Archive for the ‘cloud computing’ Category
New Draft Computer Security Document Focuses on Cloud Computing and Virtualization Technology
Author: Cloudipedia Editor
For Immediate Release: July 21, 2010 Contact: Evelyn Brown
The National Institute of Standards and Technology (NIST) has issued draft recommendations for securely configuring and using full virtualization technologies, which, by means of software, duplicate a computer’s operating system and its applications on other machines.
Because it helps maximize the use and flexibility of computing resources—multiple operating systems can run simultaneously on the same hardware—full virtualization is considered a key technology for cloud computing, but it introduces new issues for IT security.
The proposed security recommendations are contained in the draft document, NIST Special Publication 800-125, Guide to Security for Full Virtualization Technologies. NIST is requesting public review of the new draft computer security publication and soliciting comments until August 13.
For cloud computing systems in particular, full virtualization can increase operational efficiency because it can optimize computer workloads and adjust the number of servers in use to match demand, thereby conserving energy and information technology resources. The guide describes security concerns associated with full virtualization technologies for server and desktop virtualization and provides recommendations for addressing these concerns.
Karen Scarfone, the publication’s primary author, says that most existing recommended security practices also apply in virtual environments.
“The practices described in this document build on and assume the implementation of practices described in other NIST computer security publications,” Scarfone says.
The guide is intended for system administrators, security program managers, security engineers and anyone else involved in designing, deploying or maintaining full virtualization technologies. In the draft, NIST recommends for organizations to:
- Secure all elements of a full virtualization solution and maintain their security;
- Restrict and protect administrator access to the virtualization solution;
- Ensure that the hypervisor, the central program that runs the virtual environment, is properly secured; and
- Carefully plan the security for a full virtualization solution before installing, configuring and deploying it.
The draft of NIST Special Publication 800-125, Guide to Security for Full Virtualization Technologies may be obtained from the NIST Computer Security Resource Center at http://csrc.nist.gov/publications/PubsDrafts.html. Submit comments to 800-125comments@nist.gov with “Comments SP 800-125″ in the subject line.
Related News: Portal to aid in development of standards is coming soon
______
Virtual Global, a West Virginia corporation, is a provider of cloud-enabled enterprise IT solutions, including the TeamHost™ cloud platform for creating and deploying SaaS systems without programming; HealthCapsule™, a toolkit for creating secure Health IT solutions; TeamLeader™, a project management 2.0 software for tracking and reporting on virtual teams in real-time; and cloudipedia.com, a website that brings cloud computing information to the masses. Since 1995, Virtual Global’s platform technologies have served commercial and federal customers worldwide with enterprise-class IT needs.
Posted in 
OpenGov Tracker puts the best open-government ideas in one place
Author: Cloudipedia Editor
NASA employees use open-source tools to build a site in two days with no budget
By Rutrell Yasin Jul 21, 2010, Federal Computer Week
IdeaScale Application Programming Interface; Tornado, a lightweight, open-source web development framework; MongoDB, an open-source, document-oriented database; Googlechart, an API for chart generation; Uservoice, a free, Web feedback forum; and Github, a Web-based hosting service for projects that use Git revision control system.
Robbie Schingler, one of the developers of OpenGov Tracker, describes the site as a tiny hack — and in this case, the word “hack” means something good — with immediate value. Schingler, an executive at NASA’s Office for Open Government, and co-developer Jessy Cowan-Sharp, also with NASA, created the Web site in two days during the record-setting snowstorm in February that halted activity around the Washington, D.C., metropolitan area.
“Two developers, two days, no money” — that was Schingler’s description of the project at a recent conference on Web development and new media for government Web managers.
The Open Government Directive, which ordered agencies to open their doors and data to the public, was the motivation for the site. The directive states that each open-government Web page had to incorporate a mechanism to provide input on the agency’s open-government plan.
In early February, the General Services Administration offered a citizen engagement tool based on the IdeaScale platform to 24 federal agencies, including NASA. Twenty-three agencies accepted.
The online dialogue tool allowed members of the public to submit, rank and comment on ideas about how agencies could best fulfill the goals of the Open Government Directive by becoming more transparent, participatory, collaborative and innovative.
Schingler and Cowan-Sharp essentially developed a site consisting of one basic page that aggregates 23 of those sites to give the public a quick glance of the best-rated contributions in each of four categories: collaboration, participation, transparency and innovation.
For instance, in the participation category, someone proposed that the Education Department promote funding for open-source textbooks. The idea is to create free textbooks that schools could customize. Another example, in the innovation category, was to let NASA employees set aside time each week for unstructured, creative thinking.
OpenGov Tracker tracked all government ideas, votes and comments. It then highlighted agencies with the most or least ideas, votes or comments. NASA topped the list with the most ideas (470), votes (4,747) and comments (700). Those with the least ideas, votes and comments were organized in another category: Needs More Love.
The developers accomplished the task on their own time using their own server on the NASA Nebula cloud computing platform. In addition to using IdeaScale’s application programming language, open-source software formed the project’s foundation.
The developers used the Python programming language with the Tornado Web development framework and MongoDB document-oriented database. The developers also used Uservoice, which is free Web feedback forum software, and Github, for storage, Schlinger said.
Here are some of their lessons learned.
- Keep it new and fresh. The developers were able to pull in new information without human intervention.
- Keep it simple. The developers only had one function, one page.
- Make it fun.
- Develop quickly. Allow developers to work in sprints and incubate the work, using open-source software and iterations, if useful.
______________
Virtual Global, a West Virginia corporation, is a provider of cloud-enabled enterprise IT solutions, including the TeamHost™ cloud platform for creating and deploying SaaS systems without programming; HealthCapsule™, a toolkit for creating secure Health IT solutions; TeamLeader™, a project management 2.0 software for tracking and reporting on virtual teams in real-time; and cloudipedia.com, a website that brings cloud computing information to the masses. Since 1995, Virtual Global’s platform technologies have served commercial and federal customers worldwide with enterprise-class IT needs.
Cloud Computing: Today’s Four Favorite Flavors, Explained
Author: Cloudipedia Editor
By Kevin Fogarty, CIO
July 08, 2010 03:23 PM ET
Cloud computing is famous for being a metaphor instead of a technology, but that metaphor is increasingly hard for non-techies to understand. Many variations of cloud have emerged that have little to do with the initial vision that sparked interest– a public cloud with burst-up capability on demand.
“Public cloud is not what most of our clients are talking about right now,” according to Chris Wolf, analyst for Gartner Group’s Burton Group consultancy. “Pretty much everything’s hybrid.”
Public cloud (pay-for-play) services such as Amazon’s EC2 and Microsoft’s Azure were the proof-of-concept for cloud technology. Rather than shift the majority of their own IT to professionally maintained shared-resource services such as those, however, most companies are today using cloud to build on their internal virtual infrastructures, analysts say.
The greatest benefit of cloud is its ability to connect otherwise incompatible infrastructures, not just one or two applications at a time, and its ability to let customers dial up more compute power when they need it, says International Data Corp. analyst Ian Song. Nevertheless, IDC’s market surveys predict that spending on cloud will rise from $17 billion in 2009 to $44 billion in 2013.
“It’s not real clear in most people’s minds what virtualization or cloud will get them,” according to Roger Johnson, who evangelized both in his previous job as a senior IT manager at audio-systems reseller Crutchfield Corp., and does so now as a senior systems engineer at Richmond, Va.-based integrator SyCom Technologies.
“Most people seem like they’re interested in cloud but they don’t want to touch it until there’s more adoption and a better track record,” says Johnson.
Most companies take a roll-your-own approach to cloud, adding cloudlike interfaces to existing systems, building new systems on virtualized, highly interoperable systems, or hiring co-location, server hosting or online services to meet specific needs or east particular points of pain, Wolf says.
There is no single model for how best to mix all the various cloud service permutations, but a few consistent models have emerged:
1. Internal Clouds
In what’s turning out to be the most common form of cloud computing (and convenient for virtual-server vendor VMware,) internal, private clouds allow a company to weave layers of virtualization and management software around existing infrastructure to tie servers, storage, networks, data and applications. The goal: Once they’re interconnected and virtualized, IT can shift storage, compute power or other resources invisibly from one place to another to give all the end-user divisions all the resources they need at any time, but no more than that.
What’s the difference between a highly virtualized environment and an internal cloud? VMware says an internal cloud should also have a high degree of management automation and offer chargeback capabilities for business units. Private clouds should make managing both information and technology easier, but will blow apart the silos into which most IT organizations have been built over decades, Wolf says. “Right now the server people talk to the server people, not networks or support or anything else,” he says. “If everything’s virtualized, everything’s on ever box, so your job can’t be defined according to where the box you’re responsible for sits.”
2. External Cloud Hosting
External cloud–any IT service maintained by an external service provider and accessed through the Internet–is the best source for both cost-effective IT extensibility and of insecurity, mistrust, confusion and the potential for disaster. Among the best known U.S. providers of external cloud services are Rackspace, Terramark, Equinix, AT&T and IBM. The big worry: In a recent Portio Research survey, 68 percent of respondents say worries about security are holding them back from cloud projects; 58 percent say performance is also a drawback.
“In the public cloud a lot of the fear factor is that your data is sitting on someone else’s infrastructure,” says Vince DiMemmo, general manager of cloud and IT services at data-center hosting and services company Equinix. “When you hire someone else your expectations for security are much higher, so most customers aren’t comparing what a service provider offers compared to what they do in their own systems. They tend to be nervous about cloud, too, not for [co-location] and server-hosting that they’ve been doing for a long time.”
There’s not a lot of difference between co-location or hosting and cloud services in the platform-as-a-service market, which means any IT organization with external providers has already done most of the vetting needed for a cloud provider, says Jim Levesque, systems programmer and supervisor of the cloud-based disaster-recovery and backup system built by the Los Angeles Department of Water and Power for its 600-server business-application network.
“You check the security, make sure about their finances so they’re not going to disappear right away, talk to their references and make sure they’ve got good provisioning on the things that are important– plenty of I/O and network access, redundant connections and power supplies, emergency plans, all that stuff,” Levesque says.
But many customers are also worried they’ll get locked in to a single service company if the APIs, systems and interfaces their cloud provider uses don’t allow them to pick up an move back to internal servers or to a different provider’s infrastructure, according to Karl MacDonald, chief evangelist for cloud service provider Cloud.com.
3. Hybrid or Modular Approach
It’s pretty clear that the near future of IT is the hybrid cloud model, Wolf says. Hybrid cloud computing can include a mix on internal clouds, external cloud services and traditional SaaS options. The mix of pieces that hybrid should include for a specific business will end up being as unique as the IT organizations that provide it, he says.
Some small- and mid-sized companies face the same dilemma as that guy who insists he can wear the same jeans he did in high school, despite their 32-inch waist and his 42-inch belly. The CEO keeps cinching the budget a little tighter every quarter.
Smaller-scale workspace on demand services can fit the bill here. Originally conceived for applications such as on-demand test and development environments (where the need for 100 virtual workstations on which to test a software distribution script wouldn’t be unusual) workspace on demand companies such as CloudShare, Soonr or Microsoft Azure offer mini versions of the macro cloud.
Rather than buy large-scale services with a lot of configuration and management from Amazon or other hosting companies, it makes sense to have a service you can use to get IT-on-demand for workgroups rather than enterprises, according to Steve Peltzman, CIO of New York’s Museum of Modern Art.
“We, like a lot of companies, have only one set of staging servers for anything, and you don’t want to add a feature because you don’t want to mess with the staging, so you have to put that off,” Peltzman says. “There are lots of needs, strategic or tactical, we have to meet during the day without having a rack of servers to pull out to do it. We look at where it makes sense to outsource SaaS providers, SalesForce, outsourcing email to Gmail, Amazon or Cloudshare for platform. Sometimes I don’t know what we’re going to use a specific service or function for, but I know we’re going to need it. That’s what I’m looking to the cloud for.”
4. Traditional SaaS
For those looking for an even smaller slice of additional functionality or capacity, plain-jane SaaS may be the way to go. The quickest way to get into “cloud computing” is to sign up for free email at Yahoo or Google, or for productivity apps from Zoho, 37Signals or a host of other services aimed at businesses or individuals.
Google’s corporate email is popular among small companies that put managing their own Exchange servers somewhere down below housekeeping and maintenance. Productivity apps are available online from Microsoft, Zoho and others who’d rather not pay for bulk upgrades of feature-heavy desktop applications.
Companies that don’t even want to have to maintain Windows can go to Desktone, ThinkGrid and a few other VDI-on-demand providers.
__________
Virtual Global, a West Virginia corporation, is a provider of cloud-enabled enterprise IT solutions, including the TeamHost™ cloud platform for creating and deploying SaaS systems without programming; HealthCapsule™, a toolkit for creating secure Health IT solutions; TeamLeader™, a project management 2.0 software for tracking and reporting on virtual teams in real-time; and cloudipedia.com, a website that brings cloud computing information to the masses. Since 1995, Virtual Global’s platform technologies have served commercial and federal customers worldwide with enterprise-class IT needs.
Rackspace and NASA team up on cloud launch
Author: Cloudipedia Editor
Companies donate code to new open source cloud initiative
By Maxwell Cooter, TechWorld
July 19, 2010 06:31 AM ET
Rackspace and NASA have teamed up to launch OpenStack, an open source cloud platform aimed at accelerating the adoption of cloud computing by making it easier to develop new applications.
Although Rackspace and NASA have not entered into a formal partnership, it is hoped that their collaboration on OpenStack will be an impetus for new cloud computing initiatives. Rackspace and NASA have been joined by companies such as AMD, Citrix, Dell, iomart, Spiceworks and many others.
Both Rackspace and NASA have donated code for the project: the former has donated the code that powers its Cloud Files and Cloud Servers public-cloud offerings, while the space agency has donated the code of its Nebula Cloud Platform.
Fabio Torlini, Rackspace’s head of cloud services said that the move would rapidly accelerate the take-up[ of cloud services and also help to strengthen the move to interoperability. ” We expect our cloud platforms to become a de facto standard in time,” he said. “We really expect this to take off massively.”
Torlini added that while there would be little immediate benefit to enterprises looking to move to a cloud platform, in the long run there would be a boost to the number of applications available.
He acknowledged the concerns that many in the user community had over security in the cloud but said that by freeing up the code, there would be more opportunities to improve security. “If we’d left it like it was, it would just have been Rackspace and NASA working on their own, by freeing up the code, we enable many more companies to help improve security,” he said. He also stressed that this shouldn’t be seen as purely a Rackspace initiative, “Everyone is welcome to contribute,” he said.
“Modern scientific computation requires ever increasing storage and processing power delivered on-demand,” said Chris Kemp, NASA’s Chief Technology Officer for IT. “To serve this demand, we built Nebula, an infrastructure cloud platform designed to meet the needs of our scientific and engineering community.
The companies have developed an OpenStack website with further information on the project with a complete list of members.
___________
Virtual Global, a West Virginia corporation, is a provider of cloud-enabled enterprise IT solutions, including the TeamHost™ cloud platform for creating and deploying SaaS systems without programming; HealthCapsule™, a toolkit for creating secure Health IT solutions; TeamLeader™, a project management 2.0 software for tracking and reporting on virtual teams in real-time; and cloudipedia.com, a website that brings cloud computing information to the masses. Since 1995, Virtual Global’s platform technologies have served commercial and federal customers worldwide with enterprise-class IT needs.
Feds to spend $144M to train health IT workers
Author: Cloudipedia Editor
More than 80 schools will prep 50,000 workers for IT jobs
Computerworld - Beginning this fall, more than 80 community colleges and universities in the U.S. will begin training health care IT workers under a government grant program created to help fill an estimated 50,000 jobs needed to assist doctors and hospitals as they roll out electronic medical records (EMR).
The estimated 50,000 trainees are in addition to people already being trained in existing IT programs in U.S. universities, according to Dr. Charles Friedman, chief scientific officer at the Office of the National Coordinator for Health Information Technology. The agency estimates it will spend $144 million in grant money to develop and implement curricula in colleges and universities to train the health care IT workers.
Money for the education and training effort was included in the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009.
Friedman said the training programs are aimed at people who already have health care or IT backgrounds — not workers from other fields who have no previous experience or training in either discipline.
“A landscaper might be able to enter one of these programs, but if this is a person with no health care or IT background, it’s unlikely that person will be able to achieve what’s needed for these jobs in six months,” Friedman said.
The U.S. Department of Health and Human Services has designed a curriculum to train people for 12 specific roles. The jobs are broken down into two major groups: Those for which health care IT workers can be trained in a six-month certification program, and those that require one to three years of training, such as senior clinician leaders, privacy and security specialists and more advanced technical and administrative roles.
On average, each school has or will get about $1 million to implement the curriculum; many of the schools have banded together in five regional consortia. Students graduating from the HITECH-funded programs will receive certificates in their specialties.
A significant part of the training will be for staffers at 60 regional extension centers (REC), the public-private partnerships that will eventually assist in the deployment of EMR systems at rural hospitals and physician practices with 10 or fewer doctors. Smaller health care operations like those will need help in order to meet the federal government’s “meaningful use” criteria and get reimbursements for the EMR rollouts.
The RECs, which are still being developed, will employ anywhere from 10 to 30 workers. Their responsibilities will include helping health care providers with the reimbursement process and assessing whether health care facilities have the infrastructure to implement EMR systems. The health care IT employees will also work with doctors and health care facilities to select an EMR system, oversee its installation, perform a workflow analysis of the effort and certify whether the EMR deployment meets the government’s meaningful-use standards.
Michael Kirshner, program director of the Oregon Institute of Technology’s health informatics degree program, graduated the first class of health care IT students from the baccalaureate program this spring and expects to start up the school’s grant-funded health IT program this fall.
OIT opened a simulation lab in 2007 that simulates an IT environment in the health care field to help students learn how to deploy EMR applications from leading vendors such as General Electric and Allscripts. It also familiarizes them with databases from Oracle Corp. and Microsoft Corp. and teaches them about patient portals and secure messaging platforms from companies such as Cryptic Corp.
OIT’s program offers a bachelor’s degree in IT with an option in health informatics. IT covers the EMR implementation process, data mining and data extraction, the creation of interfaces using HL7 standards, data analytics, queries and report creation.
“We expose students to a variety of user roles to train them how to use these,” Kirshner said. “But equally relevant is how other users on a health care team would be interacting with [health IT] systems. We’re trying to create broad exposure and a hands-on learning experience so they can be an integral part of the team instead of just a single defined set of tasks.”
Kirshner said the school surveyed employers in the Portland area and came up with a list of about 300 health care IT jobs among the top 15 employers. “We’ve turned out less than 20 [health care IT] graduates, so clearly the demand is much higher,” he said.
According to Kirshner, 85% of the available jobs in the area require a bachelor’s degree and have starting salaries that range from $45,000 to $75,000.
One reason the government focused its grant program on state schools is because they tend to be far less expensive than private institutions. That gives IT and health care workers an affordable way to make lateral career moves. For example, OIT’s full baccalaureate program costs only $25,000.
Beyond the private-sector jobs available for health care IT workers, the federal government has set aside money for REC operations to help rural hospitals and small physician practices set up EMR systems and qualify for some of the billions of dollars in Medicare and Medicaid reimbursement funds available to those that successfully use EMRs.
Jonathan Fuchs, chief operating officer of the Arkansas Foundation for Medical Care (FMC) in Fort Smith, Ark. opened a regional extension center in February to serve local physician practices.
That REC is working closely with local two- and four-year colleges and has worked out a deal to provide potential health care IT students with a discount for HITECH-funded courses at local schools. Typically, the certification programs cost $500 to $1,000, said Fuchs, who added that he hopes to provide internships for health care IT students.
Positions at the REC include a director, a program manager, a network data manager, a marketing manager, a program assistant, four to six EMR implementation specialists, three to four quality improvement employees and five outreach workers.
“Depending on the level of the surge, we will either outsource some of the work or add additional staff,” Fuchs said. “Some RECs have totally outsourced their implementation activities to consultants and other RECs. There are all different models across the country.”
The FMC REC is supposed to help 1,280 physicians roll out EMR systems over the next five years. The center has already signed up 550 doctors.
Physicians who roll out EMR systems under the Medicare program and meet government certification requirements can get up to $44,000 in reimbursement money. Those who choose to implement the technology under the Medicaid program, which requires that at least 30% of their practice be enrolled in the program for 90 consecutive days during a calendar year, can receive up to $64,000 to defray IT costs.
While thousands of graduates of HITECH grant-funded courses will staff REC offices throughout the county, the overwhelming majority of them will find jobs in the private sector, working at hospitals, private physician practices, long-term care facilities and other clinical operations.
“Each of the colleges is going to vigorously market its program,” Friedman said. “The assumption is because community colleges tend not to charge as much as large [private colleges], this will be affordable. In some circumstances, the community colleges are using the grant money to help students with tuition.”
___________
Virtual Global, a West Virginia corporation, is a provider of cloud-enabled enterprise IT solutions, including the TeamHost™ cloud platform for creating and deploying SaaS systems without programming; HealthCapsule™, a toolkit for creating secure Health IT solutions; TeamLeader™, a project management 2.0 software for tracking and reporting on virtual teams in real-time; and cloudipedia.com, a website that brings cloud computing information to the masses. Since 1995, Virtual Global’s platform technologies have served commercial and federal customers worldwide with enterprise-class IT needs.
Health and Human Services’ IT rules open up market to newcomers
Author: Cloudipedia Editor
New federal rules that will grant medical practitioners billions of dollars to buy health information technology might make it easier for vendors new to the health IT industry to gain market share in a sector largely dominated by companies that have adhered to stricter standards, health consultants said.
The rules governing the acceptable use of e-health records to qualify for federal funding, which the Obama administration released on Tuesday, are simpler and clearer than those initially proposed in December 2009, experts said. The earlier proposal sparked concerns among small practices and hospitals, and some IT companies that meeting the first stage of requirements for meaningful use would be too time-intensive and costly.
Doctors must comply with the meaningful use rules, which include installing certified e-health systems, to receive a portion of roughly $27 billion in bonus Medicare and Medicaid payments. The government says the extra payments will encourage providers to buy health IT systems that increase safety, reduce costs and improve care.
“They did make a very serious effort to accommodate the real-world barriers that physicians have,” said David C. Kibbe, an IT consultant and senior adviser to the American Academy of Family Physicians. “The bar is significantly lower for stage one” compared with what was in the draft.
The December draft proposal would have demanded doctors comply with 25 objectives during the first year of implementation. The final rules reduce that number to 15 core objectives, including routine security monitoring, checks on drug interactions, e-prescribing and transmission of instructions for the treatment of patients using a standard computerized provider order entry.
The rules then allow doctors to pick five more demanding requirements from a menu of 10. Among them are e-health records that contain data fields for laboratory test results, the ability to send patient reminders for follow-up care, and submission of clinical surveillance data to public health agencies.
In addition, the new regulations loosen CPOE requirements by directing doctors to use the process only for entering medication orders. The earlier proposal would have required them to enter orders for medications, laboratory work, imaging studies and several other services.
Under both the proposed and final rules, additional requirements to meet the government’s definition of meaningful use would and still will be phased in during five years.
The Health and Human Services Department projects that certified e-health record software will be available for purchase in the fall.
Companies entering the health IT field for the first time might have a leg up on more established industry players, according to Kibbe. “No products have been certified yet,” he said. “If you have a legacy product that is significantly more comprehensive and complicated, and a new product that hits the nail on the head for meaningful use and just does that, you might think the newer companies have an advantage in meeting meaningful use for their customers.”
The rules will allow other innovative companies such as Microsoft Corp., Intel Corp. and Google, to penetrate the health IT space, Kibbe said.
But some health IT service companies that partner with various software vendors, including legacy product providers, say there’s plenty of room for more market participants. “The pie got bigger,” said Harry Greenspun, chief medical officer at Dell Services, the nation’s largest health IT services company. Veteran vendors can expand their hold on the market and new entrants potentially might have an easier time accessing the market, he added.
On Tuesday, HHS released a related regulation that finalizes certification standards initially released on Dec. 30. Registration for incentive payments will start January 2011, and HHS will begin disbursing the money to doctors and hospitals next spring.
“The government has lowered the barrier for adoption,” added Greenspun, who previously served as the chief medical officer for Northrop Grumman Corp., which developed AHLTA, the Defense Department’s electronic health record system.
Now that the government has relaxed some of the rules, the administration is more likely to reach the ambitious goal of establishing a nationwide network of e-health records by 2015, he said.
The Brookings Institution, a Washington think tank, and the Markle Foundation, a New York-based research institute that studies health IT and security issues, released a joint-statement in support of the rules. “These regulations provide a promising foundation for encouraging the effective use of health information to improve patient care,” said Mark B. McClellan, director of the Engelberg Center for Health Care Reform at Brookings and a former administrator of the Centers for Medicare and Medicaid Services.
Carol Diamond, managing director of the Markle Foundation, added, “The final rule has added flexibility to encourage providers to participate in the first phase of this critical effort to improve health, promote efficiency, drive innovation and protect privacy.”
Consumer advocates provided qualified approval. “By making some reasonable concessions but standing firm against industry pressure to gut the regulations, the administration moved to improve patient safety and coordination of care, and to make our health system more efficient,” Christine Bechtel, vice president of the National Partnership for Women and Families, a patient-rights group, said in a statement.
She noted, however, “As we move forward, the regulations should be strengthened so providers who violate privacy laws are ineligible for federal IT dollars, and so providers are required to give all patients timely access to their health information.”
In addition, Greenspun said unintended consequences of the regulations might not surface until state governments, privacy groups, budget analysts and other stakeholders have more time to closely inspect the 864 pages of regulations.
Verizon creates medical information exchange cloud
Author: Cloudipedia Editor
July 14, 2010, 7:32 PM EDT By Lucas Mearian
Verizon announced on Wednesday a new cloud-based service offering for healthcare providers that will handle the sharing of patient information electronically between disparate platforms.
The new service, called the Verizon Health Information Exchange , consolidates clinical patient data from various providers and translates it into a standardized format that can then be accessed via a secure Web portal.
Kannan Sreedhar, vice president of Verizon Connected Health Care Solutions, said the service will address interoperability issues currently hindering physicians, hospitals and insurance companies from sharing patient information because of the myriad of applications used to create, and formats being used to store, the data.
“Providing secure access to patient data will enable health care organizations to make a quantum leap forward in the deployment of IT to meet critical business and patient-care issues,” he said in a statement.
Users of the service will be able to share data across states and regions, requesting patient data via the Web portal regardless of the IT systems and specific protocols the providers use, Verizon said.
Because the Verizon Health Information Exchange will be delivered via Verizon’s cloud computing platform, health care organizations will be able to use their current IT systems, processes and workflows, without large additional capital expenditures, the company stated.
The service charges based on a health provider’s patient record volume.
Verizon is using technology from several database, medical application vendors and service providers — including MEDfx, MedVirginia and Oracle — to deliver key features of the service, including: clinical dashboard, record locator service, cross- enterprise patient index and secure clinical messaging.
“The ability to dynamically scale technical resources and pay for those used are key benefits of health information exchange platforms hosted in the cloud,” Lynne Dunbrack, program director of IDC Health Insights said in a statement.
“Cloud-based platforms will appeal to small to mid-sized organizations looking to shift technology investment from capex to opex and to large regional or statewide initiatives that need to establish connectivity with myriad stakeholders with divergent needs and interoperability requirements,” she said.
MedVirginia Inc. , a regional health information exchange (RHIO) located in Richmond, plans to use Verizon’s Health Information Exchange service.
Formed in 2000 by a consortium of Virginia health care providers, MedVirginia launched its health information exchange in 2006. Michael Matthews, CEO of of MedVirginia, said the RHIO’s needs enhanced functionality, flexibility, performance and scalability.
“The cloud-based Verizon Health Information Exchange meets those requirements,” Matthews said.
Verizon said its service meets federal standards for privacy under the Health Insurance Portability and Accountability Act, and it also complies with requirements under the Nationwide Health Information Network, which is under the Office of the National Coordinator for Health Information Technology to support the secure exchange of health information over the Internet.
Lucas Mearian covers storage, disaster recovery and business continuity, financial services infrastructure and health care IT for Computerworld. Follow Lucas on Twitter at @lucasmearian or subscribe to Lucas’s RSS feed . His e-mail address is lmearian@computerworld.com .
_____________________
Virtual Global, a West Virginia corporation, is a provider of cloud-enabled enterprise IT solutions, including the TeamHost™ cloud platform for building SaaS applications without programming; TeamLeader™, a project management 2.0 software for tracking and reporting on virtual teams in real-time; and cloudipedia.com, a website that brings cloud computing information to the masses. Since 1995, Virtual Global’s platform technologies have served commercial and federal customers worldwide with enterprise-class IT needs.
NIST Software Security Patent to Help Improve Health IT Privacy
Author: Cloudipedia Editor
Newswise — A computer security invention patented* a decade ago at the National Institute of Standards and Technology (NIST) is now poised to help safeguard patient privacy in hospitals.
The invention—an algorithm that can be built into a larger piece of software—is designed to control access to information systems, and it has attracted the attention of a company that is putting it to use in the health care field. John Barkley, the algorithm’s creator, says the idea could solve one of the pervasive issues in the country’s health care system.
“We think this software will provide dramatically improved security and privacy to patients,” says Barkley, now retired from NIST’s Software and Systems Division and now consulting with Virtual Global, which is commercializing the product. “It solves the problem of overly broad access to patient information, which is widespread.”
Barkley’s efforts stretch back to the 1980s, when the computer tools available for protecting electronic information were poor. Generally, access to information was available to anyone whose name was on a specific list of authorized users, but a large organization might have thousands of restricted files, each with its own access list—making security management awkward. Help came with the creation of Role-Based Access Control (RBAC), in which a person’s job function, not name, was the key to accessing a particular file. However, even RBAC could allow large numbers of people to have unlimited access to information—a particular problem in health care, where it is crucial but difficult to guarantee patient privacy.
“We didn’t invent RBAC, but we wanted to systematize it and standardize it,” says Richard Kuhn of NIST’s Computer Security Division and Barkley’s former supervisor. “While we were working on this, John [Barkley] came up with a way to control access by using RBAC within the context of a lengthy, multistep task, and I suggested he patent it.”
In essence, the patent covers a method of ensuring that access to information is available to those who need it, but only when necessary. For example, at a hospital, the patient admission procedure involves a number of steps, and in each step someone needs access to the patient’s medical records for a specific purpose, like registering the patient or verifying their insurance information.
“Once you’ve been admitted to the hospital, the admissions staff doesn’t necessarily need access to your records anymore. But in many hospitals, those staff members nonetheless continue to have access to every record on file,” Barkley explains. “Using the algorithm we patented, those staffers would only be able to access your record during admission processing. After that, they would find your information unavailable—though the doctor who was treating you would still have access to it.”
NIST released a Small Business Innovation Research solicitation in an effort to find a company to develop a product from the patent in 2008, which happened to be when Virtual Global, Inc., was searching for a way to protect electronic records for its clients. The company purchased the rights to it shortly thereafter and integrated the invention into its “HealthCapsule” cloud platform. Virtual Global is now using HealthCapsule to create a pilot security system for LIFE Pittsburgh, a long-term care facility.
* J. Barkley. “Workflow Management Employing Role-Based Access Control,” U.S. Patent No. 6,088,679. July 11, 2000. Available at http://www.itl.nist.gov/div897/staff/barkley/6088679.pdf
____________________________
Virtual Global, a West Virginia corporation, is a provider of cloud-enabled enterprise IT solutions, including the TeamHost™ cloud platform for building SaaS applications without programming; TeamLeader™, a project management 2.0 software for tracking and reporting on virtual teams in real-time; and cloudipedia.com, a website that brings cloud computing information to the masses. Since 1995, Virtual Global’s platform technologies have served commercial and federal customers worldwide with enterprise-class IT needs.
How To Unlock The Power Of Cloud Computing
Author: Cloudipedia Editor
Katonda News Network, June 29, 2010
So here’s a question: Which IT sector accounts for fully 25% of the industry’s year-over-year growth and, if the same growth trajectories continue, will generate about one-third of the IT industry’s net new growth by 2013? The answer is Cloud Services, according to research firm IDC. Cloud computing is garnering its fair share of industry buzz as well. Its promise of revolutionary cost savings and agile, just-in-time capacity has driven IT organizations at enterprises of all sizes to build cloud deployment strategies into their plans. — Mike Armistead, VP Corporate Development, Fortify Software
The Benefits of the Cloud
Cloud computing is immensely popular with companies and government agencies in search of revolutionary cost savings and operational flexibility. According to industry research firm IDC, cloud computing’s growth trajectory is, at 27% CAGR, more than five times the growth rate of the traditional, on-premise IT delivery/consumption model.
Cloud computing practitioners cite numerous benefits, but most often point to two fundamental benefits:
* Adaptability: An enterprise can get computing resources implemented in record time, for a fraction of the cost of an on-premise solution, and then shut them off just as easily. IT departments are free to scale capacity up and down as usage demands at will, with no up-front network, hardware or storage investment required. Users can access information wherever they are, rather than having to remain at their desks.
* Cost Reduction: Cloud computing follows a model in which service costs are based on consumption and make use of highly shared infrastructure. Companies pay for only what they use and providers can spread their costs across multiple customers. In addition to deferring additional infrastructure investment, IT can scale its budget spend up and down just as flexibly. This leads to an order of magnitude cost savings that wasn’t possible with 100% proprietary infrastructure.
Other benefits of the cloud include collaboration, scaling and availability, but revolutionary cost savings and the almost “instant gratification” offered by the agility of the cloud will be the key contributors to adoption of the cloud.
What is the Cloud?
So much has been written, advertised and discussed about cloud computing, it is appropriate to define the term for common understanding. Cloud computing generally describes a method to supplement, consume and deliver IT services over the Internet. Web-based network resources, software and data services are shared under multi-tenancy and provided on-demand to customers. It is this central tenet of sharing - and the standardization it implies - that is the enabler of cloud computing’s core benefits. Cloud computing providers can amortize their costs across many clients and pass these savings on to them. This paradigm shift in computing infrastructure was a logical byproduct and consequence of the ease-of-access to remote and virtual computing sites provided by the Internet.
The U.S. National Institute of Standards & Technology (NIST) defines four cloud deployment models:
1. Private Cloud, wherein the cloud infrastructure is owned or leased by a single organization and is operated solely for that organization
2. Community Cloud, wherein the cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns, including security requirements
3. Public Cloud, wherein the cloud infrastructure is owned by an organization selling cloud services to the general public or to a large industry group
4. Hybrid Cloud, wherein the cloud infrastructure is a composition of two or more cloud models that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability.
NIST’s definition of cloud computing not only defines HOW infrastructure is shared, but also outlines WHAT will be shared. These service models shift the burden of security accordingly between provider and user:
Software-as-a-Service, or “SaaS”, is the most mature of the cloud services. SaaS offers a “soup to nuts” environment for consumption of a common application on demand via a browser. Typically, the customer controls little or nothing to do with the application, or anything else for that matter, and is only allowed to configure user settings. Security is completely controlled by the vendor. Examples of providers include Salesforce.com, Workday, Mint.com and hundreds of other vendors.
Platform-as-a-Service, or “PaaS”, is an emerging cloud service model. The customer is able to develop applications and deploy onto the cloud infrastructure using programming languages and tools supported by the cloud service provider. They are not able to control the actual infrastructure – such as network, OS, servers or storage – the platform itself. Because the customer controls application hosting configurations as well as development, responsibility for software security shifts largely to their hands. Examples include Google App Engine and Amazon Web Services.
Infrastructure-as-a-Service, or “IaaS”, is where even more of the infrastructure is exposed to multi-tenant users. The cloud service provider provisions processing, storage, networks and other fundamental computing resources. The customer is able to deploy and run arbitrary software, which can include operating systems and deployed applications. Software security in this deployment model is completely in the customer’s hands, including such components as firewalls. Examples include Amazon Elastic Compute Cloud and Rackspace Cloud.
While SaaS gained popularity as an alternative to on-premise software licensing, the models that are driving much of the current interest in cloud computing are the PaaS and IaaS models. Enterprises are especially drawn to the alternative development infrastructure and data center strategies that PaaS and IaaS offer. At this point in time, smaller enterprises seem to have more traction with PaaS, enabling them to rapidly bring websites to market; whereas larger enterprises are more comfortable beginning their cloud deployments with an existing application moved to an IaaS cloud service.
How do we fully realize the benefits of the Cloud?
Realizing the cloud’s benefits is greatly determined by the trustworthiness of the cloud infrastructure – in particular the software applications that control private data and automate critical processes. Cyber-threats increasingly target these applications, leaving IT organizations forced to sub-optimize the cloud deployments containing this software, limiting flexibility and cost savings. Assuring the inherent security of software, therefore, is a key factor to unlock the power of cloud computing and realize its ultimate flexibility and cost benefits.
Recommended approaches to Cloud software Security
According to the Cloud Security Alliance, a not-for-profit organization promoting security assurance best practices in cloud computing, the ultimate approach to software security in this unique environment must be both tactical and strategic. Some of their detailed recommendations include the following:
* Pay attention to application security architecture, tracking dynamic dependencies to the level of discrete third party service providers and making modifications as necessary
* Use a software development life cycle (SDLC) model that integrates the particular challenges of a cloud computing deployment environment throughout its processes
* Understand the ownership of tools and services such as software testing, including the ramifications of who provides, owns, operates, and assumes responsibility
* Track new and emerging vulnerabilities, both with web applications as well as machine-to-machine Service Oriented Architecture (SOA) which is increasingly cloud-based
The key to achieving the benefits of the cloud and to putting the above recommendations into practice is Software Security Assurance, or “SSA”. Recognized by leading authorities such as CERT and NIST, SSA is is a risk-managed approach to improving the inherent security of software, from the inside. There are three steps to a successful SSA program:
1. Find and fix vulnerabilities in existing applications before they are moved into a cloud environment
2. Audit new code/applications for resiliency in the target cloud environment
3. Establish a remediation / feedback loop with software developers and outside vendors to deal with on-going issues and remediation.
To realize the full benefits of cloud computing, organizations must assess and mitigate the risk posed by application vulnerabilities deployed in the cloud with equal vigor as those within their own data center. It is only then that they will be able to take full advantage of Cloud Computing to save cost and increase the efficiency of their business.
By Mike Armistead, VP Corporate Development, Fortify Software
Resources:
IDC on IT Cloud Services
NIST definition of Cloud Computing
Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing v2.1”
____________________________
Virtual Global, a West Virginia corporation, is a provider of cloud-enabled enterprise IT solutions, including the TeamHost™ cloud platform for building SaaS applications without programming; TeamLeader™, a project management 2.0 software for tracking and reporting on virtual teams in real-time; and cloudipedia.com, a website that brings cloud computing information to the masses. Since 1995, Virtual Global’s platform technologies have served commercial and federal customers worldwide with enterprise-class IT needs.
Report: Electronic Health Records Fall Short on Data Integration, Workflow
Author: Cloudipedia Editor
Posted by Loraine Lawson Jun 28, 2010 11:59:33 AM
Health care is so far behind in basics like user interfaces and data integration, that most of the money spent on electronic health records will have to be re-spent later when the technology actually catches up, according to a new report.
InformationWeek delivered this gem of news Friday, summarizing a new report by Crosstree Capital Partners, an investment banking firm specializing in mergers and acquisitions in the life sciences, pharmaceutical outsourcing, diagnostics. Health care IT is expected to become ripe for M&As, according to the report.
If you’d like to read the full report online, a pdf is available on the firm’s site for free download.
The long and short of it is that electronic health records mostly rely on two means of data capture: Typing or image scanning. The report notes that there are much better ways to handle electronic data capture. Also, it notes that the current crop of EHR technology does a poor job of handling workflow.
But given the immediate pressures of government subsidies and the threat of reimbursement withholding:
… EHR will default into the core of integrated Healthcare Information Solution (HIS) infrastructures. Unfortunately, with most of the EHR systems on the market today falling way short in implementing state-of-the-art User Interface or data integration technologies, most of the money spent today will have to be re-spent as the technology catches up with the functional demands. Consequently, over the next 2-3 years radical improvements in User Interfaces (touch, natural language, proximity, etc.), and new wireless-enabled diagnostic and treatment devices will revolutionize EHR products in a painful and costly conversion process pretty much industry wide.
It’s a catch-22 with the funding, really. As I pointed out last week, it’s not like health care was investing in IT without the government subsidies, which are already attracting big tech vendors such as IBM, HP, Intuit, Microsoft and Oracle, to move into health care. Ironically, as these players come on board, the technology solutions will improve, making today’s expenditures obsolete.
Nice, huh?
The report also predicts big things for wireless devices in health care, which should come as no surprise surprise to those of us who’ve watched their doctors fiddle with tiny Palm Pilots over the years. Health Plan News recently featured a short piece on unwiring health care that’s worth checking out. It includes a look at how several hospitals around the world are using wireless technology.
I was also not surprised to read the report’s prediction that health care would trade Blackberries for iPads and other more advanced wireless devices. After watching how my own doctors used technology – or don’t - I’ve thought all along the iPad would be a natural fit for physicians.
______________________
Virtual Global, a West Virginia corporation, is a provider of cloud-enabled enterprise IT solutions, including the TeamHost™ cloud platform for building SaaS applications without programming; TeamLeader™, a project management 2.0 software for tracking and reporting on virtual teams in real-time; and cloudipedia.com, a website that brings cloud computing information to the masses. Since 1995, Virtual Global’s platform technologies have served commercial and federal customers worldwide with enterprise-class IT needs.
_______________________________
About Virtual Global: Since 1995, our technologies have helped commercial and federal customers worldwide with their enterprise IT needs. The DC-area Cloud Team specializes in software as a service (SaaS) engineering using the most advanced cloud platforms and infrastructures: Amazon, Salesforce, Google, and TeamHost™ - our enterprise platform as a service (PaaS) for creating software in less time, risk and cost.