All right, so again, I'm at, I'm at the hymns conference. This is recorded on Friday before the hymns conference. So if you want to know how it's going, I have no idea. But I do know that my schedule is completely booked on Fri on Tuesday, , which is today, that you're listening to this from morning until night.

So, , hopefully we'll be capturing some great conversations and airing those on the conference channel for you to listen to. , all right. I put a poll out. We had a webinar a little while back with some healthcare, , security officers, and we asked them about their priorities, and it was a really good conversation.

I decided to follow that up with a poll. And the poll was, is healthcare data more secure in the cloud than on premise? I'll give you the results and then I'm gonna go through some of the comments. So the, the results were 62% said yes, 18% said. 21% said no difference. So 200 votes, , 62% said yes, it is more secure.

And now, , I'm gonna go into the nuance of this, but so are some of the comments here and I'm just gonna give, give you some of 'em cuz there were some really good comments in this. And if you're not participating in our polls, please. Every Monday I put a poll out there. It's only out there for three days and we try to.

You know, just, just a quick pulse on a specific topic, whatever it happens to be. I don't know what Monday's is or yesterday's is because I haven't created it yet, but there will be one out there, , for yesterday. Hit me up on LinkedIn. You follow the poll there? I'm still not putting 'em out on Twitter.

At some point I'll do that, but right now it's just on LinkedIn. All right, so, , is Cloud more secure? Anne Weiler? Who, , , former tech executive, , startup executive and , is with, , I believe with Amazon right now, or aws. They're very distinct. I think she's with aws. , and she had this to say, I was at a major healthcare system a few weeks ago and they had a bulletin board space to pin unknown faxes on it.

And, , you know, it's, You know, it's that kind of stuff. I think that is just, , shows that we have a long way to go in terms of our digital maturity and, , really understanding. The, , risks associated with physical phi, like a bulletin board with factors on it. It's just crazy. , let's see. , Neil Rodrigo Acosta and I went back and forth.

He said, it depends, a misconfiguration in the cloud can be more dangerous than OnPrem, and I agree with. However, I will say this, how is a misconfigured SharePoint different in the cloud versus on-prem? That was my response to him, and he, he came back with Bill Russell, overly permissive access storage, access, misconfiguration, unrestricted, inbound and outbound ports, unlimited access to, , http, https ports, disabled or under configured monitoring and logging, , default credentials for systems.

Which are, it's a great list and I'm not sure it answers, you know, , but, and I came back with this list, like, this list looks like a potential failure in both cloud and on-prem. Educate me on why the cloud or on-prem might be more susceptible to misconfiguration. And he came back with, because a lot of organizations don't invest in cloud security, for example, when a developers are working for an absolution in Absolut, , in most cases they missed that the environment they're working on is Kubernetes or Docker and can be attacked easily.

, this thing is, the thing is that most people tend to believe that cloud is more. Secure than on-prem, but all depends on how you set up your environment. A misconfiguration and access to an S3 bucket, for example, can be disastrous for all cloud solutions. And a hacker can control all the cloud environment if the attacker found a reasonable misconfiguration.

And he goes on, I found, , a very, well, a very well medium that you can read and he shares another story. So, by the way, I'm gonna come back to that because that is, that's the crux. The security is as good as your team sets it up. Now, granted, these organizations, these cloud organizations have huge security teams, but they're, they're not setting up your specific environment and they're not monitoring per se, depending on, you know, who you contract with.

, they're not monitoring your environment. So I'm gonna come back to that. , Joe Diver says, but risk mitigation is key cloud or on-prem, and the practices that must be sustained to keep the data safe must constantly be ahead of the threats internal and external. And, , love that. I agree with that. And Dennis Daley, , actually, , did an interview while he was at the Vibe Conference, and I took this quote from it.

Hackers looked for the path of least resistance. That is on-premise technology today. So this, that was a quote from one of the technical advisors to Snowflake, which is a cloud-based environment, as you would imagine. And he, he talks about the different way they stripe and set up their, , their data structure in a way that if you actually did get in and take some stuff, it's striped.

You'd only get like bits and pieces of the information. It would be hard to. Really make any meaning of the information you would get anyway? , you know, to answer your question, it depends. Cloud-based storage solutions have more options to make it secure and, , I'll stop with this one. That kind of depends on how seriously each of these take their security risk.

And that's what I'm gonna come back to. My So what on this is the cloud is as secure as you make it. It has the security posture that. Place on it. It has the, , you know, you can misconfigure on-prem SharePoint, you can misconfigure, , off-prem SharePoint. You can misconfigure on share data stores. You can, , on-premise data stores.

You can misconfigure, , cloud-based data stores. And yes, the, because of the scale the cloud is, has the potential for a greater. But with that being said, the, the, the risk is the same in that you are exposing your information to the world or you're giving that entry point into your network and into your environment.

I've said this , a couple times on the show, and I used to say this all the time to my team cuz we moved to the cloud in healthcare, , at St. Joe's back in 2012. , or at least we started that journey of, of moving to the cloud, , based on where the technology was at that. And the reality is you cannot outsource, , Now you can outsource parts of security, security monitoring, response, that kind of stuff.

But at the end of the day, the security architecture is the responsibility of the IT team and of the security team that works for the health system. They have to, if they're not doing it themselves, if their hands aren't on the keyboard, they have to direct. The people that are building out the security.

Therefore, you have to have people that understand, , the controls, the frameworks, , the access methods, the, , data flow within the organization. You have to have people that understand that if you don't, you almost have no business running a business. You have no business being in the business of healthcare if you cannot secure your.

Your patient's data is one thing, but also just your data in general. If people can get in to your environment because you haven't taken the time to put the security controls frameworks in place to, to secure your environment, be it on-prem or cloud, , you know, I, I would say that's a, that's almost a form of malpractice if you're listening to this right now and saying, I don't know if we're secure.

That's a form of malpractice. Your job is to now dig into that. If that is your thought, your job is to dig into that and say, okay, how do I, , make sure that we are more secure tomorrow than we were today? I'm not saying it's malfeasance when somebody is breached. It, but it is if you are not constantly making progress because the attackers are constantly making progress.

Again, everybody knows that, but it's important to not, , you know, vigilance is the answer. Vigilance constantly updating your security posture, constantly moving it forward. Is the cloud inherently more secure than on-prem? , but does the cloud have more options for you to be secure? Absolutely, it does.

And do the cloud providers have more tools available to you? Absolutely, they do. And so it's, it's kind of a snower to say the cloud is more secure, or on-prem is more secure, but the cloud is, is there are more options to be secure in the cloud. I believe that, in fact, the case I made back in 20. When people were saying the cloud is not secure, I was saying essentially we have to move to the cloud because I believe we can be more secure in the cloud.

And I still believe that today, not necessarily that the cloud is more secure, but we can be more secure by using cloud-based technologies. That's my thought. And that's all for today. If you know someone that might benefit, by the way, if you have a question, shoot it to me, bill at this week, health.com.