Cloud service provider continues to push boundaries
Healthcare institutions are still cautious about adopting cloud technology, but there are good reasons to embrace it when the necessary measures to trust a cloud provider are in place. During its recent analyst and annual summit events in Paris, OVHcloud made a convincing case about why it is a trusted partner for healthcare organizations looking to transition sensitive healthcare data from an on-premises environment to the cloud.
Digital Transformation Calls for Data Stewardship
Digital transformation in the healthcare sector has enabled new models of care delivery, including new forms of diagnosing and treating illnesses. It entails the extension of healthcare delivery into the home, as well as the need to work more collaboratively inside and across healthcare institutions. The underlying ability to share and analyse patient data in digital format has enabled improvements in patient outcomes and allowed practitioners to gain a deeper understanding of the various determinants of health and illness. In short, capturing, storing and accessing patient data safely and securely from multiple locations has become not only an imperative, but a legal requirement. However, it has also brought the headache of ensuring secure and compliant handling of healthcare data, as frequent news of data breaches and ransomware attacks alert us to.
Moving healthcare data to the cloud has become a viable step to tackle these challenges. The notion of the cloud as an extension of the internal infrastructure has fuelled the adoption of the technology in hospitals. So much so, that, for instance, the UK’s National Health Service (NHS) has endorsed hospitals to move sensitive patient data away from their own premises to the cloud.
There are good reasons to do so. Greater data security is one of them, and cloud providers automatically update their software and maintain, patch and secure their infrastructure continuously so that the use of cloud services can mitigate many common risks faced by healthcare organizations. For example, delays in patching well-known vulnerabilities was the reason the NHS was significantly hit by the WannaCry ransomware attack in 2017.
Cloud providers, either directly or through specialist partners, offer backup services and fast system recovery and contribute to more-efficient operations, including cost savings from not having to buy and maintain hardware and software. Other advantages involve the ease with which healthcare institutions can respond to fluctuating bandwidth demands; relevant third-party applications and innovations; robust disaster recovery; and better options for collaboration thanks to data sharing.
Cloud or On-Premises? How OVHcloud Instils Trust
The decision to keep data on-premises or in the cloud is ultimately one about trust, regardless of the industry sector. However, it’s particularly contentious in the healthcare industry, where data is extremely sensitive. Creating trust in a cloud provider requires measures, especially in data sovereignty. Octave Klaba, founder and chairman of OVHcloud, emphasized at the company’s annual summit that the protection of data is a societal commitment (see Instant Insight: OVHcloud Summit, 2019).
To this end, OVHcloud engages on multiple fronts in an approach it calls “trusted cloud”. This spans several important directives, most notably compliance with the General Data Protection Regulation. It also includes adherence to the CISPE Data Protection Code of Conduct. Under this code, infrastructure-as-a-service cloud providers must give customers the choice to have their data, used in subscribed services, located and processed exclusively in Europe, and the supplier will not reuse customers’ data. In addition, OVHcloud complies with the highest security standards — ISO 27001, PCI DSS, SOC, HDS, HIPAA and SecNumCloud. The latter is an attempt by the National Cybersecurity Agency of France, known as ANSSI, to improve protection for public authorities and operators of vital importance, which includes some healthcare infrastructures.
OVHcloud has also been working with the EU to draft a code of conduct on the portability of data and with a group of 69 EU enterprises to develop a platform for solutions and apps based on artificial intelligence. The latter project is built on a framework that respects key ethical principles so that organizations can access and share data transparently while protecting people’s private data. OVHcloud also commits to operating freely from the US Clarifying Lawful Overseas Use of Data Act by fully separating its activities in the US from those in the rest of the world.
OVHcloud Picks Healthcare as Its First Industry Vertical
Until a few years ago, OVHcloud’s operations were entirely industry-agnostic. Given its strong heritage in the field of privacy and cybersecurity and its commitment to be a trusted player, its recent move into the healthcare sector doesn’t come as a total surprise. “Security is in our DNA of paranoia” is how one member of staff epitomized the company’s expertise in all aspects of security.
OVHcloud clearly understands that it’s not enough to claim to be a trustworthy company; it must be able to back this up. This is especially important when looking to win new customers in a highly competitive field. So, OVHcloud started to certify its offerings in the enterprise segment where appropriate, something that has since become a must for players rather than a means of differentiation. In healthcare, OVHcloud became HDS-certified for dedicated servers in private clouds in October 2016. HDS is the French equivalent to the HIPAA requirements in the US. It allows the company to host healthcare data in France, a process that took about two years. SecNumCloud certification attests strict standards and good practices in data security and is important for cloud providers in the healthcare field.
In this way, OVHcloud ticks all the boxes to become a serious force in the healthcare cloud market, especially in France. Following the 2016 French healthcare law mandating that public healthcare organizations within a region cooperate in shared medical programmes to improve patient outcome and curb costs, OVHcloud’s move into this space is well-timed. And its tactics in this sector continue to evolve: in February 2019, the company achieved HDS certification for bare metal servers and it plans to offer Kubernetes support in healthcare by the end of 2020.
A Winning and Competitive Play That Looks beyond France
Selling its offerings through its partner ecosystem has been an important part of OVHcloud’s strategy, and this remains unchanged in its healthcare play. Capgemini, one of its long-standing partners, testified to OVHcloud’s success in the healthcare realm; Jerome Simeon, managing director of Capgemini France, pointed out that OVHcloud’s credentials, as well as its European origins, were instrumental in winning a contract with the French health agency.
As a global player, OVHcloud also wants to spread its healthcare business beyond the French borders. The company clearly presents a competitive choice for other European healthcare clients, being a leading cloud supplier in the continent with a strong and proven record in the French healthcare market. The option to choose where a client’s data can be hosted is an important factor in establishing trust in Europe. OVHcloud understands that this sector is shaped by national regulations, so its plans for setting up data centres that comply with those regulations not only make good sense, but are also competitively savvy. This strategic direction should play well with its partner community and attract potential partners looking to build a relationship with a cloud provider that can demonstrate insight and commitment.
Highlighting the attractiveness of this strategy, OVHcloud signed up AXA in Spain along with technology partner inithealth, the healthcare arm of the Spanish Init Group, to build a platform for AXA offering a digital tool to support its insured customers to make healthy lifestyle choices. OVHcloud won the contract against well-known rivals, most notably Amazon Web Services.
Smart Foundations to Build on
The healthcare industry in Europe has been slow to adopt cloud services, with some countries more sluggish than others. The threat of data breach within a cloud service remains real. Cloud players must provide evidence that they can safeguard a healthcare institution’s data from breaches and ransomware attacks. They must also educate users of cloud services about how to safely use this technology.
OVHcloud has taken the right steps to demonstrate its aptness as a trustworthy cloud provider. Mr Klaba understands the importance of educating the healthcare market, confiding to the audience at its annual summit that “Education is close to my heart, it is the biggest challenge with the digital transformation”.
We will be following OVHcloud closely as it tackles this in 2020 and seeks to maintain a degree of competitive advantage.