Difference between revisions of "User:Shawndouglas/sandbox/sublevel45"

From LIMSWiki
Jump to navigationJump to search
Line 1: Line 1:
<blockquote>The cloud is about how you do computing, not where you do computing.<br />&nbsp;<br />- Paul Maritz, former CEO of VMware</blockquote>
'''Key reading''':


This quote from Paul Maritz has been floating around for some time, but how relevant is it today? The first chapter of this guide examined what [[cloud computing]] actually is and how it has changed since the mid-2000s. We've gone from talking about how to implement web services at the turn of the century to advanced cloud services that are going "hybrid" or "serverless." Despite the massive shift in thinking, however, one aspect has always remained the same: you have to have internet access to use services provided on the web. In that sense, the "where" of the performed computing is important. In another sense, "where" matters, as we discovered in the second chapter on cloud standards, regulations, and security. Where the data is created and where it resides are important considerations for regulatory purposes, as are the methods used to secure the cloud, and who holds responsibility for them. "Where" is also a consideration when asking about your data in the cloud. Its location is relevant to not only risk assessments and [[risk management]] practices—as described in the third chapter—but also to where you do your work: the laboratory. In the fourth chapter we discussed how a laboratory and its unique [[workflow]]s, industries services, and affecting regulations shape decisions on cloud projects, while also addressing the benefits and drawbacks. In the fifth, we explained the concept of managed security services, which further abstracted the “how” and “where” of computing via the third party, who manages the security of your cloud and on-premises solutions remotely! And in the sixth chapter, we distilled much of the previous chapters down into how a [[laboratory]] chooses and implements one or more cloud solutions. Even there, "where" comes into play, as you ask the cloud service provider where their servers are located and where your data will be stored, while you ask yourself "where" you envision your lab with cloud computing solutions in the future.
* {{cite web |url=https://www.agilent.com/cs/library/whitepaper/public/whitepaper-cloud-adoption-openlab-5994-0718en-us-agilent.pdf |format=PDF |title=Cloud Adoption for Lab Informatics: Trends, Opportunities, Considerations, Next Steps |author=Agilent Technologies |publisher=Agilent Technologies |date=21 February 2019}}
* {{cite web |url=https://cloudsecurityalliance.org/download/artifacts/top-threats-to-cloud-computing-egregious-eleven/ |format=PDF |title=Top Threats to Cloud Computing: The Egregious 11 |author=Cloud Security Alliance |date=2020}}
* {{cite web |url=https://legal.thomsonreuters.com/en/insights/articles/understanding-data-privacy-and-cloud-computing |title=Understand the intersection between data privacy laws and cloud computing |author=Eustice, J.C. |work=Legal Technology, Products, and Services |publisher=Thomson Reuters |date=2018}}
* {{cite web |url=https://incountry.com/blog/data-residency-laws-by-country-overview/ |title=Data residency laws by country: An overview |author=Guseyva, V. |work=InCountry |date=18 September 2020}}
* {{cite web |url=https://searchcompliance.techtarget.com/tip/Top-cloud-compliance-standards-and-how-to-use-them |archiveurl=https://web.archive.org/web/20201221150028/https://searchcompliance.techtarget.com/tip/Top-cloud-compliance-standards-and-how-to-use-them |title=Top cloud compliance standards and how to use them |author=Kirvan, P. |work=TechTarget SearchCompliance |date=17 December 2020 |archivedate=21 December 2020}}
* {{cite web |url=https://carnegieendowment.org/2020/11/09/cloud-governance-challenges-survey-of-policy-and-regulatory-issues-pub-83124 |title=Cloud Governance Challenges: A Survey of Policy and Regulatory Issues |author=Levite, A.; Kalwani, G. |publisher=Carnegie Endowment for International Peace |date=09 November 2020}}
* {{cite web |url=https://carnegieendowment.org/2020/08/31/cloud-security-primer-for-policymakers-pub-82597 |title=Cloud Security: A Primer for Policymakers |author=Maurer, T.; Hinck, G. |publisher=Carnegie Endowment for International Peace |date=31 August 2020}}
* {{cite web |url=https://www.protocol.com/manuals/new-enterprise/vendor-lockin-cloud-saas |title=Should we really be worried about vendor lock-in in 2020? |author=Mok, K. |work=Protocol |date=01 December 2020}}
* {{cite web |url=https://www.cio.com/article/2397213/why-open-source-is-the-key-to-cloud-innovation.html |title=Why Open Source Is the Key to Cloud Innovation |author=Olavsrud, T. |work=CIO |date=13 April 2012}}
* {{cite web |url=https://www.csoonline.com/article/3584735/building-stronger-multicloud-security-3-key-elements.html |title=Building stronger multicloud security: 3 key elements |author=Pratt, M.K. |work=CSO |date=14 December 2020}}
* {{cite journal |title=Addressing Semantics Standards for Cloud Portability and Interoperability in Multi Cloud Environment |journal=Symmetry |author=Ramalingam, C.; Mohan, P. |volume=13 |at=317 |year=2021 |doi=10.3390/sym13020317}}
* {{cite web |url=https://storage.pardot.com/468401/1614781936jHqdU6H6/Whitepaper_Is_the_cloud_a_safe_place_for_your_data.pdf |format=PDF |title=Is the Cloud a Safe Place for Your Data?: How Life Science Organizations Can Ensure Integrity and Security in a SaaS Environment |author=Tiller, D. |publisher=IDBS |date=2019}}
* {{cite web |url=https://www.trianz.com/insights/managed-cloud-security-services-how-and-why-it-works |title=How Managed Cloud Security Works, and Why You Might Want It |author=Trianz |date=29 March 2021}}


When considering all this, however, Maritz was only partially off. There are many "wheres" to choosing and implementing a cloud-based service for your laboratory, including where you do your computing from, and even where your security is managed from. But cloud computing is certainly more about “how” you do computing in your laboratory. Cloud computing has proven to be at least a partially disruptive force over the years, changing organizations' IT departments, security planning, budgeting, and many other aspects, often for the better, though with its own complications. Laboratories can now host [[laboratory information management system]]s (LIMS) and [[electronic laboratory notebook]]s (ELNs) in the cloud and use [[infrastructure as a service]] (IaaS) to host serverless code that triggers when a cloud-connected instrument takes a reading and uploads the data. Laboratory users can now pull up information about not only automated lab procedures but also the security status of the equipment managing those procedures using a tablet while parked in the grocery store parking lot. Environmental sensors in Alaska can send data to a [[software as a service]] (SaaS) application hosted in Europe for processing, and then be accessed by an authorized user in Australia. Yes, the where of it all is related, but ultimately how the laboratory computes has now been changed with cloud computing.
'''Reference material''':


That doesn't mean there are fewer considerations and complications with a shift to the cloud. The laboratory should approach any migration to or addition of cloud services with assertive yet balanced project planning that takes into account organizational goals, management buy-in, necessary stakeholders, scope and responsibility, existing IT and data structures, risk management and regulatory considerations, budgeting and IT requirements, provider vetting, training, maintenance, and security monitoring. Vetting providers and their services can be particularly time-consuming, but it remains a critical component of any cloud-based move in your lab. Given all these complications, laboratories shouldn't be afraid to seek additional help from knowledgeable consultants and managed security service providers with experience implementing and securing cloud in laboratories, particularly when in-house expertise is lacking.
* {{cite web |url=https://usa.kaspersky.com/resource-center/definitions/what-is-cloud-security |title=What is Cloud Security? |work=Resource Center |author=AO Kaspersky Lab |date=2021}}
 
* {{cite web |url=https://www.cisecurity.org/blog/secure-cloud-products-and-services-with-new-cis-benchmarks/ |title=The Beginner’s Guide to Secure Cloud Configurations |work=CIS Blog |author=Center for Internet Security |date=2021}}
Hopefully this guide has been a boon to understanding cloud computing and all the considerations that come with it. Laboratories have much to consider when moving to or adding to their position in the cloud. The fact that you've made it through this document is a strong testament to your desire to ensure the success of a cloud project for your lab going forward. Good fortunes to you and your organization going forward.
* {{cite web |url=https://www.mitre.org/publications/technical-papers/planning-management-methods-for-migration-to-a-cloud-environment |title=Planning & Management Methods for Migration to a Cloud Environment |author=Kearns, D.K. |publisher=The MITRE Corporation |date=December 2017}}
* {{cite web |url=https://www.hhs.gov/hipaa/for-professionals/special-topics/health-information-technology/cloud-computing/index.html |title=Guidance on HIPAA & Cloud Computing |author=Office for Civil Rights |work=Health Information Privacy |publisher=U.S. Department of Health & Human Services |date=24 November 2020}}
* {{cite web |url=https://csrc.nist.gov/publications/detail/sp/800-190/final |title=SP 800-190 ''Application Container Security Guide'' |author=Souppaya, M.; Morello, J.; Scarfone, K. |publisher=NIST |date=September 2017}}
* {{cite web |url=https://kubernetes.io/docs/home/ |title=Kubernetes Documentation |author=The Linux Foundation |date=12 November 2020}}

Revision as of 22:45, 21 August 2021

Key reading:

  • Ramalingam, C.; Mohan, P. (2021). "Addressing Semantics Standards for Cloud Portability and Interoperability in Multi Cloud Environment". Symmetry 13: 317. doi:10.3390/sym13020317. 


Reference material: