My colleague Brian Eastwood has a fine piece over at sister-site CIO.com this week about how Boston Children’s Hospital responded to DDOS and other attacks made on the institution. My big take away from it is that this is an example of why some institutions will likely never go all-in with the public cloud.
+ MORE AT NETWORK WORLD: Today's security attacks are after more than just bank info +
The world-renowned Boston hospital was facing an onslaught from vigilante group Anonymous in response to what was a high-profile case involving one of the hospital’s patients. At the height of the attack, Anonymous was sending DDoS traffic up to 27 Gbps - 40 times the hospital’s normal incoming traffic load.
In response, the hospital’s SVP of Information Services/CIO Dr. Daniel Nigrin basically shut down incoming and outgoing traffic from the hospital’s network and relied only on internally-hosted services. Eastwood reports:
“In response, Nigrin took down all websites and shut down email, telling staff in person that email had been compromised. Staff communicated using a secure text messaging application the hospital had recently deployed. Internal systems were OK, he says, so Children's electronic health record (EHR) system, and therefore its capability to access patient data, wasn't impacted.”
One of Nigrin’s big pieces of advice emerging from the incident: “Know which systems depend on external Internet access.”
What if Boston Children’s Hospital had been all in on the public cloud? What if the organization didn’t have some sort of on-premises communication platform?
Sure, there are workarounds to using the public cloud in an incredibly secure way, many involve the networking connections between your operations and the public cloud and encrypting traffic throughout.
And given the public cloud’s major selling points around agility, efficiency and ease of use, this market surely will continue to grow. But some organizations are not willing to put everything in the public cloud, and examples like this one show why.