How to Evaluate the Data Security Capabilities of Cloud-Based Services


Published on

One of the critical issues in evaluating cloud-based services is data security. This white paper will provide you with the information you need to evaluate and choose your cloud-based service supplier.

For more information visit

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

How to Evaluate the Data Security Capabilities of Cloud-Based Services

  1. 1. White Paper | Cloud-Based SecurityTechnical Brief SeriesHow to Evaluate the Data Security Capabilities ofCloud-Based ServicesExecutive SummaryOne of the critical issues in evaluating cloud-based servicesis data security. Cloud-based services today can becompared to Internet banking. Consumers were initiallyafraid that online banking would make them more vulnerableto fraud or identity theft. Now that online securitytechnologies have improved, online banking is actually saferthan getting paper statements in the mail.Likewise, using a cloud-based service supplier instead ofoperating your own internal system can be a major steptoward becoming liberated from serious security issues.However, you must choose your provider wisely. Suppliersmust demonstrate that they have the optimal technologies,infrastructures and processes in place to ensure datasecurity. And each healthcare facility needs to requireevidence that patient data is protected at all levels andstages of the workflow – from duplicate disaster recoverycopies and physical protection of the data center to datatransmission, storage, and user access.It’s important to understand the four key components of datasecurity: availability, integrity, confidentiality, and traceability.Data availability ensures continuous access to data even inthe event of a natural or man-made disaster or events suchas fires or power outages. Data integrity ensures that thedata is maintained in its original state and has not beenintentionally or accidentally altered. Data confidentialitymeans information is available or disclosed only toauthorized individuals, entities, or IT processes. And datatraceability means that the data, transactions,communications, or documents are genuine and that bothparties involved are who they claim to be.All components of data security must be maintained at thefollowing three levels:1. The physical infrastructure of the data center;2. The hosted application that manages data; and3. The policies and procedures to maintain continuoussecurity in the cloud.1. Physical Security at the Data CenterThe data center must supply a secure physical hostingenvironment. This typically includes:• Redundant utilities, particularly power supply and airconditioning.• Protection against fire with appropriate extinguishersin each computer room, as well as emergencypower-off switches.• Specially equipped ventilating and air conditioningsystems. While temperature is an important factor,equipment must also be protected from externalheavy pollution (such as smoke from a nearby fire).• Windowless rooms for servers and storageequipments.• Access control to enter the data center. Thisincludes a security guard at the building entrance,no unscheduled visits, a single entrance to the mostsensitive area of the data center, and surveillancecameras around the building and at each entrance.Employee access should be monitored through theuse of badge-based entry, security guards, andcameras that monitor all building entrances andexits. Extra authentication should be required toaccess sensitive areas within the building wherepatient data is stored. Ask to see the supplier’ssecurity policy and find out how employees’ onlineaccess to data is monitored.
  2. 2. White Paper | Cloud-Based Security2Data center designs can be broken down into four tiers. Mosthospital data centers are a Tier 1 or Tier 2. In Tier 3 andTier 4, cloud service providers are best equipped to makethe significant investment required to guarantee highersecurity.Tier Level Requirements1 • Single non-redundant distribution pathserving the IT equipment• Non-redundant capacity components• Basic site infrastructure that guarantees99.671% availability2 • Fulfills all Tier 1 requirements• Redundant site infrastructure capacitycomponents that guarantee 99.741%availability3 • Fulfills all Tier 1 and Tier 2 requirements• Multiple independent distribution pathsserving the IT equipment• All IT equipment must be dual-powered andfully compatible with the topology of a sitesarchitecture• Concurrently maintainable site infrastructurethat guarantees 99.982% availability4 • Fulfills all Tier 1, Tier 2 and Tier 3requirements• All cooling equipment is independently dual-powered, including chillers and heating,ventilating and air-conditioning (HVAC)systems• Fault-tolerant site infrastructure withelectrical power storage and distributionfacilities that guarantee 99.995% availability2. Application-Level Security DesignApplication-Level AvailabilityAny application should start with a secure and reliablestorage mechanism:• The cloud service provider should maintain at leasttwo copies of ingested data, thus reducing the risk ofdata loss. One of the two copies is made onremovable media so it can be stored at anotherlocation—in case a disaster impacts the data center.The system should ensure that the two copies arepermanently synchronized.• Database is stored on RAID-10 (1+0) disk system.RAID-10 provides high availability and performancewhen there is a need to reconstruct data in the caseof disk failure.• Data is stored on RAID-6. While this type of RAID isslower to reconstruct in case of disk failure, it offersexcellent reliability with a higher ratio of usablestorage/physical storage.One of the often overlooked areas of data security isauthentication procedures. It is not enough to maintain twocopies of patient data—the cloud service provider must alsohave a validation process that ensures that each copy of thedata maintains its integrity. Damaged files must be able tobe detected and reconstructed. Responsibility formaintaining data integrity should be clearly defined as part ofany contract with a service provider.Application-Level IntegrityApplication-level signatures should be computed for everydocument and kept in the database. The encryptionmechanism used to ensure confidentiality during the TCP/IPtransmission includes an integrity check that prevents therisk of data corruption.A typical integrity check is the use of hashes. Hashes can beincluded in a signature to ensure authenticity. In such acase, the signature contains the document hash encryptedwith the sender private key and the public key to allowdecryption. It also points to the certification authority. Thekey used to encrypt the data should be stored (encrypted)with the data itself. If data has been modified intentionally, oraccidentally, data decryption would then fail. This protectionalso prevents the sending of corrupted data to clinicians andother users.
  3. 3. White Paper | Cloud-Based Security3Multi-Level Data ConfidentialityData protection is required at both the application andnetwork level. Communication between healthcare sites andthe data center is performed with SSL-based encryption atthe application level to ensure end-to-end protectionbetween the service access point and the data center. Thisencryption ensures that none of the employees of thenetwork provider can access data. It also prevents data frombeing viewed while it is being carried over the Internet to anend user’s viewing software. SSL can implement severalencryption algorithms, the most common being AES, 128bits key length encryption.Access control also combines two levels of restriction:• Site-level access control defines which originatingsites can access data. A default configurationspecifies that data ingested by an originating sitemay only be accessed by the same site. Any otheraccess, such as queries from other sites or from theweb portal, must be specifically set up. Thisrestriction applies to most imaging IT clouds thatrequire a local server as point of access.• A user profile specifies access to both features anddata. Access rights for a given user can also bedefined for patients and types of studies.Secure Connection to the CloudSecure access requires the data center to equip its Internetconnection with the following:• Firewalls to control network transmissions based ona set of rules that protect networks fromunauthorized access.• Demilitarized Zone (DMZ) - A physical or logicalsubnetwork that contains and exposes anorganization’s external services to a larger untrustednetwork, providing security from external attacks.• Permanent updates to anti-virus software with thelatest virus signature databases.To guarantee secure data exchange, the connectionbetween the data center and a customer site is usually madethrough an SSL-encrypted tunnel.3. Policies and Procedures to Maintain SecurityBeyond physical and application-level design, proper policiesand procedures are required to maintain on-going securityfor cloud-based services, completing the traceabilitycomponent of the security design.Establishing an Audit TrailWhile data privacy addresses who can access data andwhat a user can do, a comprehensive auditing function isneeded to track all patient health information (PHI)-relatedactivities, warnings, and failures that occur in the system.Using the audit viewer tool, security administrators canexclude events from auditing and define filters to manageinformation collected by the system. This information can beused to trace the source of selected changes to informationin the system, as well as to detect unusual system activity.The following screenshot of an audit trail viewer showswarnings in yellow, red highlights to indicate critical events,and blue represents normal events. In the example, the redrow indicates a connection attempt with the wrong password.
  4. 4. White Paper | Cloud-Based Security4Remote, Proactive MonitoringRemote, proactive monitoring is an extremely importantfunction offered by leading cloud-based services, requiringboth technology and experienced personnel. Monitoringenables early detection of potential incidents, ideally beforethey impact users.Monitoring is executed by a dedicated tool that permanentlywatches each node of the cloud infrastructure, along withaccess points at each customer’s location and platforms atdata centers. Monitoring controls key application processes,systems, and wide area network between the service accesspoint and the data center. An appropriate proactivemonitoring infrastructure collects metrics from each deviceand automatically triggers alerts when a faulty condition isdetected. Conditions that trigger an alert can range from afailure to back up data, to unauthorized attempts to accessdata. Depending on the severity of the incident detected, themonitoring system will send an email to the support team oropen a case file and display a visible alarm at thedashboard—allowing follow-up action to be performed by theincident-management team.In addition to protecting data, monitoring activities alsoensure that the systems achieve specified performance anduptime guarantees. Monitoring is conducted 24/7/365 andtrained personnel investigate each incident.Defining the Appropriate Security PolicyThe final element in a comprehensive security system is theorganization’s security policy and its support team. Thesecurity policy tracks how security is achieved through thetechnical and human resources aspects of the product,operations, and organization. The security policy ismaintained under the responsibility of a designated securityofficer. The security officer is involved every time a change isperformed to the infrastructure or to the services that could
  5. 5. White Paper | Cloud-Based Security5impact data integrity or confidentiality. This includesupgrades, new functionality, or organizational changes.The Security Policy addresses the following topics:• Security organization: The security officer ensuresthat the security policy is updated. Internal audits areconducted and corrective actions are identified andimplemented. The officer maintains the list ofemployees, including staff in human resources,legal, operations, research and development, andother departments.• Human resources: The policy lists securityprocedures to be used when employees are hired,resign, or move within the organization. Forms mustbe signed by employees and security training mustbe conducted. When an employee leaves, specificnetwork access must be disabled and equipmentsuch as tokens must be returned.• Assets management: Describes the procedures toensure that patient information is identified and wellmanaged. It describes how data must be destroyedwhen required. It explains how equipment isidentified (serial number, internal identificationnumber) and where this information is stored andmaintained.• Physical security: Data center security is theresponsibility of the hosting company, but the list ofemployees allowed to enter in the data center ismaintained internally and communicated to thehosting company. The data center should restrictphysical access and require badges to enter specificareas. Security guards protect the removal ofequipment and prevent any unauthorized physicalaccess.• Operations: Defines the boundaries of responsibilityof the hosting company, operations and R&D.Upgrades and monitoring shall be performed byoperations, while R&D is the only department thathas access to source code. The policy alsodescribes which technical solutions are put in placeand enumerates the protocol and encryptionmechanisms that are allowed to be used fromcustomer site to the data center resources.Describes how data is secured (copies, media), howchanges are tracked (logs), and methods fordatabase back-up.• Access control: Lists how and from where sensitivedata can be accessed and restricts access toappropriate users using SRSA network, secure ID,authentication with login, and passwords. Alsodescribes how servers are hardened and protected.• Security incident management: Describes thetracking and logging of all security incidents.Depending on incident severity, the security officermay coordinate immediate corrective action, andcommunicate with R&D (to develop a workaround),operations (to deploy), human resources (should theincident involve an employee), and legal department(in case of a regulation or contract violation).• Business continuity: Refers to the technical solutionsimplemented in the data center (RAID, cluster,network and fiber redundancy).Every healthcare organization needs to ensure that thesecurity policy is endorsed and implemented as part of eachelement in a cloud–based operation.Conduct a Background Check on SuppliersWhen a healthcare provider purchases a PACS or archivingsystem, they are purchasing features that the user mustsupport and protect. Purchasers of cloud-based services areinvesting in a high-quality service that includes not onlyuptime guarantees but also data security levels.Many cloud-based services vendors make the same claims,so how can a healthcare provider decide which supplieroffers a better solution? In addition to evaluating datasecurity techniques, conduct a background check on thecloud services provider. How long have they maintainedcloud-based services? Ask for customer references.Carestream Health is a well-respected, worldwide cloud-based services provider that manages 30 million studies(1 Petabyte of data) in ten different clouds. Carestream is aworld leader in the technologies, infrastructures, andprocesses that deliver data security, data integrity, and dataprivacy. Patient data is protected at all levels of theworkflow—including the physical infrastructure of the datacenter, the hosted application that manages data, and thepolicies and procedures to maintain continuous security inthe cloud.
  6. 6. White Paper | Cloud-Based Securitywww.carestream.comCarestream Health, Inc., 2011. CARESTREAM is a trademark ofCarestream Health. CAT 300 1003 9/11Conclusion: Cloud-Based Services Can Provide theHighest Level of Data SecurityIt is cost prohibitive for many individual healthcare systemsto support the investment in the equipment, technology,personnel, and ongoing training required to deliver thehighest level of data security. Converting to best-in-classcloud-based services allows healthcare providers to achieveindustry-leading data security—including data availability,integrity confidentiality and traceability. This security isdelivered through the physical infrastructure of the datacenter, the hosted application that manages data, and thepolicies and procedures that govern data access, audit trails,remote monitoring, incident management, and businesscontinuity.As the standards for data security rise, it’s time to evaluatecloud-based services from a world-class provider. Selectingthe best cloud-based services provider for your needs allowsthis technology to liberate you from security problems.Vue for