@stefano
Exactly.
All critical data should be held locally as primary, and clouds should be for backups and shares. If making cloud as primary, multiple physical connections with different routes should be always kept, if the data there is "critical".

@stefano To support you, when cloud services first arrived, we frontline workers received explicit instructions: no clinical data was to be put on the cloud.
The director of IT changed, the new one had no experience of running the system having gone on an IT course after attaining his management qualifications.
Within weeks a new directive came out, all vital data was to be stored on the cloud as it was more secure.
It was but at peak times it just wasn't available!=> Copies on USB drives!

@stefano So many people are so reliant on things that they ultimately have no control over. I know how to do things the 'old-fashioned' way. I also eschew devices or systems that are needlessly complicated or reliant on technology. Many years ago, I was a programmer - I am no technophile, just realistic. Nothing wrong with following a Satnav, as long as there is a map in the car for when something goes wrong...

@stefano

Putting any kind of stuff on the "cloud" is just setting up fails. The "cloud" is NOT safe. Not only does governments have access, hackers do to.

@stefano thei should have redundancy for the internet access (from two different providers) like most good offices have now.

@stefano

Just another reason to STOP ELON MUSK

@stefano These are the blessings of the cloud. Everyone seems to believe that the cloud is the only salvation. But actually the cloud is only someone else’s server. Sure, you don’t have to buy new servers every few years, but you have to pay for the flexibility, even if you don’t use or need it. It’s not really cheaper and you give up control.

@stefano

@stefano I absolutely fully agree!

@stefano

It’s almost like a decentralized federated system is resilient.

OrSomething ™️

They should used that in places, ‘cause. Maybe even for communications. :ablobgrin:

@stefano hospitals I've worked with usually have back-to-paper drills semi regularly so that a network or software failure won't dramatically impact patient care.

@stefano Absolutely. Not as life critical as your experience but I was the IT manager of a broking house in the City of London. Absolutely everything was backed up, both on site behind fire walls, literal & programmed. We also had off-site secure back ups. We were bombed out by the IRA twice in the eighties, up and running in two hours. Just goes to show & privately, I wouldn't put a damn thing up to the cloud. An 'accident' waiting to happen IMO

@stefano Storing HIPAA stuff on somebody else's computer...who has explicitly disclaimed any liability for the loss or misuse of that information.... What could possibly go wrong?

@stefano Regarding "The Internet connection will eventually be interrupted", I think the litmus test is: ANY ONE THING WILL fail at a random time.

Design your systems and procedures such that you can handle that. Preferably by not even noticing; failing that, without significant disruption by having a tested and practiced alternative.

Electricity. Phone lines. Internet uplink. Computer security software vendor pushes a bad update. Whatever.

If you can handle more than one, that's far better.

@stefano Local also means that you need to have more FTE IT staff in order to deploy, secure, update and monitor. I understand why SaaS vendors like Epic are being used more and more. Budgets vs. redundancy.

Do I like it? No.
Am I justifying it? No.

Just looking at it from a patient that works in security and sees budget problems all the time.

@stefano about 6 years ago a doctor asked me the best way to set up his new office and patients files. I recommended a server that was not connected to the internet to keep his patients records. The program on the web he wanted to use we could basically restyle to suit his needs. He found that idea unacceptable and went with a cloud based company. I often wonder how many times he goes down or needs to tell patients their files have been compromised.

@stefano I couldn't agree more. Choose whichever architecture you wish (IDK -even periodical local copies of cloud repositories if nothing else is available our supported by management) but ask yourself if critical services are really autonomous or else can be brought down by not-so-extreme circumstances and render basic vital information inaccessible. If I depend on a single wire (literally or figuratively speaking) I'm likely to run into trouble.