Balancing agility and security in healthcare

18 May 2020

Business leaders have been looking to cloud technologies in order to enable remote working and also to provide flexibility as we all tackle how businesses might operate moving forward. However, between private networks and legacy technology, the public sector faces a mammoth challenge. In particular, the NHS, which operates on a huge scale, provides 24-hour critical healthcare services, and deals with massive amounts of data on a daily basis, has been put under incredible strain during this time. 

Adopting new technology into a large, legacy heavy organisation, while continuing 24 hour operation is no small task. The challenge now facing the NHS is how to deploy an agile network to help enable the adoption of digital technologies, and relieve some of the pressures on the organisation, whilst also prioritising cyber security across the healthcare system to mitigate against potential risks. 

Cloud First

Even before the pandemic, the demand placed on NHS services has increased year-on-year. To ensure that the additional workload could be handled, the Government launched policies recommending the adoption of technology such as cloud and AI to drive digital transformation. 

One of the policies, ‘Cloud First’, was introduced in 2013 to formally prioritise the use of cloud technology. The key aim being to achieve cost savings and improved efficiency. Adopting cloud platforms will allow healthcare organisations to store applications and systems based on suitability. It will allow the NHS to operate an agile network, meaning it will be able to be more flexible to scale up or down as needed. 

Unfortunately, adopting cloud technology isn’t quite as simple as a few quick steps, especially when considering legacy technologies. The key to harnessing the benefits of the cloud is picking the right cloud platform for the business need, not just the most popular brand, or the cheapest package. See more on this in a recent blog, Stop Letting Solutions Define Requirements.

The role of an agile network 

Challenges that healthcare organisations are facing in this move to cloud include the historic use of the shared private network, N3, which was designed before the advent of cloud, and questions around if and how legacy applications will continue to function. The use of cloud applications will complicate cyber security boundaries. 

NHS Digital has led the introduction of the Health and Social Care Network (HSCN) as the successor to N3 and as part of the wider NHS strategy that focuses on the use of infrastructure to improve services and patient outcomes. As a unified private network, the HSCN provides public connectivity to the internet allowing users and entities on the data network to access and share information more efficiently and easily. 

Cloud platforms will allow the NHS to diversify data centres, hosting applications and data in a choice of appropriate locations. Typically, having only one data centre prevented diversity and risked network-wide blackouts if one area failed. The HSCN is providing a suitable stepping stone to better resilience and availability, and ultimately greater agility in the organisation. 

What about cyber risks? 

With all the benefits which cloud technology can bring, there still needs to be an assessment of risks associated with any new technology. The reality is that more technology means more entry points – which means more risks to the cyber security of the organisation. As we’ve seen over the last couple of months, from data breaches to unauthorised system access, cyber criminals will be looking for weaknesses to exploit.

The WannnaCry cyber attack in 2017 showcased how damaging a cyber threat can be. The ransomware locked users out of IT systems, in turn disrupting critical healthcare services and resulted in a huge bill of nearly £100m. While diversifying the network will help prevent such an issue occurring again, investment in cyber security resilience must be prioritised. This will allow cyber security professionals to address core issues such as unclear governance, vulnerable security architecture and poor practice to root out potential risks. As we saw with WannaCry, cyber security isn’t just about data breaches. A proper security assessment will help maintain the safety and operations of patient-facing critical services. 

What are your priorities?  

Achieving a secure agile network is a challenge that can’t be completed quickly, especially with such a large, legacy heavy organisation such as the NHS. While introducing new technologies will bring important benefits to the healthcare system, it can only be adopted in a secure, stage-by-stage process to ensure that corners aren’t cut. Prioritising cyber security is hugely important, as is choosing the correct technology solutions for the organisation. 

The NHS operates at scale and once a secure, agile network has been established, it will pave the way for the increasing use of digital tools to further improve healthcare services and patient outcomes.

cloud infrastructure
Cyber security
The Agile Network
Cloud Gateway