Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Cloud Medicine United Kingdom IT

NHS Moving To Cloud For Security 69

Posted by timothy
from the you'll-feel-a-slight-pinch-of-skepticism dept.
twoheadedboy writes "The NHS, one of the biggest public sector organisations in Europe, is to use a cloud-based security model to protect its 1.3 million users. This comes amidst a big move to the cloud in the UK public sector."
This discussion has been archived. No new comments can be posted.

NHS Moving To Cloud For Security

Comments Filter:
  • I thought the NHS had 61 million users?

  • Bravo. (Score:3, Interesting)

    by John R. Isidore (2330334) on Tuesday July 05, 2011 @09:17AM (#36660684)
    Nothing more secure than putting confidential information online.
  • Good Idea?? (Score:4, Insightful)

    by DaMattster (977781) on Tuesday July 05, 2011 @09:23AM (#36660744)
    I don't think moving data to a cloud for security is really a good idea. How is security really improved when essentially stuff it moved to "public storage?" Maybe a private cloud?? I would say it is weakened. This is just what groups similar to LulzSec and Anonymous really want.
    • Because clouds are fluffy and airy and magic and untrappable; how would hackers ever hack into a cloud?

      What? That's not how it works?
      • by Pope (17780)
        Apparently, clouds develop big holes when you fly planes through them.
    • Re: (Score:2, Funny)

      by Anonymous Coward

      They aren't moving their data to a cloud, just their web filtering tasks.

    • by berashith (222128)

      I am certain that you could access the data from many locations, and that it was stored in remote locations most of the time you accessed it. The only change here could be consolidation to less sites. Security could actually be raised depending on the current rules around access and information sharing between the many sites. Cloud is a buzzword

    • by dkf (304284)

      How is security really improved when essentially stuff it moved to "public storage?"

      The scary thing is that it might actually improve security, for all your (quite valid) concerns. Healthcare professionals are not always best known for getting security right with paper records or single-hospital databases.

    • What they're figuring is that for what they're planning, they need people to have lots of access to data stored in a datacenter. Does it really matter who administrates that data center? Forget about "moving to the cloud" for a second, that's just marketing speak. What they're actually saying is that they're outsourcing the maintenance of their hardware and primary application stack to someone else. Whether the NHS owns the data center or not is completely irrelevant in this scenario.

      To some extent, this mi

    • by jimicus (737525)

      They're not moving any data to public storage. This is a service that you essentially proxy all your Internet traffic through and you can then apply various rules to the traffic that goes through it to detect and block anything that looks like it shouldn't be there.

      You've been able to buy appliances that do something like this for some time, the only difference here is that you don't get the appliance, you route your traffic over the provider's systems instead.

    • I'm pretty sure "private cloud" is an oxymorn, at least by the original definition. It's supposed to be about peer-to-peer distributed storage and computing. Of course by the new corporate definition, it's just outsourcing your storage. So I guess they're just saying some private company is going to get government money to store the data instead of the government using its own equipment.
  • by Anonymous Brave Guy (457657) on Tuesday July 05, 2011 @09:27AM (#36660788)

    Now I remember why I opted out of letting my GP push my medical records to the Big Central Database.

    Hopefully, that will still apply here.

    • by Chrisq (894406)

      Now I remember why I opted out of letting my GP push my medical records to the Big Central Database.

      Hopefully, that will still apply here.

      Too late. News of your condition [wikipedia.org] has already leaked out onto the web.

  • by Anonymous Coward

    Isn't "cloud-based security model" an oxymoron, or at best a non-sequitur?

    • shhh. that's the joke. we're all secretly grinning, here, as we see clouds as you do: untrustable and worthless for really important or private (or both!) information.

      lets hope that the 'cloud experiments' all the fools are doing these days backfire, just one huge time, enough to teach the morans not to put sensitive info on data domains that you don't directly own and control yourself.

      all we need is a couple of really bad embarassments for top level officials for their short-sighted support of 'things cl

    • Its not really - I mean can you honestly say your IT organization is more secure than Google's?

      • by biodata (1981610)
        Yes, definitely. I can unambiguously state that my organisation is not legally bound to disclose any and all of my data to the US government if asked to do so.
  • Isn't moving to the cloud for security a bit like moving to heroin to deal with your nicotine addiction?
    • Isn't moving to the cloud for security a bit like moving to heroin to deal with your nicotine addiction?

      It is much more like moving to heroin to deal with your morphine addiction.

  • ... is like moving to Seattle for the nice weather. WTF?
  • by LSD-OBS (183415) on Tuesday July 05, 2011 @10:10AM (#36661404)

    Like fucking for virginity

  • Its counterintuitive, and that is why it will work.
    No one would think to look for confidential information "in the clouds?"

  • The "Cloud" is synonymous with security, it makes perfect sense.

  • The NHS is set up clearly and specifically for reasons of public health. As soon as it allows a US private company "inside" we have a problem.

    The only people working in or for public healthcare should only be interested in public healthcare. Money, IT, politics etc should be tools to get the job done without that aim being comnpromised.

    If only...

  • ...on a tech rag no less. I wonder why? Is it really so difficult to understand that specialists can manage a network system better than a couple Bob's from the local community college?

    If you have a web-based app stack and offer that to your employees, what is the difference between your company having a bunch of techies trying to run a shop like Google would, or actually letting Google run it for you?

    I can see some reluctance from non-US companies, but for any U.S. based company, what is the difference?

    • by Attila Dimedici (1036002) on Tuesday July 05, 2011 @12:01PM (#36662724)
      At least part of the hostility is due to the fact that the term "cloud" is a buzzword that obfuscates the meaning of a phrase rather than making it clearer. If a company or organization is going to outsource its IT (or some part thereof), that is fine and in many cases may be a good idea. However, "outsource" has become a "bad word", so many organizations try to find some other word to use that does not raise such negative emotions.
      Techies tend to be people who like clear, concise communication, even if they are often not good at it because they overlook the emotional content of what they are saying.
  • 'Cloud' security has already been used extensively in the NHS. It was mandated for the 'standard' installations of PACS (X-ray viewing) and a number of other results reporting systems. It has been a catastrophic failure.

    Some of the bugs that I've seen:
    1. No caching of user credentials. If the WAN link, or remote server is unavailable - no login is possible. Result: total inability to access critical systems.
    2. Caching of user credentials added to system. Result: doesn't work. Catastrophic regression bugs le

    • 'Cloud' security has already been used extensively in the NHS. It was mandated for the 'standard' installations of PACS (X-ray viewing) and a number of other results reporting systems. It has been a catastrophic failure.

      Is any of this documented anywhere? Sounds like a good lessons-learned experience for other countries looking at going down this path.

"No job too big; no fee too big!" -- Dr. Peter Venkman, "Ghost-busters"

Working...