Remember when you were a kid and you thought how cool it would be to walk atop the clouds like the giant in Jack and the Beanstalk or the stories you heard and envisioned about Heaven? Even as an adult and being head over heels in love, walking on Cloud 9, you know you can’t really walk on clouds. While clouds can be beautiful and sometimes threatening, they are, when you take away the metaphors of myth, nothing more than atmospheric condensation. We can no more walk on clouds than we can on water. We would instantly fall through either.
There are a lot of myths out there about Cloud Computing and we thought it time to discuss this a little further here with all our friends. There was a recent discussion thread on a Facebook forum about “the cloud” and security. I hope I am not bursting your bubble…or more appropriately, your cloud, by telling you that cloud computing is far from being secure.
Now, before I spark an angry email or two, let me say there are cloud services that are quite secure. However, like everything else most of us do with computers, the weakest link is ourselves in working on the cloud. Let’s take a look at the big players and I will explain.
For most of us, the most common interaction we have with cloud computing are storage sites like Dropbox. There are plenty of competitors in this arena, such as Box, Google Drive, iCloud, or Microsoft’s SkyDrive, to name a few. All of these services allow for free but limited storage. They all provide a great place to copy documents, photographs; and so on you might want in a redundant and semi-secure environment. None of these services offer an environment that is remotely close to being HIPAA compliant, so these would not be places to store your patient files. We use these drives to store things such as PowerPoint presentations, artwork, scripts, examples of work, etc….so they can be easily shared and accessed.
While each of these companies are working hard on keeping their sites secure, know that by the very nature of what they do, they are targets of hackers around the world. As I stated earlier, we humans are the weakest link in this partnership. We choose weak passwords. We leave open connections to our cloud services on our desktops and laptops which so many of us do not protect with anti-virus and anti-malware software. Once someone gains access to your desktop, they more than likely have easy access to whatever and wherever you have data storage.
Next, let’s look at backup services like Carbonite, Mozy, or Tomahawk. The basic or home level of each of these services will back up your hard drive on an ongoing basis which can be a true lifesaver in the event of hardware crash or natural disasters such as Superstorm Sandy recently proved. You can sign up for these services for as little as $6 a month. If you have patient files however, keep in mind that HIPAA requires encryption of files anytime they are sent, stored or received. In this case you will need the professional or upgraded versions of these services which start around $20 a month and go up from there depending on the amount of storage needed. That is still a bargain when you consider how valuable those files are for your practice and your patients.
Keep in mind, that these services while more secure than most cloud storage facilities are still being attacked by hackers on an ongoing basis. So best keep your data encrypted while being stored. The downside to that? You lose your encryption password, you are pretty much …using a technical term…screwed, as the storage company will not be able to help. So keep that password somewhere safe….and no, that doesn’t mean taping it to the side of your computer or the bottom of your keyboard.
Cloud storage and cloud computing offer a lot of convenience, but it is up to each of us to monitor how secure our data is and what would happen should a hacker get access to that data. If the IT on your own computers in your stores or practice are not using anti-virus programs, you are asking for trouble. If you are still using Windows XP, you are asking for trouble. Just as you would chastise (in a nice way) your patients for not getting annual or at the very least bi-annual eye exams, so too must you be chastised (in a nice way) for using technology that is a decade old, or at the very least not practicing safe computing.