Upload
datatrak-international-inc
View
1.460
Download
0
Tags:
Embed Size (px)
Citation preview
Confidential –
About Me
2
I am the initial architect for our online “cloud” clinical data collection solutions which we have
been delivering since the late 1990s.
Personally, I am a proponent and user of online “cloud” applications.
Confidential –
Goals Today
1. Define “the cloud” in simple terms
2. Provide some “cloud” benefit and risk evaluation
checklists
3
Confidential –
August 2012 Survey by Citrix
5
http://www.citrix.com/lang/English/lp/lp_2328330.asp
A majority thought that cloud computing referred to a “fluffy white thing” 51% believed storms could interfere with it
Confidential –
1. You access it through the Internet
2. You don't own it (generally)
3. You don't have to do much to scale up to a bigger
footprint (except pay for what you are using)
10
Adapted from:
http://it.toolbox.com/blogs/original-thinking/what-is-cloud-computing-a-simple-definition-30648
“The Cloud” in Simple Terms
Confidential –
The National Institute of Standards and Technology
defines Cloud Computing with three main categories
13
Confidential – 16
Let’s take a closer look at those options…
Service model options are
the most commonly discussed Cloud Category
Confidential – 17
Platform indicates a higher-level environment for which developers
write custom applications. Generally the developer is accepting
some restrictions on the type of software they can write in
exchange for built-in application scalability.
Adapted from
http://rwandering.net/2008/07/03/cloud-services-continuum/
Infrastructure
(IaaS)
Platform
(PaaS)
Software
(SaaS)
Software (as a Service) indicates special-purpose software made
available through the Internet.
Infrastructure includes provisioning of hardware or virtual
computers on which one generally has control over the OS;
therefore allowing the execution of arbitrary software.
Confidential –
18
http://www.saasblogs.com/saas/demystifying-the-cloud-where-do-saas-paas-and-other-acronyms-fit-in/
Common Users for Cloud Service Models
Confidential – 19
http://www.saasblogs.com/saas/demystifying-the-cloud-where-do-saas-paas-and-other-acronyms-fit-in/
The lower you go down in the stack the more security you are
tactically responsible for implementing and managing.
For Example:
Operating system
Network security
Data encryption
System installation
Confidential – 21
Open to the general public
Exclusively accessed by a single organization
Combination of two or more service models
Selectively accessible for users with a shared purpose
Confidential –
► Save money
• Lower IT costs
• Economies of scale
• Pay as you go
► Save time
• Eliminate install tasks associated with licensed software
► Focus on competitive advantage rather than
• Purchasing and supporting the server infrastructure
• Managing the security, reliability, and scalability
• Maintaining a labor-intensive patch and upgrade process
24
Confidential –
Data security is a concern whether you subscribe to SaaS
or purchase software and implement it on in-house servers.
26
Here are some things to consider…
Always.
Confidential –
Is the solution Secure?
Is it easily Accessible?
Does it support a Global marketplace?
Is it Sustainable?
27
Confidential –
► Secure • Is the application 21 CFR Part 11 compliant?
• Do you have Safe Harbor certification?
• What encryption is used for data transfers?
• Is the data center SOC 2 Type II certified?
► Accessible • Which browsers are supported?
• Is it accessible on mobile and tablet browsers?
• Does the application require routine maintenance downtime? How often? How long?
► Global • Does the application support the display and storage of multiple languages and
typesets (Chinese, Japanese, etc.)?
• Can you report on multiple studies with the same application?
► Sustainable • What is the cost model?
• What is the training time for standard end users?
• How are upgrades supported?
28
Some questions to ask!
Confidential –
Can you audit the vendor facilities?
How are the data backed up?
What is the recovery process?
Is your production equipment housed in a state-of-the-art colocation facility?
What are the security arrangements for the facility?
Are they in place 24 hours a day, 365 days a year?
On what type of infrastructure do you host data?
How often do you back up data and where are the backups stored?
Where and how do you store the backups?
What level of data encryption do you use to protect website transactions?
Can I export my data in a format that I can easily re-use?
29
Adapted from:
http://www.trumba.com/connect/knowledgecenter/software_as_a_service.aspx#secure_data
Extended
SaaS Data Checklist
Confidential – 31
Simply Put
“In The Cloud”
• You access it through the Internet
• You don't own it (generally)
• You don't have to do much to
scale
You Have Options
Cloud Service Models
• SaaS, PaaS, IaaS
• Most organizations leverage SaaS
• Remember the lower you go, the
more you are responsible to
manage
And finally…
When deploying a solution either in-house or as SaaS, make sure it is: