Three of the most common myths of Cloud Computing in HCIT:
Myth #1: Identity management in the cloud is less secure. Quite the opposite, says Sroka. The cloud is often more secure and, in most cases, offers a more reliable and more scalable facility for healthcare organizations. Most information is encrypted in the cloud, whereas when solutions are deployed on-premise it is not uncommon for sensitive information to remain unencrypted, such as administrative credentials coded into scripts or configuration files, and personally-identifiable information.
Myth #2: One has to dramatically change infrastructure to accommodate identity management (IdM) in the cloud. No infrastructure changes are necessary for an organization to take advantage of cloud-based IdM services. Integration with existing IT systems can be accomplished seamlessly, as if the IdM solution were running on-premise.
Myth #3: Cloud-based identity management solutions are less capable than on-premise solutions
Cloud-based IdM solutions don’t have to be different from on-premise solutions and can deliver the same functionality. However, cloud-based IdM solutions have a business driver making them different. The hosting provider will want to drive down the cost of hosting to take advantage of hardware/software/technical resource consolidation. In order to do so, IdM solutions running in the cloud must have a better design and they must be easier to maintain.
Three of the most common risks of Cloud Computing in HCIT:
Risk #1: Inadequate Access Control Policies. Failure to clearly articulate and enforce department and organization-wide IT security policies and procedures creates both internal and external confusion, which can lead to ongoing threats and vulnerabilities.
Risk #2: Lack of Education. When employees and other users are not educated on the “do’s and don’ts” of IT security, they are less likely to take the proper steps to secure their own information. For a CIO and his/her IT department, an uneducated user base can quickly become your worst enemy.
Risk #3: Insider Threat. Most data breaches are the result of an internal user (yes, even employees, says Sroka) with access to sensitive information who unwittingly acts as an accomplice or an enabler to an external threat.