Posted on Lab Informatics. 24 January, 2020
Traditional on-premise Laboratory Informatics Systems in scientific laboratories are often accompanied by significant operational costs – securing the data, applying patches, providing backup and disaster recovery, hardware maintenance, etc. Public, multi-tenant cloud-based systems accessed “as a service” share infrastructure across several customers and deliver value by managing those systems with shared resources and procedures that drive efficiency. For customers, costs are accrued as a monthly operating expense as opposed to a capital-intensive purchase that requires months of planning.
While the public cloud software as a service (SaaS) model is well established, there are other cloud computing models. The National Institute of Standards and Technology (NIST) defines the following characteristics and models for cloud computing:
In addition to reduced costs for Laboratory Informatics Systems, there are other potential benefits to moving your scientific data and applications to the cloud:
Although these benefits are attractive, they are not automatic. Selecting a cloud solution involves careful investigation of both the underlying system capabilities and the hosting infrastructure. In addition, there are business and technical risks that should be explicitly understood and prioritized. A poorly planned and executed migration to the cloud can result in budget overruns, regulatory compliance problems, unacceptable end-user experiences, and many other challenges. In this blog, we will discuss some of the key operational challenges in moving to the cloud and how to effectively address these risks to maximize the benefits of your cloud migration.
If you are considering a move to the cloud, there are risks that must be addressed in order to ensure a smooth transition and maximize business value for your organization. A few of these challenges include:
Service Level Agreement (SLA). Working with a cloud vendor to transfer your workloads and data to the cloud means relying on an external partner for critical business activities. As a result, creating an appropriate SLA is one of the most important things you can do to ensure a successful cloud migration. A well-written SLA can make the difference between a smooth implementation and roll out of your system and/or platform versus cost and time overruns and unexpected expenses down the road.
Challenges in shifting your operations to the cloud can come from many details – networks, data security, storage, processing power, disaster recovery, database/software availability, regulatory changes, etc. Your SLA should serve to get your action plan to address these challenges down on paper, and clearly define the responsibilities of the cloud vendor in terms of measurable deliverables. Over-specifying these details of “how” in the SLA can curtail or even eliminate the benefits: the SLA should be focused on the “what”. Some of the key issues that your SLA should address include:
For each cloud service, an SLA assessment should be undertaken that examines the criticality of the cloud service with respect to the relevant business processes to determine the right SLA components and metrics. Finally, the SLA should be viewed as a living agreement: as services and business processes change, the SLA should be able to be adjusted appropriately.
Data Ownership. A critical question for any potential cloud hosted service is ‘who owns the data of your Laboratory Informatics Systems?’ As such, your SLA should include language clearly affirming your ownership of your data. Specifically, the SLA should:
Regulatory Compliance and Data Security. Regulatory compliance can be an issue for any business in a regulated industry that uses cloud services. For example, healthcare organizations in the USA have to comply with the Health Insurance Portability and Accountability Act (HIPAA) and the European General Data Protection Regulation (GDPR) applies to data collected about individuals in the European Union, even if the company does not conduct business in the EU, or offers services for free.
In order to facilitate compliance with these regulations, and prevent theft of sensitive data, any cloud service provider you partner with should have current security best-practices in place, including physical and virtual access, physical separation of resources, encryption, IP reputation service, dedicated firewalls, VPNs and multi-factor authentication. The service provider should be externally audited, conduct frequent security testing including penetration, spoofing, and denial of service tests, and maintain documentation on responses to audit and test findings.
Furthermore, companies in the Life Science and Food & Beverage industries using SaaS software need to make sure it is validated to the satisfaction of the FDA. Life Science companies typically run extensive validation cycles on on-premise systems providing installation and operational qualifications (IQ and OQ) during implementations and upgrades. These qualifications are not directly applicable to SaaS systems, however, since their installation and operations are controlled by the software vendor. Quality cloud vendors have taken on IQ and OA validation processes for multi-tenant systems by using automated continuous-validation approaches that streamline the validation process.
Current best-practice is to work with the vendor to ensure their IQ and OQ processes meet your requirements and obtain documentation to that effect. Performance Qualification (PQ) for the system, ensuring that the overall business process is reproducible, must still be done by the customer. It is important that your expectations for the execution and documentation of these processes are a part of the vendor agreement.
Cloud computing is a significant disruptive force across all industries and is revolutionizing the way companies are doing business. Although the potential benefits of cloud migration are compelling, the process of migrating to the cloud is far from simple. Moving to the cloud can create IT complexity and generate security challenges, along with unexpected costs, time overruns and interoperability issues of your Laboratory Informatics Systems– all of which need careful consideration.
One of the most important things you can do to ensure a smooth transition is to create a proper cloud migration roadmap for your organization. Choosing the best application migration option is not a decision that should be made in isolation, but should instead be part of a broader application portfolio rationalization context. Items to consider when planning a cloud migration strategy:
Astrix Technology Group has over two decades of experience in the Laboratory Informatics Systems domain. Our professionals bring together the technical, strategic and content knowledge necessary to help you develop an effective cloud migration strategy for your organization. Whether your deployment utilizes public, private, or a hybrid cloud architecture, our experienced and skilled professionals can make the process of migrating your applications and scientific data to the cloud far more cost effective and efficient. Contact us today for more information on leveraging the cloud to improve agility, reduce cost and advance collaboration when working on new scientific discoveries and technological innovation.
Copyright (C) 2020