The myth that the closer you keep your sensitive data, the safer it is, has once again been proven wrong. Last week, reports surfaced that Hollywood Presbyterian Medical Center in Los Angeles suffered a "ransomware" attack, locking employees out of critical IT systems. The lock-out began on February 5th and affected systems used "for patient care documentation and the sharing of lab work, X-rays and CT scans," according to Fortune.com. The hospital then paid a ransom of 40 Bitcoins or roughly $17,000 to get decryption keys that gave them back access to their data. This is the first time such an attack and subsequent payment has received so much publicity, prompting industry experts to speculate on whether this will become an increasingly visible trend, and prompting a lot of talk about how to prevent this sort of thing in the future.
We see this as more evidence that enterprises are not embracing new technology. They are either putting off the cost and perceived complexity of moving to SaaS-based business systems, or they're under the false impression that their data is more secure in an on-premises or hosted environment. Let's look at how Healthcare IT News addresses the myth that implementing cloud systems and integrating them with legacy applications is a complex undertaking:
"Myth: The perceived complexity of working around legacy systems and integrating workloads makes cloud SaaS solutions a burden during integration.
Truth: Certain cloud SaaS vendors have a great deal of expertise in streamlining and expediting the integration process with legacy systems. The key is to properly screen and comprehensively review vendor experience and track records prior to entering any kind of relationship.
Some cloud SaaS solutions do not require configuration with existing legacy systems but instead run as separate platforms that do not require integration..."
Many SaaS solutions offer open published APIs that can make integrating them with existing systems less difficult than many might assume. Additionally, most SaaS systems are highly configurable, allowing companies to implement complex workflows and business logic without the need for developers or scripting.
With regards to the security concerns around cloud applications, the truth is that established SaaS providers have security and data integrity features once only available to the largest of enterprises, at a fraction of the cost. Some of the benefits provided by multi-tenant SaaS providers:
- Multiple fiber trunks and mirrored RAID storage
- Standby servers and redundant network components
- Redundant uninterruptable power supplies and parallel redundant generators
- Highly granular level of control over user access
- Option of requiring 2-step user verification every time a user signs on through an unrecognized device
- Enforced password changes and automatic session timeouts
- Option to set acceptable IP ranges from which users may log in
- SSAE 16 SOC1 Type II audited and PCI DSS certified
- Tightly restricted access to production data including biometric access controls
- Hardened networks and firewalls
- Real-time activity log tracking
- Automated security scanning and third party white hat penetration testing
- Virus resistance reinforced through software architecture
- Oracle database secured with advanced security
- Minimum 128-bit encryption for all data transmission
- Full daily backups to multiple locations
- Continuous backups of transaction data
- Secure streaming of transaction data to remote disaster recovery center
Even a hosted environment with your own installed applications can't provide this level of security, and businesses housing their own servers on-premises can't even come close.
We hope the latest ransomware attack will bring more and more businesses into the 21st century. Adoption of cloud applications is the best way we can hope to reverse the trend of malicious attacks on businesses.
If you'd like an assessment of your finance and accounting systems and processes, please fill out the form below and we'd be happy to contact you.