Less than a third (30%) of NHS trusts have adopted public cloud solutions, according to a survey obtained by IT management software provider SolarWinds via a Freedom of Information (FOI) request.
This is despite the Government’s 2013 Cloud First policy recommending that ‘public sector organisations should consider and fully evaluate potential cloud solutions first before considering any other option.’
More recently, an NHS Digital guide, called NHS and social care data: off-shoring and the use of public cloud services, outlined how to implement cloud computing services.
It stated that ‘NHS and social care organisations can safely locate health and care data, including confidential patient information, in the public cloud including solutions that make use of data off-shoring.’
Currently, the NHS’ data solution is heavily dependent on traditional data centres. While these are less reliant on maintaining an internet connection, the isolated and static nature of data centres makes them susceptible to damage from accidents, theft, or vandalism.
A cloud solution, by contrast, divides and duplicates data across multiple locations, ensuring there is always a backup. A public cloud is managed and hosted by the provider, as opposed to a private cloud which is managed internally.
They can often be more efficient and cost-effective than traditional data centres.
The survey, which received 160 responses from the 227 NHS trusts, also found that 79% of NHS respondents do not plan to migrate everything to the cloud.
This apprehension could be attributed to fears that the cloud is more susceptible to a virtual attack. While cloud solutions are not inherently unsafe, incorrect management at the user end could make data vulnerable.
The survey also suggested NHS trusts did not believe it would provide a return on investment, with just 17% believing it would provide value for money.
“While not surprising, the results suggest that public sector users, particularly those handling sensitive data, have yet to be convinced that the public cloud is an integral tool that can provide considerable ROI,” said Paul Parker, chief technologist, federal and national government, SolarWinds.
According to the survey, one of the key barriers to cloud adoption is outdated technology, with 53% citing it as the biggest obstacle.
Failure to update system patches on legacy technologies made last summer’s WannaCry malware attack possible, and the lack of a cloud-based system meant there was no backup to potentially mitigate the damage. According to the National Audit Office, more than a third of trusts in England were disrupted.
“The public sector needs tools that can combine the monitoring and management of on-premises and cloud infrastructure, including legacy technology, in a way that clearly demonstrates system performance and ROI potential,” added Parker.
“Without this, it will be near impossible to achieve the cost-efficiency and data fluidity that the government is aiming for with the Cloud First policy.”
Despite the survey suggesting NHS trusts are slow to adopt public cloud solutions, on 19 February NHS Digital announced plans to integrate internal emails with Microsoft Office cloud.
While public cloud solutions are mandatory for central government departments, the survey found that just 61% of them have adopted any level of public cloud in their organisation.
“A policy without penalty is relatively meaningless,” said Parker. “To go along with that policy there should also be mandates, and there should be some sort of penalty for organisations not making that transition.”
Hospital Management.net contacted NHS Digital for comment but did not receive a response at the time of writing.