Balancing the act of agility and security in healthcare

Justin Day, CEO of Cloud Gateway by Justin Day, CEO of Cloud Gateway

The WannaCry cyberattack in 2017, which disrupted the NHS along with countless other organisations, was a big wake-up call for the cybersecurity of the NHS and other public sector organisations. The ransomware impacted operations and locked users out of IT systems, forcing the cancellation of thousands of appointments and leaving the NHS with a clean-up bill of £92m. 

Since then, there has been a big drive for improvements in cybersecurity resilience across the NHS.

Yet, this shift factors into the wider battle of transforming the healthcare system’s IT capabilities to become more digital and agile through the use of key technology such as the cloud. 

Both funding and time must be balanced between the two, with security needing to be embedded into the deployment of new digital technologies and not as an afterthought.

With the sensitive nature of all the data the NHS holds, it’s imperative that it can manoeuvre to changing demands as well as maintaining confidentiality, something that can only be achieved with a truly agile and secure network.  

The role of agile networking 

The last decade has seen a surge of new digital tools, including cloud and AI technologies, being used in healthcare. In tandem, huge quantities of data are being generated every day. 

Older legacy systems are struggling to cope with the increasing workloads and data sets being created and so the Government has created several policies such as NHS Digital and Cloud First to ensure support is provided to organisations going digital.

One of the most important transitions for healthcare systems is the leap to the cloud, as organisations seek to become more ‘agile’ in order to adapt quickly to changing demands. 

Traditionally, organisations have been tied to one data centre; being unable to diversify means if one area goes down, the whole network goes down.


Time is precious, but news has no time. Sign up today to receive daily free updates in your email box from the Data Economy Newsroom.

With cloud technology, organisations are able to diversify their data, applications and assets, allowing them to become more flexible and scale up or down based on demand.

Too often companies have jumped the gun and let the solution define its requirements; opting for a cloud package sold by a vendor that isn’t necessarily the best solution for their business.

True network agility, however, can only be achieved by taking the time to choose the best cloud solution for your business in the long-term, be that multi-cloud or hybrid cloud or another mix of cloud platform solutions.

These cloud solutions are perfect for large organisations such as the NHS, who operate at speed and host copious amounts of data, by enabling them to operate a best-for-the-job service without compromising agility. 

Securing healthcare organisations 

While these new technologies bring a wealth of opportunities to improve the healthcare system, it’s important to recognise the importance of mitigating the potential risks when transitioning to the cloud.

From unauthorised system access to mass data loss or complicated network identity management, risks from the use of the cloud form part of the wider cyber threat facing organisations as they go digital. 

As organisations use more cloud solutions, more entry points are created making them more vulnerable and exposed to cyber-criminals than before.

At the same time, as operations become more digital, the risk of shadow IT increases which sees employees evading the IT department to create their own applications and storage outside of the IT mainframe. A lack of awareness of these new entry points can be a glaring security flaw. 

Join the Debate

Time is precious, but news has no time. Join Data Economy’s LinkedIn debate page today and get access to content in real-time.

This can be solved by ensuring visibility is prioritised; cyber-security decisions cannot be made with incomplete data.

A CSO or CISO must have full visibility in order to complete a cyber maturity assessment and then make decisions based on the resulting risk appetite.

Centralising connectivity will ensure the establishment of a single and accurate source of truth, enabling the cyber-security team to monitor exit points and activity as well as the whole network. 

However, this is only achievable with investment into developing, creating and maintaining a cyber-security strategy; only then can cyber-security address root issues such as vulnerable security architecture, poor practice and behaviours and unclear governance, which all lead to risk.

Cyber-security is not just about protecting data, but it maintains the safety and privacy of millions of patients.

Having both a robust cyber-security strategy and contingency plans are key to ensuring that any future cyber threat isn’t as disruptive as the WannaCry attack. 

A balancing act  

Transforming healthcare systems, especially ones with huge amounts of legacy data and infrastructure, is no easy feat.

While new technologies can undoubtedly bring huge benefits, organisations must be careful in ensuring they are choosing the right solutions to best fit their operations, structure and long-term objectives.

With the speed of growth which the NHS is operating at, it’s imperative that an agile and secure network is implemented to ensure that the healthcare system can operate with flexibility whilst maintaining confidentiality. 

Read the latest from the Data Economy Newsroom: