Cybersecurity and Cloud Computing in the Health Care and Energy Sectors: Perception and Reality of Risk Management

Tags: Privacy / Technology Policy

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Cloud computing promises to enable new frontiers of innovation and convenience. As a result of this emerging technology, services that would have required significant capital expenditures just a few years ago are now available in a pay-per-use model, if they cost end users anything at all. Increasingly, cloud services enable everyday technologies, and often the end user is not aware that cloud computing is involved. Innovation, convenience, and speed are the baseline expectations for the growing number of digitally connected people in the world. The health care and energy sectors are not immune from the pressure to fully integrate into the connected world. However, these sectors are highly regulated by government entities, are mission critical systems (that is, people depend on them), and handle some of their customers’ most private and sensitive information. For these reasons, many health care and energy organizations have resisted the move to cloud computing on a standardized enterprise level. Today, these organizations face the ramifications of their own employees’ and customers’ unregulated use of these technologies, inadvertently creating an enterprise risk they are now forced to confront. The critical questions for organizations in these sectors are: what are the real risks of different types of cloud computing, and in light of these risks, how can organizations in these sectors make better choices with respect to the cloud? To address these questions, the Silicon Flatirons Center convened 43 leaders from the legal, academic, and business community (collectively, “the Roundtable”) on January 10, 2013. The Roundtable discussed the risks of cloud computing and how businesses generally, and the health care and energy sectors specifically, can manage these risks. The main objectives of the Roundtable included identifying legal and regulatory risks involved in adopting cloud technology, identifying potential pitfalls, and identifying management and governance solutions that can increase data security and privacy while improving organizations’ end products. The Roundtable featured a range of perspectives on these questions. The discussion included a variety of ideas and opinions, some of which did not garner consensus among the group. Other perspectives gained wider support. In particular, three key themes emerged from the January 10th Roundtable discussion.

Know What’s Next