IaaS: The benefits of moving to the cloud

validated infrastrucure

By Nicola Brady

Infrastructure as a Service (IaaS) is cloud computing where computer system infrastructure is provisioned, managed and maintained by a third party external to the business.  IaaS can be used for hosting your company infrastructure, website or application hosting, and can provide incredible computing power for data analysis within minutes of provisioning.

One of the most significant benefits that IaaS offers is scalability.   In other words, IaaS can easily adapt and adjust to changing business needs, as well as budget.  The subscription style service model associated with IaaS ensures that you only pay for what you need.  This means that there is no redundant capacity for the subscribing company and where capacity expansion or reduction is necessary to meet the business needs, the subscription fee is adjusted accordingly.

Another key benefit is that the IaaS provider takes ownership for the maintenance of all physical hardware associated with the infrastructure.  This represents a significant time and cost saving for the subscribing company.  Furthermore, the expertise required for the management of the infrastructure is with the IaaS provider such that the subscribing company doesn’t need to have in-house infrastructure experts.

IaaS offers companies increased flexibility.  Companies subscribing to IaaS offerings can access systems where and when they need to with many IaaS systems capable of remote accessibility.

Providing 99.99% SLA and 365X24X7 support.  If at any time, hardware associated with the infrastructure fails, your environment will be built in a “High-Availability” configuration meaning the outage will not affect the running of your business. The IaaS provider provisions the replacement of the faulty components.

Utilising IaaS is a fundamentally different approach to the old ways of physical in-house infrastructure, and it is not without its challenges. Particular challenges exist for life science companies, for example, where qualified infrastructure is a requirement.  However, the many benefits are clear and companies that are taking the leap and embracing this new technology are reaping the rewards. 

Moving to the cloud – Regulated Companies business drivers and challenges for regulated applications and Data

Compliant Cloud

By  Oisín Curran, CEO at Compliant Cloud  and  Odyssey VC

Almost every conversation we have with customers these days, regardless of whether they are in the regulated Life Science sector or not, have a clear IT strategy driven from senior management that is ‘cloud first’. In many cases these are throw-away statements made by management functions who perceive the move to cloud as the silver bullet for managing the IT and data challenges that lie in front of them.

Moving to cloud can be perceived to eliminate some of the basic problems of traditional on-premise installs such as (and not limited to of course!) the following;

  1. Datacentre build & maintenance is too costly. We don’t want to own datacentres anymore – We want to focus on our core business of making product X or delivering service Y
  2. We need to cut our headcount. Buying XaaS can reduce headcount and operating costs
  3. We need to cut our operating costs for application ownership
  4. Reduce the number of SLA’s with 3rd party Vendors

IT operational challenges, risks, support service model, and gaps in controls stand in the way of enterprises fully exploiting the potential of SaaS.’.

While the above makes sense of course, senior management should be aware that moving to the cloud creates new costs, headcount challenges and of course, in the case of Life Sciences, introduces potentially significant risks. Gartner© in their Hype Cycle for Software[1] as a Service state that SaaS can be a challenge in that ‘IT operational challenges, risks, support service model, and gaps in controls stand in the way of enterprises fully exploiting the potential of SaaS.’. Businesses should define a cloud service strategy that fits the overarching company business strategy before making any IT decisions related to XaaS as a result of these unknowns.

Life Science organisations have to pay particular attention to the introduction of new and untested risks by moving to the cloud and that is evident in the fact that regulatory bodies can only consider XaaS as an ‘Outsourced Activity’ and comes under the associated regulations governing same. The regulatory expectations are clear in these cases and mandate the following (specific focus on Eudralex);

       1.  There must be written contracts:

 

        a.   With clear responsibilities, communication processes, technical aspects including who undertakes each step of the outsourced activity

 

 

       2.    The Contract giver must:

        a.   Include control and review of any outsourced activities in their quality system

        b. Include control and review of any outsourced activities in their quality system

        c.  Monitor and review performance of contract acceptor

 

        3.      The Contract Acceptor must:

a.     Be able to carry out the outsourced activity satisfactorily

b.     Not subcontract to a third party without prior approval

c.     Not make unauthorised changes

d.   Be available for inspection

 

  1.      Looking for validated XaaS creates a significant supply & demand pressure on existing compliance service providers

a.      Software vendors generally do not have an expertise in compliance. By pushing this responsibility onto them there are likely to be shortfalls in the quality and compliance side of the delivery. Gartner © notes[1] that regulated companies should

                                                    i.     Beware of vendors that claim to have a validated environment

                                                   ii.     Partner only with companies that are transparent, open for audits, and committed to compliance

        2.      An ISO certification is not evidence of a Life Science Quality Management System (QMS)

a.      Remember the regulators consider this an outsourced activity so the regulated company must ensure the ability of the vendor to deliver the service in line with regulatory expectations.

b.      This requires the vendor to have a clear and demonstrable QMS and also requires critically a level of integration with the customer QMS processes. This highlights the Gartner © recommendations to partner only with those providers with a demonstrated expertise in this vertical

        3.      Risk is a subjective term – Make sure you’re clear with your supplier

a.      Remember the regulatory focus on Data Integrity. This requires a clear understanding of the risks to data integrity from the XaaS vendor and should be a guiding principal in their application design

b.      Change management should have a clear callout of risk to data integrity e.g. ALCOA+ risks and not just reference business risk e.g. up-time and availability.

      All considered we are at a very exciting time in the evolution of cloud-based services in the Life Sciences sector. We are seeing more and more cloud-native  application options that bring significant operational benefits in terms of cost, data mobility and integration. At the end of the day, suppliers in the Life Science vertical need to be hyper sensitive to the regulated business need to ensure Patient Safety, Product Quality & Data Integrity. By aligning ourselves with the business drivers of the regulated business we are best placed to play our part in delivering tomorrows health solutions.

 [1] [1] Hype Cycle for Software as a Service, 2018, Published: 31 July 2018 ID: G0036079

Kenx Conference- Network Infrastructure & Cloud Qualification

Kenx Conference-
Network Infrastructure & Cloud Qualification

Oisín Curran, founder and CEO of Odyssey VC and Stephen Long Senior Network Engineer at Odyssey VC are to speak on Monday June 24th and Tuesday 25th, 2019 at the Kenx Conference (Network Infrastructure & Cloud Qualification) hosted in San Francisco.

The internationally renowned Kenx conference is devoted to spreading content-rich knowledge in the form of exchange events to both U.S. and European destinations, including, Philadelphia, San Diego, Dublin, Ireland and San Francisco!

The Kenx event will be hosting leading representatives in the Life Sciences industry, such as Johnson & Johnson Vision Care. The previous Kenx conference in Dublin in 2018 provided 38 tutorials and benefited from the wealth of knowledge and useful material that was shared by their Validation University. The Odyssey VC team delivered some significant knowledge sharing sessions at that event and continue to contribute to the industry knowledge sharing initiatives such as Kenx events.

Kenx events are designed to share ideas and to provide tools and techniques that will have an instant impact on businesses’ core responsibilities.

The theme for Kenx’s Conference in San Francisco is “Network Infrastructure & Cloud Qualification”, with guest speakers from around the world.

Oisín Curran, who is making the journey from Ireland to San Francisco specifically for this event, is going to speak about “Cloud Computing Regulations and Requirements with the FDA and EU” and he is looking forward to participating at this event: “From my own experience Kenx events are great for bringing together speakers from IT, Engineering, Quality and Life Sciences backgrounds, who together will give us key insights as to how industry wishes to use Network Infrastructure & Cloud Qualification in the future and how industry perspectives lead/lag technology solutions. My own talk at the conference on Monday will focus on being compliant in the cloud for Life Science companies, which is gathering momentum in the Marketplace. It can be perceived as a complicated topic with a lot of questions but thankfully answering these questions is our business! I’m looking forward to working through some of the attendee problem statements and questions.”

Let’s start the journey together!

 

Cloud Infrastructure

 

 

 

By Cormac O’Leary and  Imelda Mason

Before we get into the meat of this post, let us take a step back and look at “What is Cloud?” No they are not just “Cirrus” and “Cumulus”, they are computing services that are delivered and consumed in real-time over the internet.

 

NIST (National Institute of Standards and Technologies) – Cloud Characteristics

 
NIST (National Institute of Standards and Technologies) – Cloud Characteristics

On-demand self-service. A consumer can automatically provision computing capabilities such as server time and storage as needed without requiring human interaction with each service provider. Examples of resources include storage, processing, memory, and network bandwidth.

Broad network access. Capabilities are available over the network and accessed through standard devices (e.g., mobile phones, tablets, laptops, and workstations).

Measured service. Cloud systems automatically control and optimize resource use by leveraging a metering capability appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service.

Rapid elasticity. Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly up and down in line with demand. To the consumer, the resources available for provisioning often appear to be unlimited.

Resource pooling. The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different resources dynamically assigned and reassigned according to consumer demand.

With these characteristics we can then construct three distinct Cloud Service Models:

Cloud Service Models 
Cloud Service Models
 

In this article we are concentrating solely on Infrastructure as a Service, which is comprised of highly automated and scalable compute resources, cloud storage and network capability. Customers that consume IaaS no longer need to invest in the capacity planning or the physical maintenance and management of infrastructure. IaaS is the most flexible cloud computing model and allows for automated deployment of servers, processing power, storage, and networking.

So we have you sold on IaaS, but where does this service model fit in the Life Sciences sector?

It’s fairly simple…

Annex 11 Computer System

“The application should be validated; IT infrastructure should be qualified”

21CFR Part11 Electronic Records and Electronic Signatures

Cloud infrastructure is considered part of the regulated system. Companies shouldn’t forget to qualify their infrastructure. What are ‘systems’ in ‘computer or related systems’ in 211.68 as per the regulations. This specifically calls out ‘Cloud Infrastructure’.

At Compliant Cloud we ensure that our Cloud Infrastructure is Qualified (QIaaS), helping our Life Science customers to be and remain compliant.