Cloud Computing

Cloud Computing

Answer to everything or evil invention?

Downloading important information onto a tablet PC at the airport, giving the final touch to a presentation and answering a few more e-mails on your mobile phone on the way to the office. Arriving at your destination, you are always up to speed and can be in media res with your PC.
Cloud computing makes it possible: wherever you are you can access data and work with them.
Cloud computing offers new possibilities to all companies:

  • New business scenario opportunities – access to data from anywhere with a range of devices
  • Better cost scenarios – just operational spending is charged, no capital spending

Despite this, decision makers are often hesitant when it comes to implementing cloud computing as a corporate solution:
Concerns often arise regarding security and data privacy – especially in the pharmaceutical industry, heavily impacted by regulatory challenges.

How “unsafe” is cloud computing, actually?

Cloud Computing can be safer than the infrastructure used by the company itself. Outdated operating systems, non-conducted security updates: all of this contains high security risks, which the management is often not aware of. Cloud computing minimises these risks as the cloud provider makes sure that all infrastructure components and applications are up-to-date and all data are permanently saved through back-ups. For instance, all cloud-based data thus completely survived the Fukushima nuclear disaster, because the load was automatically stored in other servers.

Of course, Cloud Computing may also entail certain risks. But these may be reduced or specifically accepted via a thought-out strategy and selection of the proper provider.

What cloud computing comes down to

The selection of the proper provider is crucial. One must not only pay attention to price and service, but also the security standards they offer.

The application of the “applicable data privacy regulations” should thus be ensured – i.e.: Is the data being conveyed to countries which do not adhere to EU guidelines? Are the servers located in Asia or the USA? “EU model clauses” should also be included in the contract as they offer a greatly higher data protection level through safe harbour laws.

Furthermore, there should be a clear strategy regarding data management.

What is the right cloud strategy for you?

A cloud is not just a cloud. There is an appropriate cloud approach for every single requirement.

Cloud Deployment Models

Depending on the criticality of the data, the company may elect for a standard business functionality at a reasonable price (CRM, mail) in the > Public Cloud, a solution for the highest security standards (> Private Cloud) or a combination thereof (> Hybrid Cloud).

3 factors lead to the correct approach

1. Business scenario

Do you require a complete solution for all company data? Or should only a portion of the data be sent to the cloud, with the rest remaining in your server?

2. Data sensitivity / criticality of the business process

How critical is your company data: does it concern highly sensitive material, “intellectual property”, or rather uncritical data such as mail, CRM data, etc.?

3. Regulatory requirements

Which requirements must the company adhere to: data privacy, GxP relevance, …

A proper cloud solution for the company will arise from these considerations, which will then be individually compiled. The result is a tailor-made concept that ensures extensive security and allows for the company to fully profit from the opportunities and saving potential of the cloud.

Cloud strategy for customers

A good cloud strategy is tailored to your business needs, your organisational and IT landscape. We start by identifying the business scenario by determining what could be considered (software solutions, e-mail, and software development). The next step is assessing the regulatory, data privacy and security requirements associated with the payload. The third aspect concerns from which devices the data will be consumed. Our strategy will also outline the risks and opportunities associated with the strategy and help you to adopt the new technology more quickly in compliance with your risk strategy.

This is what we can do for you:

  • Balanced cloud strategy considering business goals and risk profile
  • Risk-based selection of cloud provider considering security, data privacy, regulatory requirements and business continuity
  • • Risk-assessment of cloud provider/solution already deployed regarding security, data privacy, regulatory requirements and business continuity aspects (evaluation, 2nd opinion) > Evaluation or audit of your cloud provider based on best practice controls

We evaluate your cloud provider based on international standards, taking best practice cloud standards into account e.g. Cloud Security Alliance CCM, ISO 27000 etc. We will also consider additional risks in our assessment, e.g. vendor lock-in.

Cloud strategy for providers

The cloud also opens service providers up to entirely new dimensions for harnessing new markets and customers worldwide. Gone are the times when one had to conduct installation of an application on site at the server, or commission a local agent. Today a standard solution is simply placed into the cloud and the customer may access it, regardless of the country where they are located. This is more affordable and flexible for both the provider and the customer as well.

However, this raises questions which must be answered for the customer: Is the system validated? Where is the server wherein the data is stored? How is the data privacy regulated?

We support you in offering your services through the cloud, including the following services:

  • Consultation for cloud-based services
  • Cloud compliance activities
  • Customer documentation

This is what we can do for you:

  • Assessment of your current sales strategy, operational practices and documentation
  • Assessment of your cloud provider should your application rest on another cloud solution
  • Development of a new sales strategy and documentation regarding security, risk and compliance
  • Adjustment of operational processes
  • Development of your documentation regarding security, risk and compliance considerations for your customers
  • Build up an end-to-end security and compliance story
  • Sales force training material to support a solution-based sales approach