Blog

So you’ve decided that a cloud-based solution is the best answer to protect your organization’s data. You now must face the critical decision between hosting your data on a secure public cloud or utilizing your own private cloud. What is the difference between these two options?

In a nutshell: a public cloud hosts storage for different companies at the same time and on the same server (or network) usually using self-contained virtual data centers, whereas a private cloud consists of dedicated servers that contain data for a single organization. With these definitions in mind, we will now take a look at some important considerations when deciding on a solution:

Convenience vs Customization

When you host your software on a public cloud you are not responsible for managing or maintaining the hardware where it resides. This responsibility falls to the provider which reduces the amount of time your organization spends in testing and deployment. The price for this convenience is a limit on the amount of customizing you can do to your host environment.

Specific Compliance & Security

If your organization has a specific compliance requirement (such as HIPAA, Gramm-Leach-Bliley, etc), a private cloud is likely a necessity. Using a private cloud allows you to ensure the highest possible levels of security due to the fact that your cloud resides behind your own firewall instead of the provider’s firewall.

When it comes to deciding between public or private cloud hosting there is no answer that is always correct; it really does depend on your organization’s needs. If your organization has specific compliance requirements or prefers to have more control over customization you will likely want to consider a private cloud solution first, otherwise you might have everything you need in a secure public cloud solution. If you are unsure which solution would fit your organization best, the cloud experts at WHOA.com are here to help. For more information please contact us.

While there might be some lengthy debates on public cloud hosting vs. private cloud hosting, there’s definitely instances where the case is pretty cut and dry. If you run or manage a business private cloud hosting is absolutely mandatory for a myriad of reasons, and if you’re thinking of going with public hosting you’ll unknowingly sabotage your chances of success. Here are a few reasons why it’s absolutely vital that your business goes private instead of public.

Enhanced Security

The information age has brought a lot of new ideas and innovations with it, but unfortunately, crime has kept up every step of the way. It’s not uncommon to read an article about a celebrity having their privacy compromised and exposed to the masses or about people who’s identities were stolen, being left penniless over the course of 24 hours. Don’t end up another cyber crime victim!

Public cloud hosting might be a short-term way of saving money, but the trade-off is that it’s well…public. It means you’re potentially sharing a server with hundreds of thousands of other people. When there’s nothing but flimsy, virtual drywall separating you from your neighbors, there’s not a lot stopping someone from breaking in and making off with valuable company files, records, and data. Save yourself a fortune later, by going private now.

Faster Speeds

If you’re given a choice between taking your Lamborghini to work or taking the bus which would you choose? You can take the faster, and more efficient Lambo or you can save a few bucks on gas and opt to take the slower, crowded bus. I don’t know about you, but I’d take the Lambo for one simple reason: Time is money.

It’s the same principle when applied public hosting vs. private. With private you’re guaranteed your own space, with faster speeds as opposed to its public access counterpart that’s forever stuck at a static speed with an ever-increasing amount of users.

If you’d like to know more about what private cloud hosting can do for you, feel free to contact us!

The Health Insurance Portability and Accountability Act (HIPAA) Security Rule was created to ensure that doctors and other covered entities have implemented the appropriate safeguards to protect the confidentiality, integrity and availability of Electronic Protected Health Information (EPHI). As more and more covered entities exchange EPHI via electronic mediums, there’s a growing need for the Security Rule’s standards. But if you’re a covered entity, you may have some questions about the Security Rule’s physical safeguards.

The Security Rule requires covered entities to implement technical, administrative and physical safeguards to protect EPHI from unauthorized use and access. Technical safeguards consist of digital measures to protect the confidentiality of EPHI, including the use of strong passwords, unique user identifications, firewalls, encryption, network monitoring service, etc. Administrative safeguards, on the other hand, consist of policies and procedures which are intended to protect the confidentiality of EPHI.

Now that you know the basic definitions of technical safeguards and administrative safeguards, you might be wondering about physical safeguards. The Department of Health and Human Services (HHS) further explains on its website, saying that physical safeguards are “...physical measures, policies, and procedures to protect a covered entity’s electronic information systems and related buildings and equipment from natural and environmental hazards, and unauthorized intrusion.”

It’s easy to overlook the implementation of physical safeguards, simply because the Security Rule pertains strictly to EPHI. But even EPHI should be protected with the appropriate physical safeguards. Failure to include them in your practice places patients’ personal information at risk of disclosure while also placing your practice at risk for HIPAA fines and corrective action.

The standards listed in the HIPAA Security Rule’s physical safeguards consist of facility access controls, workstation use, workstation security, and device and media controls.

Common examples of physical safeguards include the following:

• Locked doors
• Perimeter gates
• Video surveillance
• Patient identification verification
• Documentation of changes, removals and repairs to the device housing your EPHI

To recap, physical safeguards are an element of the HIPAA Security Rule that involves the use of tangible measures to prevent the unauthorized use or disclosure of EPHI. While the Privacy Rule covers all forms of Protected Health Information (PHI), the Security Rule focuses strictly on EPHI. It was created as a result of the growing use of electronic platforms on which covered entities use to store and transmit EPHI.

To learn more HIPAA compliance, contact us today. HOA.com offers secure cloud computing services for covered entities big and small.

Modern businesses run on data.

Whether it’s something as simple as a customer mailing list and invoice records or a complex global enterprise, data is what keeps the lights on and the bills paid.

What is a Disaster?

It depends on who you ask. In 2011, the Joplin tornado destroyed the St. John’s Regional Medical Center. As a result, they’d probably give you a different definition than 21st Century Oncology after they revealed a data breach had released information on as many as 2.2 million patients. Two different medical providers lost countless records. In one case the confidential information literally ended up in trees. In the other, it ended up on the laptop of a malicious criminal. Both qualify as disasters.

What is a Disaster Plan?

A good disaster recovery plan looks at both internal and external threats. External threats include everything from a physical loss of the facility to fire or natural disaster to the loss of data from a breach of your computer systems. When you look at internal threats, you have to assess your exposure to things as mundane as an employee downloading a virus into your system to employee theft and industrial espionage.

The best disaster plans include people from all of your departments who can all throw in “what if” scenarios. Then applying principles of risk management, the threats are ranked on the basis of least probable to most probable and least damaging to most damaging.

Business Continuity and Disaster Planning:

Once your company has determined its threats, your team can work on business continuity plans. In today’s world, a key part of this plan is IT recovery. Not only must your data be recovered and secured, it must be accessible if your business is forced to move to another location after a fire or natural disaster.

One of the fastest ways to get up and running again is to use a secure cloud computing solution. Not only is your information secure, but it is also easily accessible. No more waiting for the retrieval and reinstallation of backup files. With a cloud solution, your employees can pop open a laptop and be back to work.

In a natural disaster, this is key if your business is part of the recovery framework, such as medical services, building supplies, or construction. In an internal disaster, such as a hack or physical compromise of your computers, a cloud-based system has your data protected behind another layer of security while still being easily accessed.

Regardless of your size or business, contact us at WHOA.com for a consultation on the IT recovery portion of your business continuity plan. We can craft a solution that works for your business and your budget.