Data security in the cloud - flaskdata

Data security in the cloud

admin

July 9, 2010

It seems that with amorphous and rapidly evolving trend of storing data in cloud providers and social media like Twitter and Facebook, that social media and cloud computing is the next frontier of data security breaches.
And – here, we have not even solved the problem of trusted insiders.
The letter of the law is always operative and the common denominator of the regulators (HIPAA, PCI etc..) is not to store or transmit personal information at all in the application software systems.
We are correct in identifying cloud providers as a potential vulnerability – however, storing data in the ‘cloud’ is no different from storing data in an outsourced data center and it’s subsequent exposure to employees, outsourcing contractors etc..If you have a medical file application, ecommerce or an online application – your best data security countermeasure is NOT to store PII at all in your application.
I personally don’t buy into technology silver bullets and data obfuscation as effective security countermeasures. They have their utility but even if the data is obfuscated in the cloud it still traverses some interface between the data provider and the cloud provider.
In my experience, since almost all data breaches occur on the interface – adding an additional technology layer will serve to increase your value at risk not reduce it – since more complexity and more third party software only adds additional vulnerabilities and increases your threat surface.
As far as I know, there have been no documented events of PII being leaked from an infrastructure cloud provider like Rackspace or IBM. Their standards of operation and security are far better than the average business.
Notwithstanding legal definitions, regulatory standards like HIPAA and SOX tell us to do a top down risk analysis and demonstrate why the risk of leaking PII is acceptably low.
If you are developing and maintaining an online application with patient or customer data, your best bet is good application engineering and resolving your data privacy exposure issues by simply removing ePHI and PII from your systems.

More Articles

Risk assessment

CLINICAL TRIAL READINESS ASSESSMENT

December 2, 2022 No Comments

Are you really ready to run a clinical trial? How can you best assess your clinical trial readiness? We work with C-level executives and management

clinical data from patients

Assuring protocol compliance without checklists

November 29, 2022 No Comments

At a site monitoring visit, the CRA works on assuring protocol compliance. Assuring protocol compliance is one of the 3 pillars of GCP: The 3

Decentralized clinical trials

Home alone and in a clinical trial

November 27, 2022 No Comments

1 in 7 American adults live alone COVID and social isolation is part of our lives. During COVID, it became easier to recruit patients for

drug counterfeiting

Preventing drug counterfeiting

October 24, 2022 No Comments

Counterfeiting is old as money itself. Drug counterfeiting is no exception. In this post, we’ll share an analytical approach that you can use to estimate

clinical trial risks

What risks really count for your clinical trials?

October 23, 2022 No Comments

Is there a “black-box” risk management solution for your clinical trial? What clinical trial risks are the most important for you and your company? Risk

growth stage

Dealing with information junkies in decentralized clinical trials

October 18, 2022 No Comments

DecentraIized clinical trials software vendor Medable is doing an outstanding job in understanding and executing an online work-flow between sites and patients at home.. This understanding and

Clinical data made radically simple and affordable.

Contact

Resources

Flask Open API for clinical data

Copyright © 2022 Flask Data Ltd. All Rights Reserved.

Privacy Policy | Terms of Use