Cloud computing still a security concern: CIOs

IT leaders taking a conservative approach to the increasingly popular cloud model

Ramsay Health Care CIO Mick Campbell

Ramsay Health Care CIO Mick Campbell

Two Australian CIOs are taking a cautious approach to cloud computing, citing fears about the security of cloud service providers.

Speaking at the Security Insights forum - hosted by CIO and CSO - Ramsay Health Care CIO Mick Campbell said that the health provider has taken a conservative approach to cloud computing. So far the organisation has only put its email system into the cloud.

Campbell was speaking as part of a panel, which also included Australian Power and Gas' CIO Phil Ridley, BRM Holdich's director of information security and IT assurance, Jo Stewart-Rattray, and Atlassian's director of security, Craig Davies.

“We have not entertained putting patient data into the cloud yet," said Campbell. "There is no legislation that prohibits that, we just thought of the reputational damage that we could incur as a result of patient data getting released,” Campbell said.

“When you have data within the organisation you can apply a certain level of security to it. When you give data to a cloud provider, you expect a high level of security but we have seen incidences where that is not the case.”

With so many organisations dumping their data into one cloud provider, he said that it becomes a “honey pot” for criminals.

“If patient data gets leaked we’re going to be hitting the front pages of the newspapers and we want to avoid that.”

Australian Power & Gas CIO Phil Ridley, said that customers want access to their electricity or gas usage online. However, this also means that there is a lot of customer information which would be of value to cyber criminals so this data is not stored in the cloud.

The company underwent a data transformation program two years ago and looked at cloud versus traditional infrastructure.

According to Ridley, it worked out cheaper to have a traditional data centre running a virtual environment. However, it does use the cloud for disaster recovery as a service.

“While cloud computing is cost effective in many ways, it does not have the trust and flexibility that we need. We decided that it was too risky to put our primary data into the cloud,” he said.

Meanwhile, BRM Holdich's Jo Stewart-Rattray shared the example of a regulated company which hosted its human resources data in the cloud.

“They had no idea where it was located or if the data was encrypted,” she said.

“It was later discovered that this information was passing to a cloud environment somewhere out there in the world. Had the regulators got onto it, there would have been huge problems.”

Atlassian's Craig Davies said that the company he previously worked for, Cochlear, was a heavy adopter of cloud services. However, Davies questioned where the data was and how it could be protected.

“The government regulators are so far behind that this is causing unnecessary pain for health providers. I have had discussions with health organisations overseas and as soon as you mention the word cloud, they shut up shop,” he said.

The CIO and CSO Security Insights forum was sponsored by IBM.

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow CIO Australia on Twitter and Like us on Facebook… Twitter: @CIO_Australia, Facebook: CIO Australia, or take part in the CIO conversation on LinkedIn: CIO Australia

Join the CSO newsletter!

Error: Please check your email address.

Tags Ramsay Health CareAustralian Power & Gassecuritycloud computingMick CampbellPhil Ridley

More about AtlassianCochlearCSOFacebookIBM AustraliaIDC Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Hamish Barwick

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts