Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×

69 comments

Sorry! There are no comments related to the filter you selected.

1.3 million? (1)

SimonTheSoundMan (1012395) | about 3 years ago | (#36660630)

I thought the NHS had 61 million users?

Re:1.3 million? (1)

Chrisq (894406) | about 3 years ago | (#36660676)

I thought the NHS had 61 million users?

Perhaps its talking about the addiction units.

Re:1.3 million? (0)

Anonymous Coward | about 3 years ago | (#36660680)

Users = terminal users not patients

Re:1.3 million? (1)

tendrousbeastie (961038) | about 3 years ago | (#36663342)

Surely some of those are chronic users.

Re:1.3 million? (1)

SimonTheSoundMan (1012395) | about 3 years ago | (#36660696)

Ok, now that I have RTFA. It's on about people operating the internal network, not the cloud based systems like http://slashdot.org/story/11/06/28/2024221/British-NHS-Patient-Records-Go-To-the-Cloud [slashdot.org]

Really both part of the same system though. All data about myself on the internal network I can view on the NHS web site.

No, they are literally moving to the clouds (0)

Anonymous Coward | about 3 years ago | (#36660682)

NHS will now hover over Europe. It's the only way to be safe from the groundbased germs.

Re:No, they are literally moving to the clouds (0)

Anonymous Coward | about 3 years ago | (#36661308)

How fucked will people be if another Icelandic volcano ruins European airspace again?

Bravo. (3, Interesting)

John R. Isidore (2330334) | about 3 years ago | (#36660684)

Nothing more secure than putting confidential information online.

Re:Bravo. (0)

Anonymous Coward | about 3 years ago | (#36660802)

No, but this would be a 'private cloud' so it would be outsourced to a 3rd party company.

It would make sense that acompany specialising in security outsourcing would know more about good security practices that a health care organisation.

Re:Bravo. (3, Informative)

tmosley (996283) | about 3 years ago | (#36660994)

Isn't a "private cloud" just another word for "stored offsite".

Sounds like some foolish .gov.uk got buzzworded into distributing more tax dollars for something they already had.

Re:Bravo. (1)

Skapare (16644) | about 3 years ago | (#36661080)

Isn't a "private cloud" just another word for "stored offsite".

Sounds like some foolish .gov.uk got buzzworded into distributing more tax dollars for something they already had.

It's another word for "stored somewhere you cannot audit".

Re:Bravo. (1)

jellomizer (103300) | about 3 years ago | (#36662156)

Why? Do you think all cloud services are equal? Stop think in terms of consumer products.

Re:Bravo. (1)

cHiphead (17854) | about 3 years ago | (#36662650)

Stop thinking a handful of offsite computers that share processing power in any way provides you more security than a self run virtual machine cluster (or anything near the performance of dedicated iron).

Re:Bravo. (2)

0123456 (636235) | about 3 years ago | (#36661100)

Isn't a "private cloud" just another word for "stored offsite".

But much shinier.

Re:Bravo. (1)

dkf (304284) | about 3 years ago | (#36661216)

Sounds like some foolish .gov.uk got buzzworded into distributing more tax dollars for something they already had.

It's "tax pounds". Same foolishness, different currency, different taxpayers.

Re:Bravo. (1)

tmosley (996283) | about 3 years ago | (#36661456)

Some people pay their taxes in dollars and hope they don't notice, you insensitive clod!

Re:Bravo. (0)

Anonymous Coward | about 3 years ago | (#36661538)

My money is in Swiss Francs to avoid taxes you insensitive clod!

Some others do opt for Cayman Islands dollar though.

Re:Bravo. (2)

gstoddart (321705) | about 3 years ago | (#36661564)

Isn't a "private cloud" just another word for "stored offsite".

I always thought 'private cloud' meant 'file server', but new-hotness buzzword-compliant. ;-)

Re:Bravo. (1)

Attila Dimedici (1036002) | about 3 years ago | (#36662506)

Isn't a "private cloud" just another word for "stored offsite".

I always thought 'private cloud' meant 'file server', but new-hotness buzzword-compliant. ;-)

Close, it actually means "file servers". Without the plural you can't call it "cloud".

Re:Bravo. (1)

gstoddart (321705) | about 3 years ago | (#36662610)

Close, it actually means "file servers". Without the plural you can't call it "cloud".

Maybe true, but given a large enough server, or a properly configured cluster ... the term 'private cloud' is reduce-able to "what IT does now".

And, I'm not convinced 'cloud' precludes "one or more" from being in the definition, in which case we don't need plurals. The cloud could, in fact, be a single machine and it wouldn't make much difference.

To me, it's an utterly meaningless term, unless you actually build your own private cloud which is distributed across sites and actually has any of those characteristics. Otherwise, it's any server we've already been using.

Re:Bravo. (1)

biodata (1981610) | about 3 years ago | (#36661294)

Who wants to bet on whether it will actually be secure, or whether it will go to an American-owned corporation, hence subject to eavesdropping by the US government, and subsequent leaking of details to relevant US industrial interests, such as insurance companies?

Re:Bravo. (0)

Anonymous Coward | about 3 years ago | (#36713706)

Unfortunately government IT projects (that includes the NHS) usually get outsourced to a bunch of incompetents.

Down with Con-Dem attacks on the workers! (1)

For a Free Internet (1594621) | about 3 years ago | (#36660710)

Break with Labourism! For a revolutionary internationalist workers party!

Good Idea?? (3, Insightful)

DaMattster (977781) | about 3 years ago | (#36660744)

I don't think moving data to a cloud for security is really a good idea. How is security really improved when essentially stuff it moved to "public storage?" Maybe a private cloud?? I would say it is weakened. This is just what groups similar to LulzSec and Anonymous really want.

Re:Good Idea?? (0)

Anonymous Coward | about 3 years ago | (#36660774)

It's all spin marketing pr bollocks. What do they exactly mean by this? What exactly have they done?

Saying it has moved to the cloud is like when people who draw network diagrams just draw clouds to represent whatever gets data form A to B. It's a completely meaningless statement.

Re:Good Idea?? (1)

John R. Isidore (2330334) | about 3 years ago | (#36660908)

Because clouds are fluffy and airy and magic and untrappable; how would hackers ever hack into a cloud?

What? That's not how it works?

Re:Good Idea?? (2)

Pope (17780) | about 3 years ago | (#36660976)

Apparently, clouds develop big holes when you fly planes through them.

Yes: Good Idea! (0)

Anonymous Coward | about 3 years ago | (#36664852)

Because clouds are fluffy and airy and magic and untrappable; how would hackers ever hack into a cloud?

Back in the 1990's I had a summer job as a student working in our local NHS hospital's records department and they were starting to digitize the patient records then (although the main idea then was to distribute them around the hospital not further afield). Based on the complete, total and even frightening ignorance of the hardware and software system by the permanent "IT" staff I'd say centralizing the records and hiring even vaguely competent IT staff to manage it would be a huge improvement....unless of course they plan to operate it with the same staff!

Re:Good Idea?? (2, Funny)

Anonymous Coward | about 3 years ago | (#36660990)

They aren't moving their data to a cloud, just their web filtering tasks.

Re:Good Idea?? (0)

Anonymous Coward | about 3 years ago | (#36661184)

cloud&&security==oxymoron

 

Re:Good Idea?? (1)

berashith (222128) | about 3 years ago | (#36661254)

I am certain that you could access the data from many locations, and that it was stored in remote locations most of the time you accessed it. The only change here could be consolidation to less sites. Security could actually be raised depending on the current rules around access and information sharing between the many sites. Cloud is a buzzword

Re:Good Idea?? (1)

dkf (304284) | about 3 years ago | (#36661266)

How is security really improved when essentially stuff it moved to "public storage?"

The scary thing is that it might actually improve security, for all your (quite valid) concerns. Healthcare professionals are not always best known for getting security right with paper records or single-hospital databases.

Re:Good Idea?? (1)

NeutronCowboy (896098) | about 3 years ago | (#36661830)

What they're figuring is that for what they're planning, they need people to have lots of access to data stored in a datacenter. Does it really matter who administrates that data center? Forget about "moving to the cloud" for a second, that's just marketing speak. What they're actually saying is that they're outsourcing the maintenance of their hardware and primary application stack to someone else. Whether the NHS owns the data center or not is completely irrelevant in this scenario.

To some extent, this might actually be a security move. Who do you trust to have more experience with providing secure hosting: the NHS or Amazon? Exactly.

Re:Good Idea?? (1)

jimicus (737525) | about 3 years ago | (#36662342)

They're not moving any data to public storage. This is a service that you essentially proxy all your Internet traffic through and you can then apply various rules to the traffic that goes through it to detect and block anything that looks like it shouldn't be there.

You've been able to buy appliances that do something like this for some time, the only difference here is that you don't get the appliance, you route your traffic over the provider's systems instead.

Re:Good Idea?? (0)

Anonymous Coward | about 3 years ago | (#36662488)

Maybe a private cloud?? What's the difference between a Private Cloud and your data center ?

Re:Good Idea?? (1)

AmberBlackCat (829689) | about 3 years ago | (#36666140)

I'm pretty sure "private cloud" is an oxymorn, at least by the original definition. It's supposed to be about peer-to-peer distributed storage and computing. Of course by the new corporate definition, it's just outsourcing your storage. So I guess they're just saying some private company is going to get government money to store the data instead of the government using its own equipment.

Opted out... (2)

Anonymous Brave Guy (457657) | about 3 years ago | (#36660788)

Now I remember why I opted out of letting my GP push my medical records to the Big Central Database.

Hopefully, that will still apply here.

Re:Opted out... (0)

Chrisq (894406) | about 3 years ago | (#36661162)

Now I remember why I opted out of letting my GP push my medical records to the Big Central Database.

Hopefully, that will still apply here.

Too late. News of your condition [wikipedia.org] has already leaked out onto the web.

Re:Opted out... (0)

Anonymous Coward | about 3 years ago | (#36661248)

+1, Informative

Re:Opted out... (0)

Anonymous Coward | about 3 years ago | (#36661226)

I opted out too. Who do we sue if private medical records should, nonetheless, be leaked online? I set my price for public disclosure at a reasonable 5 million pounds, there's 60 million people in the UK and I for one will want paying in something of value rather than fiat.

Seriously, who underwrites the public liability insurance for Zscaler? Where is this wealth coming from?

Oxymoron (1)

Anonymous Coward | about 3 years ago | (#36660844)

Isn't "cloud-based security model" an oxymoron, or at best a non-sequitur?

Re:Oxymoron (1)

TheGratefulNet (143330) | about 3 years ago | (#36661230)

shhh. that's the joke. we're all secretly grinning, here, as we see clouds as you do: untrustable and worthless for really important or private (or both!) information.

lets hope that the 'cloud experiments' all the fools are doing these days backfire, just one huge time, enough to teach the morans not to put sensitive info on data domains that you don't directly own and control yourself.

all we need is a couple of really bad embarassments for top level officials for their short-sighted support of 'things cloud' to end their course. sooner the better, please. anon and lulzs: get to work! this is what we're [not] paying you for! get to work so that an end is put to this 'push everything to the cloud' before it gets really out of hand.

Re:Oxymoron (0)

Anonymous Coward | about 3 years ago | (#36665870)

all we need is a couple of really bad embarassments for top level officials for their short-sighted support of 'things cloud' to end their course. sooner the better, please. anon and lulzs: get to work! this is what we're [not] paying you for! get to work so that an end is put to this 'push everything to the cloud' before it gets really out of hand.

Alas, they'll never learn. Even after Google gets broken into. Twice. The technically crippled buzzword bingo-playing junior execs will continue to upload spreadsheets to Google docs, all the while saying "Surely our own IT department isn't as secure as Google's!"

Re:Oxymoron (1)

Skuld-Chan (302449) | about 3 years ago | (#36661258)

Its not really - I mean can you honestly say your IT organization is more secure than Google's?

Re:Oxymoron (2)

biodata (1981610) | about 3 years ago | (#36661330)

Yes, definitely. I can unambiguously state that my organisation is not legally bound to disclose any and all of my data to the US government if asked to do so.

Re:Oxymoron (0)

Anonymous Coward | about 3 years ago | (#36663104)

Yes, definitely. I can unambiguously state that my organisation is not legally bound to disclose any and all of my data to the US government if asked to do so.

I don't think the UK's NHS is either. On the other hand, the NHS is the government of the people it has data on, so this comment is completely irrelevant to the topic being discussed.

Re:Oxymoron (1)

biodata (1981610) | about 3 years ago | (#36664316)

The NHS isn't the government any more if they put the data on the servers of an American contractor, they are just another pipe.

Re:Oxymoron (0)

Anonymous Coward | about 3 years ago | (#36664334)

Too many thought processes getting cloudy and they too often come with a light show with lots of noise. Expect it to rain on their parade soon possibly turning freezing.

Oxymoron (1)

arglebargle_xiv (2212710) | about 3 years ago | (#36660886)

Isn't moving to the cloud for security a bit like moving to heroin to deal with your nicotine addiction?

Re:Oxymoron (1)

Attila Dimedici (1036002) | about 3 years ago | (#36662570)

Isn't moving to the cloud for security a bit like moving to heroin to deal with your nicotine addiction?

It is much more like moving to heroin to deal with your morphine addiction.

The Sephiroth (-1)

Anonymous Coward | about 3 years ago | (#36661000)

I reckon all these cloud stories would sound so much more better if we replaced the term cloud with sephiroth:

"The NHS, one of the biggest public sector organisations in Europe, is to use a sephiroth-based security model to protect its 1.3 million users. This comes amidst a big move to the sephiroth in the UK public sector."

See, isn't that just so much cooler! Who wouldn't want a "sephiroth-based security model"?

Before somebody says it; yes, cloud wouldn't want one.

Moving to "the cloud" for security... (1)

Jane Q. Public (1010737) | about 3 years ago | (#36661382)

... is like moving to Seattle for the nice weather. WTF?

Moving To Cloud For Security (2)

LSD-OBS (183415) | about 3 years ago | (#36661404)

Like fucking for virginity

Re:Moving To Cloud For Security (0)

Anonymous Coward | about 3 years ago | (#36663460)

We at AntiSec will have a field day with this.
Just wait. For some epic lulz!
(Oh wait, we're not supposed to do it for the lulz anymore.)

Re:Moving To Cloud For Security (0)

Anonymous Coward | about 3 years ago | (#36665018)

If you have a better way for making virgins, let me know.

Re:Moving To Cloud For Security (0)

Anonymous Coward | about 3 years ago | (#36665582)

Hiding your wallet on the dashboard.
Huffing glue to clear your head.
Watching television to get in shape.
Drinking sand to quench your thirst.
Smoking cigarettes for a cardio workout.
Moving to the cloud for security.

Counterintuitive (1)

drcln (98574) | about 3 years ago | (#36661468)

Its counterintuitive, and that is why it will work.
No one would think to look for confidential information "in the clouds?"

Of course!!! (1)

koan (80826) | about 3 years ago | (#36661780)

The "Cloud" is synonymous with security, it makes perfect sense.

How Patriotic (0)

Anonymous Coward | about 3 years ago | (#36661834)

Presumably this is so that the US government has escrow (as Microsoft have recently advised us all that the US Patriot act applies to all US companies that are cloud providers irrespective of where they are doing business) and can empower any American insurance corporations and pharmaceutical companies who wish to undermine both non-profit healthcare and British research companies.

I smell BS (0)

Anonymous Coward | about 3 years ago | (#36661998)

The nature of the cloud is less security. You're trading free storage for big brother / big corp to get a free peek of your data that's it. This story was generated to make people believe that somehow cloud = secure. Complete BS

Culturally Incompatible (1)

Gonoff (88518) | about 3 years ago | (#36662164)

The NHS is set up clearly and specifically for reasons of public health. As soon as it allows a US private company "inside" we have a problem.

The only people working in or for public healthcare should only be interested in public healthcare. Money, IT, politics etc should be tools to get the job done without that aim being comnpromised.

If only...

Re:Culturally Incompatible (0)

Anonymous Coward | about 3 years ago | (#36664494)

Funny, it may have been set up for reasons of public health, but in reality it seems to be a bottomless honeypot of government aid for all the lazy, negligent and/or incompetent quacks that can't make it in the private field.

Re:Culturally Incompatible (0)

Anonymous Coward | about 3 years ago | (#36676086)

I think you are reading too much of certain types of "newspapers".

A lot of people who work in healthcare would not even consider working in the private sector. This is not because they can't. It is because they really do care about what they do. Even the consultants who do both could actually make more money by ditching the NHS and going entirely private. Why don't they? The answer, in case you are not clear is they really really do very much give a s**t about their work.

In conclusion, you seem to be uninformed on the matter. Go and talk to someone who works in the NHS, before government "reforms" do even more damage and committed staff are further disillusioned by parachuted in managers who don't even know what the NHS is for.

So much hostility to the "cloud"... (1)

bjk002 (757977) | about 3 years ago | (#36662422)

...on a tech rag no less. I wonder why? Is it really so difficult to understand that specialists can manage a network system better than a couple Bob's from the local community college?

If you have a web-based app stack and offer that to your employees, what is the difference between your company having a bunch of techies trying to run a shop like Google would, or actually letting Google run it for you?

I can see some reluctance from non-US companies, but for any U.S. based company, what is the difference?

Re:So much hostility to the "cloud"... (4, Insightful)

Attila Dimedici (1036002) | about 3 years ago | (#36662724)

At least part of the hostility is due to the fact that the term "cloud" is a buzzword that obfuscates the meaning of a phrase rather than making it clearer. If a company or organization is going to outsource its IT (or some part thereof), that is fine and in many cases may be a good idea. However, "outsource" has become a "bad word", so many organizations try to find some other word to use that does not raise such negative emotions.
Techies tend to be people who like clear, concise communication, even if they are often not good at it because they overlook the emotional content of what they are saying.

Re:So much hostility to the "cloud"... (1)

Em Adespoton (792954) | about 3 years ago | (#36663704)

In summary, techies don't like it when people use buzzwords to cloud the issues.

This may turn out to be a disaster. (0)

Anonymous Coward | about 3 years ago | (#36665220)

Based on how the previous NHS IT projects went... I predict a huge failure.

I believe they managed to spend multiple billion pounds on the previous system and it still isn't up and running. They tried it at St George's and it still has issues.

Cloud security has already failed in the NHS (1)

ChumpusRex2003 (726306) | about 3 years ago | (#36665968)

'Cloud' security has already been used extensively in the NHS. It was mandated for the 'standard' installations of PACS (X-ray viewing) and a number of other results reporting systems. It has been a catastrophic failure.

Some of the bugs that I've seen:
1. No caching of user credentials. If the WAN link, or remote server is unavailable - no login is possible. Result: total inability to access critical systems.
2. Caching of user credentials added to system. Result: doesn't work. Catastrophic regression bugs leave login near impossible even when WAN link available.
3. Barely tested 'pre-alpha' quality software. Constant crashes of the login client software. Usually requiring a hard reboot (power off), as several system services hang and block a clean shutdown.
4. Very slow authentication. Up to 2 minutes for a login to be authenticated. Result: Unusable in busy environments e.g. ER.
4b. Consequence of 4: Shared logins condoned by IT and explicitly recommended by senior management.
4c. Consequence of 4b: Medical notes are attributed to the wrong doctor/nurse and feedback of medical errors is given to the wrong person.
4d. Further consequence of 4b: Abuse of records systems to access confidential medical records of 'celebrities'. Random people ended up disciplined, but no formal action was taken as 4b had been officially sanctioned at senior level.
5. No local information about login failure. If there was a credential problem, there was no way for local staff to investigate the reason for login failure. Faulty credentials could take days or weeks to rectify.
6. No local administration of user permissions. If the national policy did not explicity allow a particular staff group to use a function, they could not use it, and there was no possible way to override it. E.g. only system administrators were permitted to change the brightness contrast with which an X-ray image could be displayed. If a doctor wanted to brighten an X-ray because it was too dark; or wanted to examine the lungs on an X-ray taken for the spine; they could not do it. Local administrators couldn't fix this. National administrators stuck to policy, which was for annual reviews of role permissions. Numerous (too many for me to count) mandatory, and medically essential features, were locked out in this way for 12 months, until the next annual review.
6b. Similar draconian restrictions remained in place for local administrators, and vendor tech support. Local administrators had no way of 'hiding' or 'deleting' an X-ray, mistakenly saved in the wrong patient file. If someone made a mistake and put the wrong name on, the local admin had to raise a support ticket with a national administrator who would authorize the vendor to rename the image - in the meantime (several days) the image would be visible in the wrong patient's file, causing substantial confusion. Similarly, vendor tech support were denied access to debug logs and other key features - as a result, bugs and misconfigurations were near impossible for them to fix.
7. Local administrators had no ability to authorize new users to the system. Temporary staff (to cover sickness), or new hires would have no access to the system, until they could get an appointment to visit the regional office for the national administration (many miles away, and appointments could take a week or more). The national admin staff insisted on sight of passport and 2 other forms of ID, national insurance number, 3 proofs of address, application forms countersigned by employee, immediate manager, IT manager and HR. If any one of these documents was missing - result, no login credentials.
7b. When login credentials expired after 12 months - guess what. Same thing again. Appointment for a week's time. Trip across the city, briefcase full of valuable ID documents.

These were just a few of the problems that users of the NHS 'cloud' security system faced. It was absolute chaos.

I'm now a member of an IT users group, and together we have developed recommendations for template tenders and contracts for individual NHS hospitals/doctors surgeries to use for procuring new IT systems. One of the key recommendations we make is that 'All security and authentication services must be provided locally, with full local administration.'

Re:Cloud security has already failed in the NHS (1)

arglebargle_xiv (2212710) | about 3 years ago | (#36670216)

'Cloud' security has already been used extensively in the NHS. It was mandated for the 'standard' installations of PACS (X-ray viewing) and a number of other results reporting systems. It has been a catastrophic failure.

Is any of this documented anywhere? Sounds like a good lessons-learned experience for other countries looking at going down this path.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>