Cloud Computing Healthcare

Published on May 2016 | Categories: Documents | Downloads: 46 | Comments: 0 | Views: 206
of 18
Download PDF   Embed   Report

Comments

Content

Cloud Computing in Healthcare Organizations WHITE PAPER
A perspective from Science Applications International Corporation (SAIC)

NATIONAL SECURIT Y • ENERGY & ENVIRONMENT • HEALTH • CYBERSECURIT Y

© SAIC. All rights reserved.

Table of Contents
Cloud Computing for Healthcare . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3 Benefits of Cloud Computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6 Potential Cloud Computing Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8 Security in the Cloud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9 Strategic Decisions Before Cloud Adoption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Engineering, Implementation, and Cloud Management Services . . . . . . . . . . . . . . . . . 12 SAIC: Walking the Talk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Getting Help with the Cloud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Looking Ahead . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

2

CLOUD COMPUTING IN HE ALTHCARE ORGANIZ ATIONS

Cloud Computing for Healthcare
With unprecedented pressures on healthcare organization (HCO) leaders to deliver more with less, many are looking for technology solutions to help realize goals for improved service quality and efficiency. Technology experts at Science Applications International Corporation (SAIC) understand implementing complex health information technology (HIT) systems can be challenging enough; but managing on-going operations with IT departments that are chronically underfunded and understaffed has a lot of CIOs looking to the cloud for answers to an equation that’s tough to balance. What is Cloud Computing? Cloud computing is the delivery of IT infrastucture assets such as server capacity and software applications over the Internet on a utility basis. Cloud computing offers convenient, rapid and timely access to a shared pool of computing resources. Such resources can be strictly infrastructure components (i.e., networks, servers, storage, etc.) or can include software to facilitate ready access to applications and services. Cloud computing resources offer attractive flexibility; as usage demand ebbs and flows, the amount of “horsepower” being consumed can be adjusted to meet changing computing needs. But cloud computing is not just a new name for “resource virtualization.” Features such as self-service provisioning of resources, and advanced use-metering distinguish cloud computing as a new and transformational technology that promises to make the “cloud” a utility-like resource. As with all transformational models, the business value to be gained through cloud computing is proportional to the thought invested up front. Organizations that are truly serious about moving their assets and processes to the cloud should first consider some important strategic questions about their business processes and computing needs before selecting a technical solution. The strategy questions may seem vexing since they require engagement from the leadership ranks of the organization. But close attention to strategic planning will empower organizations to invest in solutions that will help them address their current computing needs, while providing a sustainable path to the future. The Preferred Computing Solution for Healthcare In cloud computing, the focus is on the selection of one of three service models - Software as a Service (SaaS), Platform as a Service (PaaS), or Infrastructure as a Service (IaaS) described in the table on page 4. With an understanding of an HCO’s goals, needs, and constraints, a cloud solution can be engineered to deliver specific, externally hosted applications, a complete computing platform for local applications to use, or simply rapid access to flexible and scalable computing. Cloud computing could be the centerpiece of the healthcare CIO’s strategic IT planning. End users (such as a person, a department, a clinic, or an IT organization) can order services through a selfservice catalog located on the Internet or private network. Service options should be chosen to maximize business value to the organization based on the strategic decisions mentioned above. The catalog should clearly define service levels and associated pricing, and services should be obtainable by submitting a service request. Once the service request transaction is complete, the service is

3

CLOUD COMPUTING IN HE ALTHCARE ORGANIZ ATIONS

rapidly established and access is granted. An example of a provisioned service is the activation of a group of new users for analytics applications hosted on a cloud-based data warehouse. Cloud computing offers HCO customers a much easier way to obtain and pay for services, freeing them to concentrate their intellectual capital on their core healthcare business. When getting started with cloud computing, healthcare managers will face a decision about the type of cloud to establish. Many initially opt for a private cloud — where the service provider dedicates to the customer a private

suite of virtual resources that are provisioned to the organization — because it is perceived as a less risky first step and, in many cases, side-steps the perceived security and privacy issues associated with off-site hosting. However, there is growing interest in public and community cloud offerings. SAIC believes that ultimately, most organizations will opt for a hybrid cloud architecture – a mixture of cloud types designed for maximum flexibility and business value. A summary of service models and cloud types is presented in the table below.

Service Model
Software as a Service (SaaS)

Description
The service provider offers an application for use by the customer. Web-based electronic health records (EMRs) and patient portal systems are examples of applications that can be offered as a cloud service. The user – and the user’s organization – has nothing to do with running the software or hardware involved with the application. They simply access the SaaS via a Web browser. The service provider offers a software platform and protocol stack on which a customer’s application can run. For example, a hospital-licensed application could be managed in the cloud utilizing a MySQL or Oracle database instance offered by the PaaS provider. The service provider offers computing horsepower on demand. This offering serves those who simply wish to acquire computing horsepower when they need it without having to maintain it locally. Such capability tends to be viewed as an extension of the local data center and requires more direct involvement from IT staff.

Platform as a Service (PaaS)

Infrastructure as a Service (IaaS)

Cloud Types
Private

Characteristics
A private cloud devotes resources to a single customer. Private clouds can be a cluster of networked servers at the customer’s location or a dedicated, segmented, and protected area on a provider’s network. Either way, this offers the customer organization additional flexibility over stand-alone or virtual servers, but is typically more costly than other cloud types due to customized service and dedicated resources. A public cloud offers service to a range of customers across organizational boundaries without regard to the nature of the data involved. Among cloud solutions, this option offers scalable service, a very high level of availability and redundancy, and a very attractive price point. Public clouds maximize economies of scale, providing customers with the lowest cost and highest flexibility.

Public

4

CLOUD COMPUTING IN HE ALTHCARE ORGANIZ ATIONS

Cloud Types
Community

Characteristics
A community cloud offers benefits of both the private and public clouds. Essentially, community clouds are public clouds whose tenants are limited to a defined group or class of customers. This could include a cloud for hospital consortia such as an integrated delivery network (IDN) or an accountable care organization (ACO). These offerings are optimized for the customer community, and for regulated industries, such as healthcare, so that they comply with all applicable regulations. For example, a healthcare community cloud would be engineered to comply with Health Insurance Portability and Accountability Act (HIPAA) security and privacy requirements. Integrating elements from the previous three types, hybrid cloud is custom-engineered, frequently for a particular customer. Many customers, like hospitals and physician organizations that may be closing data centers, desire to integrate existing assets with an externally-hosted cloud solution.

Hybrid

5

CLOUD COMPUTING IN HE ALTHCARE ORGANIZ ATIONS

Benefits of Cloud Computing
Cloud computing offers both tangible and intangible benefits to healthcare organizations. Through self–service ordering, reduced capital investment, and an abundance of performance metrics, healthcare CIOs can both improve the quality of service and reduce their costs. A move to the cloud also offers intangible benefits to longsuffering CIO offices struggling with more mandates than available resources.

Process

• Immediate self-service through a Web-based service catalog triggering a service request and subsequent automated work flow • Improved scalability to meet mission/business demand and surges • Improved mission/business agility through rapid provisioning • Buy only as much as you need when you need it, using a metered subscription (pay-as-you-go) model • Reduced or no up-front capital investment for new information services • Reduced management and maintenance for existing information services

Investment

Value

• • • • • • • •

Measurable services Proactive service continuity in the event of an outage or disaster Improved accessibility and portability through open and simplified architecture Security custom tailored to the business need Focus intellectual capital on core business activities Transfer of service responsibility to an external party Reinvest IT expertise and capital on improved service and emerging issues Improve the reputation and influence of the organization

Intangible

It’s important to note that setting one’s sights on cloud computing is not an all-or-nothing proposition. Process, investment, value, and intangible benefits can be partially achieved by working toward cloud computing without a

complete adoption. A seasoned technology partner with strong skills in solution development through integration of new and existing assets is essential.

6

CLOUD COMPUTING IN HE ALTHCARE ORGANIZ ATIONS

Cloud Computing Opportunities for Healthcare The following is a list of ‘use cases’ where cloud computing can bring value to the HCO. SAIC is assisting organizations with ‘cloudifying’ many of these functions. Mission-Driven • Hospital-based electronic health records (EHRs) • Community-based health information sharing • Integrated delivery networks (IDNs) • Ambulatory EHR and practice management • Personal Health Records (PHRs) • Patient accounting, financial and billing systems • Enterprise Resource Planning (ERP) systems • Clinical ancillary systems such as Laboratory Information Management Systems (LIMS) and Electronic Prescribing (E-prescribing) • Consumer communications and social media • Cyclical and seasonal mission requirements (e.g., orthopedic services related winter falls, flu season spike in demand) • Statistical and analytical functions requiring large-scale scientific and technical computing (outcomes analysis, business intelligence) • Episodic requirements which can benefit from rapid, on-demand cloud provisioning (e.g., emergency management, outbreak management, and food poisoning) • e-Filing efforts comprising complex multi-directional information submission, public collaboration, benefits transfer, and grants management • Broad and distributed quality, revenue, professional association or network responsibilities requiring information gathering, modeling, data mining, visualization, etc.

Cross-Cutting • Communications (email, messaging, and mobile) and workflow management • Information discovery, archiving, search and retrieval, records management, and digital notary • Marketing, online training, and information dissemination • Employee orientation, announcements, services, training, and networking • Mobile application access and delivery • Backup and Recovery and Continuity of Operations (COOP) • Data gathering and situational awareness.

7

CLOUD COMPUTING IN HE ALTHCARE ORGANIZ ATIONS

Potential Cloud Computing Risks
All computing solutions have inherent risks; and cloud computing is no exception. An organization must ensure that its risk exposure is reduced by adopting a cloud strategy that identifies and quantifies risk, avoids it if possible, and mitigates it if necessary. The following table summarizes major risks, typical exposure, and mitigation response for cloud computing:

Risks
Security, including non-compliance with the HIPAA Security Rule, and malicious intrusions

Mitigation/Avoidance Strategies
Security must be engineered into the design of the cloud and cloud monitoring and management processes. Use of National Institute of Standards and Technology (NIST) standards, cloud management tools for role-based access, and encryption of data at rest and data in motion will reduce vulnerability. Clear Service Level Agreements establishing responsibilities of the provider and the user are essential to controlling access, use, and management of sensitive data. Policies and practices must be implemented that assure compliance with the HIPAA Privacy Rule. Monitoring to identify and prevent potential intrusions. Measuring and reducing the probability of identity disclosure. Ensuring that the proper contractual and legal protections are enacted.

Privacy risks, including non-compliance with the HIPAA Privacy Rule, breach exposures of private information, and identity disclosures resulting from data mining and advanced analytics Lack of transparency into cloud environment

Use of cloud-compatible auditing and logging tools is critical for maintaining a “window” into the cloud to monitor security, availability, capacity, and performance. HCOs need to apply due diligence in the selection of cloud service providers. Contracts need to clearly assign responsibilities for regulatory compliance, and delineate monitoring service levels using cloud management tools. Lessons learned from high visibility cloud outages suggest that well-engineered systems suffer scant downtime. Building redundancy and extensive use of monitoring, and metering right into a cloud strategy will pay dividends over time. Most customers will have legacy infrastructure that must be integrated into a cloud strategy. A good design will overcome potential incompatibility through use of a consistent technical reference model, architectural standards, and best practices. Cloud hosting vendors can provide the information to both examine expenses and charge-back to internal customers. When merged with a detailed distribution of legacy capital investment, transition-operation labor, and maintenance costs can result into transparent cost pools for charge-back.

Lack of support for regulations and service levels; possibility of cloud supplier bankruptcy

Availability issues including outages, low bandwidth, unproven cloud providers, and no end-to-end monitoring Incompatibility of cloud with customer architecture and service management processes

Compatibility of cloud with customer finance model and charging mechanisms

8

CLOUD COMPUTING IN HE ALTHCARE ORGANIZ ATIONS

Security in the Cloud
Challenges A May 2011 Computerworld survey showed that, for security reasons, IT leaders within FORTUNE 1000® companies remained wary of public cloud adoption. HCOs, however, increasingly recognize the business value and are gravitating toward cloud solutions. This fact is underscored by a 2010 survey, which reported that about 32 percent of HCOs already use some form of cloud computing, and 73 percent reported that they plan to move more applications to the cloud (FierceHealthIT; June 28, 2010). But most HCOs, by a significant margin, preferred the control and certainty of a private cloud as a first step toward cloud. Notwithstanding those preferences, all cloud models have potential vulnerabilities that must be mitigated. Traditional computer security has many similarities to historical military tactics in protecting a city. A perimeter is established and fortified, a small number of gates are guarded to allow trusted persons to pass through, and guards both scan the horizon and keep tabs on potential threats inside the walls. As technologies such as catapults and cannons evolved, such traditional approaches still had value, but were adjusted and augmented to keep pace – thus leading to today’s network “firewalls” and demilitarized zones (DMZs). Cloud computing can complicate security planning and execution by making it more difficult to discern an organization’s “perimeter” because the organization’s virtual resources are now located on the cloud hosting provider’s premises. Thus, security and privacy policy must be extended to cloud services providers as part of contracting terms. By being able to dynamically extend a department’s computing infrastructure beyond its perimeter, cloud computing offers cost-effective, scalable, on-demand service. But it ushers in an age of interdependence and inter-connectivity between customer and provider that organizations may be unaccustomed to experiencing. Such a new reality requires the establishment of a trust relationship in all phases of service delivery including security. Many health entities will find this newfound delegation of direct control to a services provider to be uncomfortable at best and possibly unacceptable for some applications. Security officers, who often feel personally responsible for the defensive posture of the organization, may struggle with the inherent limitations on their ability to inspect and test the service provider’s security mechanisms. Again, clearly articulated expectations and responsibilities should be established in Service Level Agreements and in Business Associate Agreements. To further muddy the security waters, the infrastructure needing security controls and protection can expand and contract on the fly. Sophisticated management tools and flexible vendor agreements will allow CIOs to establish and manage multiple cloud infrastructures. Applications and data may be dynamically moved among private, community and public clouds as circumstances warrant. This constant change offers a new dimension of complexity in security planning and implementation. The Good News On the other hand, having valued clinical data centrally managed by an entity whose success (and continued viability) depends upon its ability to effectively manage and protect the confidentiality and integrity of those data is far less risky than having the data distributed

9

CLOUD COMPUTING IN HE ALTHCARE ORGANIZ ATIONS

across multiple platforms protected by varying security mechanisms, and managed by people with varying degrees of security expertise. Consider, for example, a small clinic that wants to adopt an EHR application in order to qualify for Medicare incentive payments. Who is likely to be more capable of assuring that the application and its data will be available when it is needed – the clinic’s office manager who also serves as its tech support, or a reputable service provider who offers an EHR application as a service? With proper strategy, assessment, and design, cloud computing is secure. Similar to keeping your money in a bank rather than at home, cloud computing is often more secure than existing data centers, particularly in HCOs with limited funding and staffing for technology modernization and on-going support. Cloud security starts with the traditional security components and extends them across the virtual and dynamic boundaries of an organization’s infrastructure. Like legacy infrastructure, a complete solution for cloud security involves the integration of multiple cloud computing management solutions to provide: • • • • Access control Encryption Vulnerability scanning and monitoring Audit logging and reporting

Once these are in place and operational, cloud security will become a routine part of infrastructure management. In 2011, the CIO of the United States touted the security of cloud and published a directive for all government agencies to consider cloud first before investing in other options. “Federal Risk and Authorization Management Program (FedRAMP) defined requirements for cloud computing security controls, including vulnerability scanning, and incident monitoring, logging and reporting. Implementing these controls will improve confidence and encourage trust in the cloud computing environment.” — Vivek Kundra The CloudShield Solution For federal agencies, large integrated delivery networks, and health information exchange organizations with a need for highly robust cloud security monitoring, SAIC offers CloudShield, a complete solution that addresses the central challenges of cloud computing security: • Securing network infrastructure against increasingly sophisticated external threats • Implementing fine-grained service-and subscriber-level policy and bandwidth management in an era of complex converged networks The CloudShield deep-packet inspection platform offers a comprehensive solution to the challenges of our most demanding customers, delivering outstanding services management and infrastructure security capabilities while transforming the speed and economics of delivering “inthe-cloud” services.

What is different is that multiple organizations are responsible for the implementation and oversight of such tools. Trust arrangements must be identified among the customer, hosting provider, cloud engineering integrator, and potentially other vendors to set security expectations, define roles, ensure transparency, and populate metrics.

10

CLOUD COMPUTING IN HE ALTHCARE ORGANIZ ATIONS

Strategic Decisions Before Cloud Adoption
The key to successful cloud design and implementation is to develop a comprehensive strategy that will meet the organization’s short and longer-term needs. An experienced cloud consulting firm can guide an organization through key questions such as: What are the goals for implementation? • Which of the process, quality targets, value measures and intangible benefits does the organization want to achieve? • What is the long-term vision for the provision of computing services? • What business needs are driving the initial target implementation and what is the timeline? • Is there an internal charge-back mechanism that needs to be supported? Which security, privacy, and continuity considerations will affect the design of your implementation? • What are the HIPAA, Gramm-Leach-Bliley, or other data privacy-related factors that drive a cloud solution? • How mission-critical is the data and what level of availability is desired? Do existing infrastructure and vendor relationships impact the design of a solution? • Is there an installed base of in-house technology that could benefit by being included in the solution? • Do the applications require a specified computing platform, both hardware and software? • Is there another reason – like the knowledge base of the in-house IT staff – that suggests the inclusion of a particular technology? What level of cloud management does the organization wish to directly undertake? • Who will be ordering and monitoring service—end users or the CIO staff on their behalf? • What skill mix does the CIO staff bring to the table or are willing to develop? • Does the CIO wish to delegate workload and responsibility to an external party? The answers to these example questions, and the discussion that will ensue, will form the basis for initial solution development and the preparation of a long-term roadmap for cloud computing.

11

CLOUD COMPUTING IN HE ALTHCARE ORGANIZ ATIONS

Engineering, Implementation, and Cloud Management Services
Once the strategic direction of the cloud computing initiative has been established, an organization will be ready to engage its technology partner to begin design and implementation. The technology partner will develop and present a solution and a project management plan. If the technology partner sells cloud products as well, the solution developed will most likely feature its own cloud management product suite. A solutions integrator, such as SAIC, on the other hand, will focus more centrally on the client’s needs and typically remain vendor-neutral. The proposed solution will employ the best possible technology for the organization’s needs, regardless of its origin. Regardless of which type of technology partner an organization chooses (product vendor or integrator), the following is an example list of services that may be acquired: • Private cloud implementation • Provisioning of public cloud compute and storage resources (e.g., Amazon Web Services, Terremark) on behalf of customers and internal users • Implementation and integration services for the four types of clouds • Security assessment (certification and accreditation, if required) of the cloud environment • Risk analysis and mitigation services • Security and privacy analyses • Access controls (identity management, authorization management and access auditing) • Penetration testing • Cloud infrastructure management and administration • Services management, information assurance, and cloud control services • Cloud computing testing and acceptance • Enterprise and carrier-class cloud network security services Managing Multiple Clouds SAIC believes that most enterprises will end up with a hybrid cloud model. Regardless of the risk-reward profile they choose when starting with cloud implementation, most organizations will eventually wish to link their existing infrastructure to public or community cloud resources. Beyond that, maturity in a cloud program results in the desire for flexibility to move workload among available compute and storage resources to get the best performance, to pursue the best pricing, and to avoid provider downtime, among other advantages. This will require the development or acquisition of a capability known as cloud “brokerage”. With the right cloud broker tools and know-how, an organization can maximize their cloud investments, simplify the management of their multi-cloud environment, and bring order to “cloud chaos” through the implementation of governance principles. Governance in the Cloud Like more traditional computing environments, cloud requires the definition of expectations, granting of authority, and verification of performance. But the unique features of cloud – that both the internal service provider and the end user may have a limited window into the operations of the environment – make the need for automated, rule-based, decision-support all the more critical.

12

CLOUD COMPUTING IN HE ALTHCARE ORGANIZ ATIONS

When SAIC was contemplating its own corporate commitment to cloud computing, we developed a list of needed governance functions. This list includes: • • • • • • • User authentication Role-based access control Customizable access privileges Encryption key management Intrusion detection and alerting Audit logging and reporting Implementation of flexible billing controls

In addition, these functions are required across a multicloud environment. In designing the SAIC cloud solution, our Cloud Project Management Office conducted research and selected a vendor for cloud governance management. The experience SAIC gained from installing, configuring, and using our cloud governance tool suite allows us to offer to our customers an unusually broad array of cloud management services that draw from our own extensive experience.

13

CLOUD COMPUTING IN HE ALTHCARE ORGANIZ ATIONS

SAIC: Walking the Talk
Moving SAIC’s data center to an enterprise private cloud was a strategic decision with far-reaching benefits to the company and its customers. Most often cited by company executives, “practice[ing] what we preach” is a fundamental benefit of this effort. SAIC migrated its company-owned corporate data center from San Diego to a commercial data center in the Dallas area. In so doing, SAIC deepened its expertise in cloud migration – from project management to full operations. This first-hand experience as a customer of cloud services helps us understand and address your cloud concerns. For SAIC, the answer was to move everything to a cloud computing infrastructure and use carefully architected technologies to deliver value to the business. SAIC established an enterprise private cloud based on the VCE Vblock™ technology. The Vblock is a pre-engineered virtualization block that features integrated technologies from partners Cisco®, EMC® and VMware®. On a single chassis, it combines compute (Cisco® UCS family), network (Cisco® Nexus family), storage (EMC Symmetrix® or Unified Storage) and virtualization (VMware vSphere™ 4). In October 2011, the SAIC Enterprise Cloud was up and running. Today, we continue to discover new ways to leverage our cloud architecture and capabilities.

14

CLOUD COMPUTING IN HE ALTHCARE ORGANIZ ATIONS

Getting Help with the Cloud
analysis of enterprise assets and strategic planning in ongoing collaboration with stakeholders provides the knowledge and experience an organization needs to successfully navigate to a cloud solution. For those ready to maximize benefit, minimize risk, and ensure security through cloud computing, SAIC’s portfolio of services, described on page 16, can chart your course toward a successful cloud implementation. World-Class Cloud Management and Support Once you are up and running on your new cloud environment, SAIC offers world-class cloud management and IT support services through our award-winning Integrated Services Management Center (ISMC). The ISMC provides a cost-effective solution for monitoring your cloud environment(s) and making sure that they meet service level objectives and evolve as your organization’s requirements change. The ISMC provides expert personnel, automated processes and proven technologies that can lower the cost and raise the quality of IT services such as help desk support and data, application and infrastructure management.

SAIC is a world-renowned information and technology solutions provider to government and industry. Customer feedback consistently shows that SAIC’s deep knowledge of an organization’s business and alignment with its goals sets us apart from other systems integrators. For cloud computing transformation, our commitment to close

15

CLOUD COMPUTING IN HE ALTHCARE ORGANIZ ATIONS

SAIC Cloud Computing Services Portfolio
Your Enterprise
Migration Services

 ITIL-Compliant Cloud

Administration and Governance Services

 Assessments – cloud

Business Processes

Data and Information Flows Applications, Software, and Services Systems and Platforms Legacy/Existing Data Centers and Technology Infrastructure

computing, security, management  Requirements – cloud computing, security  Architecture – cloud computing, security  Training  ITIL-Compliant eCommerce and eGovernment Services

Users Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS)

Service Desk Support



User Admin Portal/ Catalog

 Managed Cloud

Cybersecurity Services

 Assessments
- Cloud Computing Assessment - Independent Cloud Security Assessment and Re-assessment - Cloud Computing Management Strategy Assessment and De nition

 Managed ITIL-Compliant Cloud Administration and Governance
Services - Initial Setup of Cloud Administration and Governance Capability - Provisioning, Managing, Monitoring, and Controlling Cloud Server and Storage Resources - ITIL Service and Help Desk Support - Con guration Management Services - Cloud Applications and Services O&M - Cloud Data Loading, Applications Monitoring, and Tuning Social Networking and All Source Analytical Framework (ASAF) CENTER™ (portal and collaboration) Records Management Service Components (RMSCs) OLIVE™ (virtual reality hosting) Certi cation and Accreditation Thread and Risk Analysis Technical Vulnerability Analysis (TVA) and Penetration Testing Intrusion Detection Continuous Monitoring and Reporting Persistent PKI Management Encryption Software and Services Cloud Disaster Recovery and Continuity of Operations (COOP) CloudShield Common Criteria Testing

 Requirements
- Cloud Computing Requirements Development - Comprehensive Cloud Security Requirements Development

 Architecture
- Cloud Computing Architecture Development - Comprehensive Cloud Security Solution Architecture Development

 Software as a Service (SaaS) Offerings

 Training
- Cloud 101 – “Executive-Level Course” - Cloud 102 – “Practitioner’s Course”

 Managed Cloud CyberSecurity Services

 eCommerce and eGovernment – Architecture and Engineering

Services - Cloud Business Transformation and Service Strategy Consultation - Cloud Training - Cloud Prototyping, Piloting, and Demonstration Support - Cloud Troubleshooting, Diagnostics, and Remediation - Cloud Testing and Acceptance Services - Cloud Development and Migration Services Applicable for both Existing and New: - Data Centers and Infrastructure - Systems and Platforms - Applications, Software, and Services - Data and Information Flows

16

CLOUD COMPUTING IN HE ALTHCARE ORGANIZ ATIONS

Looking Ahead
Progressive HCOs looking for a highly agile, responsive and cost effective health IT infrastructure will increasingly be considering, and in many cases transitioning to, a cloud environment. As a leading technology partner in cloud computing, SAIC recommends that organizations consider the following questions: • Is health information technology (HIT) infrastructure management a strategic advantage for my HCO and, if not, should I consider cloud computing as a better way of managing my IT infrastructure? • What resources would a move to cloud computing free up, which could be focused on higher value organizational objectives? • What savings could be achieved by moving to a cost structure that is directly related to resource consumption? • How could I exploit the flexibility of cloud technology’s on-demand resources to deliver more timely and cost effective HIT solutions?

17

CLOUD COMPUTING IN HE ALTHCARE ORGANIZ ATIONS

About SAIC SAIC is a FORTUNE 500® scientific, engineering, and technology applications company that uses its deep domain knowledge to solve problems of vital importance to the nation and the world, in national security, energy & environment, health and cybersecurity. The company’s approximately 41,000 employees serve customers in the U.S. Department of Defense, the intelligence community, the U.S. Department of Homeland Security, other U.S. Government civil agencies and selected commercial markets. Headquartered in McLean, Va., SAIC had annual revenues of approximately $11 billion for its fiscal year ended January 31, 2011. SAIC: From Science to Solutions®

F O R M O R E I N F O R M AT I O N 1.888.886.5909 [email protected] 1710 SAIC Drive • McLean, VA 22102 Visit us at saic .com/managed-cloud

NATIONAL SECURIT Y • ENERGY & ENVIRONMENT • HEALTH • CYBERSECURIT Y
12-1784

© SAIC. All rights reserved. FORTUNE and FORTUNE 1000 are registered trademarks of Time, Inc. in the U.S. and/or other countries. VMware is a registered trademark of VMware, Inc. in the U.S. and other jurisdictions. VCE and Vblock are registered trademarks or trademarks of VCE Company, LLC or its affiliates in the U.S. and/or other countries. Cisco is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the U.S. and/or other countries. EMC is a registered trademark of EMC Corporation in the U.S. and other countries.

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close