In this article one of our programmers, Jonny, discusses the cloud, dental software and the safety of cloud based data. This the first in a series of posts on the subject. I hope you find them informative.

When discussing Dentally a common worry we come across is "Is the cloud safe?". This often speculative concern is entirely understandable, yet it is unfounded. As custodians of your patients personal data you have both the moral and legal duty to protect this sensitive information.

Here I will give a brief outline about cloud vs local server security which will hopefully explain why the cloud is, in fact, usually a far safer environment than a local server.

When discussing data security it can be spilt into 2 distinct parts.

  1. Protection from theft.
  2. Protection from loss.

I believe the cloud offers superior solutions to both these.

Protection from theft

Often practice owners perceive that storing their old server in the back office is safer than having patient details stored on the internet. This is a fallacy, if the server or any of the computers on its network are connected to the internet (which is generally always the case) then the machine is just as accessible as any cloud server. The only difference being the absence of a fancy login screen and no army of security experts proactively monitoring and intercepting any suspicious activity.

Logo used in the campaign to raise awareness of the Heartbleed vulnerability

Keeping in the loop

You may remember large-scale software vulnerability stories that have recently started making the news. Most notably heartbleed and later shellshock, so infamous they have even been given their own branding. In the case of shellshock the team at Dentally were able to utilize our expertise & industry connections to both asses and patch the vulnerability hours before it reached the news rooms. Whereas the ubiquity of linux devices in networking equipment means many practices are probably still running vulnerable routers to this day. It is far beyond the scope of the average dental practice to have the technical knowhow and IT knowledge to asses their own vulnerability and patch any devices. Which is why being able to rely on a team of specialists to manage the defence and safety of your data for you is often the better option.

Security by design

The second major point regarding the prevention of data theft is that the cloud is built around security being a primary concern, whereas many of the older legacy dental practice management software systems were developed long ago in an era when security was far more lax. We have migrated many customers across from these legacy systems and each time we perform a new migration it gives us some visibility into the what security practices or lack thereof are being used. Our findings are often shocking, default admin users with no passwords and user passwords being stored in plain text to name but a few, with all the data just sitting there unencrypted waiting to be scooped up. This means anybody who has asked to borrow your wifi password (providing you have one) could be just a few click away from a trove of patient data.

At Dentally we take security extremely seriously you can read more on you security policy here from ensuring all third part software is up-to date to actively monitoring login attempts. We even offer 2-factor authenticated logins which should put at ease even the most security conscious users and at time of writing I believe we are the only dental practice management software to provide this solution. In short it means whenever you login to Dentally you are sent a one time password to your mobile phone. You then need to enter this password before you can access your account. This provides an extra level of protection as without your phone someone who could guess your login details would still not have access to your account.

Photo credit:
Header image - Bernd Thaller