How to assess weak links in a cloud data strategy
The cost, flexibility and scalability advantages of the cloud are impossible to ignore, and today many healthcare organizations are moving not only business data to the cloud, but also clinical data.
A variety of cloud initiatives are surging in popularity, including the adoption of cloud-based Software as a Service (SaaS) applications, moving data backup to public cloud services such as AWS or Microsoft Azure, and the use of these same cloud services as their primary location for the storage of business or clinical data.
Three cloud initiative best practices are emerging as crucial for healthcare IT executives:
- Evaluating the potential problems associated with any cloud initiative.
- Developing a strong data management strategy that addresses these problems.
- Vetting and partnering with vendors that can fully support a data management strategy.
By following these three best practices, healthcare organizations will position themselves to reap more benefits of the cloud, and minimize the costs, disaster recovery issues, security vulnerabilities and other problems that can sometimes come with cloud initiatives.
Cloud-based SaaS applications
One of the most popular—and mature—cloud initiatives in the healthcare industry is the use of cloud-based SaaS applications to replace or supplement traditional, on-premises applications. SaaS applications do not require healthcare organizations to purchase more hardware and are automatically updated with new features or patches. In addition, they provide organizations with greater pricing flexibility, enabling them to easily ramp the application up or down to support data peaks or increased usage. As long as the organization has fast and reliable Internet connections that support the application, it might seem that there are few downsides to using such SaaS applications.
However, with SaaS applications it is important to look at the vendor’s fine print regarding the data stored. What assurances and services does the vendor offer in relation to the backup, recovery and portability of the data stored? In other words, how do they protect application data; how quickly and completely can this data be recovered if there is a disaster; and can this data be moved out of the application to another application in the future?
For example, while many SaaS applications provide data recovery options, in many cases recovery of data from these applications might not align with an organization’s Recovery Time Objectives (RTOs) or Recovery Point Objectives (RPOs). Healthcare organizations might need to implement a separate disk, tape or cloud-based backup plan for the SaaS application data to ensure, if there is a disaster, they have access to the data they need to keep their organization’s operations running smoothly.
In addition, while a SaaS application might make perfect sense for a healthcare organization’s needs right now, the organization might want to switch to a new application in the future. Will they be able to move all the data stored in their current SaaS application to a new application? Do they have a data management platform to manage this transfer, and how difficult will the porting of this data be? The benefits of adopting cloud-based SaaS applications can be significant but there are also pitfalls that can cause problems for healthcare organizations with these initiatives. However, by identifying these pitfalls, creating a plan to deal with them, and partnering with vendors that will help implement their plan, they can avoid these problems, and fully realize the value of these SaaS applications.
Backup to the cloud, for disaster recovery purposes, is another popular cloud use case for healthcare organizations. Just like SaaS applications, backing up data to the cloud removes the need for on-premises infrastructure, often resulting in significant capital expense and administration cost reductions. In addition, backing data up to the cloud can be easily scaled to reflect an organization’s current data needs, preventing hospitals from miscalculating expected hardware infrastructure costs.
Finally, cloud-based backup can help healthcare organizations develop a data protection strategy that helps protect them from ransomware and other malware attacks. Cloud-based backup can be used to quickly recover data after a successful ransomware or malware attack infects on-premises infrastructure, allowing the healthcare organization to avoid any degradation in their ability to deliver quality care to their patients after an attack.
Yet, like SaaS applications, healthcare organizations need to make sure they consider issues with using the cloud for backup, have a plan in place to manage the data they backup to the cloud, and work closely with the right vendors to implement this data management plan.
For example, if their cloud-based backup is not separated from their production systems, ransomware and malware that infects these production systems can also infect their backup. They will need to adhere to HIPAA compliance and other data privacy regulation policies when moving business or clinical data to the cloud. Many cloud vendors have healthcare specific offerings that can help healthcare organizations comply with these regulations, but it is important to fully vet these offerings to make sure they completely address all data privacy requirements.
Without a powerful data platform that can automate and orchestrate all the processes involved in recovering data from the cloud, an organization may find their disaster recovery plan is incomplete or too slow, resulting in a negative impact on the quality of patient care. Backup and archive to the cloud offers tremendous benefits, but healthcare organizations should ensure they have accounted for risks associated with cloud backup, with a detailed strategy along with the right cloud, and data management partners.
Cloud for mission-critical data
A new emerging use case for the cloud is as a primary storage location for business and clinical data. One of the primary reasons to consider this option is because it’s easier to scale than on-premises infrastructure, removes the need to purchase or maintain on-premises infrastructure, and helps reduce capital investment and administration expenses.
However, healthcare organizations need to be particularly careful if they begin using the cloud as their primary location for the storage of mission-critical business and clinical data, because doctors and other healthcare professionals need fast and reliable access to their data.
For example, if an organization plans to store images and other clinical data in the cloud, they should ensure their public cloud provider has Service Level Agreements (SLAs) that address the storage and transfer requirements associated with this critical data. They should also find out what happens if the cloud goes unexpectedly offline, preventing them from accessing their cloud-based clinical data.
Mission-critical SaaS applications also present the challenge of “data lock-in.” The healthcare organization should know if their SaaS application and cloud vendors allow them to transfer data stored with one cloud vendor to another, back up SaaS application data to their on-premises infrastructure, or back it up or archive it to another cloud vendor, to disk or to tape.
There are ways to use the cloud as a primary storage location for mission-critical data, but the challenges in doing so, along with the costs associated with addressing these challenges, need to be carefully considered. If these challenges are addressed, using the cloud as their primary storage location is a viable option for many healthcare organizations, particularly those with limited IT resources.
The emergence of the cloud presents healthcare organizations with a tremendous opportunity to reduce costs, improve scalability and increase agility. However, whether they decide to adopt a new cloud-based SaaS application, back up data in the cloud, or store mission-critical clinical in the cloud, they should carefully evaluate these initiatives, and follow key best practices.
These best practices can also be applied to other cloud initiatives, such as the development of on-premises private clouds and hybrid cloud strategies that incorporate both on-premises private cloud infrastructure and off-premises public cloud services. If they adhere to these best practices, healthcare organizations can take advantage of the cost, scalability and flexibility benefits of the cloud, helping them improve the delivery of quality care to their patients.