where we want it to be.
Vitally personal vital signs
While it’s generally accepted to be okay to track your calories and level of fitness activity using cadence trackers and walking monitors, you might want to stop short of inputting detailed data related to your full set of vital signs (if you have it) in a comparatively unsecured online service that is designed for consumer-level use.
Creating a personal record of your blood pressure and other health records in what is essentially just an app on your iPad might seem like an innocuous enough task. But this is the kind of data that individuals won’t want everyone to see in the longer term.
This personal advice mirrors perfectly for firms and the personal data that they choose to store about their workforce in the cloud. This is because we are essentially talking about PUBLIC CLOUD instances in both cases.
Multi-tenancy, what it means
Firms should not put their payroll details in public services — and, equally individuals should neither put their salary or personalized personal health information in data storage that, however convenient and cheap to use, is essentially inside what we can call a multi-tenant public cloud service with other users’ data stores nearby.
We can draw further parallels here. As we start to use the cloud to store an increasing amount of personal information, both companies and individuals should think about the wider issues of compliance and privacy. As your own information relates to where we are, who we interact with and what we want to achieve in life – firms should stop short of exposing data that could leave them in breach of corporate compliance regulations and privacy rulings.
Yes it sounds like a long way between a log of a user’s own dental records and a Sarbanes–Oxley Actstipulation on misconduct, but it’s worth thinking about the responsibility we have for looking after our own data at every level. As our world moves one step at a time closer to digitization, the IT industry tightens its screws on data legalities from licensing to privacy to sharing and communication.
To put it another way, cloud should be used as an extension to core services that start on the desktop (for users) or in the network server room (for even the smallest businesses). Cloud should be used where it is efficient and convenient, but not if this comes at the expense of core back-end security and privacy concerns.
Cloud is certainly for everyone, but not always for every ‘thing’ in every use case. If we realize and accept this then we can start to build safe cloud into our lives.
Contact our security experts today to keep your organization and your data safe from the real threats you may face in 2015.