Feodora - stock.adobe.com

Pros and Cons of Public, Private, Hybrid, Multi-Cloud Architectures

Healthcare organizations must consider scalability and security risks when it comes to choosing between a public, private, hybrid, or multi-cloud architecture.

Whether a healthcare organization chooses to implement a public, private, hybrid, or multi-cloud architecture, the security risks and maintenance costs of each must be considered dutifully.

Cloud computing technologies have experienced tremendous growth within healthcare in recent years due to their scalability. According to Vantage Market Research, the healthcare cloud computing market is expected to reach $128.19 billion by 2028, growing at a CAGR of 18.74 percent from 2021 to 2028.

As cloud adoption and growth continue, organizations must recognize that cloud providers are not immune to cyber threats like ransomware and phishing that continue to plague the healthcare sector. A report from the Cloud Security Alliance (CSA) found that many IT decision-makers incorrectly assume that the threat of ransomware within the cloud is less severe than in a private data center.

Despite these concerns, Tim Beerman, Chief Technology Officer (CTO) at Ensono, predicted that cloud adoption will continue to increase over the next year.

“Being able to take advantage of cloud technology in the right way is going to allow companies to continue to move faster,” Beerman said in an interview with HealthITSecurity.

However, public, private, hybrid, and multi-cloud offerings each come with pros and cons. Healthcare organizations must consider data governance, compliance, capacity, and security when choosing a cloud vendor and architecture.

Public Cloud

Major public cloud providers, such as G Suite, Microsoft Azure, and Amazon Web Services, offer low starting costs and little to no maintenance. Organizations can scale public cloud offerings and increase storage capacity with ease, which makes them a worthy option.

Public cloud providers allow for rapid adoption, innovation, and reach, Beerman explained.

“The ability to move quickly with their self-service capabilities is one of the greatest flexibilities, and that is why people should really look at leveraging those platforms,” Beerman said.

However, this flexibility potentially comes at the expense of security. The built-in security features that public cloud providers use are often not enough to keep sensitive data completely protected. Additional encryption and cybersecurity methods must be used in conjunction with public cloud offerings.

“While you have all that flexibility, you really need to be on top of your game in terms of security,” Beerman suggested. “Things like penetration testing, vulnerability assessments, and best practice audits are crucial.”

Despite rapid growth and scalability, healthcare organizations also must enact basic security measures to prevent phishing and other cyber threats from infiltrating the public cloud. Public cloud adoption must go hand-in-hand with a strong existing security architecture within the organization in order to be truly effective.

Private Cloud

Healthcare organizations may want to engage with a third-party provider or an in-house team to develop a private cloud designed specifically for their organization. Private clouds are hosted on private servers and are much more customizable than a standard public cloud.

Private clouds have steep start-up costs but low maintenance fees, and organizations have the ability to craft security features from the ground-up to ensure compliance and data protection. This is particularly useful in healthcare, where organizations are required to enact certain technical safeguards for protected health information (PHI) under HIPAA.

“Private clouds are self-contained within your four walls, but you may not have the flexibility to take advantage of new development capabilities,” Beerman reasoned.

“You have to have the right team internally that can secure the perimeter and the application itself, along with keeping up with updates.”

While public cloud providers are responsible for patching and updating their services, private clouds require a more hands-on internal approach. If an organization has a strong IT team and data governance practices, the private cloud option could be both beneficial and secure. If not, organizations run the risk of having unsecured or outdated systems due to lack of maintenance.

Hybrid Cloud

A hybrid cloud enables flexibility by taking advantage of both public and private cloud technologies for different purposes. Organizations can take advantage of the scalability that the public cloud offers, while keeping highly sensitive data secure on a private cloud.

The costs are higher than using just a public cloud on its own, but organizations get to use the best of what both the public and private clouds have to offer.

For healthcare organizations, securing PHI is a top priority, so private cloud storage may be an ideal option. For example, with a hybrid cloud architecture, healthcare organizations can safeguard PHI on the private cloud and host their web-based email service on the public cloud.

A potential downside may be a lack of Interoperability between public and private cloud environments, which could stifle workflow.

Using multiple cloud providers is a growing trend across a variety of industries. Recent research from IBM found that only 3 percent of surveyed executives across 28 industries reported using a single private or public cloud in 2021, compared to 29 percent in 2019.

Multi-Cloud

Compared to a hybrid cloud environment, a multi-cloud environment implies that a business is using multiple different public clouds rather than mixing private and public clouds together. Typically, this strategy is used if the organization has a variety of needs that cannot be satisfied by a single public cloud provider.

“Healthcare providers are looking to maximize the benefit of a public cloud platform,” Beerman emphasized. A multi-cloud architecture allows organizations to pick the best features from multiple vendors and store data accordingly.

Choosing a multi-cloud approach also prevents dependence on a single vendor for all the organization’s cloud needs. IBM found that 79 percent of surveyed executives reported that vendor lock-in was a significant obstacle to improving business performance in their cloud estate.

A multi-cloud environment may be more cost-effective than a hybrid cloud environment while allowing for additional scalability.

In a recent report conducted by Sapio Research on behalf of Prosimo, over 60 percent of survey respondents equated consistent security measures with multi-cloud infrastructure success. The results showed that a lack of security is one of the main inhibitors to organizations embracing multi-cloud networking strategies.

Choosing a Cloud Vendor

“It starts with understanding your workloads and your architecture,” Beerman remarked. When choosing a cloud vendor or vendors, organizations must consider the skillsets and talent pool within their organization and determine whether they have the capacity to scale and adopt certain cloud technologies.

Organizations should conduct a thorough internal assessment and determine whether than can manage their cloud environments securely or if they need to engage a third-party service provider to fill in the gaps.

“I would advise clients that for any given application that they choose one cloud platform and stick with it,” Beerman contended.

“Because that's going to give you the most of flexibility and ability to grow that without a lot of changes and a lot of introducing these risks of different things being in different cloud platforms.”

 At the end of the day, there is not a single cloud solution that is a perfect fit for any organization. Using cloud computing technologies can be hugely beneficial for storing data, but healthcare organizations must have baseline cybersecurity best practices in place in order to reap the benefits.

Next Steps

How Cloud-Based EHR Implementations Support Primary Care Delivery

Fostering health AI development with confidential computing

Dig Deeper on Health data threats