AM I BETTER OFF IN THE CLOUD? PART 1
Written By: Phil Miller President, Integrity IT
A quick, high-level summary of the pros, cons and options for moving IT services to the cloud.
AM I B ETT E R O F F I N T H E C L O U D ? P A RT 1
Are you at the crossroads of aging computer equipment? If you work for one of the thousands of Health Care organizations that utilized meaningful use dollars in 2011 or 2012 to pay for EMR technology investments, you probably find yourself at a crossroads right now. The equipment you purchased is now at or near 5 years old and nearing the end of its predicted life expectancy. What should you do? Do you continue down the path you chose 5 years ago, or is it time to reconsider options moving your IT systems to the cloud? You are probably going to hate this answer, but here it is – “it depends.” Let’s reframe the scenario. The first question to consider is not “Should I go to the cloud?” The first question to consider is “Which applications and IT functions should I consider moving to the cloud,
and which am I better off leaving and managing on premise?” For some of you, even more specifically, “Should I move my EMR to the cloud, or should I embrace the 5-year hardware replacement cycle and manage my EMR on premise?”
Below is a quick list of other key variables that need to be considered when evaluating cloud options. • • • • • • • • • • •
Cost Geographic Redundancy Internet Service and Bandwidth Scalability Rapid Deployment Hosted Applications Mobility & Ease of Remote Access Security Data Location Accountability Managed Private Cloud
The answer to the cloud question is different for every company.
their hosting platform, and the pending large capital expenditure associated with the 5-year infrastructure replacement life cycle. Even though the hosting provider was an application vendor as opposed to a regular public cloud provider, many of the issues they experienced are the same.
EXAMPLE 1: CLOUD WAS THE SOLUTION
BEFORE: IT costs for Company A totaled about $8000/ month, not including ISP or Telecom. This included a monthly payment on a $85,000 capital expense to update server infrastructure.
Company A had four independent medical practices under one umbrella company with a single shared IT infrastructure (domain, email and backups) and EHR. Initially, they elected to have their EHR hosted by the vendor, but after 5 years of ongoing problems, they decided to consolidate their entire environment in our managed private cloud. The biggest reasons were the poor support they were getting from the EHR Vendor, the poor performance they experienced on
INTEGRITYKY.COM | 859.253.4284
AFTER: Company A moved IT services to Private Cloud, replacing recurring capital expense with recurring operational expense. Monthly costs at $7,258 saved about $750 per month and they experienced a higher level of performance and service.
PAGE 2
AM I B ETT E R O F F I N T H E C L O U D ? P A RT 1
EXAMPLE 2: ON-PREMISE WAS THE SOLUTION Company B is a specialty medical practice with approximately 100 users. They were also facing the 5-year infrastructure life-cycle replacement and were pushing for a cloud option. When asked why they felt so strongly about it, they stated “Isn’t that what everyone is doing these days?” This is a clear example of the marketing effectiveness of public cloud providers. We hear this all the time from both our customers and our prospects. Integrity IT agreed to help Company B look into options and do an in depth analysis of costs coupled with pros & cons of each option.
Bottom line: it is best to employ an unbiased and trusted IT consultant when evaluating all of your key variables.
Here were the bottom line monthly costs that kept Company B with an on-premise solution. A. Baseline = purchase & operate hardware on premise B. Microsoft azure: baseline x 4.5 C. Amazon web services: baseline x 1.81 D. Rack space: baseline x 1.79 E. Peak 10: baseline x 1.82 The options compared and the results based on an estimated 50% utilization (12 hours per day to cover operational period and backups) with the cloud provider services.
We hope you follow up by reading the longer version of this white paper to better understand some of the key variables to consider and realize the complexity of such a decision. Don’t just go with the cloud option because it is getting the most publicity these days. Engage your trusted IT consultants to assist you in making the best decision for your organization, and if you don’t have one for a second opinion please reach out to us for assistance.
By now you know the decision to move your IT systems to the cloud is extremely complex with many unique variables. At Integrity IT, we have found that the Managed Private Cloud is an alternative that provides most of the public cloud benefits with fewer of the drawbacks and is often a good option for companies with 20 – 100 users. We have also found that in many situations, sticking with an on-premise solution is the better route to go.
INTEGRITYKY.COM | 859.253.4284
PAGE 3
AM I B ETT E R O F F I N T H E C L O U D ? P A RT 1
Cloud solutions are often a good fit in these scenarios:
There are benefits to using a private cloud.
•
This is a type of cloud computing that delivers similar advantages to public cloud, including scalability, but through a proprietary architecture which is managed by the provider (not the customer) and which is typically more secure. Our clients are beginning to explore this option and a few have engaged in projects to move their infrastructure to our private cloud hosted in our Lexington Data Center.
Very small or very large number of users (less than 20 or more than 1,000)
•
Companies with multiple physical locations or a highly mobile work force
•
Security filtering solutions
•
E-mail hosting (if 50 or fewer users)
•
Companies that provide services that require drastically varying computer workload demands
•
Need to scale up / down very quickly to respond to market demands
•
Companies with a need for real time collaboration among persons from multiple sites
•
Geographic (multi-region) data redundancy
•
Geographic (multi-region) compute redundancy
•
Saas (software-as-a-service) application (depending on uptime/availability requirements)
LET’S REVIEW THE BENEFITS •
Scalability / Agile / Efficient
•
Managed by a local provider
•
Dedicated to a single organization / higher level of environment isolation
•
Security of a dedicated environment
•
Cost – comparable to on-premise, but with flexibility, security and redundancy
It’s a significant project to move from on-premise to hosted, but we’ve heard positive feedback from our clients stating it is well worth the effort. The end users appreciate the boost in performance along with the efficient and simplified login process.
Written By: Phil Miller, President, Integrity IT
INTEGRITYKY.COM | 859.253.4284
PAGE 4
AM I B ETT E R O F F I N T H E C L O U D ? P A RT 1
CONSULTATION SERVICES
SECURITY CONTROLS
Risk Assessment
Managed IPS/IDS
•
Asset Identification
•
Intrusion Prevention System and Intrusion
•
Threat Identification
•
Detection System
•
Vulnerability Scans: Internal and External
•
Controls Assessment: Physical, Technical, Administrative
Managed SIEM/USM
•
Gap Assessment, Prioritization for Remediation
Business Continuity and Disaster Recovery Planning •
Business Impact Assessment
•
Recovery Point Objective: Backup Strategy
•
Recovery Time Objective
•
Security Information and Event Management System
Vulnerability Scans •
Quarterly and Ad-Hoc Internal and External Scans
•
Reporting
•
Mitigation Recommendations
Phishing Campaign
HIPAA Compliance
•
Periodic Validation of Employee Training
•
Annual SRA Completion
•
Policies and Procedures
Penetration Testing
•
BAA Templates
•
Executive Summary and Technical Report
•
Single or Recurring Engagement
Employee Security Awareness Training
PII PR TECT
•
Speaker Program
•
HIPAA Assurance Web Portal
•
PII-Protect Web Portal (non-HIPAA)
•
Phishing Campaign (PII-Protect or DUO)
VCISO (Virtual Chief Information Security Office) •
Establish your Security Vision
•
Determine and Prioritize Security Initiatives
•
Reduce Risk with Ongoing Security Improvements
Incident Response and Breach Investigations •
Response and Remediation plans
•
Communications and Management
•
Lessons Learned
INTEGRITYKY.COM | 859.253.4284
Encrypted Email •
PII and PHI Requirement
Internet Content Filtering •
Block Malicious Sites
•
Help Control Your Internet Bandwidth Use
Multi-Factor Authentication •
Add a Second Layer Of Security to Strengthen Access to Vital Systems
Custom GPO’s (Group Policy Object) •
Security Focused GPO’s: Account Hardening, Ransomware, Pass the Hash Mitigation
PAGE 5
AM I B ETT E R O F F I N T H E C L O U D ? P A RT 1
“Baptist Express Care has 18 locations and over 100 users, and we rely on a stable IT environment to access patient information. Integrity met all project deliverables on time with an excellent product. I could not ask for a better IT partner; they’ve been crucial to the success of our business.” –– Michelle Saborit, Director, Baptist Express Care
TRUSTED TECHNOLOGY. STRONGER SECURITY. BETTER BUSINES S.
INTEGRITYKY.COM | 859.253.4284 3080 HARRODSBURG ROAD, SUITE 104 LEXINGTON, KY 40503
PAGE 6