Cloud computing still a security concern: CIOs

IT leaders taking a conservative approach to the increasingly popular cloud model

Ramsay Health Care CIO Mick Campbell

Ramsay Health Care CIO Mick Campbell

Two Australian CIOs are taking a cautious approach to cloud computing, citing fears about the security of cloud service providers.

Speaking at the Security Insights forum - hosted by CIO and CSO - Ramsay Health Care CIO Mick Campbell said that the health provider has taken a conservative approach to cloud computing. So far the organisation has only put its email system into the cloud.

Campbell was speaking as part of a panel, which also included Australian Power and Gas' CIO Phil Ridley, BRM Holdich's director of information security and IT assurance, Jo Stewart-Rattray, and Atlassian's director of security, Craig Davies.

“We have not entertained putting patient data into the cloud yet," said Campbell. "There is no legislation that prohibits that, we just thought of the reputational damage that we could incur as a result of patient data getting released,” Campbell said.

“When you have data within the organisation you can apply a certain level of security to it. When you give data to a cloud provider, you expect a high level of security but we have seen incidences where that is not the case.”

With so many organisations dumping their data into one cloud provider, he said that it becomes a “honey pot” for criminals.

“If patient data gets leaked we’re going to be hitting the front pages of the newspapers and we want to avoid that.”

Australian Power & Gas CIO Phil Ridley, said that customers want access to their electricity or gas usage online. However, this also means that there is a lot of customer information which would be of value to cyber criminals so this data is not stored in the cloud.

The company underwent a data transformation program two years ago and looked at cloud versus traditional infrastructure.

According to Ridley, it worked out cheaper to have a traditional data centre running a virtual environment. However, it does use the cloud for disaster recovery as a service. “While cloud computing is cost effective in many ways, it does not have the trust and flexibility that we need. We decided that it was too risky to put our primary data into the cloud,” he said.

Meanwhile, BRM Holdich's Jo Stewart-Rattray shared the example of a regulated company which hosted its human resources data in the cloud.

“They had no idea where it was located or if the data was encrypted,” she said.

“It was later discovered that this information was passing to a cloud environment somewhere out there in the world. Had the regulators got onto it, there would have been huge problems.”

Atlassian's Craig Davies said that the company he previously worked for, Cochlear, was a heavy adopter of cloud services. However, Davies questioned where the data was and how it could be protected.

“The government regulators are so far behind that this is causing unnecessary pain for health providers. I have had discussions with health organisations overseas and as soon as you mention the word cloud, they shut up shop,” he said.

The CIO and CSO Security Insights forum was sponsored by IBM.

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow CIO Australia on Twitter and Like us on Facebook… Twitter: @CIO_Australia, Facebook: CIO Australia, or take part in the CIO conversation on LinkedIn: CIO Australia

Tags Australian Power & GasRamsay Health Caresecuritycloud computingPhil RidleyMick Campbell

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Enterprise Security Suite

Comprehensive protection from your internet gateway to your mail and file servers, desktops, laptops, and mobile devices, fully integrated and centrally managed.

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.