Brandon Butler | Network World
Judy Klickstein is a cloud believer. As CIO of Cambridge Health Alliance, a midsized healthcare provider just outside of Boston, she’s excited about the efficiencies cloud computing can bring to her organization.
Outsourcing management of the hardware can free her IT staff to focus on more strategic projects instead of just “keeping the lights on,” while having a common place to store information that is accessed by CHA and other healthcare organizations could make hospital operations much faster and simpler.
But as a health organization, CHA is in one of the most heavily regulated industries in America. She can’t just throw all her IT resources up into the public cloud without some considerable due diligence and assurances that it will work, and be protected. So is the cloud ready for organizations like Klickstein’s?
Klickstein is certainly open to the idea of using the cloud, but so far CHA’s IT investments, though working with management firm Egenera, have been around optimizing the IT infrastructure behind the company’s firewall. The hospital has decreased the number of servers CHA uses through virtualization, and has automated as many processes as possible, including daily backups.
Ninety-nine percent of CHA’s IT workloads are done on site, some in a private cloud, while a small amount of analytics involving non-personally identifiable information (PII) about patients is done in Amazon’s cloud. She’s unsure if public cloud services will ever be ready for the bulk of CHA’s workloads. “We’re so regulated, I have an obligation, a fiduciary responsibility really, to ensure personal health information doesn’t get lost,” she says, noting that a recent Boston hospital, the Massachusetts Eye and Ear Infirmary, faced a $1.5 million fine after a worker’s laptop had been stolen.
Security isn’t the only concern. She’s running IT for a health organization – what if the cloud goes down? Will CHA have to stop seeing patients? What if a doctor is in the middle of a procedure?
At a panel discussion last week outside of Boson, Klickstein joined cloud vendors, users and venture capitalists to discuss the state of the cloud industry and specifically around how the cloud market can continue to mature to meet the needs of organizations like CHA.
Cloud computing vendors sense an opportunity to offer services for the healthcare space, as they position their service offerings for specific vertical industries, or so-called community clouds. Verizon’s Terremark division is the latest to do this by offering a Health Insurance Portability and Accountability Act (HIPAA)- compliant cloud.
Rick Ruskin, who heads up strategy for network monitoring and performance management firm eG Innovations, says one way cloud users can guarantee cloud services will be up to their required standards is through service-level agreements, which dictate the amount of uptime and performance metrics that will be delivered and penalties if they are not. But Klickstein doesn’t see that as a panacea. It’s one thing for there to be an SLA in place to take action after an incident, but she just needs it to work in the first place. Klickstein, more than anything, wants the service to be reliable.
For some users, building a reliable cloud infrastructure in their IT organization means not putting all their eggs in one basket, meaning they may federate across multiple clouds, says Bob Noel of Enterasys, a network infrastructure and management company. The key to that, he says, is having interoperable clouds. Interoperability across cloud providers leaves customers in control of their IT assets, allowing users to move workloads among public clouds, based on security, performance, for example.
How can true interoperability be achieved? Michael Skok, a VC partner at North Bridge Venture Partners, who has invested in a variety of cloud startups, says he sees standards emerging from three areas. Open source cloud platforms, such as OepnStack, are hoping to position themselves as a standard, although OpenStack backers themselves admit their project is far from a standard so far.
De facto standards could emerge as well. Some have said Amazon Web Service APIs, because of their wide use, could by default become a market standard that other organizations work around. A third way to encourage interoperability, says Pete Manca of Egenera, is to have third-party vendors, such as RightScale, enStratus and others, provide integration services across multiple clouds.
But Manca says even if there are emerging standards in the industry, vendors don’t necessarily have an incentive to embrace them, forcing customers to just integrate clouds at the API layer, which does not provide the same level of interoperability compared to if there was baked-in compatibility among cloud providers.
Tim Koundais, an IBM cloud evangelist, says that functionality is part of the reason IBM joined OpenStack, but he hasn’t seen huge customer demand for it yet. “What we’re finding is that customers pick a solution,” and go with it, he says. “If they have an Amazon cloud, a Google cloud and they want to connect them in with an IBM cloud, then we’ll serve that.”
The lack of standards, interoperability and perceptions around performance are some of the issues why organizations have been slow to move large amounts of production workloads to the cloud. Instead, many organizations are using the cloud as a development and test environment to explore cloud opportunities, Koundais says.
The fact is, as Klickstein points out, the cloud just may not be ready for all business verticals, such as healthcare, even as the industry continues to mature.
