Is my company's data safe in the cloud? Is my personal health data safe in the cloud?
More and more of our data, both personal and business, is being stored and manipulated in the cloud by SaaS (Software as a Service) software providers from Google and Dropbox to big name Electronic Health Records and Accounting platforms - a great example in our homes is Microsoft's Office suite - still available and commonly used on our PCs but also available via the web with almost like for like functionality.
This trend, coupled with the recent systemic and widespread security breaches like HeartBleed and ShellShock has led many to reevaluate whether the game changing convenience of these SaaS tools is worth the risk.
Let's explore some of these concerns in more detail.
There's no denying that the internet is the modern battleground where governments, advertisers and unsavory characters of all sorts fight tooth and nail for your personal data.
However the weakest link among the rapidly multiplying ranks of internet-connected devices is undeniably still the legions of out-of-date and compromised personal computers.
Why is this?
The difficulty of monitoring and upgrading software on those devices coupled with a lack of skills and sensitivity on the part of their users are the biggest contributors.
Then again, why should we expect every personal computer user and office workstation user to have security on their minds?
It will never happen.
We can draw a direct parallel between a software company's business case for relying on IaaS (Infrastructure as a Service) and PaaS (Platform as a Service) and an end-user or company's business case for using SaaS software.
A software company leverages economies of scale while outsourcing a raft of non-core competencies in security, monitoring, maintenance, database tuning, data center design etc... to IaaS/PaaS companies who are experts in those areas.
Hence software, hardware and networks are kept up to date, proactively scaled for growth and vulnerabilities addressed quickly.
The SaaS provider similarly functions as the outsourced expert in the end-user to software company relationship and far more effectively than a traditional locally installed software model because well-run SaaS offerings can roll out critical bug and security fixes to all their servers, and hence all their customers, within hours of knowing about them.
Even the best IT departments would find it almost impossible to achieve such rapidity of service.
In conclusion, as long as your SaaS provider is reputable and devoting time and effort to keeping their systems secure and their customers' data safe, then you should feel confident that your data is safer in the cloud with expert caretakers than on your in-house systems.
At AlayaCare we take information security very seriously and in addition to following all the encryption and anonymization recommendations in the HIPPA law, we enforce a strict separation of clinical patient data from patient demographic data and the rest of our back office systems, essentially putting in place multiple layers of security and redundancy.