Over a decade ago, the technology world was a bit different. Web forms were the standard, databases were relational, and clouds were aloft in the sky. Since then, the industry has adopted new patterns and platforms like single-page applications, NoSQL databases, and cloud computing. Some of these patterns have been easier to adopt than others.
I have heard several clients in my career express their hesitation — or even fear of — moving to the cloud. These are valid concerns, but they often stem from a misunderstanding or misconception of cloud services. Common concerns include satisfying security requirements for systems and data, managing the cost of new infrastructure, hiring staff with cloud expertise, and committing to a long-term, broad migration of infrastructure. Luckily, mature cloud vendors like AWS, Microsoft Azure, and Google Cloud have built tools to tackle many of these concerns head-on.
Technology leaders in healthcare tend to react very differently to the idea of hosting data on the cloud, ranging from acceptance to hesitancy to flat-out resistance. Resistors are often concerned with access, security, and compliance. This is understandable, given they are responsible for safeguarding highly sensitive protected health information (PHI).
Cloud vendors consider security a top priority and offer services and guarantees to support customers’ security needs. As they are hosting managed services and infrastructure, vendors do not allow customers direct access to the physical servers they are using. Vendors manage all the security of the cloud, including on-site access to data centers, networks, and infrastructure. Some services even manage higher layers, such as operating systems, application hosting, and web servers. With a physically secure host, customers then must manage the security of their applications in the cloud. This shared responsibility allows customers to create secure applications while vendors handle lower-level security concerns.
This model does not absolve customers from managing access to their applications or data. Storage services, like AWS’ S3, Azure’s Blob Storage, and Google’s Cloud Storage, offer encryption at rest to protect sensitive files and backups. Vendors also offer very fine control over authentication and authorization of user access to services. When used correctly, security auditors and IT leadership alike should feel confident that their cloud applications operate as securely as in-house applications.
Securing PHI is among the first considerations in healthcare IT. HIPAA and HITECH compliance are non-negotiable criteria to meet when architecting a solution, so any doubt of that support would be an insurmountable barrier in cloud implementation. Cloud vendors as hosts are not HIPAA compliant, however a vendor’s select services are identified for HIPAA and HITECH coverage under a business associate addendum that appropriately safeguards PHI. Think of this model in the context of your local super store. Walmart as a company is not FDA approved, but it houses FDA approved items. It is the responsibility of the customer to verify how services are configured and secured, but cloud vendors will support the use of sensitive data through many services.
IT organizations are often expensive, expansive, and specialized. Engineers and staff who maintain and configure servers, monitor and manage hardware usage, and support database performance, among other tasks, tend to be experts in their areas. Not every CIO can budget the time and money required to staff and lead such groups. Cloud organizations offer solutions to manage – and better yet, automate – necessary, but mundane, IT tasks. Services like AWS Elastic Beanstalk and Microsoft Azure App Service can help small IT teams by facilitating application deployment, scaling, and load balancing with minimal operational support.
To allow for a quick migration to the cloud without in-house expertise, these tools host and manage existing applications without provisioning or managing underlying hardware, operating systems, or app servers. Customers that use a modern language or container technology simply maintain and enhance the core application with these services, leaving the rest of the work to the cloud vendor.
This model, of course, introduces some tradeoffs, such as limiting the fine-tuned control of some cloud services for the sake of convenience. However, these services can be a good option for smaller IT groups or organizations that aren’t interested in a large cloud migration investment.
AWS Services that trade fine-grain control for ease and convenience.
It’s difficult to select the right size and scale of hardware, as it’s expensive to purchase, upgrade, monitor, and maintain. Overpowered systems sit idle and waste capital while underpowered hardware fails to support customers, ultimately leading to a loss in business. With flexible scaling models, cloud vendors offer a “Goldilocks” approach: not too much and not too little, but just right. Cloud services can be leveraged for scalable computing and cheap, durable storage. In fact, both Amazon and Microsoft offer durable and highly available storage solutions for pennies per GB per month, and the archival storage solutions are even less expensive.
Traditional data centers offered servers and capacities of all sizes, but the usage had to be precisely and accurately estimated up front and provisioned hardware was physical and static. Infrastructure as a service (IaaS) offerings from cloud vendors allow virtual, elastic hardware environments to be provisioned at whim. These compute services may be balanced for general purpose or optimized for specific uses. Better yet, their capacity can be configured to operate at high demand and return to a desired size during downtimes. The shift can offer significant savings over traditional physical infrastructure, and cost calculators estimate the expected investment.
Integration with On-Prem
Migration to the cloud does not need to be a massive enterprise undertaking. Moving all IT services to cloud at once would be an expensive, unwieldy, multi-year endeavor. With any IT project, it’s pivotal to establish a long-term goal and interim goals to fuel momentum and confidence. Cloud vendors offer solutions to connect the cloud and on-premises resources, allowing IT organizations to grow select infrastructure and services and migrate to the cloud without a large upfront investment.
A collection of on-premises servers and data centers, or a private cloud, that hosts internal or secure company resources may need access to cloud services and applications, or vice versa. VPN connections between internal and cloud networks can bridge this gap. Vendors offer proprietary solutions, like AWS Direct Connect, Azure ExpressRoute, and Google’s Interconnect, that have higher network throughput and availability compared to a traditional VPN, though with an increased cost. Connecting private cloud with public cloud vendors creates a hybrid cloud, which combines the security of private servers with the flexibility and cost efficiency of managed services.
Cloud vendors also permit single sign-on (SSO) between existing user directories and managed services or hosted applications. This service eliminates the need to manage two sets of users and credentials to ensure security. AWS and Google offer SSO through services like Cognito and Cloud Identity, respectively, and Microsoft naturally integrates with local Active Directory through Azure AD.
Two methods of connecting to Azure to create a “hybrid cloud”
The fear of migrating to the cloud is understandable, however it is based on a misunderstanding of what the cloud is, how it can benefit an organization, and how much of a commitment must be made up front. Cloud processes and technologies can now be reasonably assessed for viability, sustainability, and business benefit. In short, those adopting and fully leveraging cloud processes will have a competitive advantage over those who do not. An investment in the cloud is well spent, well managed, and well worth it.
From cloud strategy and implementation to application modernization and innovation, X by 2’s AWS and Azure certified consultants know what’s possible. Let us help your organization maximize the value of the cloud. Learn more about X by 2’s cloud consulting services.