Are We Ready to Fly into the Cloud?

Are We Ready to Fly into the Cloud?

February 1, 2011

Article

Applied Clinical Trials

Applied Clinical TrialsApplied Clinical Trials-02-01-2011

Volume 20

Issue 2

Cloud computing is now becoming possible for pharmaceutical companies, but still faces challenges.

During my early days at a CRO, our CEO would repeatedly complain to me that IT infrastructure should be just as convenient, reliable, and easy to get as electricity. You should just be able to plug in, he'd say, and immediately everything works, and you only pay for what you use. Of course in those days of PC LANs, modems, and cranky MS-DOS applications, it did little good for a weary CIO like me to protest that his analogy wasn't realistic—that computers were used for many discrete purposes with different types of data, both standalone and in networks, with every potential opportunity for issues to arise. Instead, we tried our best and took our lumps when the inevitable failures and breakdowns occurred from time to time. But we were especially careful to play to the CEO's illusion by making sure that his computer really did run reliably with only e-mail and a couple of simple applications, hoping he'd be satisfied with that.

Today with ever more powerful, networked computing devices on our laps and in our palms, it really is beginning to seem that computing is finally inching closer to becoming a utility just as my former CEO wanted. We expect to just power on at will and have immediate access to the Internet where we can do almost anything we want right away without worrying where it comes from. At the business enterprise level this type of ready access to computing resources, applications, and information is commonly (though not always accurately) referred to as cloud computing. Cloud computing has been notably highlighted in the Gartner Group's 2010 Hype Cycle Report¹ as being at the peak of inflated expectations, just leaning out into the trough of disillusionment when overly-optimistic expectations typically begin to disappoint before eventually leveling out into a steady upward slope of enlightenment where it will realize its potential to transform the way we use technology.

And what a transformative concept it can eventually be where companies rapidly expand their computing capabilities on demand without significant up front capital investment or an extensive data center and IT team. It's also more than that—it provides an opportunity for increased collaboration and unleashes innovation by removing many of the constraints of traditional, internalized IT environments. But what exactly is it? Phil Wainewright defines four essential components of true cloud computing:² an elastic, abstracted architecture that allows you to dynamically swap components; an "as-a-service" infrastructure that pairs virtualization with provisioning and management; shared multi-tenancy among all customers; and nearly limitless cloud scale.

Some pharmaceutical and biotechnology companies have already adopted cloud computing for some computer-intensive research tasks such as bioinformatics, molecular modeling, and proteomics. These applications often follow narrower flavors referred to as infrastructure as a service (IaaS) which means having near immediate access to processing and storage services on demand, or platform as a service (PaaS), which provides a hosted environment for developing custom applications. These types of uses are likely to be particularly attractive to start-ups, since they can avoid capital-intensive investments on computing infrastructure and just rent what they need in the early stages of product development. Cloud computing not only reduces the initial investment, but also reduces start-up times—cloud services can be ready for use in a fraction of the time it takes to build up all the infrastructure internally. This is equally important to large pharma, which can be subject to bureaucratic obstacles and interminable delays when trying to add a server through internal IT organizations.

Cloud computing in a broader sense—that includes hosted applications and software as a service (SaaS)—is already in widespread use among pharmaceuticals, as evidenced by the hosted services for EDC studies, safety products, and even data warehouses and analysis environments in some cases. Is this really cloud computing, or is it just a rebranding of something we've been doing all along? When a company sets up a VPN or other secure link to a hosting environment to run a specific application, they're not really plugging into a cloud. Rather, they're just stretching a very long extension cord to an outlet in another location. And when we're talking about regulated applications and protected research information, we usually have to tunnel through corporate firewalls to access a variety of complex and often cumbersome products on individual servers with separate databases, each with their own complications, pitfalls, and nuances.

To fully realize the potential transformative power of the cloud, we have to separate our needs for computational power, storage, software applications and, above all, information. While we already have examples of accessing external data centers, we have few cases where our principal sources of information reside in the cloud. Though much of the work done in clinical development is really common across all companies, there are many individual commercial and custom applications used in performing this work. Many companies still feel their specific business needs and processes require a custom solution—whether in the form of bespoke applications that predominated in the last century, or in highly customized commercial applications today that take on a unique flavor for each individual customer. Many of these companies are reluctant to share a common standard application for research and development applications, even if they do use products like salesforce.com/ for other purposes. This stubborn mindset is slowly changing as applications become more easily configurable and open, and as more and more companies converge around mainstream solutions, but there's still an inherent resistance in many companies to adopt the same standards and tools as everyone else. There's still a sense of competitive advantage by having an individual solution optimized for your own use that seems to better protect your intellectual property.

Yet in the cloud, it should be possible to offer common applications to many users, and to capitalize on service-oriented architectures to give individual customers the flexibility to adapt to variations in business processes.³ If this is done in the cloud, a single connection can be available to all while reducing the effort to individually integrate each system at each customer site.

Fear of letting go is just one of many psychological barriers. When the term "cloud computing" is broached an outcry of security concerns is likely to erupt—even for those who already use external hosting providers. Yet in most cases service providers can actually provide a higher degree of auditable security and disaster recovery for far less effort than most internal IT departments—it's their primary business. A risk assessment and mitigation plan (possibly based on lessons learned in other industries such as finance and e-commerce) is essential—both to ensure the necessary precautions are already in place and to build internal confidence that it's even feasible to proceed in the first place.

Then there are the typical regulatory concerns. Are cloud computing providers really capable of conforming to Part 11, HIPAA, GCP and the many other regulatory-required or inspired internal precautions we follow with our computing infrastructures? Well, those who are active in the industry must be—assuming they're experienced and have had their offerings verified by audit.

The ultimate hang-up is our need to hoard our critical information assets—our data. Data are what R&D is all about. Even in the case of information we all collect—such as safety data—we're understandably reluctant to have it leave our internal storage vaults except when we have to—much less transfer custody to an external provider who is also managing information for our competitors. Why such reluctance in an age when we supply our credit card number to multiple vendors and perform most of our banking and financial transactions online?

Maybe it is time to seriously consider the vision of having all relevant information to clinical research in one place where it could be simultaneously accessed by the provider (site), the sponsor research team, and the regulatory authority. This wouldn't mean it's out of control, only that it's managed by a central utility provider who gives us the permissions we need to manage our own info—and to grant access to others such as partners during development, regulators during review, and anyone else as the need arises. In fact, regulatory agencies are a critical influence over the attitude for adopting the cloud for regulated data—the lack of clear-cut regulatory positions can be a serious disincentive to adoption. Then again, they could lead the way as they transition to a new set of information technologies themselves.

One direct benefit of such an environment would be to minimize redundancy and the number of transformations required. Under this approach, multiple companies would contribute to a data bank, potentially earning interest on deposits and paying fees on withdrawals. Each company would have control over their accounts, transferring only what was necessary when needed. Behind the scenes it all would be in a finite set of common environments. Who knows what future capabilities or efficiencies might ensue? We need simple and convenient data sharing across functions, companies, partners, and stakeholders.

So are we ready yet to fly into the cloud? Maybe not quite yet. But we should be planning our itinerary now.

Wayne R. Kubick is Senior Director, Life Sciences Product Strategy at Oracle Health Sciences. He can be reached at [email protected]