Related Topics: @CloudExpo, Java IoT, Microservices Expo, Containers Expo Blog, Apache, Cloud Security

@CloudExpo: Article

Why Security Matters for Big Data and Health Care

Data integrity requires good data security

Data is quickly becoming one of those certainties in life, like death and taxes. It'll always be there, and like the Once-ler's Thneed factory from The Lorax (sorry, I have kids), data figures to keep on biggering, and biggering, and biggering and biggering.

More data means more knowledge, greater insights, smarter ideas and expanded opportunities for organizations to harness and learn from their data. Banks, retailers and even government are embracing big data, but while IDC estimated the big data market at $2.2 billion in 2011, only 6% of that investment came from health care.

On the flip side, a 2011 report from McKinsey Global Institute suggests if health care in the U.S. used big data to drive efficiency and quality, the potential could be more than $300 billion in value every year.

So big data investment by health care is small and growing, but the potential is significant. To realize that potential requires data to be secured and protected at all times, assuring information accuracy and integrity. A major concern with big data systems is their inherent lack of security. A typical NoSQL data store lacks a number of key security features that are available in traditional databases or provided by a third-party security vendors. This is going to be a big issue and potential barrier to entry for big data moving forward.

Consider this case of an urban health care facility just outside of Washington D.C., where the emergency room was experiencing an alarmingly high rate of returning patients.  To determine the root cause of the situation, researchers sifted through data collected from more than 300,000 ER visits. By correlating seemingly unrelated information, they were able to surmise that the length of stay of a patient was a key factor in determining whether they would make a return trip to the ER. Now doctors can determine the likelihood that a patient will need to be readmitted to the ER and tailor their follow-ups accordingly.

Just imagine if this data had been skewed either by a rogue insider with access to the data or by a malicious actor outside the hospital. Researchers would have come back with an entirely different view of the problem and perhaps a less effective solution.

This underscores the importance of securing big data through a layered approach that employs firewalls, authentication, patch and configuration management, antivirus and event monitoring tools.

Ultimately, the safest thing a health care provider can do to maintain data integrity, limit access to sensitive material and enable HIPAA-HITECH compliance is to encrypt all data at rest. By encrypting data, storing the keys in a separate, secure environment and enforcing tight controls governing who (or what) can access the encryption keys, organizations can create a hardened barrier around their sensitive data.

In the event of a device theft - currently the most common type of data breach in health care due to the high number of mobile devices storing unprotected health records - encryption ensures data cannot be read by unauthorized parties, while access controls restrict data from third-party vendors like cloud or SaaS providers.

To secure regulated HIPAA data stored in popular big data stores such as Hadoop, it's important to use a Linux encryption tool that offers the aforementioned features and does not impact the performance of the rapid-fire MapReduce queries that make big data technology so valuable in the first place.

The bottom line is, there needs to be some middle ground where patients feel their protected health information is secure, while hospitals and research organizations have the access and ability to conduct big data analyses that improve the quality of the care they're providing.

After all, as my friend the Once-ler once might have said, good health care is what everyone, everyone, EVERYONE needs.

More Stories By David Tishgart

David Tishgart is a Director of Product Marketing at Cloudera, focused on the company's cloud products, strategy, and partnerships. Prior to joining Cloudera, he ran business development and marketing at Gazzang, an enterprise security software company that was eventually acquired by Cloudera. He brings nearly two decades of experience in enterprise software, hardware, and services marketing to Cloudera. He holds a bachelor's degree in journalism from the University of Texas at Austin.

Latest Stories
SYS-CON Events announced today that Niagara Networks will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Niagara Networks offers the highest port-density systems, and the most complete Next-Generation Network Visibility systems including Network Packet Brokers, Bypass Switches, and Network TAPs.
SYS-CON Events announced today that Embotics, the cloud automation company, will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Embotics is the cloud automation company for IT organizations and service providers that need to improve provisioning or enable self-service capabilities. With a relentless focus on delivering a premier user experience and unmatched customer support, Embotics is the fas...
In an era of historic innovation fueled by unprecedented access to data and technology, the low cost and risk of entering new markets has leveled the playing field for business. Today, any ambitious innovator can easily introduce a new application or product that can reinvent business models and transform the client experience. In their Day 2 Keynote at 19th Cloud Expo, Mercer Rowe, IBM Vice President of Strategic Alliances, and Raejeanne Skillern, Intel Vice President of Data Center Group and ...
SYS-CON Events announced today that StarNet Communications will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. StarNet Communications’ FastX is the industry first cloud-based remote X Windows emulator. Using standard Web browsers (FireFox, Chrome, Safari, etc.) users from around the world gain highly secure access to applications and data hosted on Linux-based servers in a central data center. ...
Virgil consists of an open-source encryption library, which implements Cryptographic Message Syntax (CMS) and Elliptic Curve Integrated Encryption Scheme (ECIES) (including RSA schema), a Key Management API, and a cloud-based Key Management Service (Virgil Keys). The Virgil Keys Service consists of a public key service and a private key escrow service. 

SYS-CON Events announced today that Cemware will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Use MATLAB functions by just visiting website mathfreeon.com. MATLAB compatible, freely usable, online platform services. As of October 2016, 80,000 users from 180 countries are enjoying our platform service.
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at Cloud Expo, Ed Featherston, a director and senior enterprise architect at Collaborative Consulting, will discuss the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
All clouds are not equal. To succeed in a DevOps context, organizations should plan to develop/deploy apps across a choice of on-premise and public clouds simultaneously depending on the business needs. This is where the concept of the Lean Cloud comes in - resting on the idea that you often need to relocate your app modules over their life cycles for both innovation and operational efficiency in the cloud. In his session at @DevOpsSummit at19th Cloud Expo, Valentin (Val) Bercovici, CTO of So...
More and more brands have jumped on the IoT bandwagon. We have an excess of wearables – activity trackers, smartwatches, smart glasses and sneakers, and more that track seemingly endless datapoints. However, most consumers have no idea what “IoT” means. Creating more wearables that track data shouldn't be the aim of brands; delivering meaningful, tangible relevance to their users should be. We're in a period in which the IoT pendulum is still swinging. Initially, it swung toward "smart for smar...
SYS-CON Events announced today that eCube Systems, the leading provider of modern development tools and best practices for Continuous Integration on OpenVMS, will exhibit at SYS-CON's @DevOpsSummit at Cloud Expo New York, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. eCube Systems offers a family of middleware products and development tools that maximize return on technology investment by leveraging existing technical equity to meet evolving business needs. ...
Fifty billion connected devices and still no winning protocols standards. HTTP, WebSockets, MQTT, and CoAP seem to be leading in the IoT protocol race at the moment but many more protocols are getting introduced on a regular basis. Each protocol has its pros and cons depending on the nature of the communications. Does there really need to be only one protocol to rule them all? Of course not. In his session at @ThingsExpo, Chris Matthieu, co-founder and CTO of Octoblu, walk you through how Oct...
Fact is, enterprises have significant legacy voice infrastructure that’s costly to replace with pure IP solutions. How can we bring this analog infrastructure into our shiny new cloud applications? There are proven methods to bind both legacy voice applications and traditional PSTN audio into cloud-based applications and services at a carrier scale. Some of the most successful implementations leverage WebRTC, WebSockets, SIP and other open source technologies. In his session at @ThingsExpo, Da...
So you think you are a DevOps warrior, huh? Put your money (not really, it’s free) where your metrics are and prove it by taking The Ultimate DevOps Geek Quiz Challenge, sponsored by DevOps Summit. Battle through the set of tough questions created by industry thought leaders to earn your bragging rights and win some cool prizes.
In past @ThingsExpo presentations, Joseph di Paolantonio has explored how various Internet of Things (IoT) and data management and analytics (DMA) solution spaces will come together as sensor analytics ecosystems. This year, in his session at @ThingsExpo, Joseph di Paolantonio from DataArchon, will be adding the numerous Transportation areas, from autonomous vehicles to “Uber for containers.” While IoT data in any one area of Transportation will have a huge impact in that area, combining sensor...
The Internet of Things (IoT), in all its myriad manifestations, has great potential. Much of that potential comes from the evolving data management and analytic (DMA) technologies and processes that allow us to gain insight from all of the IoT data that can be generated and gathered. This potential may never be met as those data sets are tied to specific industry verticals and single markets, with no clear way to use IoT data and sensor analytics to fulfill the hype being given the IoT today.