Cloud Infrastructure Adoption

By Raymond Lowe, SVP & CIO, AltaMed Health Services

The COVID-19 pandemic has driven many organizations to adopt new cloud technologies at a faster rate due to application and infrastructure decentralization, and remote work policies. The need for applications and services to be available anywhere and be able to be scale has driven investments into cloud-based applications and services. Often there is a gap between business demand and IT’s capacity to deliver. IT departments may lack the physical resources, budget, or streamlined processes to be agile and accelerate the time to market business innovation. A possible solution would be to implement a hybrid cloud solution to deliver business value-based outcomes without compromising risk-mitigation, security, or industry regulatory requirements.

CIOs have identified cloud computing as one of the three top game-changing technologies. Some organizations are embracing cloud for the first time, and many current cloud adopters will continue to increase their usage

 Non-IT business leaders can make cloud adoption decisions with promises of low prices and ease of utilization that are put forward by the cloud hosting companies. Some organizations may falsely believe that moving the workload to a cloud solution can be managed in the same manner as their current on-prem solution. Also, cloud providers are likely unwilling to sign your organization’s Business Associated Agreement (BAA) and your organization will be required to use their standard agreement.  

CIOs have identified cloud computing as one of the three top game-changing technologies. Some organizations are embracing cloud for the first time, and many current cloud adopters will continue to increase their usage. Taking the first step creates questions on how to enter into the cloud space, what is the overall adoption and how am I seeing other organizations leverage the cloud. One of the first questions to answer is are there defined aligning objectives, defined benefits, risks, and key adoption criteria, which often differ among various departments within the organization.

Below are some critical steps necessary to develop a successful cloud computing solution.

• Define your organization’s cloud security governance and policies.
• Define your approach to standardizing your current architecture.
• Develop and use a target-state architecture to define standards.
• Buy commoditized cloud services and capabilities whenever possible without exposing PHI and know how to manage those services.
• Migrate existing applications and systems into private or hybrid cloud architectures, using a phased approach.
• Decommission existing legacy systems as new capabilities come online within your target-state environment.

An application migration strategy is vital prior to full cloud architecture implementation. Standardize and consolidate applications and infrastructure in an organized, strategic way. Preparing to migrate to the cloud requires understanding that security threats, vulnerabilities, and insecurities will all be expanded. Thus, numerous security breaches and threats may exist in the operating environment.

When adopting a cloud strategy in healthcare industry, there are many factors to consider, including the core functionality managing the patient’s lifecycle in legacy systems and the difficulty managing personalized and timely patient data needs. With constantly changing patient demographics and consistent company growth, the demands to effectively engage patients through various channels can ultimately become overwhelming and unmanageable.

Below are possible challenges and security considerations an organization might encounter while adopting cloud technology in a healthcare facility.

1. Data Integration: securely sharing/transferring data between on-premises and cloud environments imposes higher complexities for hybrid cloud infrastructures. There are higher complexities with sharing data with EMR and managed care/health plans. 
   
   
2. Security concerns:  the same security policies do not apply to both organizations and the maturity levels of each organization’s policies are inconsistent. Shared data is now governed between two different entities.
   
   
3. Increased infrastructure complexities:  securely replicating AD information to EMR hosting poses additional security risks; mitigation required a high-level of security configurations, dedicated network equipment, and IT scrutiny of EMR Hosting security policies.
   
   
4. Compatibility issues between environments: SQL server version requirements for SQL server clustering between environments.
   
   
5. Network constraints: data reporting requires high bandwidth; understand fees and bandwidth limitations for data ingress.
   
   
6. Storage constraints:  data export for reporting requires local storage IO and capacity.
   
   
7. Identity management: Users may have separate login credentials for on-premises versus cloud. Will your existing active directory and SSO work between cloud environments? This is doubtful. Thus, it will require separate logins.
   
   
8. Maintaining HIPAA compliance while utilizing cloud infrastructure.
   
   
9. Data loss prevention.
   
   
10. Understand if you leave the cloud provider, how that will occur and what is the cost.

The cloud is an integral portion of computing and provides speed and agility to meet demanding workloads, especially as IT needs to deliver at the speed of the business. Using the cloud and its efficiency will help allow “IT to run like magic,” but proceed cautiously and be aware of the limitations.