Do’s and don’ts for implementing a multi-cloud environment
Not all clouds are created equal, which is why some healthcare organizations are choosing to deploy multiple cloud models from various providers, which could help improve scalability and add flexibility to the ways they store and retrieve data.
In fact, 90% of healthcare organizations plan to use multiple cloud vendors over the next few years, according to a recent report from IDC Research.
Common pitfalls to avoid
Despite the various benefits multi-cloud environments offer providers, organizations planning a migration should be aware of some common pitfalls to avoid, as well as critical planning decisions that should not be overlooked.
Dr. Larry Ponemon, CEO and founder of the Ponemon institute, said if they are all operating correctly, using different clouds for different applications could lead to significant benefits in terms of cost and efficiency savings.
However, the ability to identify the applications needed, and being able to select the cloud providers that are the best fit for the organization’s needs, is a “major consideration” for health systems to take before embarking on a multi-cloud future.
“It’s not easy to search for those tools and figure out which ones are the best,” he said. “So that’s step one – understanding what you need and knowing what vendors can provide those services.”
Safety, security and privacy issues
Another essential part of the strategy needs to be focused on safety, security and privacy issues that are significant in the cloud environment – it is vital providers understand those things in advance before they start migrating.
“Make sure you know where the information has to be according to regulation, and know what the regulations are,” Ponemon said. “Also know what kind of tools you need to be in compliance: Are you going to be affected by GDPR regulations in Europe, for example?
Ponemon said the biggest mistake providers make is not having built a robust enough governance process when moving to multi-cloud environments, for things like disaster recovery if the hospital is hit with malware, for example.
This requires a process of testing, and making sure the tools being brought in have high scalability and interoperability, as well as allowing the sharing of intelligence information with other healthcare organizations.
“Be very clear about why you need a multi-cloud environment,” Dr. Abed Saif, founding partner and director of cybersecurity advisory services specialist AbedGraham, told HealthcareITNews. “What are unique benefits or features you get that cannot be covered by a single cloud provider?”
He explained the more complex the environment then the more expertise and resources that will be needed by a healthcare provider, so he recommends always conducting a highly detailed internal requirements assessment before pursuing any cloud strategy.
“Do not assume ‘multi-cloud’ by default and make sure you are clear with your internal definitions and strategic requirements before pursuing any market engagement, such as hybrid cloud versus multi-cloud; SaaS versus PaaS or IaaS; and so on,” he explained. “Finally, do not assume a big brand name equates to risk and security standards that are optimized for you. So ask tough questions about these.”