#terremark

Health Insurance Portability and Accountability Act security requirements were established for physical infrastructure, not virtual and cloud environments.

Health care facilities that store personal health records have traditionally followed prescriptive guidelines on segregating sensitive patient data on separate servers. While other industries were moving to the cloud, many health care organizations stayed behind, believing that a cloud provider could never offer a Health Insurance Portability and Accountability Act (HIPAA)-compliant data center.

Gina Narcisi of TechTarget recently interviewed Dr. Peter Tippett, chief medical officer and vice president of Verizon's health care solutions group. Dr. Tippett discussed the two HIPAA-compliant data centers offered by Terremark Worldwide Inc., the cloud services subsidiary of Verizon. These new cloud services comply with privacy and security requirements, guaranteed by a HIPAA Business Associate Agreement.

Gina Narcisi, TechTarget: How would a cloud provider develop a HIPAA-compliant data center? Does it begin with physical infrastructure, or policy?

Peter Tippett, Verizon: For [Terremark], it's about policy. We took two of our largest and most robust existing data centers -- located in Miami and Culpeper, Va. -- that already hosted top-secret data and altered the policies slightly to map to the kind of privacy and security needs customers [require] to ensure compliance with HIPAA. We put all the employees in those facilities through HIPAA training, and worked with lawyers to determine whether we could sign a HIPAA Business Associate Agreement with any customer doing hosting, cloud computing or colocation with us.

TechTarget: How exactly will the HIPAA Business Associate Agreement be used between Terremark and the health care customer?

Tippett: Any entity -- like a hospital or insurance billing company -- that comes in contact with personal health record data has to sign a HIPAA Business Associate Agreement that spells out who, and when they will be responsible for ensuring privacy and security of certain data.

Our Business Associate Agreements with our new cloud offerings -- Enterprise Cloud, Enterprise Cloud Express Edition and Enterprise Cloud Private Edition -- will carry more liability on our side than if the customer was doing standard hosting with us.

TechTarget: What is Terremark doing in their HIPAA-compliant data center that differs from what other providers do in their secure data centers?

Tippett: The main thing is the security is extremely well documented and well tested. [The two Terremark data centers] have five layers of internal and external testing of all our security measures, along with every employee being HIPAA-trained who walks into any place in the data center that is HIPAA-compliant.

We also have a dedicated team that does nothing but manage the HIPAA compliance in the data centers, in addition to another group that overlays the HIPAA compliance team, which monitors for threats and attacks, while making sure the physical access to the data center is under control.

TechTarget: How did Terremark establish the confidence to carry more liability for sensitive health care data in a cloud environment?

Tippett: In the HIPAA world, no third party can come in and determine a provider is 100% compliant with a prescriptive checklist. Every provider working with HIPAA regulations has a compliance officer -- an internal employee -- that carries out risk assessments and bears the responsibility of determining whether the provider is keeping up with the regulations.

Almost every [provider] does vulnerability assessments, but not risk assessments, which Verizon does through Cybertrust [the identity management company Verizon acquired in 2007]. We are so comfortable that our security is done well, that we will sign the HIPAA Business Associate Agreement with the hospital or health care facility.

TechTarget: Health care customers are notoriously cautious when it comes to the cloud. Is Terremark's secure data center guarantee -- backed by the HIPAA Business Associate Agreement -- attracting new customers in this industry?

Tippett: We've talked to many health care customers -- like hospitals and insurance companies -- that have to follow HIPAA rules and [we] have been incredibly surprised by how excited folks are. The regulations in this industry have been holding back health care customers, compared to industries like finance and retail.

Customers foresee cost savings as Verizon Terremark makes over its Enterprise Cloud Infrastructure as a Service offering with new support for pay-by-the-hour cloud instances.

The updates to the VMware-based Enterprise Cloud, or E-Cloud, Infrastructure as a Service (IaaS) offering allow organizations that have a contract with Verizon Terremark to provision customized cloud instances and spin them up and down as needed. Previously, customers would provision a resource pool of compute, network and storage, and pay for it monthly, whether it was fully consumed or not.

"Before, I could adjust resources up and down every month," said Sebastian Bricchi, software engineering manager for Juegos Online, a game publishing company based in Buenos Aires, Argentina. "Now I can bring things up and down and pay only for what I use." Bricchi expects the new cloud instances to offer cost savings as well as new flexibility, although he wasn't sure yet just how much he would save. The company currently has roughly 200 server instances hosted on E-Cloud.

Pricing for the new service will only be disclosed to current and prospective customers, a Verizon spokesperson said, which makes it difficult to tell just how competitive Verizon Terremark will be on that front with market leader Amazon Web Services (AWS).

But the new E-Cloud instances are more customizable than AWS IaaS -- users can select between 500 MB and 16 GB of memory, and between 1 and 8 virtual CPUs (or vPUs in Verizon Terremark parlance), rather than the pre-canned small, medium and large instances offered by AWS.

"I personally think the 'T-shirt sizing' approach to IaaS isn't ideal," said Carl Brooks, analyst with Boston-based 451 Research. "This is one area you can clearly see where VMware is ahead of open source and startup cloud platforms, and one reason enterprises pay the vTax."

Along with support for cloud instances, this update brings new security features to E-Cloud, including role-based access control and support for certificate-based multifactor authentication. Previously, E-Cloud had supported phone-based multifactor authentication, but was not able to accept things such as RSA tokens for additional security.

"One of Terremark's great strengths has been the way it's been able to commoditize and automate very complicated audit requirements for a large number of customers," Brooks said. "What this boils down to is that they're taking that fancy automated compliance regime and pushing it out to cover all their customers."

AWS also offers role-based access control as part of its Identity and Access Management service, as well as multifactor authentication.

VuMee (OTCBB: VUME) -- VuMee has chosen Verizon/Terremark to house its IT infrastructure. Verizon/Terremark is a top-tier provider of data centers located throughout the world.

Verizon Terremark is a leader in transforming and securing enterprise-class IT on a global scale. A subsidiary of Verizon Communications Inc. (NYSE, Nasdaq: VZ), Verizon Terremark sets the standard for IT deployments with advanced infrastructure and managed service offerings that deliver the scale, security, and reliability necessary to meet the demanding requirements of enterprise and governments around the world. With a global network of data centers and a comprehensive portfolio of secure solutions, Verizon Terremark is helping enterprises and government executives realize the importance of a reliable and secure infrastructure. Verizon acquired Terremark for $1.4 billion in 2011.

"We're committed to enhance and strengthen our IT infrastructure so our clients and members have a user friendly experience when they visit our site. We have chosen Verizon/Terremark to house our infrastructure mainly because they are a leaders in data center arena," stated Michael Spiegel , CEO of VuMee.com.