In 2016, Dropbox decided to move its infrastructure from AWS back to its own data centers for a variety of reasons including cost. Since then, a few large healthcare organizations have been on their own journey of unwinding their cloud infrastructure. While in certain scenarios, cloud continues to remain an attractive option for larger enterprises, we list five reasons why some large healthcare organizations are rolling back from their cloud instances.
1. Compliance and Security
For large healthcare organizations, on-premise data centers are synonymous with fine-grained access to infrastructure and data. An on-premise data center provides complete auditability and traceability – around data ingress and egress, access control, 3rd party software, partner access etc. These aspects are often assumed during cloud migration, and often lead to surprises.
Seamless auditability and traceability especially as data moves across compliance regimes (e.g. data routed via say Europe to US) is quite complex with cloud. Lack of precedence, especially in legal contexts around GDPR and issues like blind subpoena complicate decision making further in favor of on-premise.
In domains besides healthcare, most enterprises today rely upon a multi-cloud strategy. However, implementing the same in healthcare increases compliance risks (especially with multiple compliance regimes). As healthcare workloads move towards the cloud, organizations with countless servers are concerned with management of geo-sensitive data storage, data retention, disaster recovery, backups, failovers, etc. on multiple cloud vendors.
Getting security right on the cloud is a daunting task. Although major cloud vendors have an industry leading compliance and security posture, a misconfigured cloud subscription for a customer is a security nightmare.
There are multiple aspects to cloud security – from accounts and subscriptions to certificates, API keys, networking, policies, connectivity to 3rd party access etc. Most cloud implementations began as business initiatives and then transition to IT, but these shifts are often mismanaged and lead to errors such as unmanaged credentials, access grants and misconfigured policies, poorly configured virtual networks, unpatched virtual machines, unmonitored connections with zero or basic firewall, etc. Often, organizations may need to completely remodel their cloud setup to make it compliant with IT standards.
The security model on the cloud is a ‘Shared Responsibility Model’, where the cloud vendor is responsible for the hardware and virtualization layer, while the customer is responsible for layers they can control and configure. This includes the OS (including patching and upgrading the OS) and the remaining layers of the application stack. Effective configuration of security on the cloud requires in-depth understanding of the controls provided by the vendor, its limitations, the gaps addressed by 3rd party products, and a cohesive view of the system.
Performance of workloads on cloud is a key area of concern. Organizations that need large IO operations, or have applications that require significant data transfer capability and low latency may face hindrances on a total cloud-based infrastructure. For instance, a leading medical imaging vendor had to unwind its entire operations on the cloud due to its inability to meet growing performance.
3. Vendor Lock-In
Cloud services from major vendors evolve constantly with multiple services being introduced every quarter. Public cloud vendors have similar offerings, but often lack interoperability standards across the vendors, and SLAs tend to require additional bit of engineering. This increases the architecture’s coupling to the vendor’s offering, making it difficult to move to a new vendor without sustaining substantial costs, legal constraints and technical incompatibilities.
4. Cost Considerations
The cost arbitrage advantage provided by the cloud diminishes after a certain scale. The economies of scale are effective for using cloud in certain environments, but as core workload increases the costs increase significantly, especially if the cost advantage is not passed on by the cloud vendor to the customer.
Predictable workloads are better served with an on-premise deployment. Similarly, production workloads that run on advanced hardware recurrently (e.g., prediction algorithm on a monthly basis that runs on a GPU cluster), could have the infrastructure and run the workload – on-premise. A large provider staffing organization implemented cloud technology to meet the reporting timelines mandated by new healthcare regulations. After initial cycles of running instances, the organization moved back on-premise as they could now estimate their computing needs better.
For large providers and global healthcare technology firms that operate in geographies where the said cloud vendor may not have a presence or a data center (e.g., large hospital chain that serves the Middle East, or a large device manufacturer with presence in China and Africa), the organization will need to invest in multiple data centers to service these data centers with the same levels of SLA. Furthermore, these geographies tend to be underserved by the lack of technical skills.
Similarly, there are existing investments such as software licenses, software support agreements, hiring and training costs, provisioned resources such as IP address ranges, networking equipment, bandwidth etc. that can’t seamlessly transfer to the cloud.
Today, most enterprises continue to be challenged by shadow IT when it comes to cloud. Ungoverned usage of cloud services and extra/invisible costs on services like bandwidth, network, etc. causes unexpected and often hard to trace billing.
5. Emergence of Hybrid Option – On-Premise and Cloud Deployment
The healthcare industry is moving towards a microservices based architecture wherein these microservices are deployed to containers in Docker. These containers are managed by a container orchestration engine such as Kubernetes. Docker and Kubernetes run on-premise as well as on clouds, and all major cloud vendors today support Kubernetes and Docker. Since this is nearly a standard across cloud vendors, technology organizations are re-architecting their development and deployment strategy to produce software as containers and run these within Kubernetes either on-premise or on the cloud. This is a significant shift for software development and deployment and leads to reduced friction in migration to or from on-premise to cloud.
However, Cloud’s distinctive abilities make it a viable option for various healthcare workloads.
Workloads (analytics, machine learning, media encoding, data generation, test case execution workloads) that are on exponential growth paths are better served by the cloud. Also, workloads such as B2C workloads or API oriented workloads where the user base can be unpredictable, increase rapidly and may require months to stabilize. The scalability and flexibility offered by public cloud makes handling such growth easier. Unlike Cloud, planning and scaling on-premise infrastructure for such use cases and scale can be challenging since it leads to over-provisioning of infrastructure and is often underutilized. CitiusTech’s client, a global biopharmaceutical company, moved its research analytics platform to cloud to gains a 90% improvement in process turnaround time.
2. IoT and Device Integration Workloads
Workloads which work on IoT connection and devices such as ingesting and analyzing device data are suitable for cloud. CitiusTech’s client, a leading wearable physiology monitoring company, built their entire patient health data pipeline on cloud for moving data from devices to cloud and performing analytics on the cloud. It helped the client achieve real-time analytics, project timelines and computational needs. When in customer acquisition mode, the client can now scale the infrastructure while keeping performance and costs in check.
3. Innovation and Agility
Healthcare enterprises also use cloud for experimentation as well as for deployment of their Minimal Viable Product (MVP) for quicker customer feedback. This allows enterprises to iterate on a product rapidly. The speed of experimentation enabled by the cloud is unprecedented in the history of computing. CitiusTech works with several clients who run their machine learning workloads on the cloud and integrates the data back on-premise. This enables them to experiment with their workloads on faster and better hardware such as GPU clusters as its released on the cloud while keeping other costs low.
4. Global Reach
One of the main attractions of public cloud is the ability to take the same code base and run in virtually anywhere in the world where the cloud vendor has a presence. Some cloud vendors have many regions and data centers across the globe, and with a multi cloud strategy this can increase significantly. Deploying infrastructure that runs an organization’s code to the appropriate region is an effective way to tap into this global potential. Alternatively, cloud vendors have their own Platform as a Service (PaaS) offering that offer global reach to digital, clinical trials and other B2C healthcare scenarios.
5. Cheaper Disaster Recovery (DR) and Business Continuity (BCP)
Due to cloud’s low costs of storage and basic compute infrastructure, businesses prefer cloud as for their DR strategy. With dedicated connections to the cloud provider and cloud enabled versions of their backup tools, organizations can mirror their critical on-premise infrastructure onto an appropriate local region on the cloud, and then use the cloud platform to mirror that infrastructure to other parts of the globe. The infrastructure itself may be configured to run in a low-burn mode, with periodic checks on the uptime of the on-premise infrastructure to determine if theirs’s a need for a failover.
6. Development and QA Workloads
During initial stages of new product development, it is cost effective to run development on the cloud and as the steady state infrastructure requirements as well understood, the development can be moved back on-premise. This is suitable for teams that are geo-distributed and / or growing. For QA and continuous integration, cloud provides an opportunity to deliver faster feedback to developers. As tools get more sophisticated, the ability to run parallel QA processes (which typically run in a sequence) provides immediate feedback to the development team on a variety of aspects – performance, security, scalability, network latency and peak load characteristics. This allows engineering teams to modify their codes in a matter of hours instead of weeks.
For large healthcare organizations with mature IT processes — compliance, security, performance, costs at scale and vendor lock-in continue to be key concerns while the ability for faster innovation, agile deployment, potential for planetary scale distribution and convenient availability of their software has made migration to the Cloud inviting. Healthcare has adopted Cloud for a while, there are experiences and learnings that is making organizations make the right choice when it comes to their cloud journey.