- Healthcare organizations are experiencing a digital transformation and introducing new digital tools into their health IT infrastructure at a rapid pace. In order to manage the tools that are driving digital transformation, organizations need to understand the complexities of the healthcare multicloud approach to further progress.
Healthcare is a heavily regulated industry and organizations are charged with making sure their applications are secured and deployed in the correct cloud environment. Those environments can get complex when different applications have different security requirements, according to Scalr CEO Sebastian Stadil.
“The first thing I’ve served under a multicloud front specific to healthcare is applications,” he said. “Individual applications are always on a single cloud, but the organization as a whole is multicloud. That’s a distinction that I don’t think is very well known among healthcare professionals that are new in their multicloud journey. It’s something they realize as they go through it.”
Organizations have an internal application that does some reporting. That application is not going to live on both AWS and DMI; it’s going to live on one or the other. Organizations will have applications hosted on several different cloud service providers.
“These applications are then classified into security categories ranging from low to high,” Stadil explained. “A low security app may have 40 different requirements while a high security app may have 45 requirements. These security requirements include things such as, how frequently is an application backed up? What is the data retention period? What controls need to be in place to ensure auditability and HIPAA compliance?”
Because these apps are classified into different security levels, they can end up on different clouds. Low security applications are prime candidates for the public cloud, but high security applications typically need to be kept in the private cloud.
“There’s usually movement of an individual application through its lifecycle from one category to another, he explained. “An application that starts out as a low might end up as medium security over time. The way you handle that is you build an application to handle internal reporting.”
Applications can change security levels when different kinds of information is asked of them. A manager may decide that she wants a low security app to report on Social Security numbers use and location data. As soon as that application incorporates Social Security, it changes from a low security to a high security application.
Now that the application is high security, it needs to be taken from the public cloud and redeploy is somewhere else so that it’s compliant with the internal app policy and meets high security protocols.
“Organizations need to have the ability to redeploy their workloads and that it’s reasonably easy to do,” Stadil stated. “You need to make sure that whatever platform you’re using you can redeploy.”
It’s natural for applications to change security levels throughout their lifecycle so organizations need to be prepared for this shift. As the applications change, they might need to be redeployed in other environments or have different kinds of backup, redundancy, and security elements.
Healthcare organizations tend to run on a more traditional set of protocols when it comes to application development and IT, Stadil noted.
“Healthcare companies will outsource a lot of their application development if not the totality of it. And they’ll outsource the majority of their IT management,” he explained. “This is great except those contracts usually last for three to five years. Every time those contracts are up for renewal, there’s a bidding process and then there’s a succession.”
When there’s a bidding process, the vendors a particular organization is using don’t want to be replaced so they will sometimes make it difficult for organizations to deploy a competing vendor’s cloud. This may cause healthcare organizations to stick to one cloud vendor, or switch back to their previous vendor if the transition is too difficult or time consuming.
This is what makes outsourcing IT so significant to the healthcare industry. Each vendor used takes turns managing and developing the cloud infrastructure and each time there is a succession deploying and managing the cloud environment becomes more difficult.
“What happens in the healthcare industry is that you end up with 30 years of successions,” said Stadil. “Imagine the complex environments of these healthcare companies that have six, seven, or even eight generations of different vendors doing things in different ways, and disagreeing with things that are not necessarily being documented. Now everything becomes a mess of infrastructures. That’s the legacy that really needs to change.”
Healthcare organizations bring in new CIOs and CTOs to drive digital transformation to fix these complex issues by opting for flexible digital tools that will influence the process of improving legacy infrastructure.
Healthcare companies have been directly hiring developers over the past few years instead of outsourcing, Stadil observed.
“Healthcare organizations are realizing that to really drive that digital transformation, insourcing is important,” he explained. “They need to have a continuity with the IT staff.”
However, it’s not easy to hire good IT staff and it’s even harder to hire good IT staff if the tools available to them are subpar.
“It’s very difficult for healthcare organizations to modernize all of the missing infrastructure that they have,” Stadil explained. “All of the new kids graduating from college want to work at Google. They don’t necessarily want to work in healthcare.”
“It’s tough for healthcare organizations to get the right people and it’s tough for them to get the right process and the right tools because everything influences each other,” he continued. “People won’t touch process and process won’t touch people. So if you have bad process, you’re not going to be successful in getting great new people.”
Multicloud can help organizations overcome IT infrastructure challenges stemming from people and processes.
“What’s unique about healthcare’s challenge in multicloud is twofold,” Stadil explained. “It’s people and process. “Each different cloud provider has different APIs and different interfaces. Because of the organization’s multicloud and application software, the people that work there are going to eventually move an application from one environment to another.”
“They might decide to move all their old security applications to another environment that may be more cost effective or secure or they might need to change the environment to make it more resilient by introducing some backup technology to it,” he added.
IT staff needs to be trained on the multicloud and different APIs, which can be time consuming and difficult. Organizations deploying multicloud first need to consider how they will manage moving apps from one cloud to another as efficiently as possible.
“It is advantageous for healthcare organizations to be able to get some engine software that presents a similar interface to all the cloud providers,” Stadil advised. “That way, whenever they want to redeploy an application across different cloud environments they don’t have to train new staff or they don’t have to go through learning a new platform.”
The interface does not have to make all clouds uniform, but it should take away the complexities of having staff move applications from AWS, to Google, to VMware.
Organizations also need to consider how many other systems each application is going to touch, such as backup or monitoring. Not every IT employee is going to have an understanding of each of these systems, which makes a tool for integrating applications in the multicloud with other IT systems critical for getting the integration done quickly and successfully.
CIOs and CTOs need to champion this mission to deploy an interface to manage multicloud environments to drive this digital transformation. But it can be a difficult investment for executives to understand. Without a high-level leader to influence this decision, it can be hard to move forward.
Stadil suggested that members of the IT staff pool their cloud knowledge and resources to determine what skills the department has and which cloud vendors make the most sense based on staff skills and understanding.
Multicloud is vital to digital transformation but managing and integrating multicloud environments can be complex without an interface to work through.
Understanding why an interface is needed and insourcing rather than outsourcing can unravel legacy IT infrastructure complexities as organizations continue to push their digital transformation.