Welcome!

Related Topics: @CloudExpo, Java IoT, Microservices Expo, Containers Expo Blog, Apache, Cloud Security

@CloudExpo: Article

Why Security Matters for Big Data and Health Care

Data integrity requires good data security

Data is quickly becoming one of those certainties in life, like death and taxes. It'll always be there, and like the Once-ler's Thneed factory from The Lorax (sorry, I have kids), data figures to keep on biggering, and biggering, and biggering and biggering.

More data means more knowledge, greater insights, smarter ideas and expanded opportunities for organizations to harness and learn from their data. Banks, retailers and even government are embracing big data, but while IDC estimated the big data market at $2.2 billion in 2011, only 6% of that investment came from health care.

On the flip side, a 2011 report from McKinsey Global Institute suggests if health care in the U.S. used big data to drive efficiency and quality, the potential could be more than $300 billion in value every year.

So big data investment by health care is small and growing, but the potential is significant. To realize that potential requires data to be secured and protected at all times, assuring information accuracy and integrity. A major concern with big data systems is their inherent lack of security. A typical NoSQL data store lacks a number of key security features that are available in traditional databases or provided by a third-party security vendors. This is going to be a big issue and potential barrier to entry for big data moving forward.

Consider this case of an urban health care facility just outside of Washington D.C., where the emergency room was experiencing an alarmingly high rate of returning patients.  To determine the root cause of the situation, researchers sifted through data collected from more than 300,000 ER visits. By correlating seemingly unrelated information, they were able to surmise that the length of stay of a patient was a key factor in determining whether they would make a return trip to the ER. Now doctors can determine the likelihood that a patient will need to be readmitted to the ER and tailor their follow-ups accordingly.

Just imagine if this data had been skewed either by a rogue insider with access to the data or by a malicious actor outside the hospital. Researchers would have come back with an entirely different view of the problem and perhaps a less effective solution.

This underscores the importance of securing big data through a layered approach that employs firewalls, authentication, patch and configuration management, antivirus and event monitoring tools.

Ultimately, the safest thing a health care provider can do to maintain data integrity, limit access to sensitive material and enable HIPAA-HITECH compliance is to encrypt all data at rest. By encrypting data, storing the keys in a separate, secure environment and enforcing tight controls governing who (or what) can access the encryption keys, organizations can create a hardened barrier around their sensitive data.

In the event of a device theft - currently the most common type of data breach in health care due to the high number of mobile devices storing unprotected health records - encryption ensures data cannot be read by unauthorized parties, while access controls restrict data from third-party vendors like cloud or SaaS providers.

To secure regulated HIPAA data stored in popular big data stores such as Hadoop, it's important to use a Linux encryption tool that offers the aforementioned features and does not impact the performance of the rapid-fire MapReduce queries that make big data technology so valuable in the first place.

The bottom line is, there needs to be some middle ground where patients feel their protected health information is secure, while hospitals and research organizations have the access and ability to conduct big data analyses that improve the quality of the care they're providing.

After all, as my friend the Once-ler once might have said, good health care is what everyone, everyone, EVERYONE needs.

More Stories By David Tishgart

David Tishgart is a Director of Product Marketing at Cloudera, focused on the company's cloud products, strategy, and partnerships. Prior to joining Cloudera, he ran business development and marketing at Gazzang, an enterprise security software company that was eventually acquired by Cloudera. He brings nearly two decades of experience in enterprise software, hardware, and services marketing to Cloudera. He holds a bachelor's degree in journalism from the University of Texas at Austin.

Latest Stories
SYS-CON Events announced today that Daiya Industry will exhibit at the Japanese Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Ruby Development Inc. builds new services in short period of time and provides a continuous support of those services based on Ruby on Rails. For more information, please visit https://github.com/RubyDevInc.
When it comes to cloud computing, the ability to turn massive amounts of compute cores on and off on demand sounds attractive to IT staff, who need to manage peaks and valleys in user activity. With cloud bursting, the majority of the data can stay on premises while tapping into compute from public cloud providers, reducing risk and minimizing need to move large files. In his session at 18th Cloud Expo, Scott Jeschonek, Director of Product Management at Avere Systems, discussed the IT and busine...
As businesses evolve, they need technology that is simple to help them succeed today and flexible enough to help them build for tomorrow. Chrome is fit for the workplace of the future — providing a secure, consistent user experience across a range of devices that can be used anywhere. In her session at 21st Cloud Expo, Vidya Nagarajan, a Senior Product Manager at Google, will take a look at various options as to how ChromeOS can be leveraged to interact with people on the devices, and formats th...
First generation hyperconverged solutions have taken the data center by storm, rapidly proliferating in pockets everywhere to provide further consolidation of floor space and workloads. These first generation solutions are not without challenges, however. In his session at 21st Cloud Expo, Wes Talbert, a Principal Architect and results-driven enterprise sales leader at NetApp, will discuss how the HCI solution of tomorrow will integrate with the public cloud to deliver a quality hybrid cloud e...
Is advanced scheduling in Kubernetes achievable? Yes, however, how do you properly accommodate every real-life scenario that a Kubernetes user might encounter? How do you leverage advanced scheduling techniques to shape and describe each scenario in easy-to-use rules and configurations? In his session at @DevOpsSummit at 21st Cloud Expo, Oleg Chunikhin, CTO at Kublr, will answer these questions and demonstrate techniques for implementing advanced scheduling. For example, using spot instances ...
The next XaaS is CICDaaS. Why? Because CICD saves developers a huge amount of time. CD is an especially great option for projects that require multiple and frequent contributions to be integrated. But… securing CICD best practices is an emerging, essential, yet little understood practice for DevOps teams and their Cloud Service Providers. The only way to get CICD to work in a highly secure environment takes collaboration, patience and persistence. Building CICD in the cloud requires rigorous ar...
SYS-CON Events announced today that Yuasa System will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Yuasa System is introducing a multi-purpose endurance testing system for flexible displays, OLED devices, flexible substrates, flat cables, and films in smartphones, wearables, automobiles, and healthcare.
Companies are harnessing data in ways we once associated with science fiction. Analysts have access to a plethora of visualization and reporting tools, but considering the vast amount of data businesses collect and limitations of CPUs, end users are forced to design their structures and systems with limitations. Until now. As the cloud toolkit to analyze data has evolved, GPUs have stepped in to massively parallel SQL, visualization and machine learning.
The session is centered around the tracing of systems on cloud using technologies like ebpf. The goal is to talk about what this technology is all about and what purpose it serves. In his session at 21st Cloud Expo, Shashank Jain, Development Architect at SAP, will touch upon concepts of observability in the cloud and also some of the challenges we have. Generally most cloud-based monitoring tools capture details at a very granular level. To troubleshoot problems this might not be good enough.
Organizations do not need a Big Data strategy; they need a business strategy that incorporates Big Data. Most organizations lack a road map for using Big Data to optimize key business processes, deliver a differentiated customer experience, or uncover new business opportunities. They do not understand what’s possible with respect to integrating Big Data into the business model.
When it comes to cloud computing, the ability to turn massive amounts of compute cores on and off on demand sounds attractive to IT staff, who need to manage peaks and valleys in user activity. With cloud bursting, the majority of the data can stay on premises while tapping into compute from public cloud providers, reducing risk and minimizing need to move large files. In his session at 18th Cloud Expo, Scott Jeschonek, Director of Product Management at Avere Systems, discussed the IT and busine...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities – ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups. As a result, many firms employ new business models that place enormous impor...
SYS-CON Events announced today that Dasher Technologies will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Dasher Technologies, Inc. ® is a premier IT solution provider that delivers expert technical resources along with trusted account executives to architect and deliver complete IT solutions and services to help our clients execute their goals, plans and objectives. Since 1999, we'v...
SYS-CON Events announced today that Taica will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Taica manufacturers Alpha-GEL brand silicone components and materials, which maintain outstanding performance over a wide temperature range -40C to +200C. For more information, visit http://www.taica.co.jp/english/.
Recently, REAN Cloud built a digital concierge for a North Carolina hospital that had observed that most patient call button questions were repetitive. In addition, the paper-based process used to measure patient health metrics was laborious, not in real-time and sometimes error-prone. In their session at 21st Cloud Expo, Sean Finnerty, Executive Director, Practice Lead, Health Care & Life Science at REAN Cloud, and Dr. S.P.T. Krishnan, Principal Architect at REAN Cloud, will discuss how they b...