NHS Moving To Cloud For Security

twoheadedboy writes "The NHS, one of the biggest public sector organisations in Europe, is to use a cloud-based security model to protect its 1.3 million users. This comes amidst a big move to the cloud in the UK public sector."

1.3 million?

[SimonTheSoundMan]

I thought the NHS had 61 million users?

Re:

[Chrisq]

I thought the NHS had 61 million users?

Perhaps its talking about the addiction units.

Re:

[tendrousbeastie]

Surely some of those are chronic users.

Re:

[SimonTheSoundMan]

Ok, now that I have RTFA. It's on about people operating the internal network, not the cloud based systems like http://slashdot.org/story/11/06/28/2024221/British-NHS-Patient-Records-Go-To-the-Cloud [slashdot.org]

Really both part of the same system though. All data about myself on the internal network I can view on the NHS web site.

Bravo.

[John R. Isidore]

Nothing more secure than putting confidential information online.

Re:Bravo.

[tmosley]

Isn't a "private cloud" just another word for "stored offsite".

Sounds like some foolish .gov.uk got buzzworded into distributing more tax dollars for something they already had.

Re:

[Skapare]

Isn't a "private cloud" just another word for "stored offsite".

Sounds like some foolish .gov.uk got buzzworded into distributing more tax dollars for something they already had.

It's another word for "stored somewhere you cannot audit".

Re:

[jellomizer]

Why? Do you think all cloud services are equal? Stop think in terms of consumer products.

Re:

[cHiphead]

Stop thinking a handful of offsite computers that share processing power in any way provides you more security than a self run virtual machine cluster (or anything near the performance of dedicated iron).

Re:

[0123456]

Isn't a "private cloud" just another word for "stored offsite".

But much shinier.

Re:

[dkf]

Sounds like some foolish .gov.uk got buzzworded into distributing more tax dollars for something they already had.

It's "tax pounds". Same foolishness, different currency, different taxpayers.

Re:

[tmosley]

Some people pay their taxes in dollars and hope they don't notice, you insensitive clod!

Re:

[gstoddart]

Isn't a "private cloud" just another word for "stored offsite".

I always thought 'private cloud' meant 'file server', but new-hotness buzzword-compliant. ;-)

Re:

[Attila Dimedici]

Isn't a "private cloud" just another word for "stored offsite".

I always thought 'private cloud' meant 'file server', but new-hotness buzzword-compliant. ;-)

Close, it actually means "file servers". Without the plural you can't call it "cloud".

Re:

[gstoddart]

Close, it actually means "file servers". Without the plural you can't call it "cloud".

Maybe true, but given a large enough server, or a properly configured cluster ... the term 'private cloud' is reduce-able to "what IT does now".

And, I'm not convinced 'cloud' precludes "one or more" from being in the definition, in which case we don't need plurals. The cloud could, in fact, be a single machine and it wouldn't make much difference.

To me, it's an utterly meaningless term, unless you actually build your own

Re:

[biodata]

Who wants to bet on whether it will actually be secure, or whether it will go to an American-owned corporation, hence subject to eavesdropping by the US government, and subsequent leaking of details to relevant US industrial interests, such as insurance companies?

Good Idea??

[DaMattster]

I don't think moving data to a cloud for security is really a good idea. How is security really improved when essentially stuff it moved to "public storage?" Maybe a private cloud?? I would say it is weakened. This is just what groups similar to LulzSec and Anonymous really want.

Re:

[John R. Isidore]

Because clouds are fluffy and airy and magic and untrappable; how would hackers ever hack into a cloud?

What? That's not how it works?

Re:

[Pope]

Apparently, clouds develop big holes when you fly planes through them.

Re:

[Anonymous Coward]

They aren't moving their data to a cloud, just their web filtering tasks.

Re:

[berashith]

I am certain that you could access the data from many locations, and that it was stored in remote locations most of the time you accessed it. The only change here could be consolidation to less sites. Security could actually be raised depending on the current rules around access and information sharing between the many sites. Cloud is a buzzword

Re:

[dkf]

How is security really improved when essentially stuff it moved to "public storage?"

The scary thing is that it might actually improve security, for all your (quite valid) concerns. Healthcare professionals are not always best known for getting security right with paper records or single-hospital databases.

Re:

[NeutronCowboy]

What they're figuring is that for what they're planning, they need people to have lots of access to data stored in a datacenter. Does it really matter who administrates that data center? Forget about "moving to the cloud" for a second, that's just marketing speak. What they're actually saying is that they're outsourcing the maintenance of their hardware and primary application stack to someone else. Whether the NHS owns the data center or not is completely irrelevant in this scenario.

To some extent, this mi

Re:

[jimicus]

They're not moving any data to public storage. This is a service that you essentially proxy all your Internet traffic through and you can then apply various rules to the traffic that goes through it to detect and block anything that looks like it shouldn't be there.

You've been able to buy appliances that do something like this for some time, the only difference here is that you don't get the appliance, you route your traffic over the provider's systems instead.

Re:

[AmberBlackCat]

I'm pretty sure "private cloud" is an oxymorn, at least by the original definition. It's supposed to be about peer-to-peer distributed storage and computing. Of course by the new corporate definition, it's just outsourcing your storage. So I guess they're just saying some private company is going to get government money to store the data instead of the government using its own equipment.

Opted out...

[Anonymous Brave Guy]

Now I remember why I opted out of letting my GP push my medical records to the Big Central Database.

Hopefully, that will still apply here.

Re:

[Chrisq]

Now I remember why I opted out of letting my GP push my medical records to the Big Central Database.

Hopefully, that will still apply here.

Too late. News of your condition [wikipedia.org] has already leaked out onto the web.

Oxymoron

[Anonymous Coward]

Isn't "cloud-based security model" an oxymoron, or at best a non-sequitur?

Re:

[TheGratefulNet]

shhh. that's the joke. we're all secretly grinning, here, as we see clouds as you do: untrustable and worthless for really important or private (or both!) information.

lets hope that the 'cloud experiments' all the fools are doing these days backfire, just one huge time, enough to teach the morans not to put sensitive info on data domains that you don't directly own and control yourself.

all we need is a couple of really bad embarassments for top level officials for their short-sighted support of 'things cl

Re:

[Skuld-Chan]

Its not really - I mean can you honestly say your IT organization is more secure than Google's?

Re:

[biodata]

Yes, definitely. I can unambiguously state that my organisation is not legally bound to disclose any and all of my data to the US government if asked to do so.

Re:

[biodata]

The NHS isn't the government any more if they put the data on the servers of an American contractor, they are just another pipe.

Oxymoron

[arglebargle_xiv]

Isn't moving to the cloud for security a bit like moving to heroin to deal with your nicotine addiction?

Re:

[Attila Dimedici]

Isn't moving to the cloud for security a bit like moving to heroin to deal with your nicotine addiction?

It is much more like moving to heroin to deal with your morphine addiction.

Moving to "the cloud" for security...

[Jane Q. Public]

... is like moving to Seattle for the nice weather. WTF?

Moving To Cloud For Security

[LSD-OBS]

Like fucking for virginity

Counterintuitive

[drcln]

Its counterintuitive, and that is why it will work.
No one would think to look for confidential information "in the clouds?"

Of course!!!

[koan]

The "Cloud" is synonymous with security, it makes perfect sense.

Culturally Incompatible

[Gonoff]

The NHS is set up clearly and specifically for reasons of public health. As soon as it allows a US private company "inside" we have a problem.

The only people working in or for public healthcare should only be interested in public healthcare. Money, IT, politics etc should be tools to get the job done without that aim being comnpromised.

If only...

So much hostility to the "cloud"...

[bjk002]

...on a tech rag no less. I wonder why? Is it really so difficult to understand that specialists can manage a network system better than a couple Bob's from the local community college?

If you have a web-based app stack and offer that to your employees, what is the difference between your company having a bunch of techies trying to run a shop like Google would, or actually letting Google run it for you?

I can see some reluctance from non-US companies, but for any U.S. based company, what is the difference?

Re:So much hostility to the "cloud"...

[Attila Dimedici]

At least part of the hostility is due to the fact that the term "cloud" is a buzzword that obfuscates the meaning of a phrase rather than making it clearer. If a company or organization is going to outsource its IT (or some part thereof), that is fine and in many cases may be a good idea. However, "outsource" has become a "bad word", so many organizations try to find some other word to use that does not raise such negative emotions.
Techies tend to be people who like clear, concise communication, even if they are often not good at it because they overlook the emotional content of what they are saying.

Re:

[Em Adespoton]

In summary, techies don't like it when people use buzzwords to cloud the issues.

Cloud security has already failed in the NHS

[ChumpusRex2003]

'Cloud' security has already been used extensively in the NHS. It was mandated for the 'standard' installations of PACS (X-ray viewing) and a number of other results reporting systems. It has been a catastrophic failure.

Some of the bugs that I've seen:
1. No caching of user credentials. If the WAN link, or remote server is unavailable - no login is possible. Result: total inability to access critical systems.
2. Caching of user credentials added to system. Result: doesn't work. Catastrophic regression bugs le

Re:

[arglebargle_xiv]

'Cloud' security has already been used extensively in the NHS. It was mandated for the 'standard' installations of PACS (X-ray viewing) and a number of other results reporting systems. It has been a catastrophic failure.

Is any of this documented anywhere? Sounds like a good lessons-learned experience for other countries looking at going down this path.