LII:Choosing and Implementing a Cloud-based Service for Your Laboratory/Final thoughts and additional resources
7. Final thoughts and additional resources
7.1 Final thoughts
The cloud is about how you do computing, not where you do computing.
- Paul Maritz, former CEO of VMware
This quote from Paul Maritz has been floating around for some time, but how relevant is it today? The first chapter of this guide examined what cloud computing actually is and how it has changed since the mid-2000s. We've gone from talking about how to implement web services at the turn of the century to advanced cloud services that are going "hybrid" or "serverless." Despite the massive shift in thinking, however, one aspect has always remained the same: you have to have internet access to use services provided on the web. In that sense, the "where" of the performed computing is important. In another sense, "where" matters, as we discovered in the second chapter on cloud standards, regulations, and security. Where the data is created and where it resides are important considerations for regulatory purposes, as are the methods used to secure the cloud, and who holds responsibility for them. "Where" is also a consideration when asking about your data in the cloud. Its location is relevant to not only risk assessments and risk management practices—as described in the third chapter—but also to where you do your work: the laboratory. In the fourth chapter we discussed how a laboratory and its unique workflows, industries services, and affecting regulations shape decisions on cloud projects, while also addressing the benefits and drawbacks. In the fifth, we explained the concept of managed security services, which further abstracted the “how” and “where” of computing via the third party, who manages the security of your cloud and on-premises solutions remotely! And in the sixth chapter, we distilled much of the previous chapters down into how a laboratory chooses and implements one or more cloud solutions. Even there, "where" comes into play, as you ask the cloud service provider where their servers are located and where your data will be stored, while you ask yourself "where" you envision your lab with cloud computing solutions in the future.
When considering all this, however, Maritz was only partially off. There are many "wheres" to choosing and implementing a cloud-based service for your laboratory, including where you do your computing from, and even where your security is managed from. But cloud computing is certainly more about “how” you do computing in your laboratory. Cloud computing has proven to be at least a partially disruptive force over the years, changing organizations' IT departments, security planning, budgeting, and many other aspects, often for the better, though with its own complications. Laboratories can now host laboratory information management systems (LIMS) and electronic laboratory notebooks (ELNs) in the cloud and use infrastructure as a service (IaaS) to host serverless code that triggers when a cloud-connected instrument takes a reading and uploads the data. Laboratory users can now pull up information about not only automated lab procedures but also the security status of the equipment managing those procedures using a tablet while parked in the grocery store parking lot. Environmental sensors in Alaska can send data to a software as a service (SaaS) application hosted in Europe for processing, and then be accessed by an authorized user in Australia. Yes, the where of it all is related, but ultimately how the laboratory computes has now been changed with cloud computing.
That doesn't mean there are fewer considerations and complications with a shift to the cloud. The laboratory should approach any migration to or addition of cloud services with assertive yet balanced project planning that takes into account organizational goals, management buy-in, necessary stakeholders, scope and responsibility, existing IT and data structures, risk management and regulatory considerations, budgeting and IT requirements, provider vetting, training, maintenance, and security monitoring. Vetting providers and their services can be particularly time-consuming, but it remains a critical component of any cloud-based move in your lab. Given all these complications, laboratories shouldn't be afraid to seek additional help from knowledgeable consultants and managed security service providers with experience implementing and securing cloud in laboratories, particularly when in-house expertise is lacking.
Hopefully this guide has been a boon to understanding cloud computing and all the considerations that come with it. Laboratories have much to consider when moving to or adding to their position in the cloud. The fact that you've made it through this document is a strong testament to your desire to ensure the success of a cloud project for your lab going forward. Good fortunes to you and your organization going forward.
7.2 Key reading and reference material
- Agilent Technologies (21 February 2019). "Cloud Adoption for Lab Informatics: Trends, Opportunities, Considerations, Next Steps" (PDF). Agilent Technologies. https://www.agilent.com/cs/library/whitepaper/public/whitepaper-cloud-adoption-openlab-5994-0718en-us-agilent.pdf.
- Cloud Security Alliance (2020). "Top Threats to Cloud Computing: The Egregious 11" (PDF). https://cloudsecurityalliance.org/download/artifacts/top-threats-to-cloud-computing-egregious-eleven/.
- Eustice, J.C. (2018). "Understand the intersection between data privacy laws and cloud computing". Legal Technology, Products, and Services. Thomson Reuters. https://legal.thomsonreuters.com/en/insights/articles/understanding-data-privacy-and-cloud-computing.
- Guseyva, V. (18 September 2020). "Data residency laws by country: An overview". InCountry. https://incountry.com/blog/data-residency-laws-by-country-overview/.
- Kirvan, P. (17 December 2020). "Top cloud compliance standards and how to use them". TechTarget SearchCompliance. Archived from the original on 21 December 2020. https://web.archive.org/web/20201221150028/https://searchcompliance.techtarget.com/tip/Top-cloud-compliance-standards-and-how-to-use-them.
- Levite, A.; Kalwani, G. (9 November 2020). "Cloud Governance Challenges: A Survey of Policy and Regulatory Issues". Carnegie Endowment for International Peace. https://carnegieendowment.org/2020/11/09/cloud-governance-challenges-survey-of-policy-and-regulatory-issues-pub-83124.
- Maurer, T.; Hinck, G. (31 August 2020). "Cloud Security: A Primer for Policymakers". Carnegie Endowment for International Peace. https://carnegieendowment.org/2020/08/31/cloud-security-primer-for-policymakers-pub-82597.
- Mok, K. (1 December 2020). "Should we really be worried about vendor lock-in in 2020?". Protocol. https://www.protocol.com/manuals/new-enterprise/vendor-lockin-cloud-saas.
- Olavsrud, T. (13 April 2012). "Why Open Source Is the Key to Cloud Innovation". CIO. https://www.cio.com/article/2397213/why-open-source-is-the-key-to-cloud-innovation.html.
- Pratt, M.K. (14 December 2020). "Building stronger multicloud security: 3 key elements". CSO. https://www.csoonline.com/article/3584735/building-stronger-multicloud-security-3-key-elements.html.
- Ramalingam, C.; Mohan, P. (2021). "Addressing Semantics Standards for Cloud Portability and Interoperability in Multi Cloud Environment". Symmetry 13: 317. doi:10.3390/sym13020317.
- Tiller, D. (2019). "Is the Cloud a Safe Place for Your Data?: How Life Science Organizations Can Ensure Integrity and Security in a SaaS Environment" (PDF). IDBS. https://storage.pardot.com/468401/1614781936jHqdU6H6/Whitepaper_Is_the_cloud_a_safe_place_for_your_data.pdf.
- Trianz (29 March 2021). "How Managed Cloud Security Works, and Why You Might Want It". https://www.trianz.com/insights/managed-cloud-security-services-how-and-why-it-works.
- AO Kaspersky Lab (2021). "What is Cloud Security?". Resource Center. https://usa.kaspersky.com/resource-center/definitions/what-is-cloud-security.
- Center for Internet Security (2021). "The Beginner’s Guide to Secure Cloud Configurations". CIS Blog. https://www.cisecurity.org/blog/secure-cloud-products-and-services-with-new-cis-benchmarks/.
- Kearns, D.K. (December 2017). "Planning & Management Methods for Migration to a Cloud Environment". The MITRE Corporation. https://www.mitre.org/publications/technical-papers/planning-management-methods-for-migration-to-a-cloud-environment.
- Office for Civil Rights (24 November 2020). "Guidance on HIPAA & Cloud Computing". Health Information Privacy. U.S. Department of Health & Human Services. https://www.hhs.gov/hipaa/for-professionals/special-topics/health-information-technology/cloud-computing/index.html.
- Souppaya, M.; Morello, J.; Scarfone, K. (September 2017). "SP 800-190 Application Container Security Guide". NIST. https://csrc.nist.gov/publications/detail/sp/800-190/final.
- The Linux Foundation (12 November 2020). "Kubernetes Documentation". https://kubernetes.io/docs/home/.
7.3 Associations, organizations, and interest groups
- Cloud Computing Association: "an independent membership organization dedicated to building a community of end-users and service providers of cloud-based solutions and products"
- Cloud Industry Forum: a not-for-profit company that "champions and advocates the adoption and use of cloud-based services by businesses"
- Cloud Security Alliance: an "organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment"
- Internet Association: a "trade association that exclusively represents leading global internet companies on matters of public policy"
- Legal Cloud Computing Association: an association that "collaborates with Bar Associations and Law Societies to define industry-leading best practices"
- SIG-CLOUD: a special interest group of the Services Society that "promotes creative thinking, long-term visions, and innovative methodologies to respond to the emerging cloud computing technologies and applications"
7.4 Consultancy and support services
Note: This is intended to be a sampling of consultancies that provide cloud computing service assistance, most with some kind of experience working with labs. It's not intended to be a complete list.
- A-LIGN ASSURANCE
- Edafio Technology Services
- Simtech Consulting
- TCG Digital
- Vertex Laboratories
Citation information for this chapter
Chapter: 7. Final thoughts and additional resources
Title: Choosing and Implementing a Cloud-based Service for Your Laboratory
Edition: First edition
Author for citation: Shawn E. Douglas
License for content: Creative Commons Attribution-ShareAlike 4.0 International
Publication date: August 2021