Jarrod Medeiros
Product Manager, IDBS

As the market requires R&D organizations to be more nimble and lean, outsourcing data center operations is becoming an increasingly logical trend. For organizations managing a multitude of applications, reducing the IT overhead is a major driver towards Software-as-a-Service (SaaS).

There are numerous incentives for firms that decide to embrace cloud-based technology, ranging from speed of process and scalability to more efficient collaborations. All these benefits can lead to accelerated research and development as well as increased productivity and profits.

Drivers for change

Companies should consider moving to the cloud for a range of reasons – with both immediate and long-term benefits. The most direct advantage is a reduction of costs after transition: cloud providers take advantage of economies of scale, which reduce overheads like maintenance costs for hardware and software. These savings are passed on to research organizations, which are coping with an annual cost increase per approved molecule of 50 percent over a six-year period.

Additionally, once the transition to the cloud has taken place, there can be an immediate removal of space and infrastructure constraints in an organization’s IT department. With virtualized data centers, this adds an ability to scale up, or down, without having to worry about investing in new equipment or selling off excess technology. Virtualized data centers will typically go above and beyond in preparing for disaster recovery as well.

The implementation of cloud-based solutions will also have other knock-on effects further down the line. These include enabling easier outsourcing to Contact Research Organizations (CROs), bypassing working with obsolete technology and removing the barriers associated with essential and frequent upgrades.

But despite all these incentives, concerns remain for organizations thinking about cloud implementation. For research companies, the necessity of moving all their information ‘out of the building’ brings justified concerns around security.

Blockers to change

For these organizations, there are many potential blockers – varying from regulatory compliance to concerns over data access and security – which historically have prevented such transition to the cloud, and have barred them from taking advantage of these benefits.

There can be misunderstandings in the kind of services that organizations require. Cloud computing can mean many different things – from multi-tenanted solutions to virtual private clouds and server-less computing – with different benefits for organizations depending on how they are being used.

Each provider will have different services available for their clients, ranging from Software-as-a-Service (SaaS) and Platforms-as-a-Service (PaaS) to Infrastructure-as-a-Service (IaaS). In addition, these services can be served on a private cloud – secured as an extension of a companies’ corporate network – or on multi-tenanted software, which is typically open to the general internet. Where a provider falls on this spectrum will have an impact on security and associated risks.

One limitation of cloud solutions is the restriction of access to the back-end systems themselves. While this is a good thing in the interest of security and system stability, it raises questions where system integration and data access are concerned.

When evaluating a cloud vendor, firms should think of what access to the system they will require down the line. Do they want to integrate it into other business systems or maybe surface the data to an aggregation tool for reporting and visualization? It’s good to discuss the potential needs up front and ensure that APIs are in place to support your use case.

Data location and security concerns

Security can be a perfectly justifiable concern with cloud based systems, but it can also be a concern with internally managed infrastructure. In either scenario ensuring the proper protocols are in place is the best method to mitigate risk.

Be sure to assess the procedures that are in place regarding data access. The users controlling data access should not have access themselves, and those that require it should follow strict protocols when doing so. All activity must be logged appropriately and follow best practices. In addition, data at rest and in transit should be encrypted and procedures around key management should be strictly adhered to. The implementation of proper monitoring will ensure security, and alert stakeholders of any potential breaches.

With the legal requirements of data residency varying across countries, the problem of the exact location of data can become very complex. One benefit of working with cloud vendors is that the vendor is responsible for complying with local laws, and liaising with relevant regulatory organizations. Before choosing a cloud provider, organizations need to ensure they talk about these considerations, and that critical data is going to be storied in appropriate locations that will comply with local legislation.

Any cloud provider an organization plans to work with should be vetted to ensure it is adhering to the appropriate security standards and protocols. Looking for standards certifications such as SOC-2 and ISO 27001 among others will help in ensuring the organization is taking security seriously.

For research and development organizations, the imperative to cut costs, increase efficiency and reduce time to market are forcing firms to reconsider the ways they interact with technology. If organizations and institutions alter their business models to reflect these technological advances, stagnant productivity can be halted or reversed. The incentives for deployment of cloud solutions far outweigh the concerns – but choosing the right solution and provider is critical.