Pharmaceutical organisations spend an eye watering US$200 billion a year on research with just 20 to 25 new drugs to show for it. Expiring patents, the rise of generics, increasing regulatory requirements on top of the general cost pressures every business faces, has created an industry eager to find a way of easing some of the burden.
One solution that is gaining stronger traction among pharmaceutical organisations big and small, is cloud computing. Even areas such as clinical trial management services, safety and pharmacovigilance are looking skywards as a means not only an effective way of reducing some of the costs, but at the same time opening up opportunities for organisations to do more with their data.
Moving applications and data to the cloud brings the generic benefits true to any cloud customer: the ability to cut infrastructure costs, with no need to invest in expensive servers, software licenses, maintenance, data storage, let alone the staff needed to manage all that.
Then there are the specific benefits for the pharmaceutical industry: enabling organisations to deal with the massive data sets involved in drug testing without burdening internal systems and also enabling the sharing of the huge volumes of data in sequencing projects. One of the key benefits of the cloud is the power it brings in combination with big data, analytical tools and mobile devices. It opens up the possibility of combining public and private data together and using applying that information internally to reveal fresh insight.
But before you do anything, there are a number of key questions you should ask your cloud provider to ensure your data is as secure in the cloud as on premise.
The pharmaceutical industry is loaded with compliance and regulatory issues, so any move to the cloud has to carefully considered. It is vital that your cloud provider can demonstrate a robust end-to-end auditing capability that meets all your regulatory requirements. And take a look at a provider’s customer list - if there are security-conscious organisations like banks or other pharmaceutical organisations on their client list, then they’ve probably got the right security policies in place (though that doesn’t mean you should skimp on your own due diligence).
Security is obviously key for all companies and needs careful consideration, but in most cases cloud computing can turn out to be more secure than your own in-house IT set-up. Cloud providers are investing far more in security than any customer: it’s their core business and their reputation at stake, so nothing short of Fort Knox style security will do. No security system is full-proof, but it should have fewer weak points than your internal system. Even so, you need to check through smallprint, ensuring that everything from logins, document reviews or updates are captured and available for you to assess at any time. Transparency is key.
Public or private cloud
You need to decide which data can reside in a public cloud and which is best suited to the more secure private cloud. A private cloud is basically a virtualised data centre and is inside the firewall. It brings some cost savings, but nothing like the benefits of moving to the public cloud. There’s a third model, the hybrid cloud, that lets companies keep data behind their firewalls but also reach out into the public cloud. Public cloud providers such as Google Apps would be fine for low-risk data, but a private cloud where only authorised users can access data, may be more suitable for more commercially sensitive data.
Do your due diligence on the cloud provider. Alongside the authorisation processes and password procedures, check out a potential cloud provider’s disaster recovery and business continuity plan and nail down those service level agreements (SLAs). It’s also vital to check out the exit policy, detailing how data would be removed leaving no trace and ensuring that it is easy to move to a new provider.
Think also about a prospective cloud provider’s long-term technological plans. You want a provider - a partner - with a vision beyond providing cheaper, faster servers, but innovating to provide you with the best service.
Most importantly of all, while moving one application as proof of concept is sensible, to reap the full benefits of cloud computing this needs to be part of a long-term strategy, with not only cost considerations but business benefits clearly delineated.