Click here to close now.




















Welcome!

Related Topics: @CloudExpo, Java IoT, Microservices Expo, Containers Expo Blog, Apache, Cloud Security

@CloudExpo: Article

Why Security Matters for Big Data and Health Care

Data integrity requires good data security

Data is quickly becoming one of those certainties in life, like death and taxes. It'll always be there, and like the Once-ler's Thneed factory from The Lorax (sorry, I have kids), data figures to keep on biggering, and biggering, and biggering and biggering.

More data means more knowledge, greater insights, smarter ideas and expanded opportunities for organizations to harness and learn from their data. Banks, retailers and even government are embracing big data, but while IDC estimated the big data market at $2.2 billion in 2011, only 6% of that investment came from health care.

On the flip side, a 2011 report from McKinsey Global Institute suggests if health care in the U.S. used big data to drive efficiency and quality, the potential could be more than $300 billion in value every year.

So big data investment by health care is small and growing, but the potential is significant. To realize that potential requires data to be secured and protected at all times, assuring information accuracy and integrity. A major concern with big data systems is their inherent lack of security. A typical NoSQL data store lacks a number of key security features that are available in traditional databases or provided by a third-party security vendors. This is going to be a big issue and potential barrier to entry for big data moving forward.

Consider this case of an urban health care facility just outside of Washington D.C., where the emergency room was experiencing an alarmingly high rate of returning patients.  To determine the root cause of the situation, researchers sifted through data collected from more than 300,000 ER visits. By correlating seemingly unrelated information, they were able to surmise that the length of stay of a patient was a key factor in determining whether they would make a return trip to the ER. Now doctors can determine the likelihood that a patient will need to be readmitted to the ER and tailor their follow-ups accordingly.

Just imagine if this data had been skewed either by a rogue insider with access to the data or by a malicious actor outside the hospital. Researchers would have come back with an entirely different view of the problem and perhaps a less effective solution.

This underscores the importance of securing big data through a layered approach that employs firewalls, authentication, patch and configuration management, antivirus and event monitoring tools.

Ultimately, the safest thing a health care provider can do to maintain data integrity, limit access to sensitive material and enable HIPAA-HITECH compliance is to encrypt all data at rest. By encrypting data, storing the keys in a separate, secure environment and enforcing tight controls governing who (or what) can access the encryption keys, organizations can create a hardened barrier around their sensitive data.

In the event of a device theft - currently the most common type of data breach in health care due to the high number of mobile devices storing unprotected health records - encryption ensures data cannot be read by unauthorized parties, while access controls restrict data from third-party vendors like cloud or SaaS providers.

To secure regulated HIPAA data stored in popular big data stores such as Hadoop, it's important to use a Linux encryption tool that offers the aforementioned features and does not impact the performance of the rapid-fire MapReduce queries that make big data technology so valuable in the first place.

The bottom line is, there needs to be some middle ground where patients feel their protected health information is secure, while hospitals and research organizations have the access and ability to conduct big data analyses that improve the quality of the care they're providing.

After all, as my friend the Once-ler once might have said, good health care is what everyone, everyone, EVERYONE needs.

More Stories By David Tishgart

After spending years at large corporations including Dell, AMD and BMC, David Tishgart joined the startup ranks leading product marketing for Gazzang. Focused on security for big data, he helps communicate the benefits and challenges that big data can present, offering practical solutions. When not ranting about encryption and key management, you can find David clamoring for a big data application that can fine tune his fantasy football team.

Latest Stories
Learn how you can use the CoSN SEND II Decision Tree for Education Technology to make sure that your K–12 technology initiatives create a more engaging learning experience that empowers students, teachers, and administrators alike.
In a recent research, analyst firm IDC found that the average cost of a critical application failure is $500,000 to $1 million per hour and the average total cost of unplanned application downtime is $1.25 billion to $2.5 billion per year for Fortune 1000 companies. In addition to the findings on the cost of the downtime, the research also highlighted best practices for development, testing, application support, infrastructure, and operations teams.
Container technology is sending shock waves through the world of cloud computing. Heralded as the 'next big thing,' containers provide software owners a consistent way to package their software and dependencies while infrastructure operators benefit from a standard way to deploy and run them. Containers present new challenges for tracking usage due to their dynamic nature. They can also be deployed to bare metal, virtual machines and various cloud platforms. How do software owners track the usag...
As Marc Andreessen says software is eating the world. Everything is rapidly moving toward being software-defined – from our phones and cars through our washing machines to the datacenter. However, there are larger challenges when implementing software defined on a larger scale - when building software defined infrastructure. In his session at 16th Cloud Expo, Boyan Ivanov, CEO of StorPool, provided some practical insights on what, how and why when implementing "software-defined" in the datacent...
Mobile, social, Big Data, and cloud have fundamentally changed the way we live. “Anytime, anywhere” access to data and information is no longer a luxury; it’s a requirement, in both our personal and professional lives. For IT organizations, this means pressure has never been greater to deliver meaningful services to the business and customers.
As organizations shift towards IT-as-a-service models, the need for managing and protecting data residing across physical, virtual, and now cloud environments grows with it. CommVault can ensure protection and E-Discovery of your data – whether in a private cloud, a Service Provider delivered public cloud, or a hybrid cloud environment – across the heterogeneous enterprise. In his session at 17th Cloud Expo, Randy De Meno, Chief Technologist - Windows Products and Microsoft Partnerships at Com...
SYS-CON Events announced today that VividCortex, the monitoring solution for the modern data system, will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. The database is the heart of most applications, but it’s also the part that’s hardest to scale, monitor, and optimize even as it’s growing 50% year over year. VividCortex is the first unified suite of database monitoring tools specifically desi...
The Software Defined Data Center (SDDC), which enables organizations to seamlessly run in a hybrid cloud model (public + private cloud), is here to stay. IDC estimates that the software-defined networking market will be valued at $3.7 billion by 2016. Security is a key component and benefit of the SDDC, and offers an opportunity to build security 'from the ground up' and weave it into the environment from day one. In his session at 16th Cloud Expo, Reuven Harrison, CTO and Co-Founder of Tufin,...
In their session at 17th Cloud Expo, Hal Schwartz, CEO of Secure Infrastructure & Services (SIAS), and Chuck Paolillo, CTO of Secure Infrastructure & Services (SIAS), provide a study of cloud adoption trends and the power and flexibility of IBM Power and Pureflex cloud solutions. In his role as CEO of Secure Infrastructure & Services (SIAS), Hal Schwartz provides leadership and direction for the company.
SYS-CON Events announced today that MobiDev, a software development company, will exhibit at the 17th International Cloud Expo®, which will take place November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software development company with representative offices in Atlanta (US), Sheffield (UK) and Würzburg (Germany); and development centers in Ukraine. Since 2009 it has grown from a small group of passionate engineers and business managers to a full-scale mobi...
There are many considerations when moving applications from on-premise to cloud. It is critical to understand the benefits and also challenges of this migration. A successful migration will result in lower Total Cost of Ownership, yet offer the same or higher level of robustness. In his session at 15th Cloud Expo, Michael Meiner, an Engineering Director at Oracle, Corporation, analyzed a range of cloud offerings (IaaS, PaaS, SaaS) and discussed the benefits/challenges of migrating to each offe...
"We've just seen a huge influx of new partners coming into our ecosystem, and partners building unique offerings on top of our API set," explained Seth Bostock, Chief Executive Officer at IndependenceIT, in this SYS-CON.tv interview at 16th Cloud Expo, held June 9-11, 2015, at the Javits Center in New York City.
Digital Transformation is the ultimate goal of cloud computing and related initiatives. The phrase is certainly not a precise one, and as subject to hand-waving and distortion as any high-falutin' terminology in the world of information technology. Yet it is an excellent choice of words to describe what enterprise IT—and by extension, organizations in general—should be working to achieve. Digital Transformation means: handling all the data types being found and created in the organizat...
SYS-CON Events announced today that HPM Networks will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. For 20 years, HPM Networks has been integrating technology solutions that solve complex business challenges. HPM Networks has designed solutions for both SMB and enterprise customers throughout the San Francisco Bay Area.
Chuck Piluso presented a study of cloud adoption trends and the power and flexibility of IBM Power and Pureflex cloud solutions. Prior to Secure Infrastructure and Services, Mr. Piluso founded North American Telecommunication Corporation, a facilities-based Competitive Local Exchange Carrier licensed by the Public Service Commission in 10 states, serving as the company's chairman and president from 1997 to 2000. Between 1990 and 1997, Mr. Piluso served as chairman & founder of International Te...