Government Agencies Acknowledge Security and the Cloud
CMS And Healthcare.gov
Until earlier this month, the Centers for Medicare and Medicaid Services (CMS) only allowed internally managed hardware to be used to process data used in its new risk adjustment process, required under the Affordable Care Act. However, CMS is now giving its stamp of approval to use Amazon Elastic Compute Cloud (Amazon EC2). The CMS Risk Adjustment process involves processing and storing health care data so that funds can be transferred from high-risk groups of patients to low-risk ones. The objective is to distribute funds more evenly, protecting insurer's financial interests. The second place being introduced to cloud technology is Healthcare.gov. According to the Wall Street Journal, the government health site chose Amazon Web Services (AWS) to improve functionality and better handle some of the consumer services before open enrollment begins again in November. The site's home page, coverage application and comparison tool are among the pages that will utilize Amazon cloud technology.
Security And The Cloud - Questions
One of the main concerns of using any software, application, or service for both users and enterprises alike are securityand data transfer - especially in a cloud environment. Most companies have the general feeling that their data is already safe in-house, even if in reality it is not all that secure. But what happens if the data is moved to the cloud? Common questions include:
- Is the data safe?
- Who has control of the data?
- Is it reliable?
- Is the environment secure?
- What safeguards are in place to protect the data?
- What happens if there is a security breach or loss of data?
Education and knowledge transfer of cloud computing are ways to answer these common questions, especially for companies that tend to be categorized as safety-conscious. For these types of organizations, multiple layers of security are necessary in order to make the shift to cloud environments. First, there is a need for user management to say who can use a particular service or application. Second, there needs to be a system to control the users allowed in the cloud environment. And third, there needs to be a way to manage the level of authorization a user has in the cloud and what type of access they have to view or modify files in the environment.
This is where AWS and Amazon EC2 come into play. Amazon continues to reinforce that security is critical and paramount for the company along with the importance of leveraging top-notch security for a seamless user experience. According to an AWS webcast last October, "in order to provide end-to-end security and end-to-end privacy, AWS builds services in accordance with security best practices, provides the appropriate security features in those services, and documents how to use those features." AWS defines Amazon EC2 as "a web service that provides resizable compute capacity in the cloud. It is designed to make web-scale computing easier for developers." Benefits of using this web service include elastic web-scale computing, complete control, flexible cloud hosting services, integration with AWS, reliability, security, cost, and easy to start. For more information on security, refer to the Amazon Web Services whitepaper, AWS Security Best Practices.
An Endorsement Of Cloud Security
The government's endorsement of AWS should give confidence to organizations considering AWS or other cloud technologies. "If AWS is good enough for the government, it's probably good enough for you," said Dave Bartoletti, an analyst with Forrester Research. This isn't the first time a government agency has turned to AWS. Last year, Amazon won the bid to build a cloud system for the Central Intelligence Agency. It's a key indicator of the government's changing attitude toward the cloud and a testament to the level of security delivered by cloud technology. Contact us to learn more about how your organization can benefit from secure cloud technology.
Follow Brad Friedman on Twitter