Difference between revisions of "User:Shawndouglas/sandbox/sublevel45"

From LIMSWiki
Jump to navigationJump to search
Line 1: Line 1:
[[File:Cloud Computing (6648686983).jpg|right|350px]]Here we provide a concise listing of questions your organization should be asking internally at various steps of a cloud project. If you've followed a formal project management path, your lab may have asked many of these questions already during goal setting, scope setting, risk assessment, and requirement documentation. If so, fantastic; you have most of the answers. However, if prior cloud project management steps failed to address them, now is certainly the time, before you start your laboratory's provider research in earnest. While these questions are loosely ordered in a traditional project management path, their order is not significant otherwise. Just be sure your laboratory has considered or will be considering these questions.<ref name="AgilentCloud19">{{cite web |url=https://www.agilent.com/cs/library/whitepaper/public/whitepaper-cloud-adoption-openlab-5994-0718en-us-agilent.pdf |format=PDF |title=Cloud Adoption for Lab Informatics: Trends, Opportunities, Considerations, Next Steps |author=Agilent Technologies |publisher=Agilent Technologies |date=21 February 2019 |accessdate=21 August 2021}}</ref><ref name="APHLBreaking17">{{cite web |url=https://www.aphl.org/aboutAPHL/publications/Documents/INFO-2017Jun-Cloud-Computing.pdf |format=PDF |title=Breaking Through the Cloud: A Laboratory Guide to Cloud Computing |author=Association of Public Health Laboratories |publisher=Association of Public Health Laboratories |date=2017 |accessdate=21 August 2021}}</ref><ref name="IFAhelp20">{{cite web |url=https://www.mynewlab.com/blog/a-helpful-guide-to-cloud-computing-in-a-laboratory/ |title=A Helpful Guide to Cloud Computing in a Laboratory |work=InterFocus Blog |publisher=InterFocus Ltd |date=05 October 2020 |accessdate=21 August 2021}}</ref><ref name="O'MalleyIsMov21">{{cite web |url=https://www.securityroundtable.org/is-moving-operational-technology-to-the-cloud-a-good-idea/ |title=Is Moving Operational Technology to the Cloud a Good Idea? |author=O'Malley, K. |work=SecurityRoundtable.org |date=19 February 2021 |accessdate=21 August 2021}}</ref><ref name="EusticeUnder18">{{cite web |url=https://legal.thomsonreuters.com/en/insights/articles/understanding-data-privacy-and-cloud-computing |title=Understand the intersection between data privacy laws and cloud computing |author=Eustice, J.C. |work=Legal Technology, Products, and Services |publisher=Thomson Reuters |date=2018 |accessdate=21 August 2021}}</ref><ref name="DonnellyTheOVH21">{{cite web |url=https://www.computerweekly.com/news/252498983/OVHCloud-datacentre-fire-Assessing-the-after-effects-on-datacentre-operators-and-cloud-users |archiveurl=https://web.archive.org/web/20210408103340/https://www.computerweekly.com/news/252498983/OVHCloud-datacentre-fire-Assessing-the-after-effects-on-datacentre-operators-and-cloud-users |title=The OVHCloud fire: Assessing the after-effects on datacentre operators and cloud users |author=Donnelly, C. |work=ComputerWeekly |date=08 April 2021 |archivedate=08 April 2021 |accessdate=21 August 2021}}</ref>
Here we provide a concise listing of 18 questions your organization should be asking any cloud providers being considered for your cloud project. (A broader list of questions is discussed in the next subsection about RFIs.) As part of the discovery phase of your formal cloud project, some of these questions may have been asked prior, but many of them will likely not have been addressed in prior discussions. Most of these questions have already been addressed in prior sections of this guide, but a "shopping list" is always handy, yes? Like the prior list, the ordering here means little, aside from perhaps an attempt at semi-logical progression from introduction to the provider to wrapping up agreements.<ref name="APHLBreaking17">{{cite web |url=https://www.aphl.org/aboutAPHL/publications/Documents/INFO-2017Jun-Cloud-Computing.pdf |format=PDF |title=Breaking Through the Cloud: A Laboratory Guide to Cloud Computing |author=Association of Public Health Laboratories |publisher=Association of Public Health Laboratories |date=2017 |accessdate=21 August 2021}}</ref><ref name="IFAhelp20">{{cite web |url=https://www.mynewlab.com/blog/a-helpful-guide-to-cloud-computing-in-a-laboratory/ |title=A Helpful Guide to Cloud Computing in a Laboratory |work=InterFocus Blog |publisher=InterFocus Ltd |date=05 October 2020 |accessdate=21 August 2021}}</ref><ref name="EusticeUnder18">{{cite web |url=https://legal.thomsonreuters.com/en/insights/articles/understanding-data-privacy-and-cloud-computing |title=Understand the intersection between data privacy laws and cloud computing |author=Eustice, J.C. |work=Legal Technology, Products, and Services |publisher=Thomson Reuters |date=2018 |accessdate=21 August 2021}}</ref><ref name="WardCloud19">{{cite web |url=https://www.labmanager.com/business-management/cloud-computing-for-the-laboratory-736 |title=Cloud Computing for the Laboratory: Using data in the cloud - What it means for data security |author=Ward, S. |work=Lab Manager |date=09 October 2019 |accessdate=21 August 2021}}</ref><ref name="LBMCNine21">{{cite web |url=https://www.lbmc.com/blog/questions-cloud-service-providers/ |title=Nine Due Diligence Questions to Ask Cloud Service Providers |author=LBMC |work=LBMC Blog |date=24 February 2021 |accessdate=21 August 2021}}</ref><ref name="TRThree21">{{cite web |url=https://legal.thomsonreuters.com/blog/3-questions-you-need-to-ask-your-cloud-vendors/ |title=Three questions you need to ask your cloud vendors |author=Thomson Reuters |work=Thomson Reuters Legal Blog |date=03 March 2021 |accessdate=21 August 2021}}</ref>


# What do we hope to achieve by transitioning operations to the cloud?
# What experience do you have working with laboratory customers in our specific industry?
# Who among staff is best able to act as a go-between with the executive team in order to increase support for cloud adoption?
# Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?
# Have we developed a comprehensive project plan with goals, objectives, benefits, etc. and how cloud computing factors into them?
# What is the average total historical downtime for the service(s) we're interested in?
# If not, who can be trusted to develop and implement such a cloud computing plan for our lab, or the organization as a whole?
# Do we receive comprehensive downtime support in the case of downtime?
# Do we fully understand the regulations and accreditation requirements that drive security for our organization and its data?
# Where are your servers located, and how is data securely transferred to and from those servers?
# What proficiencies and skills do lab technicians and IT staff currently have in computing, and cloud computing in particular?
# Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?
# Have we polled our users and relevant stakeholders about how they currently use existing computing services and access their data as part of their workflow? (For example, if internet access isn't readily available in the lab, this will have to change with cloud.)
# Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?
# What kind of data are we putting in the cloud?
# How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)
# Has anyone conducted an independent assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of health or other sensitive data and information stored in our systems?
# Do you have documented data security policies?
# Do we fully understand the [[Informatics (academic field)|informatics]] strengths and gaps within our organization?
# How do you test your platform's security?
# Do we fully understand the risks associated with cloud computing and how to best mitigate them?
# What are your policies for security audits, intrusion detection, and intrusion reporting?
# Are we willing to take the time to compare the operational effectiveness, costs, risks, and security concerns of multiple cloud providers before we make a decision?
# What data logging information is kept and acted upon in relation to our data?
# How bad can things go wrong if we (or the cloud provider) are attacked?
# How thorough are those logs and can we audit them on-demand?
# What will we (and the cloud provider) do to proactively detect, prevent, and remediate security breaches?
# For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?
# What will our back-up and protection mechanisms be to mitigate data loss due to fire or other catastrophic events both on-premises and in the cloud?
# What happens to our data should the contract expire or be terminated?
# What happens to our data should you go out of business or suffer a catastrophic event?
# Can we use your interface to extract our data when we want, and in what format will it be?
# Are your support services native or outsourced/offshored?


==References==
==References==
{{Reflist|colwidth=30em}}
{{Reflist|colwidth=30em}}

Revision as of 22:32, 21 August 2021

Here we provide a concise listing of 18 questions your organization should be asking any cloud providers being considered for your cloud project. (A broader list of questions is discussed in the next subsection about RFIs.) As part of the discovery phase of your formal cloud project, some of these questions may have been asked prior, but many of them will likely not have been addressed in prior discussions. Most of these questions have already been addressed in prior sections of this guide, but a "shopping list" is always handy, yes? Like the prior list, the ordering here means little, aside from perhaps an attempt at semi-logical progression from introduction to the provider to wrapping up agreements.[1][2][3][4][5][6]

  1. What experience do you have working with laboratory customers in our specific industry?
  2. Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?
  3. What is the average total historical downtime for the service(s) we're interested in?
  4. Do we receive comprehensive downtime support in the case of downtime?
  5. Where are your servers located, and how is data securely transferred to and from those servers?
  6. Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?
  7. Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?
  8. How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)
  9. Do you have documented data security policies?
  10. How do you test your platform's security?
  11. What are your policies for security audits, intrusion detection, and intrusion reporting?
  12. What data logging information is kept and acted upon in relation to our data?
  13. How thorough are those logs and can we audit them on-demand?
  14. For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?
  15. What happens to our data should the contract expire or be terminated?
  16. What happens to our data should you go out of business or suffer a catastrophic event?
  17. Can we use your interface to extract our data when we want, and in what format will it be?
  18. Are your support services native or outsourced/offshored?

References