cloud-computing-electronic-lab-notebooks-data-safety - v 01

Cloud servers or dedicated private servers – is your data at risk?

 5 min read

Many labs today are facing the dilemma between a cloud server and a dedicated private server to store the valuable research data.  In this article, we gathered useful thoughts and facts to calm your concerns.

The cloud is a relatively new term in computing, coined because there is not just one server in the basement of your institute, but many distributed servers, metaphorically hovering like a cloud over your city or country.

Local servers

With your good old home server, you have the files stored on your disk, meaning you have full control of who can access your data as they are physically stored at your place. However all this comes at a price. You need to have a specialized IT person employed to take care of the server. In the beginning, you need to buy the server hardware and software. Additionally the running costs for a server are surprisingly high, coming with a hefty electricity bill for server power and cooling. The biggest drawback for “home” maintained servers is uptime. This means that you need to prevent technical faults by replacing various parts of the server hardware, preventing malfunctions and keeping a stable internet connection for the people who are working from home or a separate unit. The server downtime (the time that the server is not in use or not accessible to the internet) costs are calculated per hour for a reason.

If you only trust your local server to store your research results and ideas, you have a valid point, but we must also take into account that there are different types of cloud computer solutions.

 

Differences between cloud solutions

The typical, mass oriented, cloud service for file storage is cheap and widespread. Unfortunately it is inappropriate for storage of sensitive and valuable data. Service providers even claim in their terms of service that they will read your data and can use it if they want. To give an example, one data storage company finds your patent documentation on their cloud, and according to the terms of service, they can use it. They file your patent under their name. Now what? This is a risk no one is willing to take.

The second cloud based service is your typical web email service. I’m sure you use free email services at least for your private communication.  You don’t have to worry, your emails are safe. These services use secure connections and claim they will not read your emails. The encrypted data transfer ensures that the emails are not intercepted along the way, and server storage is safe.

The third, and in case of electronic lab notebooks (ELNs), most interesting option is secure, encrypted cloud data storage. This means that the data is automatically encrypted on your computer or tablet, then it is transferred to the server. The server only receives encrypted data. This guarantees no knowledge of your data from the providing company.

An even more interesting option is Verified Cloud, which is already compliant with legislature regulations and does not require any other user actions for proving that the service follows law and electronic record regulations. Of course secure transitions and data storage is implemented.

Why is data storage moving to the cloud?

” As stated by the Ponemon Institute in their 2015 Cost of Data Breach Study: Global Analysis, 3 main root causes of data breach are: Malicious or criminal attack, system glitch – your IT or business process failure, human error – employees. In their Cost of Data Center Outages 2016 Report, they specify more in detail the root causes of unplanned outages, with UPS (power supply), cyber-crime, accidents and human errors, water/heat failures and weather issues taking the lead. Mistakes by the employees account for 22% while the IT equipment failure is only around 4%. The 2015 Protected Health Information Data Breach Report by Verzion states that when it comes to protected health information for example, lost and stolen assets account for 45% of data breaches, while web applications incidents account for only 1,9% and cyber espionage for 0,3%.” Read full article here

Most of the modern, cloud based ELNs work with encrypted connections and encrypted data. All encryption and decryption is managed client side. This means that you and only you have access to decrypted information, even if somebody else reads the encrypted data stream or stored files, they will only receive gibberish. There are other advantages of running your ELN from a cloud environment. For example, cloud based services are automatically upgraded with virtually zero downtime. No additional service costs and especially no service connected downtime is recorded. In this way, there are no black periods, in which you cannot enter new data or access your experimental data.

“Today, experienced cloud providers’ main aim is to store encrypted data in advanced data-centers with high security to prevent any unauthorized access. You are the only owner of your data and have full control over it. Cloud providers also maintain regular backup of your data and have recovery solutions in place. Also, when your data is safely saved on a secure cloud, you can retrieve it anytime from anywhere if something happens to your local computer. For example, you don’t have to worry about viruses that might affect your computer or backing up the research data you create. Another aspect of security arises when you need to collaborate with team members who work at different labs in different locations. Often there is a need to send different versions of files over email. Cloud can enable you to collaborate with all your colleagues and work on the same files without sending numerous versions around and potentially mixing them all up. Powerful and established cloud providers, such as Amazon, take care of backup and high level security at all times. They have the knowledge to handle the risks and crashes as fast and possible. On the other hand, if anything happens to your institution’s servers right at this moment, how sure can you really be that all your data is safe? And even if you can, in the case of major crashes, if your data is saved in a cloud, the cloud provider will be responsible for it. If your data is on your servers, you’re on your own. Both is good, local or web based, just make sure that when it comes to your data, you are always up to date with the modern security and backup technology.”  T.Pavlek, sciNote LLC

There are also drawbacks of cloud data storage. You don’t physically own the hard disk on which your data is stored. One important aspect is that you always need an external internet connection, while local server instances need only a local network connection.

To summarize

Regarding security issues, there are virtually no differences between cloud and local installations. Secure and verified cloud services often offer a better security portfolio compared to your local server. All data and backups are automatically managed by the cloud service, data transfer and storage is secure and encrypted. All the cloud computers work in a redundancy system which means your data is available to you 100% of the time.

In comparison, local systems are prone to technical faults, security is linked to IT administrators following newest guidelines and updating software. Hackers will often select smaller local systems as their targets, knowing their security is in lesser shape than one of the big cloud providers.

In light of these facts, there is no need to worry about cloud based ELNs and data safety, the only facts that should influence your decision between cloud based versus local server based ELN are your specifics needs:

  • If you need to move large amounts of data over the network very fast, select local server.
  • If you want lower maintenance and IT costs, you should select cloud.
  • If you need easy setup and functionality without the need for an IT specialist, you should opt for the cloud.
  • If you don’t have a stable internet connection from your facility, you should go local.

In IT circles, cloud computing is the future, and we see no reason why it shouldn’t be the future of ELNs be it the smallest or the most advanced and complex projects. People behind cloud based solutions are really passionate and know their field, just like you know yours.

“What nobody wants is to wake up one day and realize that all the data has been deleted and have no idea how to retrieve the data. But this is something that can happen regardless of where you keep your data. All storage devices have their limitations. Nothing is bulletproof. Even the hardware of your PC can crash. So it is good to have backup. Cloud software systems are much better when you need to back up your data. Even in case of larger disasters it is much more likely that you will be able to retrieve your data safely.  Also, the lifespan of disks and hardware is 5-10 years, so if you want to be a good data manager, you would need to change them every 5-10 years or face the increased risk of losing your data. In a cloud however, all this can be automated and a lot of vendors also offer automated backups of your data.  A lot of people are concerned about putting data in the cloud and potential hacking. This is a legitimate concern. Here, it is important to know that there are no hack-proof systems. Any system that is out there can be hacked. That being said, as long as you are saving data on your computer that is connected to the internet, your laptop can be hacked into. So… who am I to say that my personal computer is safer than Amazon servers for example? Amazon probably has thousands of security engineers employed whose single worry is that people don’t hack the data. 10 years ago, the situation was different, but today we do all our banking through the cloud accounts. So the major question here is whether the cloud can be secure enough for us to do science and the answer would be yes.” Klemen Zupancic, CEO sciNote

 

More information:

In addition to highest data security measures, sciNote Premium is keeping the pace with regulatory requirements, such as electronic signatures, even HIPAA compliance etc. If there are regulations your lab needs to comply with, it is worth to check it out.

 

By Blaz Nemec, MSc

 

 

Leave us a comment:

One Comment Published

by María Magdalena Cid , post on 9 March 2017 |

In my research group we have chosen to store our data in the cloud. We hope it is secure at least as our local storage.