Not all health-IT data is fit for the cloud, but a lot is.
November 16, 2010 | Guest Commentary | As health sciences companies look for ways to improve collaboration and reduce new product development costs, cloud computing and Software-as-a-Service (SaaS) could be just what the doctor ordered.
According to a June 2010 report by IDC, the SaaS market is poised to jump from $13.1 billion in global revenue last year to $40.5 billion by 2014. “The SaaS model has become mainstream, and is quickly coming to dominate the planning—from R&D, to sales quotas, to partnering, channels and distribution—of all software and services vendors,” said Robert Mahowald, vice president, SaaS and cloud services research at IDC.
SaaS and the cloud are transforming collaboration. Simply put, the cloud enables different teams, departments, and organizations to come together quickly and cheaply to solve a problem. Speed-to-market means money in the health sciences business. Therefore, the ability to deploy new technology in two months—rather than two years—provides a major advantage over competitors who are stuck building and maintaining in-house infrastructures.
Many organizations are planning to adopt cloud applications and are laying the infrastructures to manage them. The advantages fall into two major categories:
- Collaboration—Occurring across the health sciences industry as companies look to lower costs and speed time-to-market. The cloud is a perfect way to access “ready-to-go” applications with the ability to get business processes up and running fast.
- IT as Competitive Advantage—Most mid-sized enterprises cannot afford to leverage the old ways of on-premises software. Cloud applications are faster to deploy, increasing agility, so companies can leverage them for a competitive advantage.
The Cloud and Health Sciences: A Match?
While adoption of cloud applications has been notable in health sciences sales, marketing, clinical trials, and supply chain, some applications are not ready to move out of the datacenter. A good example is those that must be FDA certified, because few of the major cloud vendors actually understand how the certification process works and even fewer have been certified. In this instance, it’s better to first survey the applications and data and then rank them in order of sensitivity and compliance needs. Companies should start with the applications that are lowest on the risk/non-regulated scale—this puts a foundation in place that allows management access to those applications and data.
Once an organization gains comfort with the cloud model—and more importantly has the infrastructure in place to secure and audit access—they can move down the scale. Since 70% of most IT budgets are spent on infrastructure maintenance, enterprises can realize very real benefits from outsourcing the “plumbing.” Of course, there will be an inflection point where risk/reward analysis just won’t make sense or regulations clearly prohibit putting something into the cloud, but companies will be surprised at the vast amount of information that is cloud-ready.
One thing most companies find particularly appealing about the cloud is that the service provider becomes highly accountable for service levels. If a service provider fails to meet expectations, the service can be easily discontinued. Not only does this hold cloud providers to a much higher standard, it also gets companies thinking about suppliers more as partners than vendors.
While expectations will differ based on functions and industries, health sciences companies should evaluate whether a provider understands the regulatory and competitive aspects of the business and the extreme importance of compliance and security. In terms of functionality, a cloud vendor should understand how collaboration affects the core of your business, which should be reflected in the way the technology is designed and with what applications it can integrate. There’s always a distinct advantage when you can work with a vendor that brings both industry and domain experience to the table.
Security in the Cloud?
While it’s fairly easy to outsource infrastructure, doing so does not mean the company is no longer responsible for managing security and risks for the confidential data contained in its IT systems. Good security practices are based on risk mitigation, which starts with understanding the scope of your exposure. This requires above all visibility into who is accessing confidential data and how.
Unfortunately, this is an area where the cloud is lacking, since users can access data directly over the Internet outside the purview of IT controls. This is an unacceptable situation for sensitive data. The answer is to either not put that data into the cloud, or to implement controls that enforce policy, governance, and provide visibility. Technology exists that provides controls for the cloud and consistent visibility needed for audit and compliance. In the end, the benefits of SaaS and the cloud have to be weighed against the risk of doing so. Not all data will be suited for the cloud, but a surprisingly large amount of data can, and eventually will be, on the cloud because it is either more usable or more efficient by doing so. •
Eric Olden is CEO of Symplified, which enables companies to extend and enforce identity and access management policies on Cloud applications. He can be reached at eolden@Symplified.com.