As you scale to the cloud, you will need to make critical decisions about the vendors you partner with and how you can increase or decrease your IT resources to meet your needs.
What does it mean to be a cloud-first company? It means that you aim to use cloud services as much as possible. You evaluate your current business processes and the variety of applications used within your organization, and you opt for cloud solutions and providers. If your company has started or completed its digital transformation, you can consider it a cloud-now company.
Whether you are cloud-first or cloud-now, it is important to understand what aspects of security and risk are handled by your cloud provider (i.e., Amazon Web Services, Microsoft Azure, or Google Cloud Platform). Awareness is key when it comes to risk management, and knowing your responsibilities will mitigate your risk in the cloud.1
Vendor selection is a critical aspect of your overall risk-reduction strategy. The right vendors will provide not only stable infrastructure, platforms, and applications, but also the evidence to demonstrate that stability. Maintenance can be built into a vendor’s responsibilities as well. Third-party release analysis and regression testing can be leveraged to ensure that a stable environment persists.2
You need to establish that the vendor meets the requirements of your service level agreement (SLA). What goes in the SLA is important and it needs to have an appropriate level of documentation, processes, and experience around infrastructure. Good qualification, data centers, and security procedures need to be formally documented and approved. Verify that there are redundancies in place such as correct document management systems, disaster recovery systems, and back-up systems.3
Vendor qualification can be accomplished in one of two ways. You can either perform vendor audits to specify that you need these items or to find out if they have them, or you can engage other companies like USDM to do that for you. You can state in your SLA that the vendor must have these items in place in order to be considered a vendor.3
Scaling to the Public Cloud
There are many reasons to make the move to the cloud, but one of the most common is scalability, which is the ability to add or subtract computing or storage resources. On-premises scalability is costly, slow, and difficult to manage. “Scaling up” means buying new server hardware and disk arrays. But what if you needed fewer resources? You don’t want to get stuck provisioning enough resources to cover expected peak demand when you aren’t at peak demand every single day.4
Design best practices can help you make the most of the public cloud and avoid risks. Best practices include: design for portability, leverage automation, use containers, anticipate issues at scale, and keep an eye on the bottom line.5
USDM’s cloud portfolio has got you covered whether you need a single-vendor SaaS solution; an integrated SaaS solution for multiple vendors; or IaaS, PaaS, and SaaS solutions for a single public cloud vendor.
USDM Cloud Assurance supports the compliance requirements of your IT operation and addresses your entire tech-stack. USDM can also accommodate a traditional CSV methodology or newer computer software assurance (CSA) methodology.
Cloud 101 Blog Series
1 Threat Stack, How to adapt your risk management strategy for the cloud (August 2017)
2 USDM white paper, Blewitt, D., Regulatory Risk Reduction in the Cloud: Why Cloud Systems are Safer Than On-Premise Systems (2020)
3 USDM blog, How do life sciences companies qualify vendors and software (October 2018)
4 CloudCheckr, Cloud vs. data center: what is scalability in cloud computing? (March 2020)
5 Bio-IT World, HPC in life sciences: why cloud computing is now indispensable and how organizations can prepare (May 2020)