Sunday, December 20, 2009

Combining Cloud Computing, Client-Server and Novel Pub/Sub Mesh Node Network Architectures (Part 2 of 2)

In my previous post, I described three key architectures for deploying health IT software programs and exchanging patient information in a national health information network (NHIN). They are:
  1. Cloud computing
  2. Client server
  3. Publish/subscribe mesh node networks.
In this post I describe the use cases of each, as well as cautions to be taken in their implementation.

Cloud Computing Architecture Use Cases

The cloud is most useful in use cases where (a) Internet bandwidth is high and connectivity is constant and consistent; (b) data and technology standards are well-established; and (c) there is concrete assurance that if a web service provider goes out of business, the healthcare organization will have ample opportunity to recover all the data stored there. A primary benefit of cloud computing is lower upfront cost compared to client-server architectures. That is, if your local computer doesn't have the resources necessary to run a software program, it may be cheaper, faster, or more convenient to run the program in the cloud than through traditional client-server architecture.

Cloud Computing Security Concerns

When cloud computing is used, however, caution should be taken to protect sensitive patient data in a cloud through end-to-end encryption or by storing only de-identified patient data. Because it is so important, I've included the following quotes from several sources about cloud security issues:

  • "[Trend Micro, the] security company, in its in its predictions for 2010 predictions report for 2010, identified cloud computing as a trend that will amplify threats to companies over-reliant on cloud computing vendors. It… warned the nature of the cloud makes it an attractive target to hackers, who are drawn to the ease of going after a single cloud serving various customers and taking down 'multiple systems secured the same way'…The increased amounts of data handed over to cloud providers will also pose risks in terms of availability and data privacy, it said. Companies open themselves to the possibility of service providers going out of business, or having physical and internal breaches…It highlighted the importance of avoiding cloud lock-in and being able to switch providers "at will or in line with business needs", so as to retain control over the company's IT processes…Beyond the data center, threats lie in connectivity to the cloud…Web protocol technologies such as SSL (Secure Sockets Layer), DNS (Domain Name System) and BGP (Border Gateway Protocol) are still works in progress, being 'developed before security was a consideration'. Security researchers have been identifying flaws in these technologies--last year, a BGP vulnerability was revealed to have been known in the industry for over a decade, but remained an inherent problem…'The question is whether any cloud vendor could reasonably ensure that unauthorized access is not possible, that a hacker will never be able to copy millions of user records, login credentials, online banking information, billing information, transaction records and the like." [Reference]
  • "DATA PROTECTION: cloud computing poses several data protection risks for cloud customers and providers. In some cases, it may be difficult for the cloud customer (in its role as data controller) to effectively check the data handling practices of the cloud provider and thus to be sure that the data is handled in a lawful way. This problem is exacerbated in cases of multiple transfers of data, e.g., between federated clouds…INSECURE OR INCOMPLETE DATA DELETION: when a request to delete a cloud resource is made, as with most operating systems, this may not result in true wiping of the data. Adequate or timely data deletion may also be impossible (or undesirable from a customer perspective), either because extra copies of data are stored but are not available, or because the disk to be destroyed also stores data from other clients. In the case of multiple tenancy and the reuse of hardware resources, this represents a higher risk to the customer than with dedicated hardware…MALICIOUS INSIDER: while usually less likely, the damage which may be caused by malicious insiders is often far greater. Cloud architectures necessitate certain roles which are extremely high-risk. Examples include CP system administrators and managed security service providers." [Reference]
  • "…[B]usiness technology pros what worries them about cloud computing, security concerns…[may] end up sinking any move to the cloud… IT departments…aren't as confident of where pain points such as security flaws may be. What new intrusion points are introduced? How can a company be sure that its data sitting in the vendor's data center is safe? When should information be encrypted?...[S]ecurity defects in the technology…[is] a top concern with cloud computing …One of the biggest risks of cloud computing is that of the unknown… One can't assume that encryption is available in all cloud services…Encryption creates a lot of overhead, and suppliers don't want to degrade application performance or absorb the cost if customers don't put a premium on it…[C]ompanies need to think of their networks now extending beyond their own physical environments and into the supplier's data center. As companies stitch more cloud services together, that challenge multiplies. A related complication comes from the fact that cloud services have been designed in vacuums, with each vendor securing its own connections but not the others…[T]he more data that goes into the cloud, and the more valuable that data, the more appealing it becomes as an attack target…That's why companies, once they've worked their way through the network security issues of transferring data to and from a cloud provider, need to probe the vendor's data center operations…[C]ompanies must determine how comfortable they feel putting data and applications in the cloud…Only a brave few dive in…completely…Vendors acknowledge the fear…[and a] lack of trust about cloud service security." [Reference]
  • Not only do security concerns exist outside the cloud, but as discussed below, privacy concerns exist inside the cloud since cloud vendors are able to look at your database. “'Cloud computing is a trap, warns GNU founder Richard Stallman…It’s stupidity. It’s worse than stupidity: it’s a marketing hype campaign'…Somebody is saying [that cloud computing] is inevitable – and whenever you hear somebody saying that, it’s very likely to be a set of businesses campaigning to make it true…Amazon’s marketing of a ‘VPN to the cloud’…as the solution to a company’s security concerns…[but] Amazon just doesn’t get it…’It’s them against us…thousands of hackers attacking and we just don’t have the resources.’…We can easily guesstimate that at any given point in time we’d have at least 1,000,000 hackers willing to compromise any mega corporation...Amazon’s response appears to be focused on creating a moat in front of their cloud, and while that’s not a bad idea, in no way does this alleviate the threats inside of the cloud itself not to mention an array of other reasons…’Computer security researchers had previously shown that when two programs are running simultaneously on the same operating system, an attacker can steal data by using an eavesdropping program to analyze the way those programs share memory space. They posited that the same kinds of attacks might also work in clouds when different virtual machines run on the same server…The bottom line is, how can you defend the outside of your cloud when you might not even be able to trust the inside of your cloud...Is a cloud provider willing to allow you to perform an in-depth penetration test to ensure you meet compliance? For now, can even forget about the outside threat to your cloud, those threats will always exist, what can you do to defend the insider? Seriously…So when a provider states that: ‘We reserve the right to invade your privacy at any given point in time,’ it just doesn’t sound so appealing, especially when companies are looking to potentially store customer data in the cloud. Do you honestly want a third party viewing your customer database?...[When Amazon states that] ‘It’s important to note that we take the privacy of our customers very seriously, and don’t inspect the contents of instances’…[and] ‘Abusers who choose to run their software in an environment like Amazon EC2, make it easier for us to access and disable their software’…how would Amazon know whether something is a rogue or a misconfigured application, without taking a look?...they’d HAVE TO look at it.” [Reference]
  • "…[Y]ou can transfer risk but never responsibility…no cloud provider will give you the security you need. There can never be a cloud computing provider who can give you the kind of security protections that an in-house security team can and the logic behind this statement is a simple and factual one: a cloud provider won't lose as much as you would at the end of the day. Therefore the incentives to go 'above and beyond' can never and will never exist…Cloud computing providers can only cover so much ground when it comes to security and what they will cover is often a baseline based on often obsolete guidelines. Even if they could cover all the necessary bases, the virtualized environment itself would forever be at odds with forensics…When a machine is virtualized, its states change rapidly and the possibilities of doing forensics is out of one's hands and out of your company's control and in fact, even outside of the cloud providers' control. A cloud provider will not…take dozens if not hundreds of other virtualized machines offline to make a forensic replica should the need arise…Cloud services are especially difficult to investigate, because logging and data for multiple customers may be co-located and may also be spread across an ever-changing set of hosts and data centers. If you cannot get a contractual commitment to support specific forms of investigation, along with evidence that the vendor has already successfully supported such activities…[you're] worse off [with the cloud] than keeping things in house from a forensics point of view and an incident response point of view." [Reference]
  • "There are always risks involved when dealing with working online, regardless of how secure a host might say a web application is, that fact of the matter stands that the security risk of running an application of the Internet is more significant than when running an application on a standalone desktop computer. Some applications require more security than others, playing Sudoku on a web application would cause little concern, but dealing with sensitive corporate formulas or accounting details in a web environment might be determined risky." [Reference]
  • "Web applications are exposed to more security risks than desktop applications. You can have a total control over the standalone applications and protect it from various vulnerabilities. This may not be the case with web applications as they are open to a large number of users in the Internet community thus widening the threat." [Reference]
  • "Working online has its own set of risks like hacking and virus threats. The risk is higher compared to a desktop computer, since a malfunction of the desktop can result in loss of partial data. The crash of a web server can result in consequences beyond the control of a business." [Reference]
  • "Local applications installed on your computer give you better security and do not require a connection to the web. Also, in many cases, local applications provide better integration with the operating system." [Reference]
  • "The Internet abounds with security threats; some users have reported automatically losing accounts and data with Google or other web services after hacker break-ins; cross-site scripts which install key logging software are especially problematic because passwords can be recorded and stolen as they are being typed; hackers routinely break into accounts with simple passwords (names, personal data, words from the dictionary, or anything less than 10 characters)." [Reference]
  •  Clouds at Amazon, Google, Microsoft, AT&T, Paypal, Sony, the CIA, Citibank and Twitter have all been hacked [Reference1], [Reference2], [Reference3].
  • "The hack into a Gizmodo writer’s Amazon and Apple accounts over the [first] weekend [of Aug 2012] is being used as a cautionary tale for consumers, a call to action for cloud providers regarding security policies and a sounding board for concerns about the rush to the attacker quickly found his way into [a user's] iCloud account and wiped everything from his Mac, iPhone and iPad, all of which were linked to Apple’s cloud service. The attacker also hacked into his Twitter and Gmail accounts...larger concern was how quickly and easily the attacker...was able to get gain control of [the] account through just a couple of phones calls to Amazon and Apple [using] social engineering" [Reference] and [important comments].
Cloud Computing Use Cases

Taking security into account, use cases for the cloud computing architecture include:
  • Providing access to browser-based EHRs and EMRs with end-to-end encryption in either:
    • Tightly controlled private clouds
    • Non-private clouds only if the patient identifiers are stored in encrypted data files (in the cloud or in local storage).
  • Storing de-identified patient data in centralized databases for public access or for restricted access by authorized persons (e.g., for research purposes).
  • Storing practice guidelines in public clouds.
  • Home monitoring, whereby data from measurement devices (e.g., a glucometer) are streamed to a provider's private cloud with end-to-end encryption.
  • CRM, business intelligence, content management and research-based applications in private clouds with end-to-end encryption.
  • Hosting Web conferences to dispersed audiences.
  • Enabling real-time collaboration in private clouds with patient data encrypted end-to-end or in public clouds with de-identified patient data only.

Client-Server Architecture Use Cases

The client-server model is most useful in use cases where the data remains within an organization's boundaries (i.e., behind the firewall) and subject to strong central control (authorizations, etc.); such use cases include:
  • Managing patient data in a provider organization's EMRs and EHRs
  • Running an enterprise health information management system (HIMS), including both clinical and financial applications
  • Running business intelligence (analytical) applications within an organization
  • Running protocol/medication adherence management and post discharge software programs, e.g., having text messages trigger alert that are sent to case managers informing them to contact certain patients under certain circumstances based on an organization's rules (algorithms).

Novel Pub/Sub Node Network Architecture Use Cases

The pub/sub node network model is most useful when:
  • Exchanging sensitive patient data beyond organizational boundaries (i.e., beyond the firewall)
  • The cost of infrastructural build-out for centralized systems is prohibitive
  • At least some end-users must access data at times when bandwidth is low, connectivity is intermittent, or network latency is high
  • Exchanging data between disparate databases
  • Individuals prefer to have complete control over their own data
  • Large scale emergencies disrupt communication networks relying on the Internet.
Use cases for such a node network architecture include:
  • Exchanging patient data across organizational boundaries, including sending data between disparate data stores (e.g., exchanging data between incompatible EMRs, EHRs and PHRs).
  • Sending de-identified patient data from PHRs and EHR/EMRs to data centers in HIEs/RHIOs and an NHIN repository.
  • Connecting multiple cloud, client-server and desktop-based systems by providing nodes to able to access the applications and data sources in each system.
  • Locally storing data collected through cloud-based applications in encrypted CPS data files, and enabling those data to be sent back to the cloud-based system as necessary. The same goes for client-server applications.
  • Exchanging patient data in emergency disaster situations in which command & control units and first responders (fire fighters, police, EMTs, trauma center staff, etc.) must communicate quickly and effectively even when they each have different data needs and when the Internet is unreliable. This includes overcoming the "last mile problem"—which refers to the challenge to provide connectivity to all end-users' devices at all locations due to bandwidth mismatches and other connectivity constraints—by providing multifaceted asynchronous communications capability that includes radio, land line, and satellite communication options.
  • Preventing any single point of failure problem of centralized systems by mimicking the landline telephone system, which always has a dial tone even when power goes out.
  • Supporting an automated decision-support system in which the nodes host a "loosely-coupled decision network" of people from multiple locations and with different roles who sometimes work together to make decisions beyond the knowledge or skills of any individual. The nodes use their data transformation and universal translation capabilities to accommodate the diverse information needs and preferences of the participants in a way that reduces misunderstandings due to regional, departmental or cultural differences.
  • Doing eligibility checking, i.e., when a patients go to their healthcare providers, the nodes send data back and forth between the nodes connected to insurance company databases to exchange eligibility data.
  • Exchanging data between nodes connected to labs, providers and patients.
  • Automatically sending certain data concerning communicable diseases and other biosurveillance data to and from the Center for Disease Control (CDC) via nodes connected to providers' EHRs/EMRs, patients' PHRs and the CDC's databases.
  • Providing remote access to imaging data stored locally.
For more use case scenarios, see these links on our Wellness Wiki:


All three architectures have important use cases. The novel node-based architecture I've been promoting enables all three to work together in order to receive the benefits of each.

Related posts:

No comments: