Why Some Large Healthcare Enterprises are Migrating Back from the Cloud
The cloud falls short on its promises for some large, global healthcare organizations
By Vinil Menon
The implementation of cloud computing is a hot topic for doctors looking for easier ways to collaborate, view and share patient medical files. According to Gartner, the worldwide public cloud services market is projected to grow 17.5 percent in 2019 to total $214.3 billion, up from $182.4 billion in 2018. Gartner further projects the cloud services market size and growth will outpace overall IT services by three times through 2022. Despite such growth, for some organizations, the cloud is not the silver bullet many assumed it to be.
Consider Dropbox, a U.S. technology company valued at more than $10 billion. In 2016, Dropbox decided to move its infrastructure from a large cloud services vendor back to its own data centers, citing a variety of reasons, specifically security and cost. Similarly, in healthcare, it’s time to acknowledge where cloud infrastructure helps and where it doesn’t, so healthcare organizations can map the best strategy for their business.
Security and Compliance: Too Many Surprises
In other industries, most enterprises today rely upon a multi-cloud strategy. However, such an approach in healthcare increases both compliance and security complexity significantly. In the case of compliance, if there are multiple regimes, the challenges may be insurmountable. As more healthcare workloads move to the cloud, organizations with thousands of servers are responsible for managing geo-sensitive data storage and retention, disaster recovery, backups and failovers across multiple cloud vendors. General Data Protection Regulation(GDPR) compliance is a prime example. Seamless auditability and traceability – especially as data moves across compliance regimes, such as from Europe to the United States – is critical and extremely complex in a cloud environment. Add to that, the lack of precedence in legal contexts around GDPR and issues like blind subpoena, further complicates decision-making.
Ensuring the proper security on the cloud is also daunting as it must address a wide range of activities: policies, accounts and subscriptions, certificates, API keys, networking, connectivity and third-party access. In addition, the cloud uses a shared-security model where the cloud vendor is responsible for the hardware and virtualization layer and the customer is responsible for the operating system and remaining layers of the application stack.
Effectively configuring security on the cloud requires an in-depth understanding of the controls and limits provided by the vendor, gaps addressed by third-party products and a cohesive system view. Add to that, cloud initiatives often begin as business initiatives that subsequently transition to IT, where it may uncover unmanaged credentials, misconfigured policies, poorly configured virtual networks, or insufficient firewalls. Customers often have to redesign their cloud setup, so it complies with IT standards.
Although the major cloud vendors have a strong compliance and security posture, a misconfigured cloud subscription that doesn’t address all the potential issues during project migration can lead to unfortunate surprises. Therefore, many large healthcare organizations favor an on-premise data center for its fine-grained access to both their infrastructure and their data. An on-premise data center provides complete auditability and traceability around data ingress and egress, access control, third-party software and partner access.
Cost Considerations: More Surprises and Shadow IT
Scale and overhead are the biggest cost considerations. For many organizations, there are certain economies of scale achieved by using the cloud, but as core workload increases, the cost of maintaining a cloud presence also increases – and often the economies of scale are not passed on to the customer by the cloud vendor. Hence, beyond a certain scale, the cost arbitrage provided by the cloud disappears.
Global businesses incur other costs. For example, some large providers and global healthcare firms may operate in geographies where their cloud vendor does not have a presence or a data center, such as a large hospital chain that serves the Middle East or a large device manufacturer with a presence in China or Africa. These organizations will incur additional costs for multiple data centers and international travel for their technical personnel.
There are also costs associated with existing investments that don’t seamlessly transfer to the cloud to consider, including software licenses and support agreements, hiring and training costs, provisioned resources such as IP address ranges and networking equipment. Costs are also affected by the rapid evolution of cloud services from the major vendors who roll out new services regularly, which in turn require engineering resources. While each public cloud vendor has similar offerings, there are no common or interoperability standards across vendors. Over time, these new services and the corresponding engineering requirements increase costs and make it more difficult to change vendors, resulting in customers feeling locked in with a specific vendor. The other challenge is shadow IT, including ungoverned usage of cloud services and extra or invisible costs added to services like bandwidth and network. Such charges appear on bills unexpectedly and are very difficult to trace.
Considering these costs, an on-premise deployment may be more economical for some organizations. For example, large IO operations or applications that require significant data transfer and low latency often hinder pure cloud-based infrastructure. Additionally, organizations with predictable workloads or those with a need to run production workloads on advanced hardware recurrently, such as a prediction algorithm that runs on a Graphics Processing Unit (GPU) cluster on a monthly basis, may find it more economical to have the infrastructure on-premise.
For Some, On-Premise is Best
The re-evaluation of infrastructure strategy coincides with the rapid adoption of a microservices-based architecture across the IT industry – an architecture that is the closest thing to a standard across cloud vendors. In this environment, applications are structured as microservices, or loosely coupled services, deployed to containers, such as an open source platform. These containers are managed by an orchestration engine, which automates deployment, scaling and the operations of application containers across clusters of hosts. This is a significant shift in the way software is being developed and deployed, resulting in reduced friction in migrating either to the cloud or back to on-premise. An easier transition is good news for those large healthcare enterprises who determine that security and cost considerations make an on-premise approach the best choice.
Vinil Menon is Sr. Vice President–Enterprise Applications for CitiusTech.