Focus on threats, not just ROI of virtualization

The vulnerabilities of a virtual infrastructure are real, but they often are overlooked while healthcare leaders focus on the return on investment (ROI), says Eric Chiu, founder & president of HyTrust, a company in Mountain View, CA, that specializes in access control for data.

"Healthcare companies are not focused on the security aspects of virtualizing patient health information, but are focused on the ROI aspects," he says. "They're treating the virtual environment the same way they did the physical data center, so they're securing networks and applications, but they're not securing the underlying technology that all of those applications are sitting on top of."

Chiu says it is only a matter of time before a hospital or health system reports a major breach through its virtualization layer. "Only about 15% of these kind of breaches are done because of a conflict like someone being fired. Most of it is done for personal gain or wanting to expose information like was done with Wikileaks," Chiu says. "The admins can go in and, with the access and free rein they have in the environment, they can steal all sorts of data and never be detected."