Earlier this year Jeremy Hunt- the Secretary of State for Health and Social Care- signed off on the firstย official guidanceย specifically designed to help the UKโs National Health Service make the move to cloud.
Although some parts of the NHS already made use of cloud technologies, this marked the dawn of a new digital era for many working within the sector- one in which the widespread adoption of public cloud services and platforms, like Microsoft Office 365, is encouraged and the benefits can become a reality. Benefits which might help to relieve some of the strains currently facing our overstretched healthcare services.
Tighter budgets, fewer staffโฆ itโs well publicised that the NHS is currently having to work with very little resource. But by storing data in the cloud, NHS organisations can rid themselves of some of the costs associated with buying and maintaining the hardware and software required to keep it on-premise.
Meanwhile, behind the scenes, IT teams can use cloud technologies to install more comprehensive backup solutions which will reduce recovery time in the event of a local system failure. And for those on the front line- the GPs and doctors seeing patients day in, day out- cloud could give them the flexibility and freedom to work remotely.
Thereโs no denying that the benefits of migrating some data from on-site systems to cloud environments could be colossal. This is now being widely recognised, with a recent report fromย Digital Health Intelligenceย discovering that 39% of organisations currently not using any cloud technologies plan on introducing some element of cloud-based infrastructure within the next two years.
But, these organisations will only be able to reap the benefits if their new cloud environments are protected. After all- as last yearโs notorious WannaCry disaster proved- no one is immune to cyber attack. Not even the NHS…
Everyone is a targetย
Nowadays, cyber criminals donโt care who they hit with ransomware, as long as the victim is willing to pay up. This is what makes hospitals and healthcare providers very attractive targets. The NHSโs most valuable digital asset- confidential patient information- has become 100 times more valuable than stolen credit card details and when faced with losing it, IT teams often donโt have a choice. They have to pay the ransom because human lives are not negotiable.
This is why itโs important to secure all networks and all patient portals, including websites.
Despite common fears, keeping data in the cloud is just as secure as storing it on-premise- as long as you have a suitable security strategy and invest in the correct technologies.ย
Making the cloud safe
ย The fact is that a truly secure medical network infrastructure will probably contain more firewalls than patients, but most traditional firewalls are not cloud ready. Simply lifting and shifting traditional solutions and processes doesnโt work, because some are not engineered with the cloudโs elasticity and scalability. Therefore, IT teams looking to make the most of cloud may need to think about refreshing their security technology stack.
As part of this, they could also consider using machine learning and artificial intelligence in some capacity. These technologies enhance existing security solutions and protect against more cleverly disguised and targeted attacks- such as spear phishing. They do this by establishing a baseline of โnormalโ behaviour and then flagging any actions that fall outside of it. Anything unusual or out of character is identified immediately, helping IT teams to pinpoint malicious outsiders.
But that isnโt all…
ย Education, education, education
Effective security is not just about stocking up on solutions and tools. Instead, itโs a combination of technology, people and culture. NHS organisations can block out some threats with a cloud-ready, up to date protection system but it is just as important to implement some sort of user awareness programme and training. After all, often your employees are your last line of defence- especially when it comes to social engineering attacks- so educating about potential threats and retraining around cloud environments will be essential.
As well as providing user awareness courses and materials, organisations can also look to invest in phishing simulation tools. Through mock campaigns, these can teach employees what signs to look out for and how to respond appropriately if- for example- they receive a malicious email. They can also provide useful data for organisations on which employees are most at risk of attack and transform them from a liability to a strength.ย ย
Cloud is a whole new world for many organisations within our National Health Service and its benefits could be endless. But, before organisations can reap the rewards, they must embrace a new way of thinking. For those planning on making the move to cloud, security needs to be priority number one.
Chris Hill, RVP Public Cloud and Strategic Alliances International at Barracuda, has over 30 years of experience in the IT industry. Before joining the Barracuda team in 2016, he held a number of managerial roles at other leading technology companies, experiencing EMEA direct and indirect sales and technical environments.