What is Your Cloud Strategy? (Part 1)
If you made it through the end of 2014 without being asked by a miscellaneous c-suite denizen “What is our Cloud Strategy?” then congratulations. If you did not, I hope it went well. If you need one but haven’t created one yet, please bear with me while I suggest a simple framework. If the very notion of cloud gets you inexplicably exasperated, navigate to the authors list and click on Joe Kelly. His blog entries are entertaining as well as informative.
Rationale. Cloud computing, or the abstraction of compute, storage, and network infrastructure in a series of securely interconnected public and private networks is changing the way business, government, and the public think about computing architectures. Every role in the IT universe is measured (explicitly or implicitly) against some set of expected financial, quality, or technical standards. With more and more cloud offerings competing against locally-produced IT services, financial measurement of appropriate cloud offerings benchmarked against existing local services is almost a certainty. If I were the IT Director or CIO in question, I would want to be bringing those options to the management team, rather than have them imposed on me externally.
Elements of a Cloud Strategy. A well-rounded healthcare cloud strategy might have some or all of these components:
1. An IT cost model that identifies the cost of running each application or group of applications. Costs should include direct costs of purchase, maintenance, external and internal labor, power, cooling, floor space, administration, management, opportunity cost where applicable, and sustaining costs, defining where incremental investments must be made in capital to support the IT strategy. Just discussing cost model with your senior management creates an opportunity; you may well need to share the fact that in the world of virtual machines and clouds, keeping a server around for 7 years and a storage array around for 10 years is just not a safe or sustainable strategy anymore. Depending on a firewall, DMZ, and anti-virus software for security is probably no longer sufficient.
Applications and services produced and managed “in-house” in what I will increasingly refer to as “Internal Private Cloud”
2. Applications that are fully hosted and managed by 3rd parties, like software vendors in a “SaaS model” (Software-as-a-Service). Many IT software providers have begun to offer their software only as SaaS. While this limits customization, users benefit from fast cycling updates and consistency of access and interface. IT departments experience a lessening of the infrastructure and applications support burden and an ability to focus on helping their organization achieve value from the software investment.
3. Applications that are run by the hospital or physicians practice on “hosted infrastructure” also known as IaaS. In an Infrastructure-as-a-Service model, IT departments maintain full control over applications and are freed from repetitive hardware/firmware upgrade, OS and hypervisor management, and hardware maintenance tasks on compute infrastructure. It is not atypical that this model would also result in enhanced security, availability, and sustainability compared to what can be sustained in a typical hospital data center. IaaS has many of the benefits of SaaS while preserving the opportunity for local customization of applications.
Infrastructure-as-a-service is not limited to giant clusters of infrastructure devoted to an application like MEDITECH or a loosely-related group of applications. IaaS can also be consumed in an IT strategic plan as available “point solutions” for disaster recovery, archiving, backup, network and systems management, and more.
4. A cloud federation and management plan. This can be a governance tool as well as a benchmarking and technology planning tool. This roadmap shows which services are sourced in each model (internal or external cloud), what the costs are, what the interrelationships are, and what the expected service levels are. It may even define technical relationships between services sourced externally.
5. A time-phasing plan that takes advantage of natural technology and software maintenance and refresh cycles as natural breakpoints to transitioning appropriate services to the external cloud.
6. A connectivity and security plan. This is exactly what it sounds like. Most external cloud services will rely on robust, redundant pathways to the Internet. For most hospitals, this means having 2-3 Internet Service Providers connecting high speed, burstable bandwidth links to your campus at diversified demarcation points or demarcs. Relying on the Internet for IT services means notching up security efforts, both for your own organization as well as in collaboration with any cloud partners.
7. An audit plan. IT Services, whether produced internally or externally, need to be measured to be managed. A limited number of relevant, easily-monitored benchmarks works best. A good internal infrastructure manager or a well-designed external cloud service should include a capability to access this information in the basic plan to provide service.
What does it look like in real life? A good cloud strategy brought to life is as different as the organization who is using it. For most, it will start with strengthening internal IT design, management, and control to make sure that internal applications are sustainable, benchmarked, manageable, and secure. Virtualized internal environments that started as “skunk-works” or lab projects need to be hardened and professionalized for full production Healthcare IT. Some organizations may have the scale, funding, and staff strength to run most applications in-house in internal private clouds, and simply use the external cloud as a safety measure or point service for disaster recovery, archiving, systems monitoring, and management. A likely middle ground for many is “letting the authors run their own apps” for example, moving e-mail and office automation to Microsoft Azure (Office 365) or Google Apps; keeping some particularly sensitive or bandwidth hungry apps like PACS in house; and migrating easily containerized and managed applications like MEDITECH or an Ambulatory EHR to the private cloud. Others will try to move almost everything to the cloud over time for their own unique reasons but will still need a strong internal core from which to build. This internal IT capability may come in the form of a “pod” installed in-house by an external provider who is essentially managing it as part of an extended cloud strategy.
Jim Fitzgerald is Executive Vice-President of Park Place International. He passionately believes in the role of community hospitals in American healthcare and hopes that by strengthening them with world-class internal and external cloud services they can maintain their unique identity and mission as the tide of healthcare consolidation continues.