Cloud strategy guide for regulated industries: part 4
How to Choose a Cloud Provider in 5 Easy Steps
The market is finally starting to answer the needs of regulated industries. Cloud computing is now ready for biotech and pharma companies.
While less-regulated industries migrate to the cloud rapidly, highly-regulated sectors, like financial, healthcare, or biopharma, are still more careful. But despite all concerns, some are still adopting new cloud technologies. Many of them are at the point of no return – moving to the cloud defines their growth in a competitive market.
Cloud market offers, revenue, and network are scaling up year by year. For life science, this is great news – all huge players try to fit their services to regulations and needs of biotech and pharma.
Check which cloud providers are ready for regulated industries.
Cloud computing is growing trend
Gartner predicts that by 2026 public cloud spending will exceed 45% of all enterprise IT spending, up from less than 17% in 2021.
The market is highly consolidated, with more than 63.0% share of the most common public cloud providers, AWS, Microsoft. Google, and Alibaba (source). In 2018, the market value for public cloud computing in biopharma was $996 million and was expected to grow at a CAGR of 22.8% to reach $3.4 billion in 2024, based on BCC Research.
Cloud computing – a change of paradigm
Regardless of which industry or region we talk about, businesses are under pressure to choose cloud providers who truly can take responsibility and care for fragile data and adjust an offer to strict laws. An IT solutions and technologies portfolio is usually complex: companies use infrastructure from many vendors, solutions from different suppliers, and custom build applications. For many decision-makers choosing the cloud provider seems to be challenging.
We asked Emilia Smołko, Senior Enterprise Solutions Architect CEE at Amazon Web Services, why some organizations are still reluctant to move to the cloud and what they are missing. There is no one simple answer for that.
Organizations are made up of people. Every transformation starts with the culture – and not necessarily with the technology. To make the change, people need to challenge their way of thinking and take the controlled risk. If you don’t know what’s behind the corner, you might be afraid of that change. In my opinion, it is just a matter of having the right experience and skills in the organization. It’s really important that the employees are trained on the cloud and comfortable with the concept.
– Emilia said, and she added
So the biggest difference between organizations that talk about moving to the cloud, and those that actually do it, often comes down to the right strategy.
Emilia also sees some solutions for those organizations.
First, the senior leadership team needs to be aligned and truly committed that they want to move to the cloud. And they need to be setting clear direction and expectations with the rest of the organization to get everyone on the same page and working towards the same thing. It’s easy for others to do nothing or block things if the leadership team isn’t prioritizing the move and building a culture for change.
And last, sometimes organizations can get paralyzed if they can’t figure out how to move every workload to the cloud. There is no need to boil the ocean. So we often work with organizations to do a portfolio analysis to assess each application and build a plan for what to move short term, medium term, and last. This helps organizations get the benefits of the cloud for many of their applications much more quickly, and it really helps inform how they move the rest.
Is the private cloud the only answer?
For many regulated enterprises, using the private cloud is the easiest way to have their cake and eat it, too – benefit from automation and virtualization and be safe at the same time. In this case, the whole infrastructure is developed just for a particular customer, and data is stored in their own servers. Although, the public cloud is also a safe choice. Using the public or hybrid clouds is increasingly popular, and many providers have already proved they are trustworthy. It is worth remembering that investment into only the private cloud might be a trap.
Growing geopolitical regulatory fragmentation, protectionism, and industry compliance are driving the creation of new regional and vertical cloud ecosystems and data services.
In the last few years, providers realized how lucrative the clouding of the regulated market could be, and they did (and still do) everything to be part of this digital transformation. Nowadays, it is nothing spectacular that great companies like Microsoft or AWS are ready to build their branches and data centers in countries with data residency requirements or other strict regional data policies. But even smaller players do everything to please demanding customers, and they also are well prepared for very high internal and industry regulations and demands.
Regulated cyber-migrants – do not underestimate the pros
So, why do regulated industries move into the clouds? The answer is simple – the pros are bigger than the cons. And what is more, for some companies deciding to stay out of the cloud can mean staying behind in the market competition. It’s hard to concur when others gain profits like cost-saving, easy access to collaboration and advanced IT tools, or better productivity. There is no question about whether they should start their cloud journey, but when and how.
Of course, there are plenty of organizations that are reluctant to move. Sometimes it is because they do not see profits in cloud computing. Sometimes, because their fear is bigger, than will develop.
Emilia Smołko, from AWS, knows how to talk openly about the pros and cons of those companies. “All those who don’t yet notice the opportunity and are afraid of the cloud need first own the case that will illustrate the journey for them. You cannot only read about it – you need to try it yourself.” And then, she continues to explain some of the common reasons why using cloud computing is profitable.
The number one reason that enterprises and governments are moving to the cloud is the agility and speed. Looking at most companies’ on-premises infrastructure, getting a server typically takes 10 to 12 weeks (sometimes longer). Then you have to build all this surrounding infrastructure software, like compute and storage and database and analytics and machine learning. In the cloud, you can provision thousands of servers in minutes and access hundreds of services that you can put together and use however you want.
For those who still have doubts, Emilia has a simple reminder.
And most important, You can also switch it off in minutes. So you get from an idea to implementation faster with smaller risk. That’s a game-changer.
But all solutions need good practices to follow. First, biotech and pharma companies explored the cloud well, and it is impossible to argue with their experiences. Emilia gives Novartis as a good example.
They ran a project that involved virtually screening 10 million compounds against a common cancer target in less than a week. They calculated that it would be close to a $40 million investment if they wanted to run the experiment internally. Using the AWS cloud, they conducted the research, which only required 9 hours and an investment of $4,232. The future is the cloud”.
What can your company do to be part of it?
Find your path – choosing the cloud provider in 5 steps
Within the same regulated industry, the needs and demands of companies could be drastically different. There is no other way to analyze a particular enterprise situation and further development plans deeply. See Time to change – how to prepare biotech companies to transfer into the cloud. Building the cloud strategy is far more than just IT transformation; it is part of a long-term business strategy. A cloud strategy is crucial for future actions, and it can have a profound impact on a final choice.
Business requirements and a providers’ assessment criteria will be unique to a specific organization. However, there are some commonalities. We have grouped these into five areas to help effectively select a provider that delivers the most value organization expects from the cloud.
Step 1: Check the provider’s security approach
This step includes such aspects as data security, data governance, or business policies and their compliance with your company’s legal obligations f.ex. HIPAA, FDA, ISO, or GDPA. Many customers are very focused on external threats, and they do not pay not much attention to security systems and their compliance with the cloud. Do not hesitate to evaluate a provider’s capabilities from the point of view of a security system, data privacy, governance, and operations.
Providers that comply with recognized standards and quality frameworks demonstrate industry best practices and standards. Look for a provider accredited with certifications like ISO 27001 or other security standards relevant for your business (see Step 2). Standards may not be the only criteria for service providers to choose, but they can help shortlist candidates.
Step 2: Ask about the platform and services roadmap
Ensure the provider’s platform and used technologies align with your current IT environment and best practices. The provider’s cloud architectures, standards, and services should suit workloads and IT management preferences. Assess how much customization may be required to make applications cloud-ready. Our suggestion is to evaluate the overall portfolio of providers’ services.
Verify the provider’s approach and offering, especially in crucial areas for your enterprise. That may include various topics, like SLA assurance, strategic scenarios for all types of clouds & critical platforms, the cloud implementation roadmap, enabling initiatives for further development, architecture, and engineering. Some public cloud providers offer only limited support.
Step 3: Do not forget about money
The degree and clarity of the financial aspect depend on providers’ policies. Make sure you are familiar with pricing models, service usage costs, and maintenance. For example, the cost of use may differ depending on the type of billing. Different providers have different price advantages for other products. Pricing variables are based on the period of usage, and some providers allow discounts for longer contracts.
You should only be paying for what you are using. Beware of upfront charges, which are not typical of cloud providers.
From the beginning, the pricing structure should be pay-as-you-go, with the ability to include extra services depending on your needs. The costs are typically charged hourly, monthly, quarterly, semi-annually, and annually.
You should automate billing and monitor what services you’re using and the cost related to current usage. Support for billing-related issues is nice to have.
Step 4: Find the best architecture
One world’s best cloud architecture does not exist; everything depends on particular needs, skills and capacities. The biggest providers, like Amazon, Microsoft, or Google, offer different methods of implementing the cloud into workflows, along with ways of integration and consolidation. On the other hand, they all follow market trends such as serverless applications, API-based connectivity, etc. Also, the type of architecture determines future operations and scopes of employees’ commitment.
Scalability up and down and flexibility are essential Architectural differentiators of a cloud, as they allow scaling workload elements independently.
Step 5: Get the proper [migration] support
From the vendor’s lock-in to exit planning – every step should be clear and supported. But migration requires more than just adequate assistance. Demand all possible scenarios for the coming years of your business’s development, with options of changing scope, service, or provider itself.
Cloud services that rely heavily on unique proprietary elements may impact portability to other providers. Ensure that a chosen provider has minimal use of proprietary technology and its platform is based on open standards.
Your company can benefit from the cloud
Estimating needs and choosing the right cloud provider based on all kinds of variables can be a challenge. Detailed research about your company’s particular needs helps find better solutions and offers and narrow down the selection area.
Include business and technical factors in the selection of cloud providers: recognize and validate both the certifications and standards they adhere to. Check what their customers say about them in testimonials too.
Take time to establish workable SLAs and contractual terms – they’re the main form of assurance you have that the services will be delivered as agreed.
For many big companies, like Pfizer or Merck, cloud services were a new chapter in empowering their market leader position. Despite customers’ fears and challenges, the market seems to be ready for regulated industries, and we need to be prepared for a cloud revolution among financial, biopharma, or healthcare enterprises.