Posts

How do the largest cloud providers stack up?

Adoption of cloud computing is one of the fastest-growing trends in business today. To stay competitive, control costs, and enhance productivity, the cloud is offering a variety of solutions for all stages of business.

That said, there are a lot of cloud companies offering their services. So it can be overwhelming trying to decide where to start, what you need, and who can serve your best interests. As with any important business decision, research is essential.

Here we highlight four of the largest names in cloud computing – all instantly-recognizable with established histories and reputations. But how do they stack up when it comes to what they can actually offer you?

cloud

At your service

When researching cloud service providers, you’ll see three terms fairly often: Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS), and Platform-as-a-Service (PaaS). Before you go too deep into your research, it’s helpful to understand these terms.

Infrastructure-as-a-Service

Clients subscribe to a pay-as-you-go service in which they can access storage, network, server, and other cloud-related resources. Users save money on hardware and the service is scalable to their current needs.

Software-as-a-Service

Subscribers use cloud-based applications and work within the cloud versus having to locally install or update applications on end-user devices. As with IaaS cloud computing, it’s a scalable service. Because data is stored in the secure, access-controlled cloud, it is better protected and applications are always current. Mobile users have decided advantages, as applications can be accessed from any internet-connected device.

Platform-as-a-Service

The perfect service for software developers, PaaS provides a platform of tools to develop and test applications in a single environment. Infrastructure requirements are handled for everything needed, including operating systems, server software, security, and backups. The nature of cloud-based development software encourages collaboration, as well as separate testing and production environments. And the high-availability environment can lead to increased productivity.

Azure

Microsoft Azure

Of all of the public cloud service options available, Microsoft Azure is the best known and most widely used. Nearly every computer interacts with Microsoft in some way, so Azure has a large client base. It offers all three popular platform options – IaaS, SaaS, and PaaS and supports various programming languages. It’s ideal for software development, supporting the full range of Microsoft-specific software as well as a number of third-party applications.

While Microsoft Azure is versatile and scalable to specific user needs, the subscription model may seem expensive for some budgets. And despite a fairly easy setup, the number of services available may seem overwhelming at first. There will likely be a training curve for your IT staff. It also doesn’t migrate well to other cloud systems.

While Azure will cover all of your needs, you’ll want to consider your long-range planning and do some additional research before committing.

AWS

Amazon Web Services (AWS)

It’s no surprise that online giant Amazon has invested – and found success – in the fast-growing technology of cloud computing. Amazon Web Services supports IaaS and PaaS platforms and a number of featured services like high-level backups, data transfer, messaging and notification, security management, and encryption.

AWS is a scalable service, so you can use as little or as much as you need. Compared to other services, AWS data storage costs are low. Its application programming interface (API) support means it works well with other software, and the native AWS environment seamlessly integrates various available services.

While simple to manage once running, AWS has a bit of a learning curve when it comes to initial setup and integration. Billing can be confusing because how charges are applied is not always clear. Costs can also sometimes run higher than others depending on what you need.

AWS has a lot to offer and is popular as a result. Still, it makes good business sense to examine its specific offerings and costs to ensure it’s the best cloud solution for your organization.

Google Cloud Platform

Google Cloud Platform (GCP)

Google Cloud employs a robust network to support an IaaS platform with decent pricing, ease of use, and security on a reliable network. While it may fall behind mainstream services Azure and AWS, GCP is a good choice for hosting databases and application data and for managing backups. It employs a global network with a variety of storage types depending on need. With no storage minimums or ceilings, GCP can host as few or as many files needed.

Its web-based console makes management simple. The robust console options might be overload for users simply needing to manage storage. But it’s easy enough to limit your activity exclusively to handling storage tasks.

Google Cloud (not to be confused with Google Drive) receives high marks for security with its API to connect Google Cloud endpoints, plus 128-bit or 256-bit encryption using the Google Key Management Service. It enables two-factor authentication for further protection of data and accounts.

While not the most expensive service, Google Cloud does charge more per gigabyte than AWS or Azure. Support costs for GCP can run a bit high, as well. Service levels range from standard business hours/e-mail contact ($150/month) to extended 24/7 phone support ($400/month).

IBM cloud

IBM Cloud

Once known as IBM SoftLayer and IBM Bluemix, IBM Cloud offers IaaS, PaaS and a wide variety of cloud computing services. Besides the usual storage, networking, data management and security, IBM cloud offers value-added services including analytics, artificial intelligence, blockchain, Internet of Things (IoT) management, and VMWare.

IBM Cloud service has a reputation for solid performance and has access to numerous data centers. Its package includes specialty offerings – IBM Watson is one of the more well-known options – and boasts reliable tech support.

Setup is not as straightforward compared to other services, but with good tech support, it’s not an insurmountable hurdle. Pricing runs in the middle of the pack but provides excellent value for those interested in the unique services IBM Cloud supports.

Cloud computing is still growing

These four cloud service providers are counted among the best in the market. Numerous other respected players to explore include Rackspace, Kamatera, Adobe Creative Cloud, VMWare, Red Hat, and Oracle. While offering similar services and pricing, each is unique and may offer specific services well suited to your business needs.

With this in mind, it’s important to research your options thoroughly. It may help to consult with cloud computing experts to determine the best services to support your operation and growth plans.

Your guide to setting up a HIPAA-compliant cloud

When you put your healthcare organization’s patient data on the cloud, you enjoy a range of benefits like having to worry about computer files being erased accidentally. Furthermore, it’s simple to organize all of your data and use analytics to make the most accurate decisions possible.

At the same time, you must make sure that your cloud complies with HIPAA, the Health Insurance Portability and Accountability Act, which Congress passed in 1996. It sets forth complex rules for keeping, transmitting and using protected health information (PHI) or electronic protected health information (ePHI).

Here is an overview of things you should be doing in order to ensure HIPAA compliance.

Step 1: Finding the right cloud provider

To start, it’s helpful to obtain a copy of the online HIPAA guidelines that the Department of Health and Human Services’ Office of Civil Rights (OCR) offers. You can review them with your attorney and your IT team members.

As soon as you’re clear on those rules, you can conduct – perhaps with the help of an IT managed service provider – a thorough risk assessment. During this process, you’ll examine various cloud service providers (CSPs) to find one that guarantees every reasonable safeguard, including encryption, for your PHI. You might inspect a CSP’s headquarters yourself, or you could rely on expert security audits.

Once you’ve found a CSP you can trust, your attorney can draw up a business associate agreement (BAA). This agreement will hold your company and your CSP, which the law terms your “business associate,” to all HIPAA regulations.

You must also create a service level agreement (SLA), one that details the quality of service that your CSP will provide. For instance, how will it attempt to recover lost data? How much downtime, if any, can you expect? (The answer should be virtually none.)

Step 2: Securing your data

Under HIPAA, you’ll have to take every practicable measure to keep track of your patient data and prevent it from falling into the wrong hands.

HIPAA permits healthcare professionals to use mobile devices to access data. However, each mobile device, along with each computer and other endpoints, must be protected by multiple layers of security. Those measures should include:

  • Randomized and unique passwords
  • A powerful firewall
  • Sessions that time out
  • Two-factor authentication
  • Data encryption that meets or exceeds industry standards
  • An intrusion detection program

Likewise, you should provide regular training sessions to ensure employees are using best practices and are able to recognize the warning signs of hacks or phishing scams.

Moreover, everyone should be on a need-to-know basis. It’s illegal to share a patient’s ePHI with anyone outside of your business unless the person who’s requesting it has a HIPAA release form. (That document must include the patient’s signature.) Your cloud should also have a principle of least privilege (PoLP) security model to make sure each user only has the authority to access the information necessary for his or her job.

An automatic alert system is valuable here. You’ll receive a warning if an unauthorized person accesses your cloud data or if an authorized person does something in the cloud they’re not supposed to do.

Step 3: Reporting breaches

What happens if an unauthorized person gains access to someone’s ePHI? This could occur due to employee error or hacking.

You must tell the affected patient about the transgression within 60 days. Plus, on an annual basis, you must let the Department of Health and Human Services know about every PHI breach that happened during the past year.

If more than 500 records are breached at one time, you’re obligated to send out a press release and to tell the HHS at once. The OCR will follow up, seeking more detailed information.

Finally, as you work your way toward full HIPAA compliance, it’s wise to partner with outside IT specialists. These experienced professionals can advise and support all of your data storage efforts.

In addition to conducting the initial risk analysis, those security experts can identify and eliminate potential vulnerabilities in your network. They can also help you craft an IT budget that accounts for all security measures. As cloud technologies evolve and improve, they’ll ensure that you always stay within the law and always protect your patients.