Towards a Healthy Cloud Cloud Computing Solutions for the Dutch Healthcare Sector
Master Thesis Business Informatics Juan Hernรกndez Colomina June 2009 - February 2010 Advisors: Ronald Batenburg & Slinger Roijackers
Advisors: Kor Tops & Ronald van den Heuvel
Table of Contents Introduc*on .....................................................................................................4 Research Descrip*on ........................................................................................5 Research Problem and Scope ........................................................................................5 Research Goal and Ques7ons .......................................................................................5 Research Paradigm ........................................................................................................7 Research Approach .......................................................................................................8 Research Methodology .................................................................................................10 Prac7cal and Scien7fic Contribu7on .............................................................................21 Research Validity ...........................................................................................................25
Research Phase 1: Defini*on of Cloud Compu*ng .............................................26 Context and Enabling Factors ........................................................................................28 Cloud Compu7ng Defini7on ..........................................................................................34 Taxonomy of Cloud Solu7ons ........................................................................................48 Common Use PaOerns ..................................................................................................55 Cloudnomics: Cloud Compu7ng Economics ..................................................................61 Risks of Cloud Compu7ng ..............................................................................................65 Cloud Security ...............................................................................................................72 The Cloud Compu7ng Marketplace ...............................................................................76 Selec7ng a Cloud Provider ............................................................................................90 Answers to Research Ques7ons Phase 1 .......................................................................95 Conclusion Phase 1 .......................................................................................................99
Research Phase 2: ICT in the Dutch Healthcare Sector .......................................102 Context and Scope .........................................................................................................102 The Role of Technology in Healthcare ...........................................................................114 ICT in the Dutch Healthcare sector ...............................................................................123 Electronic Pa7ent Records in The Netherlands .............................................................126 Answers to Research Ques7ons Phase 2 .......................................................................150 Conclusion Phase 2 .......................................................................................................154
Phase 3: Cloud Compu*ng in the EPD context ...................................................160 Design Science Research Approach ...............................................................................160 Ar7fact Crea7on ............................................................................................................163 Ar7fact Evalua7on .........................................................................................................166 Towards a Healthy Cloud
Page 2 of 218
Juan Hernández Colomina
Answers to Research Ques7ons Phase 3 .......................................................................168
Research Conclusion .........................................................................................180 Bibliography .....................................................................................................186 Appendix A: General Thesis Informa*on ...........................................................194 Appendix B: Process Deliverable Diagram .........................................................195 Appendix C: Project Planning and Deliverables .................................................196 Appendix D: TwiRer’s cloud compu*ng community ..........................................197 Appendix E: Cloud Compu*ng Outages During 2008 .........................................198 Appendix F: Gartner’s 2009 overview of IaaS providers .....................................199 Appendix G: Healthcare Strategic Principles of the EU .......................................206 Appendix H: Enabling Technologies for Pa*ent Safety .......................................207 Appendix I: Enabling Technologies for Quality of Care .......................................208 Appendix J: Enabling Technologies for Availability ............................................209 Appendix K: Enabling Technologies for Empowerment ......................................210 Appendix L: General eHealth related defini*ons ...............................................211 Appendix M: NICTIZ’s ZSP Cer*fica*on Requirements .......................................213 Appendix N: NICTIZ’s GBZ Requirements Overview ...........................................216
Towards a Healthy Cloud
Page 3 of 218
Juan Hernández Colomina
Introduc*on This thesis report describes the findings of the research performed by Juan Hernández Colomina as part of the Master in Business Informa7cs program at Utrecht University. The main goal of the research is to analyze the challenges and opportuni7es to adopt (current) Cloud Compu7ng solu7ons in the Dutch healthcare sector. For this purpose, this research has been conducted from June 2009 to January 2010 in collabora7on with E.Nova7on B.V. a firm specialized in communica7on systems and integra7on services for the healthcare and logis7c sectors in The Netherlands. In accordance with the different research steps performed, the report is structured in four main sec7ons: Research Descrip7on, Research Phase 1, Research Phase 2 and Research Conclusion. In the first sec7on (Research Descrip7on) the main research goal, (sub)ques7ons, methodology, scope and scien7fic and social relevance are introduced. The second sec7on of this report (Research Phase 1) elaborates the results of the first part of our research which focuses on Cloud Compu7ng solu7ons. This sec7on includes not a defini7on of the concept as well as a taxonomy of current solu7ons, common use paOerns, a brief vendor analysis and a descrip7on of the associated risks compared to other alterna7ves. The third part of this report (Research Phase 2) focuses on analyzing the Dutch healthcare sector and the role of informa7on and communica7on technology (ICT) in that sector. For this purpose we have selected one of the most significant ICT projects currently being deployed in The Netherlands, the introduc7on of Electronic Pa7ents Records (EPR or EPD in Dutch). In the fourth and last sec7on of this report (Research Conclusion) we combine the results of the previous two phases in analyzing the opportuni7es and challenges for deploying Cloud Compu7ng solu7ons within the EPR context in The Netherlands. We conclude the report with some recommenda7ons for healthcare providers, ICT providers and Government bodies as well as some issues that could be subject of future research.
Towards a Healthy Cloud
Page 4 of 218
Juan Hernández Colomina
Research Descrip*on We begin this sec7on by introducing the research problem and scope that delimit our research. In order to achieve this goal, we present the research ques7on and sub-‐ques7ons to be answered as well as the methodology applied in that process. The last part of this sec7on describes the scien7fic and prac7cal contribu7on of the research.
1. Research Problem and Scope Cloud Compu7ng represents a new technological delivery model that is expected to highly influence organiza7ons and their use of technology in the near future. During 2009 we have observed an increasing interest for Cloud Compu7ng solu7ons as viable alterna7ve models to reduce costs and improve performance. However, there are certain considera7ons to be taken into account when implemen7ng technological solu7ons in specific na7onal sectors like the Dutch healthcare sector. For this reason, it is not only important to obtain a clear defini7on of this new paradigm but also to understand what are the specific implica7ons in the adop7on of ICT solu7ons by Dutch Healthcare organiza7ons. Hitherto there are few scien7fic publica7ons on Cloud Compu7ng and they focus primarily on providing the grounding step stones (e.g. defini7ons, actors, etc.) of this emerging field. However, in commercial publica7ons (e.g. New York Times, CIO.com, The Economist, CNN, etc.) several ar7cles can be found on the benefits and risks of this new delivery model. The rapid evolu7on of Cloud Compu7ng offerings and the lack of a broadly accepted defini7on have resulted in a hype where almost every vendor affirms they provide this type of solu7on. As a direct consequence of this blurred situa7on customers cannot evaluate and compare solu7ons accurately. Due to the increasing popularity of the cloud compu7ng delivery model and the lack of previous scien7fic research in this area it is necessary to create a defini7on of the concept that can then be further analyzed in a specific context. For this reason, the scope of this research is delimited on one hand by the crea7on of a general Cloud Compu7ng defini7on, and on the other hand by the risks and opportuni7es of this new paradigm for Dutch healthcare organiza7ons and policy makers. For this reason, the problem that we aim to solve in this research is the lack of understanding of current opportuni7es and barriers for using Cloud Compu7ng solu7ons in the Dutch healthcare sector. By solving this problem, we aim to support policy makers, healthcare organiza7ons and ICT providers when considering this paradigm in the Dutch healthcare context.
2. Research Goal and Ques*ons The main goal of this research is to provide a set of recommenda7ons for policy makers, healthcare organiza7ons and technology providers to support on one hand the development of future legisla7ons and on the other hand the adop7on and development of Cloud Compu7ng solu7ons in the Towards a Healthy Cloud
Page 5 of 218
Juan Hernández Colomina
Dutch Healthcare sector. By taking into account the current opportuni7es, challenges and policies influencing the adop7on of ICT solu7ons in the Dutch Healthcare sector as well as the characteris7cs of this new delivery model we aim to achieve three goals: (A) to support policy makers in the development of new ICT related policies and regula7ons, (B) to facilitate the adop7on of Cloud Compu7ng by Dutch healthcare organiza7ons and (C) to support ICT service providers in developing cloud solu7ons that fit this context. In order to achieve our research goal, a number of sub-‐steps have been accomplished first where each step solves part of the research problem. For this purpose, we have divided our research ques7ons in three groups:
Research Ques*ons Group 1: Defini*on of Cloud Compu*ng What is Cloud Compu7ng? How is it defined by scien7sts, ICT vendors, consultants, analysts and commercial publica7ons? What types of solu7ons are available? What are its main benefits and risks? What type of cloud solu7ons are being currently offered in the market?
Research Ques*ons Group 2: The Dutch Healthcare Sector What are the current trends, challenges and opportuni7es in the Dutch Healthcare sector? What is the current role of ICT in the Dutch Healthcare sector? What are the main policies and legisla7ons affec7ng the use of ICT in Dutch Healthcare organiza7ons?
Research Ques*ons Group 3: Cloud Compu*ng in Dutch Healthcare What are the most relevant opportuni7es and challenges for adop7ng Cloud Compu7ng in the Dutch Healthcare sector? Which type of Cloud Compu7ng solu7ons fit within the current legisla7ve context and poli7cal agenda? How do current regula7ons facilitate or difficult the adop7on of Cloud Compu7ng?
The first two groups of ques7ons are answered independently from each other while the third group elaborates on the answers found on those two groups. By answering these research ques7ons we have generate a set of recommenda7on to be taken into account when evalua7ng current Cloud Compu7ng solu7ons for the Dutch Healthcare sector and when developing new cloud products for that specific industry. Moreover, the recommenda7ons can also be applied in the development of new laws and regula7ons by policy makers. The answers to these three groups of research ques7ons provides us with the answer to our main research ques*on: how can a Dutch healthcare organiza*on select cloud compu*ng solu*ons taking into account the requirements needed to connect to the na*onal pa*ent records system?
Towards a Healthy Cloud
Page 6 of 218
Juan Hernández Colomina
3. Research Paradigm The main purpose of IS scien7fic research is to describe, explain, predict and control reality (Jenkins, 1985). Our research is primarily concerned with describing two parts of reality (e.g. defini7on of cloud compu7ng and IT in Dutch healthcare) and explaining how an organiza7on can deploy such solu7ons in that context. As we focus on studying a new phenomenon our research is exploratory by nature. This is also reflected in the type of research ques7ons we try to answer (e.g. "What..." ques7ons) (Järvinen, 2003). There are several research paradigms applied in contemporary social research each having its corresponding assump7ons, methodologies and suppor7ng theories. This diversity of approaches enables the analysis of phenomena from different frames of reference, improving its validity and accoun7ng for possible biases (e.g. methodology related biases) (Hirschheim & Klein, 1989). However, on Informa7on Science (IS) research this is not always the case as the posi7vist and interpreta7ve approaches have been the dominant approaches for many years (Orlikowski & Baroudi, 1991).
In IS research we can find previous scien7fic work on how different world views determine the
research paradigm followed the researcher (Orlikowski & Baroudi, 1991). Researcher’s believes about physical and social reality, knowledge and the rela7onship between knowledge and the empirical world determine his/her research philosophy (e.g. posi7vist, interpreta7ve, etc.) and consequently influence his/her selec7on of research approach and methods (Orlikowski & Baroudi, 1991). Our believes are described in the following list: ★ Physical and social reality: Our perspec7ves on the empirical world is that it is subjec7ve and therefore created by human ac7ons. We assume therefore that humans (re)create the world applying high levels of ra7onality on their percep7ons and interac7ons with other humans. Moreover, we believe that social rela7ons are dynamic and in some cases conflicts arise from differences in created "reali7es" . ★ Epistemology / Knowledge: We believe that knowledge is created and evaluated by human ra7onality and it is valid once it has been empirically proven true several 7mes. ★ Rela*onship between knowledge and the empirical world: In our research we believe that knowledge is primarily created to solve specific problems in prac7ce. Analyzing our perspec7ves on these three areas we have to conclude that we follow a interpreta7ve research philosophy. It differs from the posi7vist view in the assump7on of social construc7onism, the believe that reality and our knowledge about it are social products and therefore depend on humans to be constructed and make sense of it (Orlikowski & Baroudi, 1991) (Chen & Hirschheim, 2004) (Myers, 1997). Applied to the IS research field, the interpreta7ve research paradigm aims to understand “the context of the informa7on system, and the process whereby the informa7on system influences and is influenced by the context" (Myers, 1997). Towards a Healthy Cloud
Page 7 of 218
Juan Hernández Colomina
The interpreta7ve perspec7ve assumes that the world is not given but instead a subjec7ve crea7on of human ac7ons (Chen & Hirschheim, 2004) (Myers, 1997). For this reason, interpreta7ve researchers focus more on making sense of reality rather than discovering it as posi7vists do. Reality, and therefore the interpreta7ons of meanings (e.g.defini7ons, concepts, etc.) are formed, transferred, used and (re)nego7ated by humans over 7me as the context where they are created changes (Orlikowski & Baroudi, 1991). For this reason, previous publica7ons recommend the use of qualita7ve methods when conduc7ng research from a interpreta7ve perspec7ve (Chen & Hirschheim, 2004) (Myers, 1997).
Although many other research paradigms can be found in previous publica7ons
(e.g. posi7vism, post-‐posi7vism, cri7cal theory, neohumanism, pluralists, etc.) (Hirschheim & Klein, 1989) (Chen & Hirschheim, 2004) we believe that the interpreta7ve perspec7ve is a valid research paradigm as it represents more accurately our world view and it has been applied already several 7mes during the last decade of IS research and (Chen & Hirschheim, 2004). The main advantages of the interpreta7ve research approach is that it provides a view on the underlying connec7ons in social groups and how they construct reality. However, some of the limita7ons of this approach are that it does not consider external condi7ons, unintended consequences of ac7ons and social conflicts (Orlikowski & Baroudi, 1991). When aiming to achieve replicability and generalizability of research findings some authors believe that the posi7vist paradigm might be the most appropriate (Chen & Hirschheim, 2004). However, when the researchers goal is to provide an in-‐depth understanding of the phenomenon under study the interpreta7ve paradigm is recommended as it enhances research from different perspec7ves (Chen & Hirschheim, 2004). The interpreta7ve research paradigm is considered by some authors as the only real alterna7ve to the dominant posi7vism stream (Chen & Hirschheim, 2004).
Although the posi7vism view is the dominant research perspec7ve in IS research it requires
that the phenomenon under study is single, tangible, fragment-‐able and with a clear an unique defini7on (Orlikowski & Baroudi, 1991). This last requirement is not found in the context of our research as there is not yet a clear and unique defini7on of cloud compu7ng. For this reason we will try to achieve this during the first phase of our research.
4. Research Approach A research approach can be defined as "the set of research methods that can be applied to similar research objects and research ques7ons" (Järvinen, 2000). A research approach encompasses therefore a group of research methods that are applied for the same goal and on the same object. We have divided our research in three different phases aiming to answer three different types of research ques7ons. For this reason we have selected different approaches and methods in each phase depending on the type of research ques7ons that we aim to answer.
Towards a Healthy Cloud
Page 8 of 218
Juan Hernández Colomina
Previous work on research approaches has demonstrated how a researcher can select the appropriate research methods based on the research ques7ons and the characteris7cs of the object being inves7gated (Järvinen, 2000) (Järvinen, 2003). Applying Järvinen’s taxonomy of research approaches to our research ques7ons we have selected a non-‐mathema7cal research approach with a focus on studying reality. Our selec7on is based on the facts that cloud compu7ng is a emerging delivery model being studied in few scien7fic publica7ons so we believe this part of reality needs to be explored in a specific context. A mathema7cal approach was considered at the beginning of our research (e.g. survey) but due to the lack of experiences with cloud compu7ng in the Dutch healthcare sector we have selected a non-‐mathema7cal approach. The first two phase our research follow a conceptual-‐analy7cal approach to fully understand cloud compu7ng and the ICT in the Dutch healthcare sector context. Once we have deeply understood these two parts of reality we con7nue our research in the third phase by applying a design science’s innova7on building research approach that focuses on the crea7on of an ar7fact (e.g. matching-‐ model) based on the results from the previous two phases (Järvinen, 2000). Within the conceptual-‐analy7cal research approach we can observe two research trends (Järvinen, 2000). Some researchers focus on research ques7ons as "Which kind of theory concerning a certain part of reality could be derived, if certain assump;ons and premises are valid?" while other researchers aim to answer ques7ons like "Is there any common theory, which describes and explains those phenomena?". Our research corresponds primarily with the first research stream as we aim to derive theory (e.g. our matching-‐model) concerning a part of reality (e.g. cloud compu7ng and IT in Dutch Healthcare) from certain assump7ons and premises (e.g. our own defini7on of cloud compu7ng and our interpreta7on of NICTIZ requirements). In the ar7fact building research approach the researcher inves7gates if a certain ar7fact (abstract or concrete) can be constructed (Järvinen, 2000). The corresponding research ques7on that this approach aims to answer is “Is it possible to build a certain ar;fact?" (Järvinen, 2000). In phase three of our research we have followed this research approach to elaborate a meta-‐ar7fact (e.g. matching-‐model). With our meta-‐ar7fact we try to demonstrate not only that this abstract ar7fact can be build but also that following our matching-‐model a prac77oner can select a concrete cloud compu7ng ar7fact to be used in the EPD context. In the IS research field we can find several other taxonomies that are oren applied to select the most appropriate research approach. Some examples are Nunamaker’s et al, Galliers & Land’s and March & Smith’s frameworks (Järvinen, 2000) (Hevner, March, Park, & Ram, 2004) (Galliers & Land, 1987). According to Nunamaker’s taxonomy, our mix of conceptual-‐analy7cal and ar7fact building approaches is considered as a theory building approach with a focus on delivering conceptual frameworks. In Galliers & Land’s framework our research is regarded as descrip7ve interpreta7ve in phase one and two as we focus mainly on understanding the nature of IT (Järvinen, 2008). Moreover, applying March and Smith's framework (see table 1) our research can be classified as theory research Towards a Healthy Cloud
Page 9 of 218
Juan Hernández Colomina
under the natural science approach for phase one and two, and as building approach under the design science approach for phase three. Table 1: March & Smith framework (Järvinen, 2000)
Design Science Build Evaluate Constructs Model Method Instan7a7on
Natural Science Theorize Jus*fy Phase 1 & 2
Phase 3
As the research methods depend on the research approach followed we will discuss them per phase of our research in the following sec7on.
5. Research Methodology One of the key factors to select an appropriate research methodology is to recognize available methodologies and understand their challenges and opportuni7es (Järvinen, 2008) (Jenkins, 1985) (Chen & Hirschheim, 2004). Although surveys, laboratory experiments and case studies research methods have been dominant in the IS research field (Orlikowski & Baroudi, 1991), qualita7ve methods and longitudinal studies are gaining popularity as the interpreta7ve approach is gaining popularity (Chen & Hirschheim, 2004). Experienced IS researchers recommend to select the most appropriate methodology within the context of the research objec7ve, an individual's research paradigm, his/her integrity, the available knowledge on the IS field and the opera7ng paradigms available (Jenkins, 1985). Our research can be in general considered as a interpreta7ve case study because it aims to capture and communicate (a part of) reality in a par7cular context 7me (e.g. feasibility of cloud compu7ng in the current Dutch healthcare system) (Jenkins, 1985). One of the most significant barriers that we encounter when selec7ng our research methods was the lack of available knowledge about cloud compu7ng in a Dutch healthcare seung. Other barriers that we encountered when selec7ng our methods are the high costs and feasibility of alterna7ve methods (e.g. survey, lab experiment, etc.), the low level of control we have over the variables and the lack of applicable ar7facts (e.g. defini7ons, methods, models, etc.) When performing IS research is oren very difficult to reproduce the research environment in experimental designs and only a limited number of factors can be studied on such a seung (Galliers & Land, 1987). Moreover, for this type of method the researcher should have control over behavioral events. Due to the fact that we cannot reproduce the EPD context in an experiment and that we have low control over the events we have discarded lab experiments as a viable method in our situa7on. A survey was considered during the first months of the research but was discarded due to the fact that
Towards a Healthy Cloud
Page 10 of 218
Juan Hernández Colomina
there is almost no knowledge about cloud compu7ng within the research popula7on (e.g. healthcare IT decision makers in The Netherlands). Previous work on selec7ng the appropriate IS research methodologies has shown that applying only empirical-‐analy7cal methods (e.g. sta7s7cal methods) the research would have serious limita7ons as it should also include behavioral and organiza7onal considera7ons. IT is defined by some authors as "technology used to acquire and process informa7on in support of human purposes, typically within some organiza7onal seung" (March & Smith, 1995). Qualita7ve methods (e.g. field work, interviews, etc.) are therefore appropriate for IS research as IT is oren studied in organiza;ons and used by humans (Galliers & Land, 1987) (Myers, 1997). Taking into the limita7ons previously stated, we have applied Järvinen's taxonomy to link our research ques7ons to the most appropriate (and feasible) research methods (Järvinen, 2008). The results of our selec7on process is depicted in table 2. Table 2: Linking Research Ques*ons to Research Methods
Phase #
1
2
Type of Ques*ons
What is ...?
What is ...?
Research Approach
Research Methods
-‐ Literature Study Conceptual-‐ -‐ Online Field Study Analy7cal -‐ Expert Reviews
Conceptual-‐ -‐ Literature Study Analy7cal -‐ Expert Reviews
Deliverables
• • • •
Defini7on of Cloud Compu7ng Overview of characteris7cs Overview of main vendor solu7ons Expert review valida7on
• •
Descrip7on of the Dutch Healthcare sector Current trends, challenges and opportuni7es in the Dutch Healthcare sector The role of ICT in the Dutch Healthcare sector Policies and regula7ons governing the use of ICT in the Dutch Healthcare sector Expert review valida7on
• • • •
3
How does...?
Design Science
-‐ Ar7fact building / instrument development
• •
Matching-‐model linking requirements with cloud compu7ng features Opportuni7es and barriers for Cloud Compu7ng in the Dutch Healthcare sector Recommenda7ons for stakeholders
For clarifying purposes, we have depicted the main research ques7on and sub-‐ques7ons, the corresponding research methodology, the research deliverables and their rela7onships in figure 1. Moreover, based on the meta modeling technique developed by Professor Brinkkemper (Brinkkemper, Saeki, & Harmse, 1999) we have elaborated the research phases and deliverables in a Process Deliverable Diagram (PDD) which is depicted in appendix B. In appendix C we have also included the GANTT diagram for the planning of each research phase. Towards a Healthy Cloud
Page 11 of 218
Juan Hernández Colomina
Figure 1: Research Ques*ons and Deliverables
Our research methodology is designed per phase due to the significant differences in research subjects in phase one and two, and the differences in the research goal of phase three. The first two phases focusing on describing reality to understand the nature of two different parts of reality (e.g. cloud compu7ng and Dutch healthcare) while the third phase goal is to elaborate a meta-‐ar7fact (e.g. matching-‐model). During the first two phases of our research we conduct descrip7ve literature studies following the archival research methodology (Jenkins, 1985). Addi7onally, due to emerging and evolving character of the concept of cloud compu7ng, we conduct an online field study in the cloud compu7ng community to define the term from a interpreta7ve perspec7ve. Field study methods are recommended when the researcher adopts an interpreta7ve research paradigm (Orlikowski & Baroudi, 1991). In the field study research method the researcher does not manipulate any variable as he/she only inves7gates a part of reality within a human interac7on context (Jenkins, 1985). In the third phase of our research we follow the design science research to create an ar7fact that connects the results of the previous two phases. In order to validate the results of the first two phases we have conducted a series of expert reviews which include not only the coordinators of these thesis but also several other experts in each of the two fields. A descrip7on of these reviews can be found further in this thesis in the sec7on discussing the research methods of each phase.
Towards a Healthy Cloud
Page 12 of 218
Juan Hernández Colomina
5.1. Phase 1 Approach and Methodology
There has been few scien7fic research performed on Cloud Compu7ng un7l now while the
media is offering almost on a daily basis new and some7mes contradictory defini7ons. It is therefore crucial to obtain first a delimited defini7on of this new phenomenon by analyzing Cloud Compu7ng vendor solu7ons and scien7fic literature as well as consultants’ and analysts' perspec7ves. Besides developing a defini7on, it is also important to be aware of the poten7al benefits and risks associated with this new delivery model. As we men7oned earlier on this thesis the first phase of our research follows a conceptual-‐ analy7cal research approach to create theory (e.g. our defini7on of cloud compu7ng) about a certain part of reality based on certain valid assump7ons and premises (Järvinen, 2003). As we follow a interpreta7ve paradigm we assume that the defini7on of cloud compu7ng is created and recreated by humans when they apply high levels of ra7onality to their empirical percep7on. For this reason we consider not only several publica7ons from relevant human actors (e.g. science, vendors, consultants, etc.) but also how the meaning of the term is (re)created by human interac7ons on online communi7es. Our research is more concerned with crea7ng theory than with tes7ng theory. The reason for this approach is that cloud compu7ng is an emerging paradigm and therefore there is almost none previous scien7fic work available. As this emerging paradigm is expected to have significant implica7ons in the near future, it is first necessary to create cloud theory (e.g. defini7on of cloud compu7ng) that can then be used in this thesis as well as in future research. In this phase we create analysis theory due to the fact that we aim to answer the ques7on “what is cloud compu7ng?” (Gregor, 2006). In a conceptual analy7cal research approach, proposi7ons are created from collec7ng and integra7ng exis7ng research results. Theory then is created arer observa7on by inducing basic clauses and deduc7ng proposi7ons from them (Jenkins, 1985). In our research we perform first an extensive literature review on term cloud compu7ng to complement it with findings from our observa7ons during our online field study. We integrate our finding in a set of common features that we further analyze in detail. Applying deduc7ve reasoning we exclude some of the features and include the rest in our research defini7on of cloud compu7ng. Once we have created our defini7on of cloud compu7ng we validate it with community reviews and expert reviews.
(A) Literature Study
As a literature review is an essen7al feature of every scien7fic work we can find several papers on conduc7ng an accurate literature review in IT research seungs (Webster & Watson, 2002). In order to iden7fy the relevant literature, previous work suggests that the researcher should focus on the concepts rather than specific journals, methodologies or geographical loca7ons. For this reason, we have applied mainly a concept-‐centric method in our search for relevant ar7cles (Webster & Watson, Towards a Healthy Cloud
Page 13 of 218
Juan Hernández Colomina
2002). Furthermore, we have extended our literature list with an author-‐centric approach to explore more ar7cles wriOen by recognized field experts (e.g. Nicholas Carr on cloud compu7ng). In our concept-‐centric search process we have searched for the terms “cloud”, “cloud compu7ng”, “u7lity compu7ng”, “HPC”, “IaaS”, “PaaS”, “SaaS”, “as-‐a-‐service” among others. In our author-‐centric approach we have searched for ar7cles wriOen by field experts (e.g. “Nicholas Carr”, “Daryl Plummer”) as well as by leading IT organiza7ons. The tools that we used more intensively during our search process are Utrecht University’s Omega search engine (hOp://omega.library.uu.nl), The ACM digital library (hOp://portal.acm.org), IEEE Xplore digital library (hOp://ieeexplore.ieee.org), the Web of Science website (hOp://www.webofscience.com) and Google Scholar (hOp:// scholar.google.com). We have evaluated the ar7cles found by a backward analysis to analyze the cita7ons included in the paper as well as by a forward analysis to analyzing the cita7ons to that paper from other papers found in the Web of Science website and Google Scholar.
(B) Online Field Study
Following an interpreta7ve research paradigm we have taken into account not only a large number of publica7ons from diverse actors (e.g. scien7fic, consultants, vendor, etc.) but also how the defini7on of cloud compu7ng is (re)constructed in the cloud compu7ng community. For this reason, we have par7cipated in several online communi7es to observe and interact with relevant humans in crea7ng our own part of reality (e.g. defini7on of cloud compu7ng). From the begging stages of our thesis we have par7cipated on Google Group’s cloud compu7ng Community (hOp://groups.google.com/group/cloud-‐compu7ng), on several Linkedin cloud compu7ng groups (The Cloud Talk Community Forum, cloud compu7ng Standards Forum, Cloud Storage, etc.) and on our TwiOer group of cloud compu7ng experts (hOp://twiOer.com/aciertoweb/ cloud-‐compu7ng/). It is important to note that Google Group and Linked communi7es focus more on formal discussions and deliverables (cloud specifica7ons, standards, etc.) while TwiOer’s community is more dynamic and includes a significant larger number of individual’s contribu7ons and discussions. From our experience TwiOer was the most valuable social network to obtain and validate knowledge.
Our par7cipa7on in these online cloud compu7ng communi7es can be regarded as an online
field study as we do not manipulate any variable but instead we just measure it within a human context (Jenkins, 1985). Applying field study techniques on social networks we were able to observe several discussions between cloud experts on the different features that the cloud compu7ng defini7on should include and which types of models are available.
These online communi7es have all a large number of members where some contribute more
than others to the community. In our TwiOer group of cloud compu7ng experts we have selected the members that are more ac7ve in collabora7ng and sharing informa7on. The most ac7ve community members are depicted in appendix D Each community member has its own exper7se. Joe Weinman is for example considered an expert in cloud compu7ng economics, Christofer Hoff is a recognized Towards a Healthy Cloud
Page 14 of 218
Juan Hernández Colomina
security expert and Simon Wardley is a regarded as an Open Source expert worldwide. This mix of knowledge and exper7se has supported us in our analysis on which features should be included in the defini7on of cloud compu7ng and which not.
From our observa7ons we can interpret that individual’s argumenta7ons are oren in line with
their employer’s interests. For example community members working at hardware producers (e.g. Cisco, NEC, etc.) are more in favor of private cloud models while individuals working at web based companies focus more on public cloud models (e.g. Google, Amazon, etc.). We have carefully considered this possible bias in their opinions when evalua7ng their argumenta7ons.
A clear advantage of this method is the large number of relevant ar7cles that we have
discovered through community member’s contribu7ons. For example, through twiOer we were able to obtain recent published documents just hours arer they were available online. Without our par7cipa7on on this online communi7es our literature study would have been limited to the ar7cles found through search engines, with the corresponding crawling delay. Moreover, these plaxorms have enabled us to interact with several cloud compu7ng experts around the globe. For this reason, we highly recommend this method in future research, specially to analyze emerging and/or dynamic concepts from an interpreta7ve perspec7ve. For crea7ng our defini7on of cloud compu7ng we analyze first the basic constructs individually (e.g. features) to apply logical reasoning based on our percep7on (e.g. literature study) and our observa7ons from online cloud compu7ng communi7es (e.g. online field study). From exis7ng papers and community contribu7ons we have derived a set of features that are regarded as possible features of cloud compu7ng solu7ons. Applying the formism research method (Jenkins, 1985) we group similar features into categories and select those categories that (1) are men7oned by several relevant actors and (2) they are corroborated or rejected by cases in prac7ce.
(C) Expert Reviews
For valida7ng the results of phase one we have followed two approaches. First we conduct two expert reviews with IT managers to discuss the possible features of our cloud compu7ng defini7on. Second we evaluate our defini7on by observing several experts discussions on online cloud compu7ng communi7es. We interview Mr. Gerard Persoon, Business Consultancy Manager at E.nova7on and Mr. Kor Tops, Engineering Manager at the same organiza7on. Mr. Persoon has more than 20 years experience in IT having worked previously for Ernst & Young for several years. His exper7se areas are informa7on security, IT audits, ITIL, ISO 9001 and func7onal design. Mr. Tops has also more than 20 years experience in IT and his exper7se includes among others IT infrastructure management and SAN storage architectures.
Towards a Healthy Cloud
Page 15 of 218
Juan Hernández Colomina
The interviews were unstructured in-‐depth interviews focusing on the features to be included or excluded on the defini7on. Unstructured in-‐depth interviews are common in social sciences research to gain deep understanding of a single concept. As experts received the results of our first phase several weeks before the interviews took place we could directly discuss these features in depth. With the results of our expert reviews we restructured some part of our work but no major modifica7ons were made to our defini7on of cloud compu7ng. Following our interpreta7ve research paradigm we cannot only rely on wriOen defini7ons and a few expert reviews but we have to consider also how the meaning of the term “cloud compu7ng” is currently (re)nego7ated between the most relevant human actors. For this reason we have further validated our defini7on by analyzing relevant discussions on the most relevant online communi7es. Due to the emerging character of cloud compu7ng, each of the features of our cloud compu7ng defini7on was at a certain moment in 7me subject of discussion between the members of the community. Although we are aware of possible biases in their opinions, several argumenta7ons were found that helped us in our logical reasoning when including or excluding features from our defini7on of cloud compu7ng. We decide to include or exclude a feature based on: (1) how many community members agree (or disagree) (2) how many prac7cal cases confirm or rejects its feasibility.
5.2. Phase 2 Approach and Methodology The second phase of this research aims to iden7fy the current trends, challenges and opportuni7es in the Dutch Healthcare sector. Among others, the current poli7cal agenda, the role of ICT in this sector and the policies and legisla7on governing it are taken into account. By analyzing scien7fic and commercial literature as well as the applicable laws and regula7ons this phase aims to describe the current barriers and opportuni7es in Dutch healthcare and the role of ICT in that context. We delimit our analysis in this phase by focusing on one of the largest and most significant ICT projects in The Netherlands, the introduc7on of a na7onal EPR infrastructure (the EPD infrastructure). In this phase we con7nue applying a conceptual-‐analy7cal approach to create theory about a certain part of reality (e.g. IT in Dutch healthcare) based on certain valid assump7ons and premises (Järvinen, 2003). We start by crea7ng analysis theory when exploring the Dutch healthcare sector in general. We then con7nue our research by crea7ng explana7on theory aiming to answer why, when, how and where to use IT in the Dutch healthcare context (Gregor, 2006). In order to achieve this we apply the literature study research method. Moreover, we follow a top-‐down approach exploring first the current situa7on of the healthcare sector in Europe and in The Netherlands in order to iden7fy the main challenges and opportuni7es in this context. We con7nue then by focusing on IT in the Dutch healthcare sector with further explora7on of the Dutch electronic pa7ent records system EPD, one of the most significant IT infrastructures in that sector. In order to facilitate the construc7on of our matching-‐model in the next phase of our research we have focused further on the EPD cer7fica7on requirements. Towards a Healthy Cloud
Page 16 of 218
Juan Hernández Colomina
(A) Literature Study
As a literature review is an essen7al feature of every scien7fic work we can find several papers
on conduc7ng an accurate literature review in IT research seungs (Webster & Watson, 2002). In order to iden7fy the relevant literature, previous work suggests that the researcher should focus on the concepts rather than specific journals, methodologies or geographical loca7ons. For this reason, we have applied mainly a concept-‐centric method in our search for relevant ar7cles (Webster & Watson, 2002). Furthermore, we have extended our literature list with an author-‐centric approach to explore more ar7cles wriOen by recognized field experts or very significant organiza7ons. In our concept-‐centric search process we have searched for the terms “healthcare IT”, “e-‐ Health” and “Dutch healthcare IT” among others. In our author-‐centric approach we have searched for ar7cles wriOen by field experts (e.g. “Stroetmann”) as well as by relevant public bodies and relevant organiza7ons (e.g. “European Commission”, “Dutch Ministry of Healthcare”, “NICTIZ”, etc.) The tools that we used more intensively during our search process are Utrecht University’s Omega search engine (hOp://omega.library.uu.nl), The ACM digital library (hOp://portal.acm.org), IEEE Xplore digital library (hOp://ieeexplore.ieee.org), the Web of Science website (hOp:// www.webofscience.com) and Google Scholar (hOp://scholar.google.com). We have evaluated the ar7cles found by a backward analysis to analyze the cita7ons included in the paper as well as by a forward analysis to analyzing the cita7ons to that paper from other papers found in the Web of Science website and Google Scholar.
(B) Expert Reviews
Our analysis of the (Dutch) healthcare sector, the role of IT in that sector and our selec7on of
the EPD as the most significant current IT project in The Netherlands were further validated by an expert review with Mr Bert Kabbes. Mr Kabbes is Senior Business Consultant at E.Nova7on and has more than 20 years experience as interim director of several Dutch hospitals. The unstructured in-‐ depth interview confirmed our percep7on of the challenges and opportuni7es in the (Dutch) healthcare sector as well as the role of IT in the EPD context. We did not perform addi7onal valida7on on this phase as the main deliverable to be used in the next phase are the EPD requirements which are explicitly described by NICTIZ and therefore easy to verify by anyone.
5.3. Phase 3 Approach and Methodology In the third phase of our research we shir our approach from conceptual-‐analy7cal to ar7fact building (Järvinen, 2008). For this reason, in this phase we have applied the design science methodology to construct a meta-‐ar7fact (e.g. matching-‐model) based on our previous two research phases that support Dutch healthcare organiza7ons when deploying cloud compu7ng solu7ons to connect to the EPD. The design science approach is one of the most popular research approaches in
Towards a Healthy Cloud
Page 17 of 218
Juan Hernández Colomina
the IS field and it has already been applied from an interpreta7ve perspec7ve like ours (Iivari, 2007) (Hevner et al., 2004). Design science can be defined in general as crea7ng innova7ons that improve humans capabili7es (March & Smith, 1995) (Hevner et al., 2004). In prac7ce we can observe that most of the work carried out by IS prac77oners focuses on designing the purposeful alloca7on of resources to accomplish an organiza7onal goal (Hevner et al., 2004). For this reason most IT projects are designed to improve opera7onal efficiency and effec7veness. This is also the essence of the design science approach as it is a problem-‐solving paradigm that focuses on crea7ng ar7facts that support the effec7ve and efficient use of informa7on systems in organiza7ons (Hevner et al., 2004). The goal of our matching-‐model is therefore to support prac77oners in the deployment of solu7ons following the cloud compu7ng model that could improve organiza7onal performance of healthcare organiza7ons in the na7onal pa7ent system context. According to Iivary's ontology of design science the third phase of our research can be classified as World 3, this means that the explana7on to reality is achieved by meta IT ar7facts as we aim to develop "new types of theories made possible by IT ar7facts" (Iivari, 2007). The theory we aim to create is found in our matching-‐model where we aim to explore the challenges and opportuni7es of cloud compu7ng in Dutch healthcare. Within the design science research approach we can observe two main ac7vi7es: ar7fact building and ar7fact evalua7on (Hevner et al., 2004) (March & Smith, 1995) (Iivari, 2007). The purpose of this research approach can be therefore found in two dimensions: crea7ng an ar7fact to demonstrate that such an ar7fact can be build and evalua7ng its performance against specific criteria.
(A) Ar*fact Building
According to previous research there are four types of design science products: constructs, models, methods and implementa7ons (March & Smith, 1995). Our research aims to build a meta-‐ ar7fact (e.g. matching-‐model) to evaluate the applicability of cloud compu7ng in the Dutch healthcare context by analyzing the support (or delimita7on) of cloud compu7ng features in EPD requirements.
The crea7on of knowledge in design science is based on a set of basic assump7ons (e.g. kernel
theories) that are applied and modified by the researcher's experience, crea7vity, intui7on and problem-‐solving capabili7es (Hevner et al., 2004). We have elaborated our kernel theories during the first research phases that have resulted in two basic constructs: our defini7on of cloud compu7ng and the lists of requirements to connect to the Dutch na7onal pa7ent infrastructure (EPD).
Previous work on design science has iden7fied eight main components of a design theory
(Gregor & Jones, 2007). The design theory must state its purpose and scope as well as the principles of form and func7on for the use of constructs. The validity of the theory is improved by addressing ar7fact mutability, tes7ng proposi7ons and jus7fying knowledge through kernel theories. The theory Towards a Healthy Cloud
Page 18 of 218
Juan Hernández Colomina
is finally put into prac7ce by following principles of implementa7on and developing an expository instan7a7on. The purpose of our design science theory is to explore the feasibility of cloud compu7ng solu7ons in an specific scope determined by the characteris7cs of the Dutch healthcare sector. We provide a extensive descrip7on in phase one and two about how we build our two basic constructs and the kernel theories applied in the process. To reduce the risk of ar7fact mutability we validate our two basic constructs before including them in our matching-‐model. Due to the innova7ve character of our research subject (e.g. cloud compu7ng) we could not perform any implementa7on or instan7a7on of the matching-‐model. However, these does not represent a cri7cal shortcoming in our research as these components are regarded in previous work as addi7onal non-‐core components (Gregor & Jones, 2007). Transparency on the construc7on of meta-‐ar7facts in design science is regarded by some authors as an important requirement (Iivari, 2007). For this reason, in the first two phases we have described in detail the process of crea7ng and the basic elements of our matching-‐model: our cloud compu7ng defini7on and the requirements to connect to the EPD. The main goal of the ar7fact building research approach is to explore if a certain ar7fact (abstract or concrete) can be constructed (Järvinen, 2000). By building our matching-‐model we demonstrate therefore that such meta-‐ar7fact can be build based on our assump7ons and premises. Moreover, our matching-‐model can be used as an intellectual tool to support human problem-‐solving and improve organiza7onal capabili7es in the Dutch healthcare context which is a common goal found in design science research (Hevner et al., 2004). When execu7ng the third phase of our research we have followed Hevner's guidelines for design science in IS research (Hevner et al., 2004). This guidelines are based on the assump7on that knowledge over a design problem and its solu7on is created when building and applying an ar7fact. According to Hevner, design science research focuses on the crea7on of an innova7ve purposeful ar7facts for a specific problem domain where the ar7fact aims to solve an unsolved problem or a known problem in a more efficient or effec7ve way. For this reason, the ar7fact must be rigorously defined, formally represented, coherent, internally consistent and evaluated. Hevner's guidelines for design science research are depicted in table 3.
Towards a Healthy Cloud
Page 19 of 218
Juan Hernández Colomina
Table 3: Hevner’s design science research guidelines (Hevner et al., 2004)
Guideline
Descrip*on
(1) Design as an ar7fact
Design-‐science research must produce a viable ar7fact in the form of a construct, a model, a method, or an instan7a7on.
(2) Problem Relevance
The objec7ve of design-‐science research is to develop technology-‐based solu7ons to important and relevant business problems.
(3) Design Evalua7on
The u7lity, quality, and efficacy of a design ar7fact must be rigorously demonstrated via well-‐executed evalua7on methods.
(4) Research Contribu7ons
Effec7ve design-‐science research must provide clear and verifiable contribu7ons in the areas of the design ar7fact, design founda7ons, and/or design methodologies.
(5) Research Rigor
Design-‐science research relies upon the applica7on of rigorous methods in both the construc7on and evalua7on of the design ar7fact.
(6) Design as a Search Process
The search for an effec7ve ar7fact requires u7lizing available means to reach desired ends while sa7sfying laws in the problem environment.
(7) Communica7on of Research
Design-‐science research must be presented effec7vely both to technology-‐oriented as well as management-‐oriented audiences.
It is important to note that this guidelines should not be considered mandatory as the researcher must use his/her crea7ve skills and judgment to determine when, where and how to apply each guideline in an specific research (Hevner et al., 2004). The applica7on of these guidelines in our ar7fact building process is described further in this research when describing the elabora7on of our matching-‐model in the third phase of our research.
(B) Ar*fact Evalua*on
The field of design science in IS research is regarded in previous work as an applied science discipline reflec7ng the importance of IT (meta-‐)ar7facts that enable the development of concrete IT applica7ons (Iivari, 2007). This is also the main goal of our research, to develop a meta-‐ar7fact (our matching-‐model) to facilitate the deployment of cloud compu7ng solu7ons in an specific context (healthcare in The Netherlands). A design science ar7fact can therefore be evaluated by analyzing how that ar7fact achieves its goal in prac7ce (u7lity and quality) and how efficient it is in achieving it (Hevner et al., 2004). However, there are significant barriers for evalua7ng ar7facts as they are related to the environment where they operate (March & Smith, 1995). According to previous work, the resul7ng meta-‐ar7facts must include knowledge that enables product and process design (Iivari, 2007). We believe that our matching-‐model contains knowledge that can support prac77oners in the design of new (or modified) cloud products and as well as in the design of cloud related processes. By matching a poten7al solu7on with our cloud compu7ng features and evalua7ng the requirements enforced by NICTIZ an organiza7on can select the solu7on that best fits their needs in that context.
Towards a Healthy Cloud
Page 20 of 218
Juan Hernández Colomina
It is important to note that although we could not create an instan7a7on of the matching-‐ model in prac7ce we validated its completeness and accuracy with expert reviews and es7mated its usability, func7onality and consistency with the same method. More details on the expert reviews of our matching-‐model can be found in the sec7on describing the third phase of our research. A final remark should be made on the fact that the quality of design science ar7facts improves when subsequent evalua7ons are performed as they oren result in incremental improvements (Hevner et al., 2004) (Gregor & Jones, 2007). However, we could not improve any exis7ng model as we could not find any similar meta-‐ar7fact in previous literature. For this reason we had to create a new meta-‐ar7fact that can be evaluated and improved in further research. This is a typical situa7on when applying design science to build new or innova7ve ar7facts as theories over the applica7on and impact of these ar7facts can be created once the ar7facts are applied in prac7ce (Hevner et al., 2004).
6. Prac*cal and Scien*fic Contribu*on (A) Prac*cal Contribu*on The prac7cal contribu7on of this research can be found in current ICT trends and the actual economic environment. The current global economic malaise triggered by the credit crisis during the last quarter of 2008 has affected all kinds of companies around the world. Due to the lack of credit and credibility in financial markets, informa7on and communica7on (ICT) firms and departments must carefully evaluate every new project to make sure it provides the business value needed under these circumstances. Specially during 7mes of economic recession, IT managers are increasingly required to be crea7ve in finding solu7ons that would reduce their IT budgets (Molenaar, 2009). In this context, ICT companies and departments are trying to evaluate all possible ways to reduce costs or to increase performance. One of these approaches is ‘Lean IT’ (Zaal, 2009) which aims to solve the problem of ICT “overweight” and avoid overspending. Other increasingly popular approaches are Sorware as a Service (SaaS), Infrastructure as a Service (IaaS) and Cloud Compu7ng. According to some authors, the way companies make use of ICT is recently changing to a paradigm where infrastructures and applica7ons become u7li7es and will simply come out off the wall like common u7li7es do (e.g. electricity). In his books “Does IT maOer” and “ The Big Switch” Nicholas Carr predicts the end of corporate ICT departments due to the increasing standardiza7on and availability of technological infrastructures and applica7ons (Molenaar, 2009). Mr Carr affirms that this situa7on will realize savings of unused server and storage capacity as well as on human resources. However, not all ICT experts agree fully with Carr’s predic7ons. Mr Ron Tolido (CTO of Capgemini in The Netherlands) notes that applica7ons that can be standardized (the great majority) should be contracted off the wall, realloca7ng their costs to those essen7al applica7ons (the minority) that contribute to an organiza7on’s compe77ve advantage (Molenaar, 2009). Other experts, like Prof. dr. Chris Verhoef of Vrije Universiteit Amsterdam, affirms that ICT s7ll provides companies with a
Towards a Healthy Cloud
Page 21 of 218
Juan Hernández Colomina
compe77ve edge to differen7ate themselves from their compe7tors by applying infrastructures and applica7ons designed according to specific business processes and by solving specific business needs. The growing popularity and adop7on of SaaS and IaaS technologies are clear examples of the switch that ICT is experiencing towards a service model delivered through internet technologies. Some important players in the ICT industry (e.g. HP, Microsor, etc.) are using terms like ‘everything as a service' where the internet is extended to the enterprise instead of the enterprise being just connected to the internet. This new vision requires new forms of understanding and organizing enterprises and their value chains.
In their 2008 predic7ons (Plummer & McGee, 2008) Gartner research an7cipated the growing
popularity of SaaS and Cloud Compu7ng as viable op7ons to internal systems and outsourcing. In accordance with Gartner’s predic7ons, web technologies had become the main trigger for business innova7on. It is clear that in the context of these new emerging delivery models, IT capabili7es will evolve significantly due to disrup7ve changes in what end users will buy and how they will pay for it. Network services and service orchestra7on will therefore become more cri7cal to business performance because they enable the use of other sorware and hardware. In the annual Gartner’s CIO survey (McGee et al., 2008), strategic ICT focus, the use of specific business metrics to quan7fy ICT’s value and the priori7za7on of ICT projects are believed to create the greatest growth opportuni7es for enterprises during the coming years. CIOs around the world believe their department can play a crucial role in the short term by improving business processes and workforce performance while controlling costs. On the long term technology can also enable new strategic capabili7es for organiza7ons. This switch in CIOs’ agendas and the increasingly popular concept of compu7ng u7li7es have inspired this research. Although tradi7onal strategies (e.g. opera7onal efficiency, product differen7a7on, etc.) remain essen7al requirements for success, an enterprise needs nowadays to dynamically adapt its ICT organiza7on to rapidly changing business needs in order to aOract and retain customers (McGee et al., 2008). The focus is nowadays not strictly on technological management but on 7mely changing the firm’s capabili7es to enforce its compe77veness. Not reac7ng or reac7ng too late to customer’s demand can have direct consequences for organiza7onal performance.
It is also important to note that “Delivering projects that enable business growth” and “Linking
business and IT strategies and plans” have been CIOs’ top two priori7es during the last years (2005 to 2007) (McGee et al., 2008). These two main priori7es are followed by “Improving the quality of IT service delivery” and “Demonstra7ng the business value of IT” among others. A business driven ICT organiza7on has therefore become one of the most important objec7ves of current CIOs.
Towards a Healthy Cloud
Page 22 of 218
Juan Hernández Colomina
The growing popularity of Cloud Compu7ng contributes to the realiza7on of ‘real-‐7me infrastructure’ (RTI) which results in substan7ally lower costs, higher service levels and improved agility (McGee et al., 2008). This approach facilitates the automa7on and dynamic adjustment of an organiza7on’s technological infrastructure to fulfill cri7cal business needs at a par7cular point in 7me and their rapid changes in the future. Another important trend no7ced by Gartner is the idea that Service Oriented Architecture (SOA) will become the standard design for more than 80% of new and mission-‐cri7cal applica7ons and business processes by 2010. Consequently redundant and irrelevant applica7ons will be phaced out. According to Gartner (McGee et al., 2008), “the future applica7on environment will be more granular, inclusive and fluid to enable rapid composi7on, integra7on, orchestra7on and reuse.”
(B) Scien*fic Contribu*on
A great deal of previous IS research has focused on the con7nuos rela7onships between IT,
individuals and organiza7ons with a focus on the social processes surrounding the deployment, development, use, misuse or disuse of IT (Orlikowski & Baroudi, 1991). Our work con7nues this path by analyzing the feasibility of emerging cloud compu7ng solu7ons in the Dutch electronic pa7ent records system. The rela7onships between IT consumers and IT providers has been subject of several IS researches (Orlikowski & Baroudi, 1991). As cloud compu7ng is expected to disrup7vely transform this rela7onship, our work can be further applied in future research related to this delivery model in Dutch healthcare environments. In previous scien7fic papers we can find six main types of research outputs (descrip7ons of reality, constructs, models, methods, instan7a7ons and proofs) depending on the research approach followed (Järvinen, 2000). During our research we provide descrip7ons of two parts of reality (e.g. cloud compu7ng and IT in Dutch healthcare) to construct our defini7on of cloud compu7ng and our matching-‐model. Moreover, we cannot find the same combina7on of methods that we have applied during our research which cons7tutes an addi7on to the research body of knowledge. The extensive analysis and descrip7ons about parts of reality in phase one and two of our thesis are specially valuable in research seung with few knowledge available about some phenomena (Gregor, 2006). We create our defini7on of cloud compu7ng from an interpreta7ve perspec7ve taking into account how its meaning is (re)created by human interac7on on online communi7es. This methodology can also be regarded as an addi7on to the body of knowledge of research methods as it has not yet been oren applied in previous research. Moreover by delivering a consistent defini7on of the concept we facilitate future cloud compu7ng research. In general, the design science building-‐ar7fact approach applied in the third phase of our research aims to create a certain abstract or concrete ar7fact (e.g. system, model, method, etc.) (Järvinen, 2000). Following this approach we have created a matching-‐model to link the two basic constructs created in the first two phases. As in previous design science research the scien7fic Towards a Healthy Cloud
Page 23 of 218
Juan Hernández Colomina
contribu7on of this part of our work can be measured by examining the suitability of our ar7fact to an specific context and the addi7ons to the knowledge base from our research findings (Hevner et al., 2004). In our research the suitability of our ar7fact has been es7mated by expert reviews while our cloud compu7ng defini7on and our matching-‐model can be regarded as the most significant addi7ons to the IS body of knowledge base. According to Gregor's taxonomy types and research ques7ons in IS research the theory created in our research can be classified as Analysis (phase one), Analysis and Explana7on (phase two) and Design (phase 3) (Gregor, 2006). This classifica7on is derived from the type of research ques7on that we aim to answer. In our first research phase we focus primarily on what is cloud compu7ng (Analysis theory) while in the second phase we add also ques7ons related to why, when, how and where to use IT in Dutch healthcare (Explana7on theory). With our matching-‐model we create Design Theory as we aim to answer the ques7on on how to use cloud compu7ng in the EPD context. Theory that analyses some part of reality is specially valuable when there is few knowledge about some phenomena (Gregor, 2006). This is also the case in our research as there is almost no scien7fic publica7ons on cloud compu7ng. Theory for explaining is oren concerned with how and why some phenomena takes place (Gregor, 2006). This is what we have aimed to do in our second research phase where we inves7gate the requirements to use IT in Dutch healthcare (how) and the mo7va7on to use an specific system (why). In the design type of theory the focus lies on how (e.g. func7ons, models, methods, etc.) to support IS development as it the case of our matching-‐model(Gregor, 2006). The interconnec7on between the types of theories has also been subject of previous research (Gregor, 2006). Theories for Design are derived from theories for Explaining and Analyzing among others, while theories for Explaining are strictly derived from theories for Analyzing. These interconnec7ons are also reflected in our research as we have designed our matching-‐model based on our previous analysis and explana7on in building our basic constructs in the first two phases. Previous work has shown how pluralism of paradigms, approaches and methodologies is essen7al for a good IS research agenda (Chen & Hirschheim, 2004). It is therefore essen7al that researchers consider different approaches and methods (other than the dominant ones) to contribute to the body of knowledge of IS research. This is reflected on the fact that the interpreta7ve research approach is gaining popularity and acceptance by major journals (e.g. MIS Quarterly) during the last decade being applied by an increasingly number of published researches. It is important to note that applying different research perspec7ves can poten7ally lead to significant improvements in IS research (Orlikowski & Baroudi, 1991). Our applica7on of the interpreta7ve approach in an IS research leads therefore to pluralism in IS research as it is not a dominant approach in that field.
Towards a Healthy Cloud
Page 24 of 218
Juan Hernández Colomina
7. Research Validity In general, a research’s validity can be measured by examining the applicability of the results to different (sub)popula7ons and other seungs (generaliza7on and external validity), the accuracy of those results (internal validity) and reliability through replicability (Jenkins, 1985). To overcome one of the most common mistakes in design science research (the overemphasis on technology) we have also carefully considered the organiza7onal embedding of IT in our research (Hevner et al., 2004). For this reason, we have analyze not only emerging technology (e.g. cloud compu7ng solu7ons) but also how it can be applied in an specific context (e.g. Dutch healthcare).
As we focus our research on a specific sector and country, the generaliza7on and external
validity of our research is limited to all organiza7ons in that country and sector. According to the expert reviews performed, our results can be applied to all Dutch healthcare organiza7ons considering cloud compu7ng solu7ons to connect to the electronic na7onal records system. Although the accuracy of our results has been evaluated arer each phase of our research we believe that it should be further evaluated applying our model in a real life situa7on. Incremental improvement of ar7facts over 7me are typical in design science research, specially when inves7ga7ng evolving IT phenomena (Hevner et al., 2004). Taking into account our research paradigm, approach and methods we believe that our research can be replicated leading to the same results. A remark should be made on the fact that many previous design science research was accomplished in situa7ons where the exis7ng knowledge base was insufficient (Hevner et al., 2004). In our case we could not find much available knowledge regarding cloud compu7ng and its applicability on a Dutch healthcare seung. For this reason, we had to rely on intui7on, experience and trial-‐and-‐ error methods to achieve our research goal (Hevner et al., 2004). Nevertheless, to improve the internal validity of our findings we have described our research approach and methods in each phase.
A final remark should be made on the fact in accordance with our interpreta7ve research
perspec7ve our findings are as a part of our human constructed reality also limited by our interpreta7on of reality and our human reasoning capabili7es.
Towards a Healthy Cloud
Page 25 of 218
Juan Hernández Colomina
Research Phase 1: Defini*on of Cloud Compu*ng There are a lot of expecta7ons on Cloud Compu7ng as it is believed to disrup7vely transform the deployment and management of IT resources, minimize implementa7on and opera7onal costs, accelerate innova7on and improve applica7on’s 7me-‐to-‐market and scalability (Spinola, 2009). According to Capgemini, Cloud Compu7ng represents a new IT delivery method that is expected to change the way of doing business in the near future (Ross, Payling, & Gough, 2008). As users are focusing increasingly on the capabili7es provided instead of the underlaying infrastructure it has become more important how services are consumed rather than how they are deployed (Stevens & PeOey, 2008).
Cloud Compu7ng is expected to transform the IT industry deeply in the coming years as it
represents the first steps towards U7lity Compu7ng. This development is a direct consequence of the increasing standardiza7on and consumeriza7on of IT capabili7es. According to The Wall Street Journal the Cloud Compu7ng industry is es7mated to reach $42 billion turnover by 2012 which represents around half of the current sorware industry worldwide (Hinchcliffe, 2009) (McLaughlin, 2009a).
In a recent research among Dutch ICT providers, around 70% of them expect that their
turnover is going to increase during 2009 (Wijkstra, 2009). They are experiencing a shir in focus of their IT budgets. Instead of considering investments in networks, infrastructure and storage they are increasingly considering SaaS and Cloud Compu7ng as interes7ng outsourcing alterna7ves (Wijkstra, 2009). This is specially the case in public, semi-‐public and Health Care organiza7ons. The shir in investment alterna7ves is depicted in figure 2. Figure 2: ICT Investments areas 2009 & 2008 (Marquit Research, May 2009)
56% 49% 40% 21%
31% 29% 21% 20%
19% 9%
Virtualization
SaaS
Outsourcing
Security
Cloud Computing
2008
24% 13%
Storage
19% 10% 10% Infrastructure
4%
Networks
2009
Although the concept of Cloud Compu7ng has emerged around 2006 it has already generated an unprecedented hype in the IT industry. Almost all major hardware and sorware manufacturers, consultant organiza7ons, analysts and telecom providers have become highly involved in Cloud Towards a Healthy Cloud
Page 26 of 218
Juan Hernández Colomina
Compu7ng during 2009. A great diversity of offerings has been launched recently ranging from sorware and advise to build clouds, to sorware services or on-‐demand infrastructures. As almost all the major ICT vendors are rolling out their Cloud Compu7ng solu7ons during 2009, they try to convince enterprise users that they are the “one and only” Cloud Compu7ng plaxorm suppor7ng their arguments with yet another defini7on of the cloud (Golden, 2009). It is therefore needed to define the term Cloud Compu7ng and facilitate its comparison with other compu7ng forms as well as to iden7fy its main challenges and opportuni7es (Armbrust et al., 2009). In the following sec7ons we analyze different perspec7ves on Cloud Compu7ng to combine them into a defini7on to be used further in our research. We start delimi7ng the scope of our analysis by describing the most relevant developments on the business and IT fields that can be related to this new delivery model. Once the context has been delimited, we elaborate a research defini7on of Cloud Compu7ng by analyzing previous defini7ons from scien7fic papers, commercial media, ICT analysts, consultants and standards organiza7ons.
Based on our defini7on of Cloud Compu7ng, we con7nue this phase by providing a taxonomy
of cloud services and a brief descrip7on of its most relevant use paOerns and economic considera7ons. Furthermore, we con7nue our analysis by describing the risks associated with this new model with a special focus on security. We conclude this phase by providing a vendor analysis of the three most popular IaaS and PaaS solu7ons and some models to support the evalua7on and adop7on of current offerings. At the end of this phase we present the conclusions of this phase and ideas for further research in the field of Cloud Compu7ng.
Towards a Healthy Cloud
Page 27 of 218
Juan Hernández Colomina
1. Context and Enabling Factors To delimit the context of our research we begin this sec7on by describing the current trends in business (sec7on 1.1.) and technology (sec7on 1.2.) with a focus on those that have contributed to the emergence of the Cloud Compu7ng model. At the end of this sec7on (sec7on 1.3.) we analyze the hype surrounding this new paradigm.
1.1. Business Trends
Based on interviews with C level execu7ves worldwide, Gartner research has elaborated a list
of the top ten business priori7es for 2009 (see table 4). These priori7es aim to cover the current business trends that organiza7ons come across when doing business. In this subsec7on we will discuss the main trends related to the emergence of Cloud Compu7ng. Table 4: Top 10 Business Priori*es for 2009 (Gartner, 2009)
Firm’s IT infrastructures have grown significantly during the past decades. When more IT resources where needed, new hardware was bought and placed in the firm’s data center. This lack of workload consolida7on has led to resource waste and oren to unsustainable and inefficient data centers (Siegele, 2008). As data centers grow, more resources, people and 7me is needed to
properly manage them. The current economic recession will make companies reconsider this situa7on as firms are reducing their (IT) budgets and therefore they are forced to operate more efficiently (Kirsner, 2009). In this context, Cloud Compu7ng can be a useful tool to reorganize IT resources while saving costs by op7mizing current and future ICT investments (Spinola, 2009). Due to globaliza7on, companies can now access new markets and gain and retain new customers by accelera7ng innova7on to deliver new products and services faster. The Internet provides access to a large amount of informa7on and it is being widely used by consumers to evaluate their purchasing decisions. As consumers nowadays have access to large amounts of informa7on they are oren categorized as prosumers (professional consumers). Organiza7ons need to pull consumers towards their products and services (e.g. fostering customer engagement, branding, etc.) instead of pushing those products to consumers (as it was done in the past) by deploying large marke7ng campaigns.
Towards a Healthy Cloud
Page 28 of 218
Juan Hernández Colomina
1.2. Technology Trends
Beside the top ten business priori7es, Gartner research also elaborates a yearly list of the top
ten technology priori7es (see table 5). The popularity of the SaaS business model for sorware delivery has lead to several forms of IT capabili7es “as-‐a-‐service” like Infrastructure-‐as-‐a-‐Service (IaaS) or Plaxorms-‐as-‐a-‐service (PaaS). Cloud Compu7ng is a logical evolu7on from this point of view, and in this sense can be considered as “compu7ng-‐as-‐a-‐service” and it includes all these exis7ng models. One of the most important implica7ons of the Cloud Compu7ng model is the disaggrega7on of IT capabili7es into services (Siegele, 2008). Table 5: Top 10 Technology Priori*es for 2009 (Gartner, 2009)
Other trend triggering the emergence of Cloud Compu7ng are the customiza7on and service orienta7on character of the Internet. Instead of having few long term supply rela7onships with high margins and deep commitment levels between the chain par7es, new forms of supply chains have emerged focusing more on having many short term supply rela7onships with low margins and low commitment between firms (Armbrust et al., 2009).
Computers have evolved significantly during the past two decades. From the mainframe 7mes where a single computer required a whole floor to the client-‐server architecture and thin clients, computers have experience a process of becoming an u7lity on-‐demand where compu7ng resources are accessible from any place (Siegele, 2008). Computer capabili7es are no longer limited by physical loca7ons or available technical knowledge as anyone can launch nowadays a en7re online business without owning any computa7onal resources.
In this context, ICT infrastructures are evolving from distributed models towards centralized
models that are accessible from everywhere any7me (Arnold, 2008a) (Weiss, 2007). We are currently living in a networked era where we must be con7nuously online. As a result, we can observe a growing number of web enable devices (e.g. Kindle, iPhone, etc.) as well as an increasing number of web based sorware applica7ons. Partly due to these developments, hardware and sorware are becoming standard products which drives prices down in a process that some prac77oners call “the consumeriza7on of IT”. Sorware applica7ons have also evolved significantly over the last years. The popularity of rich internet applica7ons (e.g. mashups, web 2.0 tools, etc.) implie also new infrastructural needs. Applica7ons that need to respond real-‐7me to human-‐computer interac7ons require a high level of Towards a Healthy Cloud
Page 29 of 218
Juan Hernández Colomina
availability and oren make use of extensive data (Armbrust et al., 2009). Hos7ng these applica7ons on the cloud would decrease response and processing 7me improving the overall user experience. Specially in the case of applica7ons that gather data from more than one source (e.g. mashups). Another example is the real-‐7me web, where content is gathered on the fly from mul7ple sources and with almost no delay between content genera7on and content indexing and presenta7on. As sorware becomes more complex and interconnected, some computa7onal tasks might need to process large data sets concurrently which requires high processing power. These tasks cannot be carried out on a single computer but need to be performed horizontally on supercomputers or grids. Due to the fact that these high level computa7onal resources are not (financially) accessible to everyone, an op7onal method could be to perform these tasks using Cloud Compu7ng. Following this model one hour on 100 cloud servers costs the same that 100 hours on one single cloud server. Therefore it might be more economically interes7ng to process these tasks on the cloud (Armbrust et al., 2009).
Some of the most interes7ng developments during 2009 were the emergence and popularity
of netbooks (e.g. thin client laptops), the launch of Goggle’s web based opera7ng system (OS) Chrome OS and the increasing SaaS adop7on. This developments indicate a shir to new architecture where clients adopt an interface role to a server based compu7ng plaxorm. IT is becoming more disembodied as resources can be consumed on-‐demand just for the task at hand (Siegele, 2008). If we add the advances in networking technologies resul7ng in faster internet connec7ons we can observe that ICT is transforming from a product oriented industry to a service oriented market. Collabora7on in the cloud can be best explained by observing the popularity of mashups applica7ons (Cunningham & Wilkins, 2009). Mashups are web applica7on on the cloud that combine exi7ng services to create a new service. This concept of innova7on trough reuse facilitates the rapid crea7on of new applica7ons without reinven7ng the wheel one more 7me (Arnold, 2008a). The majority of medium and large enterprises invest in their own data centers. The costs incurred in running an on-‐premises data center include among others real estate, hardware, power, cooling (50% of total energy expenses) and maintenance. A firm needs however to plan their data centers to support worst-‐case scenarios, resul7ng in addi7onal costs for back up and resource redundancy. In prac7ce, the high peak situa7ons accounted for when provisioning resources occur infrequently (Weiss, 2007) (DAuria & Nash, 2009) (Cunningham & Wilkins, 2009). As a consequence, fully resource u7liza7on is achieved only in 10 percent of the full 7me the resource is running. This means that 90 percent of 7me resources are idle, consuming electricity and space but not adding any value to the organiza7on (Leighton, 2009) (Brown, 2009c). In the current environmental context where energy prices rise to levels unknown un7l now, the largest ICT organiza7ons (e.g. Google, Microsor, IBM, etc.) are building their new data center near cheap sources of energy (e.g. hydroelectric facili7es) and close to important Internet nodes to guarantee a good connec7vity (Weiss, 2007). Towards a Healthy Cloud
Page 30 of 218
Juan Hernández Colomina
An interes7ng methodology to determine which technologies can be regarded as sources of compe77ve advantage is performed on Gartner’s research “Technologies you can’t afford to miss” (Gartner, 2009) which is depicted in table 6. As shown in the table, Cloud Compu7ng is considered the number one strategic technology for 2010 rising up from the third posi7on in 2009 and combining it with web-‐oriented architectures (rank 7 in 2009 report) and Enterprise Mashups (rank 8 in 2009 report). Some of the trends described in this sec7on are also included as technologies of strategic importance for 2010. Table 6: Strategic Technology Areas (Gartner, 2009)
Rank 2010 1 2 3 4 5 6 7 8 9 10
Technology Cloud Compu7ng Advanced Analy7cs Client Compu7ng IT for Green Reshaping the Data Center Social Compu7ng Security & Ac7vity Monitoring Flash Memory Virtualiza7on for Availability Mobile Applica7ons
Evolu*on from 2009 ranking Cloud Compu7ng (3) Business Intelligence (2) Virtualiza7on (1) Green IT (4) Virtualiza7on (1) Social Sorware and Social Networking (6) new in ranking new in ranking Virtualiza7on (1) new in ranking
From the trends described in the previous paragraphs we can consider some of them as the most significant factors that have influenced the emergence of Cloud Compu7ng solu7ons. Among others, SaaS, Open Source, Web 2.0 applica7ons (e.g. web based collabora7on, social networks and wikis), the consumeriza7on of technology are iden7fied by Gartner research as important enablers (Fergusson, 2008) (Cunningham & Wilkins, 2009). Moreover, the ubiquity of worldwide broadband access, the increasing number of Internet devices (e.g. iPhone, Android, Netbooks, etc.), the trend of con7nuous connec7vity are also regarded as significant influencing factors (Arnold, 2008b). Nevertheless, it is clear that Cloud Compu7ng represents a logical evolu7on from the popularity of web services and service oriented architectures (SOA) (Holliday, 2009).
1.3. The Hype Around Cloud Compu*ng When reading any ICT related publica7on it is clear that Cloud Compu7ng is crea7ng a hype within the IT industry (Cunningham & Wilkins, 2009) (Brynko, 2008). If we look at the search volume through Googles' search engine (provided by Google Trends) we can observe that the term first appeared on search queries in the last half of 2007 (see figure 3). In around a year 7me, the number of search queries mul7plied by ten which represents the large hype it created over such a short period of 7me.
Towards a Healthy Cloud
Page 31 of 218
Juan Hernández Colomina
Figure 3: Cloud Compu*ng Search Volume (Google Trends, June 2009)
!
!
Another indicator of the hype Cloud Compu7ng is crea7ng is the growing number of
companies launching Cloud Compu7ng solu7ons during 2009 (Hinchcliffe, 2009). There are however significant differences among these offerings. Sun for example announced at the beginning of 2009 his new cloud service which is API compa7ble at the storage level with Amazon’s cloud storage solu7on S3. On the other hand, in July 2009 Microsor presented its Cloud Compu7ng solu7on, Windows Azure which will open to the public at the beginning of 2010. One of the most popular hype measurement methods in the IT industry is Gartner’s Hype Cycle (see figure 4). In their latest version (July 2009) Gartner places Cloud Compu7ng at the “Peak of Inflated Expecta7ons” with mainstream adop7on expected to take place in a period of two to five years. Based on this model we can assume that Cloud Compu7ng s7lls need to experience a period of disillusionment (Gartner’s Trough of Disillusionment) where “over” promises and misunderstandings will be filtered and therefore reducing the current hype. Arer that period, Cloud Compu7ng solu7ons will follow a gradual adop7on process where the real benefits become clearer as they are proven in vendor’s offerings (Gartner’s Slope of Enlightenment and Plateau of Produc7vity). Figure 4: Gartner Hype Cycle (July 2009)
Towards a Healthy Cloud
Page 32 of 218
Juan Hernández Colomina
Although we agree on the fact that the term Cloud Compu7ng is experiencing a dispropor7onate hype, we also believe that it represents a shir towards a new computer paradigm that will have significant implica7ons for the delivery of IT capabili7es in the coming years. For this reason it is now 7me for organiza7ons of all sizes and industries to carefully evaluate it and get acquainted with it. As major vendors embrace this new form of IT delivery, enterprises should consider it as a viable op7on to their “Make versus Buy” analysis. Moreover, we can already find many Fortune 500 enterprises and public organiza7ons (e.g. The Wall Street Journal, BMW, USA government, etc.) among the early adopters of this new model.
Due to the hype surrounding the concept of Cloud Compu7ng, some prac77oners tend to
consider it as the new revolu7on in technology. However, despite its indisputable disrup7ve character Cloud Compu7ng is rather an evolu7on from a technology perspec7ve and a revolu7on from a business perspec7ve. Cloud Compu7ng can be considered as the logical evolu7on from service orienta7on (e.g. SOA, Web Services, etc.), grid compu7ng, server compu7ng and faster network devices and speed. From a business perspec7ve, Cloud Compu7ng represents innova7ve ways to reduce capital costs, to focus on core IT opera7ons (e.g. sources of differen7a7on) and to enable the agility needed to react to changing market condi7ons.
Towards a Healthy Cloud
Page 33 of 218
Juan Hernández Colomina
2. Cloud Compu*ng Defini*on In order to obtain a research defini7on of Cloud Compu7ng we will first analyze the concept of u7lity compu7ng (sec7on 2.1) to con7nue with the defini7ons found in scien7fic literature (sec7on 2.2), commercial publica7ons (sec7on 2.3), IT consultants and analysts reports (sec7on 2.4) and standards organiza7ons (sec7on 2.5). Furthermore we will analyze the roles involved in Cloud Compu7ng (sec7on 2.6) to end this sec7on by comparing the found defini7ons and filtering out the individual common components that are used. Our final research defini7on of Cloud Compu7ng is presented in the last sec7on (sec7on 2.7).
2.1. U*lity Compu*ng The idea of U7lity Compu7ng was first envisioned at MIT's centennial celebra7ons in 1961 by John McCarthy, a computer scien7st ac7vely involved in Ar7ficial Intelligence. The process of “u7lity-‐ za7on” where a resource that once was a key differen7ator becomes an u7lity and therefore its produc7on is done by third par7es in order to achieve cost efficiency has been repeatedly observed in last decennia's. Cloud Compu7ng is considered by many experts to be the logical evolu7on towards compu7ng as an u7lity (Baker, 2007). Mr Nicholas Carr’s books “ The Big Switch” and “IT does not maOer” have been very influen7al in the IT community. Mr Carr predicts the end of the IT department as compu7ng technology undergoes a shir from a compe77ve advantage enabler towards and u7lity model (like electricity) where IT infrastructure and applica7ons are delivered off the wall. This vision is shared by some prac77oners (Kirsner, 2009) and regarded as incomplete by others (Molenaar, 2009). Some experts believe that standard IT resources (the great majority) are good candidates to be contracted as an u7lity. However there are a number of IT resources (the minority) that are enablers of differen7a7on and should therefore not be contracted from third par7es (Molenaar, 2009). In his first book (“IT does not maOer”) Mr Carr described a shir that informa7on technology is experiencing towards a service model delivered through Internet. According to Mr Hans Daniels (HewleO Packard director in The Netherlands) this is fully in line with HP’s vision (Molenaar, 2009). HP believes that ICT delivery is going to evolve in a “everything-‐as-‐a-‐sevice” model which implies deep consequences not only for the IT department but also to the rest of the organiza7on (e.g. business processes, supply chain management, etc.).
An example of a resource that has gone through this process of becoming an u7lity is
electricity (Carr, 2008) (Baker, 2007) (Buyya, Yeo, Venugopal, et al., 2009). During the second world war manufacturing companies had to produce their own electricity to be able to manufacture more and faster than their compe7tors. However, soon arer the war finished electricity became an u7lity and therefore all the internal’s electricity generators of firms became obsolete. External electricity
Towards a Healthy Cloud
Page 34 of 218
Juan Hernández Colomina
providers could deliver it cheaper due to the economies of scale and sta7s7cal mul7plexing achieved by delivering energy to various firms. Another example of technology “u7lity-‐za7on” can be found in the hardware industry (Armbrust et al., 2009). Hardware manufacturers had to invest in the produc7on of their own semiconductors as a key advantage to produce beOer and faster hardware than their compe7tors. As semiconductor’s manufacturing equipment became more expensive, the economic advantages of purchasing such a facility were minimized, triggering a shir towards the externaliza7on of its produc7on. Only companies requiring a great number of chips (e.g. Samsung, Intel, etc.) could s7ll afford to produce their own semiconductors. As a consequence, companies emerged that were specialized in the produc7on of semiconductors like for example Taiwan Semiconductor Manufacturing Company (TSMC) (Armbrust et al., 2009). These specialized manufacturers can be profitable by achieving economies of scale and mul7plexing in their offerings. This externaliza7on of resource manufacturing allows firms to conduct business without the upfront investment, opera7onal costs and associated risks of having their own resource manufacturing facili7es (Buyya, Yeo, Venugopal, 2008).
2.2. Scien*fic Defini*ons Due to its innova7ve character there are few scien7fic defini7ons of Cloud Compu7ng at the moment of wri7ng. In this sec7on we analyze the most significant defini7ons of Cloud Compu7ng found in scien7fic journals and other scien7fic publica7ons. For this purpose we will describe the defini7ons provided by Berkeley’s Reliable Adap7ve Distributed Systems Laboratory (UC Berkeley RADSL), Telefonica Research and Development, University of Melbourne and the papers presented on the 1st IEEE Interna7onal Conference on Cloud Compu7ng. A. University of Berkeley
UC Berkeley’s RADSL has been founded by Google, Microsor and Sun Microsystems. Among
others, their current affiliates are Amazon Web Services, Cisco Systems, Facebook, HewleO-‐Packard, IBM, NEC, Network Appliance, Oracle, Siemens, and VMware. The organiza7on is financed by these partners together with grant funds from several public research bodies in the USA. In a recent white-‐paper of UC Berkeley RADSL (“Above the Clouds: A Berkeley View of Cloud Compu7ng”) the authors try to analyze in detail the concept of Cloud Compu7ng (Armbrust et al., 2009). According to Berkeley, Cloud Compu7ng is expected to lay down the first steps towards U7lity Compu7ng, affec7ng the way hardware and sorware is designed, purchased and used (Armbrust et al., 2009). The implica7ons for sorware and hardware are important: on one hand, sorware in the cloud is delivered as-‐a-‐service in contrast to the tradi7onal license model. On the other hand, hardware must be designed and used to be able to unfold the benefits of Cloud Compu7ng and facilitate its service model. In the UC Berkeley RADSL defini7on a clear dis7nc7on is made between the sorware services delivered to users and the underlaying infrastructure (hardware and sorware) Towards a Healthy Cloud
Page 35 of 218
Juan Hernández Colomina
facilita7ng them (Armbrust et al., 2009). A Cloud is considered by Berkeley RADSL as that underlaying hardware and sorware used to deliver services to consumers (e.g. SaaS). UC Berkeley RADSL (Armbrust et al., 2009) defines Cloud Compu7ng as applica7ons delivered as a service over the Internet (SaaS) and the infrastructure that delivers them. The infrastructure is oren organized in data centers and is referred to by Berkely as the “Cloud”. In a Public Cloud the infrastructure is publicly accessible following a pay-‐for-‐use model offering what Berkeley calls U7lity Compu7ng (e.g. Amazon Web Services, Google AppEngine, MS Azure, etc.). According to Berkeley, in a Private Cloud the infrastructure is organized in internal data centers that are not publicly available. B. Telefonica Research & Development
Telefonica is the market leader telecom operator in Spain and in several South American
countries. In their paper “A break in the clouds: towards a cloud defini7on” (Vaquero, Rodero-‐Merino, Caceres, & Lindner, 2008) the authors analyzed twenty-‐two scien7fic defini7ons of Cloud Compu7ng, and grouped the main features found into their own concise defini7on. According to the authors, the new paradigm “shirs the loca7on of this infrastructure to the network to reduce the costs associated with the management of hardware and sorware resources”. It is important to note that all twenty two defini7ons analyzed where found in papers published during 2008, which clearly shows the novelty character of this paradigm. One of the most recurrent defini7ons found in previous research is the transparent access to informa7on technology resources on a pay-‐per-‐use basis, which are developed and maintained on an almost infinite and instant scalable infrastructure managed by third par7es (Vaquero et al., 2008). Arer analyzing all defini7ons, the authors (Vaquero et al., 2008) found these concepts in more than one ar7cle: real-‐7me infrastructures, automa7c resource alloca7on, resource monitoring and op7miza7on, immediate scalability, subscrip7on model (pay-‐as-‐you-‐go) and pair-‐wise Service Level Agreements (SLAs) between cloud actors. The concepts men7oned the most were scalability and pay-‐ per-‐use (found in five ar7cles each) and virtualiza7on (found in four ar7cles). Based on this findings, Vaquero et al propose the following defini7on of Cloud Compu7ng:
“Clouds are a large pool of easily usable and accessible virtualized resources (such as hardware, development plaDorms and/or services). These resources can be dynamically reconfigured to adjust to a variable load (scale), allowing also for an op;mum resource u;liza;on. This pool of resources is typically exploited by a pay-‐per-‐use model in which
guarantees are offered by the Infrastructure Provider by means of customized SLAs.” C. University of Melbourne, Australia
Another scien7fic defini7on of Cloud Compu7ng can be found in the paper “Market-‐Oriented
Cloud Compu7ng: Vision, Hype, and Reality for Delivering IT Services as Compu7ng U7li7es” (Buyya, Yeo, Venugopal, et al., 2009) by the Grid Compu7ng and Distributed Systems (GRIDS) Laboratory of
Towards a Healthy Cloud
Page 36 of 218
Juan Hernández Colomina
Melbourne University. They define a cloud as "a collec;on of interconnected and virtualized computers that are dynamically provisioned and presented as one or more unified compu;ng resources based on service-‐level agreements established through nego;a;on between the service provider and consumers.” This defini7on focusses on the dynamic provisioning of virtually assembled IT capabili7es as-‐a-‐ service. Although this defini7on considers that resources are virtually assemble by applying hardware virtualiza7on (e.g. using an hypervisor), this is not necessary the case as some Cloud providers (e.g. Google, RightScale) do not apply hardware virtualiza7on to their solu7ons. For this reason we will consider that compu7ng resources are virtually assembled in Cloud Compu7ng although not necessarily by applying hardware virtualiza7on. D. 2009 IEEE Interna*onal Conference on Cloud Compu*ng From the 21st to the 25th of September of 2009, the first IEEE Interna7onal Conference on Cloud Compu7ng took place in Bangalore, India. In this conference a large number of scien7fic papers were presented on a wide variety of topics related to Cloud Compu7ng. In these papers we can find references to the defini7ons described in this sec7on as well as to other defini7ons. One of the papers (Cai, 2009) uses the defini7on of Cloud Compu7ng as “the style of compu7ng in which dynamically scalable and oren virtualized resources are provided as a service over the Internet”. Slight varia7ons of this defini7on are also found in other papers of this conference, which define Cloud Compu7ng as “dynamically scalable resources provisioned as a service over the Internet” (Jensen, 2009). Other defini7ons focus more on the sorware perspec7ve defining a cloud as plaxorms that “offer resource u7liza7on as on-‐demand service, which lays the founda7on for applica7ons to scale during run7me”. We will further analyze these scien7fic defini7ons when crea7ng our own research defini7on of Cloud Compu7ng in sec7on 2.7.
2.3. Defini*ons in the Media In the large number of commercial defini7ons of Cloud Compu7ng currently available, we can observe a series of misinterpreta7ons of the term that should be carefully considered. Cloud Compu7ng is oren wrongly used as synonym for the next genera7on of data centers, client/server compu7ng, SaaS, Grid compu7ng, or mainframe architecture (Brown, 2009a). Although data centers are an important element of Cloud Compu7ng, they are not the unique characteris7c that defines it. Because most of the processing takes place on the server side, it is neither a synonym for a client/ server architecture. SaaS is one of the layers to deliver Cloud Compu7ng but a lot of solu7ons are being offered at lower abstrac7on levels (e.g. IaaS or PaaS). The concept of Cloud Compu7ng is based on grid compu7ng but there are also layers above the infrastructure (e.g. SaaS) that indicate that they cannot be used as synonyms. Moreover, although Cloud Compu7ng can be considered as a form of server compu7ng, there is no single computer handling the workload (e.g. a mainframe) but a series of interconnected resources (Brown, 2009c). Towards a Healthy Cloud
Page 37 of 218
Juan Hernández Colomina
Although Grid Compu7ng and Cloud Compu7ng are complementary in nature, there are some significant differences. Both are collec7ons of computers (or computer resources) to leverage collec7ve IT capabili7es. However, a grid is usually owned by various organiza7ons while a Cloud Compu7ng environment is oren in the hands of a single firm (GridTalk, 2009). Both provide access to remotely located compu7ng resources as-‐a-‐service. Grids are oren maintained and developed by academics while clouds are oren exploited by commercial organiza7ons. This is the reason why access to grids is oren free of charge, while Cloud Compu7ng is always usage based. While Cloud Compu7ng is meant to support services on the long term, the use of a grid infrastructure is oren short and incidental, to perform a resource intensive task at at certain point in 7me (GridTalk, 2009). One of the main assump7ons of Cloud Compu7ng is that resources (e.g. data, applica7ons, etc.) are stored on the Internet as opposed to internal infrastructures (Arnold, 2008a). This implies that the responsibility of maintaining and upda7ng the infrastructure is transferred to the corresponding Cloud Provider. Another important implica7on is what some authors call the Holy Grail of informa7on sharing: the enablement of collabora7on and standardized content distribu7on, where informa7on is easy to find and applica7ons can be developed quickly (e.g. RAD / agile methods) (Arnold, 2008a). Some media publica7ons have tried to define Cloud Compu7ng by analyzing its unique characteris7cs compared to exis7ng models (Foley, 2009). They define it using concepts as off-‐site, virtual, on-‐demand subscrip7on based, simple, shared and web-‐based IT capabili7es. Off-‐site means that resources are physically located in data centers which are not owned by Cloud Users. Through the use of virtualiza7on, a Cloud User can freely assemble his own stack of databases, storage, networking, etc. Moreover, resources can be scaled up or down on-‐demand and are paid for by usage based subscrip7ons. To op7mally use the available physical resources Cloud Providers deploy mul7-‐tenant solu7ons where more than one client is using the same physical resources. Moreover, resources are quickly provisioned trough and easy to use web interface and are available within minutes (Cunningham & Wilkins, 2009). Based on these characteris7cs, the authors describe Cloud Compu7ng as “on-‐demand access to virtualized IT resources that are housed outside of your own data center, shared by others, simple to use, paid for via subscrip7on, and accessed over the Web” (Foley, 2009). Other publica7ons focus on the main characteris7cs of the concept in order to define it more accurately. Arer analyzing some of these publica7ons we have generated the following list of characteris7cs: self-‐service: Cloud Users can set up their themselves the specific resources they need • On-‐demand (Leighton, 2009) (Spinola, 2009). Network Access: Cloud services are available trough the Internet (Leighton, 2009) • Ubiquitous (Spinola, 2009). Towards a Healthy Cloud
Page 38 of 218
Juan Hernández Colomina
independent resource pooling: Resources are not user dedicated but shared on a • Loca7on common infrastructure (Spinola, 2009). Elas7city: Capacity can scale up or down when needed (Leighton, 2009) (Spinola, 2009) • Rapid (Kirsner, 2009). based pricing: Cloud Users are billed for the resources they actually use (Spinola, 2009). • Usage provisioning: Resources are provided quickly without extensive interven7on from users • Rapid (Spinola, 2009). Resources: To achieve cost op7miza7on, resources are shared among different users • Shared (Spinola, 2009). func7onality: Most of the Cloud Compu7ng plaxorms offer a self-‐service interface • Self-‐service where end users can contract resources for the 7me they need it and discard them arerwards
•
(Spinola, 2009) (Sheehan, 2009b). Lack of ownership of Resources: “Services and sorware that run on computers you don’t need to purchase or operate yourself” (Kirsner, 2009)
The variety of Cloud Compu7ng defini7ons has created a lot of confusion among prac77oners. An interes7ng approach to define Cloud Compu7ng is found on the publica7on “Compu7ng in the Clouds” by Aaron Weiss. He recognizes that the different defini7ons are based on different views on the same phenomenon. He elaborates on some of this perspec7ves in what he calls “different cloud shapes” (Weiss, 2007). Web based applica7ons, a revival of the thin-‐client, u7lity compu7ng, an on-‐ demand grid with 7me based billing or “distributed or parallel compu7ng designed to scale complex processes for improved efficiency” are some examples of these different shapes (Weiss, 2007).
2.4. Defini*ons from IT Consultants and Analysts Besides scien7fic publica7ons and commercial media outlets, we can can also find a large number of diverse (and some7mes contradictory) defini7ons from IT consultants and IT analysts. In this sec7on we provide an overview of how Cloud Compu7ng is defined from an IT consultant and analysts point of view. To delimit the scope of this research we have selected the defini7ons from two of the most respected IT analysts firms (Gartner and Forrester) and from two of largest IT consultancy firms (Capgemini and Accenture). A. Gartner Research According to Gartner, Cloud Compu7ng is not a new single model of compu7ng but rather an evolu7on of exis7ng paradigms and technologies like U7lity Compu7ng, On-‐demand services, Grid Compu7ng and SaaS among others (Plummer, 2009). Mr Daryl Plummer (Gartner’s VP specialized on Cloud Compu7ng research) defines Cloud Compu7ng as a new IT paradigm or style of compu7ng where “massively scalable and elas;c IT-‐related capabili;es are provided as a service using Internet technologies to mul;ple external customers” (Stevens & PeOey, 2008) (Plummer, 2009) (Brodkin, 2009).
Towards a Healthy Cloud
Page 39 of 218
Juan Hernández Colomina
Cloud Compu7ng has according to Gartner five cri7cal aOributes: service based IT capabili7es, scalable and elas7c, shared, metered by use and leveraging Internet technologies to develop and/or deliver those services (Plummer, 2009) (PeOey, 2009b). They are service based as Cloud Users concerns are abstracted from Cloud Providers concerns through service interfaces. They are scalable and elas7c as they are capable of adding or removing resources on demand when needed. The shared character of Cloud Compu7ng resources are the most important ingredient to achieve economies of scale by Cloud Providers. Services are billed based on usage, enabling new innova7ve payment models. Internet plays a crucial role in Cloud Compu7ng as it is the main technology to deliver services. The new paradigm of Cloud Compu7ng is expected to create new revolu7onary rela7onships between IT users and providers (Stevens & PeOey, 2008). Users can therefore focus more on what the service provides instead of how they are implemented or hosted. The current popularity and adop7on of IT models like sorware as a service (SaaS) or Infrastructure as a service (IaaS) reflect how diverse informa7on technology capabili7es can be delivered on a global scale (Stevens & PeOey, 2008). Cloud Compu7ng is expected to transform IT delivery from vendor-‐user rela7onship to a provider-‐consumer rela7onship where IT services are merely consumed instead of acquiring first the assets and implemen7ng them prior to consump7on (Plummer, 2009). According to Mr Brian Pren7ce (Gartner’s VP) the key in defining Cloud Compu7ng offerings is that they are web based services able to upscale and downscale on demand (Howarth, 2009). This implies new forms of customer-‐provider rela7onships, based on the quality of service provided (e.g. SLA) instead of general guidelines in end-‐user agreements. This new type of rela7onship will lead according to Gartner to a market that focus on price and quality of services that provide differen7a7on (Howarth, 2009). To clarify any misinterpreta7ons of the term Cloud Compu7ng, Gartner has selected four industry myths and the corresponding Gartner perspec7ve on them. The myths and Gartner’s insights are depicted in table 7 (Plummer, 2009): Table 7: Cloud Compu*ng myths linked to Gartner’s insights (Gartner, 2009)
Industry Myth
Gartner Insight
Clouds are hardware based services offering compu7ng, network and storage
False, Cloud is an euphemism for a abstrac7on and therefore is immaterial
Everything need to be in the cloud
False, the dominant model for the coming 10 years will be an hybrid cloud.
All remote compu7ng or off-‐premises hos7ng is Cloud Compu7ng
False, Cloud Compu7ng is a service delivery and consump7on model
Cloud Compu7ng will always safe money False, it can safe money in some cases and provide other advantages in others
Towards a Healthy Cloud
Page 40 of 218
Juan Hernández Colomina
B. Forrester Research According to Forrester an increasing number of organiza7ons are considering Internal Clouds to complement their on-‐premises infrastructures (Staten, 2009). In a Forrester survey performed in the third quarter of 2008 they found that 4% of the organiza7ons have already implemented an internal cloud while 17% are implemen7ng it of budge7ng it (Staten, 2009). In order to achieve the full poten7al of Cloud Compu7ng Forrester believes that these Internal Clouds should be dynamic plaxorms with automated workload management and self-‐service interfaces. Enterprise developers are aware of the Cloud Compu7ng advantages of self-‐service, pay-‐as-‐ you-‐go and instant deployment of compu7ng resources. For these reasons, they are increasingly using Public Clouds for development purposes bypassing IT opera7on’s processes and procedures (Staten, 2009). Although this situa7on accelerates the applica7on’s deployment process, there are significant risks in bypassing these organiza7onal policies as they are meant to protect customer’s informa7on, comply with laws and regula7ons and guarantee quality of services. Since the advantages of Cloud Compu7ng infrastructures are desired by developer, and to overcome the risks of bypassing IT opera7ons procedures, Forrester suggests that organiza7ons build Internal Clouds that can leverage the advantages while controlling risks (Staten, 2009). By deploying this type of solu7ons organiza7ons can improve their cost effec7veness and achieve a faster 7me-‐to-‐ market with new applica7ons. Forrester defines a Internal Cloud as “a mul7tenant, dynamically provisioned and op7mized infrastructure with self-‐service developer deployment, hosted within the safe confines of your own data center” (Staten, 2009). An Internal Cloud aims to leverage some of the Public Clouds advantages without compromising the protec7ons enabled by organiza7onal policies and procedures. According to Forrester, the main characteris7cs of Internal Clouds are self-‐service deployment func7onality for developers, automated workload distribu7on, mul7-‐tenant resource pools and workflow management func7onality (Staten, 2009). Although Forrester recommends organiza7ons to deploy Internal Clouds they recognize also the limita7ons of these approach (Staten, 2009). In some cases the internal infrastructure could be rela7vely small to be economically interes7ng to op7mize it, while in other cases performance tes7ng could be more cost efficient on Public Clouds. Moreover, an Internal Cloud is not the best environment for all types of applica7ons. For this reason, Forrester recommends to deploy hybrid clouds where internal and external clouds are connected and can benefit from each other (Staten, 2009). C. Capgemini Due to the variety of emerging defini7ons of the term Cloud Compu7ng, Capgemini recognizes that there is a certain level of confusion among its clients (Ross et al., 2008). Some clients believe that Cloud Compu7ng is the next genera7on of grid compu7ng, others believe that is the next level of virtualiza7on and there are some clients that think that Cloud Compu7ng is a combina7on of Towards a Healthy Cloud
Page 41 of 218
Juan Hernández Colomina
Plaxorm-‐as-‐a-‐Service (PaaS), Infrastructure-‐as-‐a-‐Service (IaaS) or Sorware-‐as-‐a-‐Service (SaaS). The term Cloud Compu7ng is also considered by some Capgemini clients as a synonym of u7lity compu7ng. According to Capgemini’s perspec7ve this confusion is logical when considering new emergent delivery methods for IT capabili7es. Capgemini bases his defini7on of Cloud Compu7ng on an ar7cle by John Foley published on the online magazine Informa7on Week on September 2008: “Cloud compu;ng is the use of massively scaled offsite IT resources assembled virtually, accessed over the internet, used on demand in real-‐;me or near real-‐;me on a pay-‐per-‐use or subscrip;on basis, where the workloads are shared among mul;ple customers” (Ross et al., 2008). The main components of this defini7on are the following: Access to immense infrastructures that would otherwise not be available. • Scalability: IT resources are owned by a third party and used only when needed. • Off-‐site: Virtually: Mul7ple customer’s applica7on run on the same physical machine. • Assembled Resources are available when needed and for the 7me required. • On-‐demand: pay for what you actually use and never for idle resources. • Pay-‐per-‐use: • Shared workloads: Economies of scale to account for uncorrelated consump7on paOers. D. Accenture
In a recent Accenture’s survey among IT decision makers (Cloud Compu7ng -‐ Balancing Risk and Reward) 58% of correspondent was convinced that Cloud Compu7ng will cause a “radical shir in informa7on technology” (Arellano, 2009). Accenture defines Cloud Compu7ng as the “dynamic provisioning of IT capabili7es, whether hardware, sorware, or services from a third party over the network”. According to Accenture, if enterprises combine the benefits of virtualiza7on and mul7-‐tenant architectures with a pay-‐as-‐you-‐go pricing model, Cloud Compu7ng represents a innova7ve paradigm that deeply affects how IT capabili7es (infrastructures, plaxorms, applica7ons, etc.) are acquired, delivered and supported (Harris, Daugherty & Tobolski, 2009).
2.5. Defini*ons from Standards Organiza*ons Due to the innova7ve character of Cloud Compu7ng, there are almost no defini7ons being provided by standards organiza7ons. The only effort found is that of the Na7onal Ins7tute for Standards in Technology (NIST) which is the equivalent of the European ISO organiza7on in the United States. To elaborate this defini7on NIST computer scien7sts collaborated with several industry and government representa7ves. In their 15th drar version on the defini7on of Cloud Compu7ng, NIST describes it as “a model for enabling convenient, on-‐demand network access to a shared pool of configurable compu;ng resources (e.g. networks, servers, storage, applica;ons, and services) that can be rapidly provisioned and released with minimal management effort or service provider interac;on”.
Towards a Healthy Cloud
Page 42 of 218
Juan Hernández Colomina
Moreover, NIST believes that Cloud Compu7ng can be described according to five essen7al characteris7cs, three service models, and four deployment models. The five main characteris7cs are: on-‐demand self-‐service, broad network access, resource pooling, rapid elas7city, and measured service. The three service models iden7fied by NIST are Sorware-‐as-‐a-‐service (SaaS), Plaxorm-‐as-‐a-‐ service (PaaS) and Infrastructure-‐as-‐a-‐service (IaaS). They can be deployed in NIST perspec7ve either on a Private Cloud, Community Cloud, Public Cloud, or on an Hybrid Cloud which combines more than one deployment model. It is important to note that this defini7on is s7ll in drar status and it might evolve over 7me in subsequent drar versions and/or the final version. The current NIST defini7on of Cloud Compu7ng can be found on their official website: hOp://csrc.nist.gov/groups/SNS/cloud-‐ compu7ng/ Another two ini7a7ves to develop (open) Cloud Compu7ng standards are the OGF Open Cloud Compu7ng Interface Working Group (OCCI) which focus on developing an API specifica7on for remote management of Cloud Compu7ng infrastructure (e.g. IaaS solu7ons) and the in November 2009 cons7tuted Study Group on Cloud Compu7ng (SGCC) by the Interna7onal Organiza7on for Standardiza7on (ISO) SubcommiOee 38 (SC 38). Both groups are expected to publish drar versions of their defini7ons during 2010.
2.6. Roles in Cloud Compu*ng In previous research (Vaquero et al., 2008) (Armbrust et al., 2009) (Mietzner et al., 2008), the different actors involved in cloud compu7ng are described. By analyzing all actors directly involved we can achieve a deeper understanding of the concept, delimi7ng its scope and boundaries. In a cloud applica7on we can dis7nguish between three main roles: cloud users, cloud vendors and cloud providers (Mietzner et al., 2008) (Armbrust et al., 2009) (Vaquero et al., 2008). The cloud user accesses a cloud service hosted by a cloud provider and created by a cloud vendor. It is important to note that an organiza7on can fulfill any combina7on of two or three of these roles (Mietzner et al., 2008). Vendors and providers for example can be the same organiza7on as we can see in some current offerings (e.g. Salesforce, Google Apps, etc.) while in other cases they might be different organiza7ons as it is oren the case in PaaS solu7ons (e.g. Force.com) allowing the deployment of applica7ons developed by external sorware vendors. Moreover, the cloud users and providers can also be the same en7ty as in for example internal IT department is offering an internal cloud. Having invested in a data center is an important key enabler for a firm to become a Cloud Provider. On one hand, by adding a new revenue source Cloud Providers can leverage their past and future ICT investments. On the other hand by using an infrastructure that has been already designed, implemented, tested and improved Cloud Users do not have to spend 7me in repea7ng these steps, and can profit from an already proven solu7on offered by Cloud Providers (Armbrust et al., 2009).
Towards a Healthy Cloud
Page 43 of 218
Juan Hernández Colomina
The cost of resources is one of the most important considera7ons for Cloud Providers when considering where to locate their data centers. As the prices of manufacturing resources vary strongly geographically and since it is cheaper to transport data over computer networks than electricity over high-‐voltage infrastructures (Armbrust et al., 2009), Cloud Providers must carefully consider resource’s cost prices to determine the op7mal loca7on for their data centers. Cloud Providers should consider the price of electricity and cooling (one third of data center costs) as well as human capital costs, real state prices and taxes in their economic calcula7ons. Addi7onal roles in Cloud Compu7ng are Cloud Service Brokers, Cloud Sorware Manufacturers, and Cloud Consultants and Integrators among others. As Cloud Compu7ng services mature over the years, Gartner predicts a growing importance of Cloud Service Brokers which can be found in the following categories: Cloud Service Intermedia7on, Cloud Service Aggrega7on and Cloud Service Arbitrage (PeOey, 2009b). Cloud Sorware Manufacturers like for example Enomaly or Open Nebula leverage the tools necessary to build clouds for Cloud Providers and Enterprises. The role of Cloud Integrators is currently being played by the leading consultancy organiza7ons. Some focus on guiding enterprises in leveraging Internal Private or Hybrid Clouds (e.g. Accenture, Capgemini) and others focus more on leveraging Public Clouds (e.g. Cloudscale).
2.7. Research Defini*on of Cloud Compu*ng For the purpose of this research we have considered all the previous defini7ons described in this report to combine their main components into an overview (see table 8). From this overview we will generate our research defini7on of Cloud Compu7ng. As some terms or concepts represent the same idea, we have consolidated them into a single concept which represents in our opinion beOer the characteris7c being discussed (see table 9). The first process of extrac7ng the main components from defini7ons is shown in table 8. It is important to note that main components are not only extracted from defini7ons but in some cases they are explicitly men7oned by the organiza7on as described previously in this report. In those cases we have included the main components men7oned even if they cannot be directly linked to (parts of) the defini7on.
Towards a Healthy Cloud
Page 44 of 218
Juan Hernández Colomina
Table 8: Component Extrac*on from Defini*ons
Defini*on
Components Extracted
University of Berkeley: "applica7ons delivered as a service over the Internet (SaaS) and the infrastructure that delivers them."
Applica7ons, As-‐a-‐service, Internet as delivery & Suppor7ng Infrastructure
Telefonica: “Clouds are a large pool of easily usable and accessible virtualized resources (such as hardware, development plaxorms and/ Large pools, easily usable, easy accessible, or services). These resources can be dynamically reconfigured to virtualized resources, dynamically reconfigured, adjust to a variable load (scale), allowing also for an op7mum resource scalability, op7mum resource op7miza7on, pay-‐ u7liza7on. (...) typically exploited by a pay-‐per-‐use model in which per-‐use model, customized SLAs guarantees are offered by the Infrastructure Provider by means of customized SLAs.” University of Melbourne: "a collec7on of interconnected and virtualised computers that are dynamically provisioned and presented Interconnected virtualized computers, dynamically as one or more unified compu7ng resources based on service-‐level provisioned, unified presenta7on of resources, SLA agreements established through nego7a7on between the service based provider and consumers.” IEEE Interna*onal Conference on Cloud Compu*ng: “the style of compu7ng in which dynamically scalable and oren virtualized Dynamic and scalable resources, oren virtualized, resources are provided as a service over the Internet” (...) “offer as-‐a-‐service, over the Internet, on-‐demand resource u7liza7on as on-‐demand service, which lays the founda7on for applica7ons to scale during run7me” On-‐demand self-‐service, ubiquitous network access, loca7on independent resource pooling, Media: “on-‐demand access to virtualized IT resources that are housed rapid elas7city, usage based pricing, rapid outside of your own data center, shared by others, simple to use, paid provisioning, shared resources, self-‐service for via subscrip7on, and accessed over the Web”. func7onality, lack of ownership of resources, virtualized IT resources Forrester: “a mul7tenant, dynamically provisioned and op7mized Self-‐service deployment, automated workload infrastructure with self-‐service developer deployment, hosted within distribu7on, mul7-‐tenant resource pools, workflow the safe confines of your own data center” management, dynamic provisioning Gartner: “massively scalable and elas7c IT-‐related capabili7es are Service Based, scalable and elas7c, shared, provided as a service using Internet technologies to mul7ple external metered by use, internet as delivery channel customers” Capgemini: “Cloud compu7ng is the use of massively scaled offsite IT Scalability, off-‐site, assembled virtually, on-‐ resources assembled virtually, accessed over the internet, used on demand, pay-‐per-‐use, shared workloads, internet demand in real-‐7me or near real-‐7me on a pay-‐per-‐use or subscrip7on access basis, where the workloads are shared among mul7ple customers”. Accenture: dynamic provisioning of IT capabili7es, whether hardware, Dynamic provisioning, from a third party, over the sorware, or services from a third party over the network.” network NIST: “Cloud compu7ng is a model for enabling convenient, on-‐ demand network access to a shared pool of configurable compu7ng On-‐demand self-‐service, broad network access, resources (e.g., networks, servers, storage, applica7ons, and services) resource pooling, rapid elas7city, measured service. that can be rapidly provisioned and released with minimal management effort or service provider interac7on.”
Based on the extracted components we can proceed by crea7ng an overview of these
components and how oren they are men7oned. This second process of combining all the main components into an overview is depicted in table 9. For clarifying purposes we have grouped similar components into a single row. Towards a Healthy Cloud
Page 45 of 218
Juan Hernández Colomina
Table 9: Cloud Compu*ng Main Components Overview
Component
Extracted from defini*on
Applica7ons
Berkeley University
As-‐a-‐service / Service Based
Berkeley University, IEEE, Gartner, NIST
Internet / Ubiquitous Network Access
Berkeley University, IEEE, Media, Gartner, Capgemini, Accenture, NIST
Suppor7ng Infrastructure
Berkeley University
Large Amounts of Resources
Telefonica
Easily Usable / Unified Presenta7on / Self-‐service
Telefonica, Melbourne University, Media, Forrester, NIST
Easy Accessible / On-‐demand
Telefonica, IEEE, Media, Capgemini, NIST
Virtualized Resources / Assembled Virtually
Telefonica, Melbourne University, IEEE, Media, Capgemini
Dynamic / Scalable / Elas7c / Automa7c Workload Distribu7on / Workflow Management
Telefonica, Melbourne University, IEEE, Media, Forrester, Gartner, Capgemini, Accenture, NIST
Resource Op7miza7on / Pooling / Shared Resources / Mul7-‐tenant
Telefonica, Media, Forrester, Gartner, Capgemini, NIST
Pay-‐per-‐use / Usage Based Pricing & Metering
Telefonica, Media, Gartner, Capgemini, NIST
Customized SLAs / SLA based
Telefonica, Melbourne University
Loca7on Independent
Media
Lack of Ownership / Offsite / From Third Party
Media, Capgemini, Accenture
As shown in the above table, some components are found in almost all defini7ons while others are men7oned rarely. In construc7ng our research defini7on of Cloud Compu7ng we have dropped some of these components as they are only used by few par7es and do not truly represent the current solu7ons found in the market.
The first component that we have dropped is Applica7ons, as the Cloud Compu7ng model
delivers more than just Applica7ons. If we analyze the different services currently being offered following this model we observe that besides applica7ons also infrastructure and plaxorm services Towards a Healthy Cloud
Page 46 of 218
Juan Hernández Colomina
are being offered (IaaS provider and PaaS providers respec7vely). Consequently we also dropped the component Suppor7ng Infrastructure as in some cases the infrastructure is the service being delivered (e.g. IaaS solu7ons) and it is also a logical implica7on for providers (in order to deliver services providers need to use a suppor7ng infrastructure). The term Large Amount of Resources has also been dropped for two reasons. The first reason is that the term “large” is rather subjec7ve and can be contradictorily interpreted by two par7es. A group of resources might be regarded as large by some organiza7on and at the same 7me as small by another organiza7on. The second reason is that there is not a minimum limit of resources to deploy a Cloud Compu7ng solu7on. For example, some solu7ons (e.g. Ubuntu Enterprise Cloud) can be deployed on two computers (or two virtual images on one computer). Although in prac7ce Cloud Compu7ng solu7ons are deployed on large amounts of resources to enable on-‐demand provisioning, scalability and elas7city, it is not a necessary requirement as these benefits can also be achieved through other means (e.g. outburs7ng of Private Clouds to Public Clouds).
We also have dropped the components Loca7on Independent as well as Lack of Ownership,
Offsite, and From Third Party as organiza7ons can leverage Internal Clouds (within the organiza7onal limits) and/or Private Clouds (only accessible by a single organiza7on). We have further combined SLA based with the As-‐a-‐service component as the former is the logical embedding of the later. Service Level Agreements are used to nego7ate, measure and improve the quality of services provided.
Although not dropped en7rely from the defini7on, Virtualized Shared Resources, Resource
Op7miza7on and Self-‐Service interface are par7ally included as possible addi7onal elements oren found in current solu7ons. Although Virtualiza7on is oren applied to op7mize resource op7miza7on, this is not always the case as some Cloud Providers do not apply any form of (hardware) virtualiza7on to their offerings (e.g. Google, RightScale, etc.). The existence of Private and/or Internal Clouds indicates that Shared resources and Mul7-‐tenancy are not essen7al elements. Moreover, Resource Op7miza7on is not directly related to the services being offered but rather to the op7mum implementa7on by a Cloud Provider. A Cloud User does not directly benefit from beOer resource op7miza7on as a Cloud Provider does. We consider the Self-‐Service interface to be one possible implementa7on of the On-‐Demand component and therefore we cannot include it in our defini7on as it would exclude other implementa7ons (e.g. automated provisioning). Taking into account these considera7ons we have elaborated the following research defini7on of Cloud Compu7ng to be use in the rest of this report: Cloud Compu*ng is the delivery model where on-‐demand elas*c IT capabili*es are offered as-‐a-‐service through the Internet following a usage based pricing model. There are a large number of IT capabili7es offered according to the Cloud Compu7ng model. Some examples of the most popular services are infrastructures (IaaS solu7ons), plaxorms (PaaS solu7ons), and sorware (SaaS solu7ons).
Towards a Healthy Cloud
Page 47 of 218
Juan Hernández Colomina
3. Taxonomy of Cloud Solutions Arer defining the term Cloud Compu7ng (see sec7on 2) and in order to obtain a clear view on the possible implementa7ons we con7nue in this sec7on by analyzing the possible types of solu7ons currently available in the market. For this purpose, we consider in this research three models to classify Cloud Compu7ng solu7ons according to three different perspec7ves: what are the services being offered (Service Model), where are the services located (Deployment Model) and who can access those services (Access Model).
3.1. Service Model The oren men7oned model for classifying Cloud Compu7ng solu7ons is the Service Model which groups solu7ons according to the type of services being offered. This model is included by NIST, scien7fic ar7cles, consultants, analysts and media publica7ons in their defini7ons of Cloud Compu7ng.
This common taxonomy of Cloud Compu7ng services takes into account the level of
abstrac7on from bare metal (e.g. hardware) and the flexibility provided to the end user. From this perspec7ve we can classify Cloud Compu7ng solu7ons into Sorware-‐as-‐a-‐service (SaaS), Plaxorm-‐as-‐ a-‐service (PaaS) and Infrastructure-‐as-‐a-‐service (IaaS) offering respec7vely sorware, plaxorms and infrastructure services (Armbrust et al., 2009) (Vaquero et al., 2008) (Spinola, 2009). It is important to note that as we go up the service stack we encounter solu7ons with greater levels of abstrac7on and lower levels of flexibility, while if we go down the service stack user’s flexibility increases in detriment of abstrac7on from bare metal. By abstrac7on we mean the level of automa7on to end users. Using IaaS solu7ons for example, the end user needs to manage hardware and opera7ng systems while in PaaS services the end user only manages code development and deployment. Moreover, end user of SaaS services do not even need to manage code deployment when using the applica7on. It is important to note that higher automa7on (e.g. abstrac7on) implies lower flexibility as the user cannot configure the parts that are automated. The Service Model and this trade-‐off is depicted on figure 5.
Figure 5: Service Model
It is important to note that these three types of services are not the only ones currently being offered. The model presented is therefore not exhaus7ve as it focus on the most common IT capabili7es (e.g. hardware, sorware, etc.). The large variety of services being offered range from complete e-‐business solu7ons to mail applica7ons and from CPU cycles to large compu7ng and algorithmic facili7es (Stevens & PeOey, 2008). It is the granularity of the services provided from the cloud that makes it possible to align the required infrastructure and sorware to the business needs at a par7cular point in 7me. Towards a Healthy Cloud
Page 48 of 218
Juan Hernández Colomina
Although service offerings are not limited to these three typologies they can oren be generalized into one of them. For example, data-‐as-‐a-‐service or BPM-‐as-‐a-‐service can be generalized into SaaS or PaaS types, depending on the context and the exact service being offered. Moreover, services can be build on top of other services with lower levels of abstrac7on. For example, a SaaS applica7on can be build on top of a PaaS plaxorm (e.g. salesforce.com plugin build on force.com plaxorm). SaaS and PaaS solu7ons can therefore also be deployed on IaaS solu7ons (e.g. Google Apps and Google App Engine on top of Google’s Private IaaS infrastructure). When evalua7ng such composed services Cloud Users should consider the specific characteris7cs of the solu7on at each abstrac7on levels. As Cloud Providers naturally seek compe77ve differen7a7on we can expect a process of Cloud Compu7ng PaaS-‐ifica7on. In this process SaaS solu7ons will incorporate more flexibility by allowing users to develop or customize their applica7ons (becoming a PaaS plaxorm) and IaaS providers will add features that speed up the use of the services (e.g. adding run7me environment, framework, etc.), evolving into plaxorms. At the moment of wri7ng we can observe this shir towards cloud plaxorms at Salesforce’s force.com (PaaS based on their SaaS solu7ons) and Amazon EC2 suppor7ng frameworks out-‐of-‐the-‐box (PaaS on top of IaaS). It is important to note that none of these types of Cloud Services is beOer than the others. All levels of flexibility and abstrac7on must be considered when developing a new applica7on in order to select the level best fiOed for that specific applica7on. Some applica7ons might require specific hardware configura7on while in other applica7ons this high flexibility level could complicate development and deployment unnecessary. For clarifying purposes we shortly describe the three service types included in this model: A. Somware as a Service (SaaS) SaaS can be defined as “sorware deployed as a hosted service and accessed over the Internet” and it differs from on-‐premises sorware in the loca7on where the sorware code is stored and how the sorware is deployed and accessed (Chong & Carraro, 2006) (Mietzner, Leymann, & Papazoglou, 2008) (Vaquero et al., 2008) (Armbrust et al., 2009). According to previous work SaaS represents a new paradigm in sorware delivery which implies an architectural model based on mul7-‐tenancy efficiency, massive scalability and metadata based configurability. Some of the most popular SaaS offerings are Salesforce CRM, Cisco’s WebEx, Google’s Gmail and SAP’s Business ByDesign. Using SaaS solu7ons might result in changing the ownership of sorware, shiring responsibility of infrastructure management to the SaaS provider, reducing opera7onal costs and/or targe7ng the long tail of smaller businesses (Chong & Carraro, 2006). In every as-‐a-‐service model transferring IT responsibili7es from customer to provider implies a different distribu7on of budgets for sorware, hardware and professional services (Chong & Carraro, 2006). On tradi7onal on-‐premises architectures, the budget for hardware and services is higher than in SaaS architectures as a part of them is carried
Towards a Healthy Cloud
Page 49 of 218
Juan Hernández Colomina
by the sorware vendor. As a direct consequence the sorware vendor might include a part of these costs in the pricing of the SaaS solu7on. The long tail theory states that a large group of low-‐volume items translates into higher total revenues than high-‐volume ones (Chong & Carraro, 2006). Nevertheless, most tradi7onal sorware vendors focus on large customers as they are the only ones that can afford to pay the high level of customiza7on needed to deploy sorware on-‐premises. Due to the economies of scale and mul7-‐ tenancy achieved by SaaS vendors a new market opens to them that was previously cost-‐ineffec7ve to serve (Chong & Carraro, 2006). As SaaS vendors can offer sorware cheaper than on-‐premises they can benefit from the high volumes represented in the long tail. Customiza7on in SaaS solu7ons can be achieved by iden7fying variability points that support the configura7on of a SaaS applica7on to any customer’s specific needs (Mietzner et al., 2008). To achieve this the SaaS vendor can create an applica7on template that includes a series of variability points that are further configured by the SaaS provider to create customized applica7ons for each SaaS customer. There are therefore two main types of ar7facts in a SaaS solu7on, a fixed part that is equal for all tenants and configurable metadata that enables applica7on customiza7on (Mietzner et al., 2008). !
SaaS applica7ons can be offered following different mul7-‐tenancy strategies according to the
applica7on’s needs and capabili7es for scalability, configurability and mul7-‐tenancy awareness (Mietzner, Unger, Titze, & Leymann, 2009) (Mietzner et al., 2008). Previous research on SaaS as an alterna7ve to tradi7onal on-‐premises sorware has incorporated these key components of SaaS into an architectural model based on four maturity levels (Chong & Carraro, 2006). In order to choose the right maturity level for a specific applica7on the organiza7on should take into account if an isolated approach makes financial sense (business model), if the applica7on can be ran in a single instance (architecture) and if the applica7on can maintain the level of service (SLAs) without isola7on (opera7onal model).
A SaaS applica7on is oren scalable, mul7-‐tenant-‐efficient and/or configurable (Chong &
Carraro, 2006) (Mietzner et al., 2009). Although not all three characteris7cs are compulsory in a SaaS applica7on we oren find at least one of them in each SaaS solu7on. Based on how these SaaS characteris7cs are implemented we can dis7nguish between four maturity levels: ad-‐hoc, configurable, configurable mul7-‐tenant and scalable, configurable, mul7-‐tenant efficient (Chong & Carraro, 2006). The first maturity level (ad-‐hoc) can be compared to the tradi7onal ASP model (applica7on service provider) of sorware delivery (Chong & Carraro, 2006). In this level each customer has a separate customized instance of a hosted applica7on. This level reduces costs through the consolida7on of hardware and overhead costs. In the second maturity level (configurable) the SaaS vendor hosts a separate instance for each tenant where all instances use the same code Towards a Healthy Cloud
Page 50 of 218
Juan Hernández Colomina
implementa7on that include detailed configura7on op7ons (Chong & Carraro, 2006). Each instance is equal to the others but remains fully isolated. This level enables efficiency in sorware updates as the are implemented in the code and therefore used at once by every tenant.
The third level of maturity (configurable & mul7-‐tenant efficient) includes a single instance
serving every tenant with configurable metadata allowing some degree of customiza7on (Chong & Carraro, 2006). Security is in this context crucial to guarantee that data is isolated between tenants. Moreover, scalability is achieved ver7cally by moving to a larger instance. In the fourth and last level of SaaS maturity (Scalable, Configurable and Mul7-‐tenant efficient) a load-‐balanced group of iden7cal instances is available with configurable metadata and isolated data storage (Chong & Carraro, 2006). It is important to note that this maturity level is the only one leveraging the capabili7es of horizontal scalability across the available instances. According to previous research on SaaS mul7-‐tenancy paOerns (Mietzner et al., 2009) a SaaS service can be configurable or non-‐configurable. In each of these two categories we can find three mul7-‐tenancy paOerns: single instance, arbitrary instance and mul7ple instance (Mietzner et al., 2009). There are therefore six different mul7-‐tenancy paOerns available ranging from configurable single instance to non-‐configurable mul7ple instances. Arbitrary instances are mixes of these two types, where some tenants share instances and others do not. This might be to guaranteed the quality of service of due to legal requirements in some clients. The following table (see table 10) reflects some of the considera7ons that we can find in previous work related to each of these mul7-‐tenancy paOerns: Table 10: SaaS mul*-‐tenancy paRerns
PaRern
Configurable
Focus
Considera*ons
Single Instance
Offering some customiza7on while maintaining centraliza7on
(+) Centralized deployment, maintenance and updates for the fixed part of the applica7on. Ver7cally scalable. (+) Par7al isola7on and customiza7on (-‐) Deployment of customiza7on cannot be centralized
Arbitrary Instance
Quality of service or compliance while allowing customiza7on
(+) Mix of single and mul7ple instances (+) Allows fully isola7on when needed (+) Horizontally and ver7cally scalable (-‐) Less centraliza7on than single instance
Mul7ple Instances
Customiza7on when applica7on logic is very specific tenant specific
(+) Full customiza7on (+) Horizontally scalable (-‐) Decentralized deployment and maintenance
Single Instance
A service with the same behavior for all tenants.
(+) Centralized deployment, maintenance and updates for all tenants. Ver7cally scalable (-‐) No isola7on of data or customiza7on
Non-‐ Configurable Towards a Healthy Cloud
Page 51 of 218
Juan Hernández Colomina
PaRern
Non-‐ Configurable
Focus
Considera*ons
Arbitrary Instance
Guaranteeing the quality of service or compliance
(+) Mix of single and mul7ple instances (+) Allows fully isola7on when needed (-‐) Ver7cally scalable (-‐) Less centraliza7on than single instance
Mul7ple Instances
Customiza7on when applica7on logic is very specific tenant specific
(+) Full isola7on and customiza7on (+) Centraliza7on with templates and variability points (-‐) Less centralized that the other two approaches (-‐) Ver7cally scalable
Although we consider mul7-‐tenancy not an essen7al feature of cloud compu7ng any cloud vendor or provider can deploy any of the above paOerns in another type of cloud solu7on (e.g. PaaS, IaaS, etc.) to create mul7-‐tenant aware solu7ons. B. Planorm as a Service (PaaS)
If we increase the level of abstrac7on from hardware to the OS and common applica7ons (e.g.
web server, load balancing, etc.) we reduce complexity but also programmer’s flexibility. Using this delivery model customers rent vendor’s hosted infrastructure and programming tools to create their own applica7ons (Spinola, 2009). According to NIST, the consumer uses a hos7ng environment for his applica7ons that run in the environment but cannot control the opera7ng system, hardware or network infrastructure. PaaS solu7ons aim to enable easy development and deployment of scalable web applica7ons (Schiebl, 2009). They are APIs for crea7ng new applica7ons on the cloud (Michelson, 2009). This kind of solu7on is currently being offered by Microsor’s Azure, Google App Engine, Elastra and RightScale among others (Leighton, 2009). Google’s App Engine is developed to host web applica7ons on the cloud by clearly separa7ng the stateless computa7on layer from state-‐full storage layer (Armbrust et al., 2009). Sorware hosted on the App Engine plaxorm must have a request-‐reply behavior to minimize the resources allocated to each request. The mechanisms for guaranteeing availability and automa7c scalability as well as the data storage layer (MegaStore) are dependent on these constrains (Armbrust et al., 2009). C. Infrastructure as a Service (IaaS) The lowest level of abstrac7on is provided by Infrastructure-‐as-‐a-‐service providers or as Berkeley calls them Hardware Virtual Machines (Armbrust et al., 2009). IaaS can be defined as hardware resources on demand (Michelson, 2009). This delivery model provides users with basic compu7ng resources (e.g. storage, processing, etc.) on a rental basis (Spinola, 2009). According to NIST, the consumer uses “fundamental compu7ng resources” but cannot control the underlaying infrastructure. Although this type of model increases programmer’s flexibility with a low level of abstrac7on it implies also that Cloud Users must administrate the en7re scope of their solu7on themselves, including OS configura7on, backup, updates, etc. (Schiebl, 2009).
Towards a Healthy Cloud
Page 52 of 218
Juan Hernández Colomina
Examples of IaaS vendors are Akamai, Amazon, GoGrid and Joyent (Leighton, 2009). Amazon offers for example their EC2 solu7on for compu7ng resources and their S3 solu7on for persistent storage. In Amazon EC2 resources are referred to as instances and they are comparable with physical resources. Through an Applica7on Programming Interface (API) it is possible to configure an instance within minutes. Customers can buy the CPU cycles, MB of storage and IP connec7vity that best fit their needs at a certain point in 7me.
3.2. Deployment Model Another model oren found in previous research is the Deployment Model which classifies solu7ons according to where they are located (Internal, External or Hybrid Clouds). Gartner research describes two viewpoints on the cloud: services and technology. The service perspec7ve is characterized by remote access to services and compu7ng resources over the internet while the technology point of view represents another data center approach on internal enterprise systems with no use of external off-‐premises third party capabili7es (Brodkin, 2009). According to Gartner, these two perspec7ves are both valid but their differences should be carefully considered as well as mixed forms of these two types (an Hybrid Cloud). Internal clouds are hosted within an organiza7on’s boundaries and aim to leverage the firm’s standard processes and security measures (e.g. firewalls, DMZs, etc.). They are oren limited in size and scalability as they are fully financed by the organiza7on. This type of cloud is best fiOed for firms that require full control and configurability of their infrastructure and security, and is oren used when business opera7ons are subject to strict compliance standards (Spinola, 2009). Moreover, as the organiza7on does not depend on the performance and availability of external networks (e.g. Internet) or providers (e.g. Cloud Provider), Internal Clouds are highly recommended for deploying applica7ons that handle sensi7ve data or need high availability (Perry, 2009). External Clouds are located outside the organiza7onal domain and they are oren more scalable and cost efficient than Internal Clouds. However, this might imply concessions on the solu7on’s security and customiza7on levels as well as higher dependancies on third par7es and public network’s performance (e.g. Internet). An interes7ng mixed approach between Internal and External Clouds are Hybrid Clouds. Hybrid Clouds are Internal Clouds linked to External Clouds where the external capabili7es are only used when needed. An organiza7on can use an Hybrid Cloud to maintain the required levels of security and customiza7on while leveraging External Cloud capabili7es for scalability at peak workloads (Cloud Burs7ng) and fail-‐over situa7ons.
Towards a Healthy Cloud
Page 53 of 218
Juan Hernández Colomina
3.3. Access Model
The third model that we consider on this research is the Access Model that classifies solu7ons
according to who can access them (Public, Private and Hybrid Clouds). Although Private Clouds offer the highest possible control they cannot fully leverage the full poten7al of Cloud Compu7ng. Public Clouds on the contrary offer less control but can enable most of the values of this new paradigm (Plummer, 2009). Gartner recommends Hybrid Clouds that can leverage some of the benefits while maintaining the desired level of control. For this purpose organiza7ons can select the right mix of Public and Private services that best matches their specific situa7on at hand (Plummer, 2009). UC Berkeley RADSL defines a Public Cloud as a cloud where the infrastructure layer is available on demand to the general public (Armbrust et al., 2009). This is what Berkeley refers to as U;lity Compu;ng. When the service is not available to the general public but exclusively to users of a single organiza7on Berkeley considers it to be a Private Cloud (Armbrust et al., 2009). Although Berkeley excludes Private Clouds from their defini7on of Cloud Compu7ng, we do not fully agree with Berkeley’s perspec7ve as for example any organiza7on can leverage some of the cloud advantages by deploying a Private Cloud for corporate use only (Perry, 2009). According to previous research a Private Cloud is designed to be accessed and operated only by members of a specific organiza7on, while a Public Cloud is oren open for use by the general public (Spinola, 2009) (Perry, 2009). As Public Clouds make use of economies-‐of-‐scale by leveraging sta7s7cal mul7plexing and mul7-‐tenancy, the savings achieved can be passed on to Cloud Users, resul7ng in cheaper offerings than Private ones. However, they are managed and supported by a Cloud Provider, offering homogenous resources that have limited configura7on possibili7es (Spinola, 2009).
Public Clouds are recommended in situa7ons of non-‐cri7cal SLAs and where on-‐premises
infrastructures have limited scaling capabili7es or exper7se (Michelson, 2009). Private Clouds can best be used when trying to op7mize resource u7liza7on, mission cri7cal SLAs or where highly secure and fully compliant infrastructures are needed (Michelson, 2009). Among others, security, intrusion detec7on and load balancing are some examples of func7onali7es that can be more efficiently provided by Public Clouds (Howarth, 2009) (Sheehan, 2009b).
3.4. Hybrid Clouds Hybrid Clouds are any possible combina7on of the previous models ranging from Internal Private Clouds to External Public Clouds. The connec7on might be permanent or as a result of cloud burs7ng (EvereO, 2009) (Perry, 2009) and is oren implemented using standardized or proprietary technology (Spinola, 2009). Each type of combina7on implies specific types of risks and opportuni7es. Analysts and consultants recommend oren an hybrid model aligned with the specific project or situa7on at hand.
Towards a Healthy Cloud
Page 54 of 218
Juan Hernández Colomina
A form of hybrid clouds are hosted clouds or External Private Clouds (Spinola, 2009). They apply the mul7-‐tenant layer on external resources but the cloud is only accessible by a single Cloud User. This form of cloud minimizes the large capital and opera7onal expenses of Internal Clouds while adding elas7c capabili7es. As they are dedicated clouds, they allow more configura7on and flexibility than standard Public Clouds. In situa7ons of high future demand uncertainty for an specific applica7on Berkeley believes that deploying a Private Cloud will lead per defini7on to data center underu7liza7on due to the over-‐ provisioning needed to cope with poten7al peaks in demand (Armbrust et al., 2009). On the other hand, using a Public Cloud in the same situa7on will automa7cally lead to cost savings due to the usage based pricing (pay-‐by-‐the-‐hour) model (Armbrust et al., 2009). In this context, an Hybrid Cloud that scales out to handle peaks could be the best solu7on to guarantee the con7nuity of services at a cost efficient manner. This is what some prac77oners describe as Cloud Burs7ng (Perry, 2009) (McLaughlin, 2009a) (Treese, 2009) (EvereO, 2009). It is important to note than even though a Cloud Users can scale out to a third party solu7on they s7ll remain responsible for their corporate data (EvereO, 2009). According to Berkeley performing heavy computa7ons on Private Clouds can also lead to underu7liza7on or not being able to offer the required computa7onal capacity for the task. On the contrary, in Public Clouds one can fully benefit from parallel processing for the same costs as 1000 cloud servers for one hour cost the same than 1 cloud server for 1000 hours (Armbrust et al., 2009). As several exis7ng use cases demonstrate, organiza7ons should consider Public Clouds in their cost analysis for performing heavy computa7onal tasks. Other categoriza7ons not described in this research are ver7cal (industry) or horizontal clouds (exper7se), virtual private clouds (VPC), Cloud Oriented Architectures (COA) and Cloud Service Architectures (CSA).
4. Common Use PaRerns Arer having defined the concept of Cloud Compu7ng (see sec7on 2) and the different types of solu7ons available (see sec7on 3) we con7nue in this sec7on by analyzing some of the most common use cases that leverage this new delivery model. For this purpose we have analyzed a variety of case studies and iden7fied the most significant use paOerns. Use paOerns in the context of this research are regarded as the main goals of Cloud Users when adop7ng a Cloud Compu7ng solu7on. It is important to note that this use paOerns are described from a Cloud User perspec7ve. However, Cloud Providers can evaluate how this paOerns are covered in their offerings in order to accelerate the adop7on of their specific Cloud Compu7ng solu7ons. A remark should be made on the fact that in some types of Cloud Compu7ng solu7ons (e.g. Internal and/or Private Clouds) the Cloud User is the same organiza7ons as the Cloud Provider. Towards a Healthy Cloud
Page 55 of 218
Juan Hernández Colomina
An overview of the use paOerns analyzed in this research is depicted in table 11. The overview includes three cases for each paOern and the specific solu7on applied. Table 11: Overview of Cloud Compu*ng Use PaRerns
Use PaRern Resource Op7miza7on
Scalability & Elas7city
High Performance Compu7ng
Fail-‐over / Backup
Business Agility / Faster Time To Market
External Knowledge & Experience
Examples & Solu*ons Applied PresidioHealth (GoGrid) Rentokil (Google Apps) LA County (Google Apps) PresidioHealth (Appistry IQ Cloud) Wordpress (MS Azure) TwiOer (Amazon S3) New York Times (Amazon EC2) Harvard Medical School (Amazon EC2 & Oracle) BT (Amazon EC2) 37signals (Amazon S3) Zmanda (Amazon S3) Jungle Disk (Amazon S3) PresidioHealth (Appistry) Siemens (Windows Azure) SugarCRM (Windows Azure) GoGrid (Windows Azure) Associated Press (Windows Azure) Rover Apps (Rackspace Cloud)
In the rest of this sec7on we elaborate on these use paOerns to provide a deeper
understanding of the situa7onal factors mo7va7ng the specific usage. Moreover, by using this sec7on an organiza7on can evaluate wether the specific goals can also be applicable to their context.
4.1. Resource Op*miza*on
Every applica7on needs three main types of resources: processing, storage and
communica7on. Tradi7onal sorware delivery was achieved by prealloca7ng or reserving a fixed amount of resources to be used by the applica7on based in predic7ons that account for possible peaks in demand. Cloud Compu7ng opens new opportuni7es to improve the efficiency of sorware delivery as resources are allocated on-‐demand when needed leveraging just-‐in-‐7me infrastructures (Baker, 2007) (Michelson, 2009) (Pluijm, 2009). The op7miza7on of capacity planning and resource u7liza7on is one of the most frequent use cases of Cloud Compu7ng (Brown, 2009a). Tradi7onal capacity planning oren results in two undesired situa7ons: over-‐provisioning and under-‐provisioning. When resources are under-‐provisioned, demand exceeds the resources available resul7ng in unsa7sfied customers due to solu7ons not responding or responding with a significant delay. On the other hand, when resources are over-‐provisioned the organiza7ons suffers directly from cost inefficiencies due to the waste of resources. Moreover, buying resources long before they are used always implies nega7ve financial consequences based on opportunity costs and the 7me value of money (e.g. Net Present Value).
Towards a Healthy Cloud
Page 56 of 218
Juan Hernández Colomina
Figure 6: Resource Op*miza*on in Cloud Compu*ng .
C l o u d C o m p u 7 n g c a n b e
considered as just-‐in-‐7me resource alloca7on which op7mizes capacity planning and resource u7liza7on as it eliminates the issues of over-‐ and under-‐provisioning of resources (Brown, 2009a). The effects on just-‐in-‐ 7me resource provisioning compared to tradi7onal resource alloca7on are shown in figure 6.
Examples of this use paOern can
be found in the large number of organiza7ons adop7ng SaaS solu7ons like Google Apps (e.g. Rentokil, Jaguar, LA County, University of Deusto, etc.) as well as in other IaaS case studies where cost efficiencies are one of the main benefits obtained (e.g. PresidioHealth applica7ons at GoGrid’s IaaS solu7on).
4.2. Scalability and Elas*city Although the scalable and elas7c character of Cloud Compu7ng are the main ingredients to achieve op7mum resource u7liza7on we consider them as an independent use paOern due to the fact that a significant number of organiza7ons focus on rapid elas7city without the need to op7mize resources. While the op7miza7on of capacity planning focus primarily on predictable workloads (including predictable peaks), scalability and elas7city are ideal features for provisioning unexpected workloads. As Cloud Users can allocate extra resources almost real-‐7me at the same cost per unit, they can therefore cover any unexpected peaks in demand (Broek, 2009) (Michelson, 2009). Elas7city, or in other words being able to upscale or downscale on demand is specially interes7ng in situa7ons where the prealloca7on of resources must cope with high levels of demand uncertainty (Armbrust et al., 2009). Elas7city can be considered as an advance form of instant load-‐balancing having almost unlimited resources to spread the workload.
An unique and oren overlooked characteris7c of Cloud Compu7ng is the possibility to
downscale resource provisioning. By shortening amor7za7on periods from years to hours, a firm can react to changing business condi7ons during periods of economic recession while minimizing investment risks (Armbrust et al., 2009). If the hardware was purchased then downscaling always implies a financial loss for the amount of resources not used. On the contrary, when the applica7on is hosted on the cloud a firm can downscale its resources within minutes without financial Towards a Healthy Cloud
Page 57 of 218
Juan Hernández Colomina
consequences. This is specially interes7ng taking into account hardware’s speed of deprecia7on as it loses market value immediately arer being acquired. Some examples of this use paOern are the use of Amazon S3 storage for TwiOer avatars, the use of the Azure plaxorm for Wordpress blogs, and the sorware scalability achieved by PresidioHealth on the Appistry Cloud IQ plaxorm. This use paOern demonstrate how fast growing organiza7ons can leverage infrastructures to cover for their success being able to handle unexpected exponen7al demand curves.
4.3. High Performance Compu*ng Another of the most common use paOerns found is the access to an almost infinite amount of compu7ng resources to perform heavy computa7onal tasks on a 7mely and cost efficient manner. This use paOern is mainly applied to “on and off” workloads were heavy computa7onal tasks are carried out during a brief period of 7me. As Cloud Compu7ng can deliver an almost unlimited amount of compu7ng resources they are ideal plaxorms to perform high performance compu7ng tasks. Performing heavy computa7ons on a limited amount of resources oren implies large performing 7mes. Instead, performing the same task but distributed and concurrently over a large amount of resources leads to significant lower task fulfillment 7mes. An example of this situa7on can be found in extensive calcula7ons involving a large number of variables. Since these types of calcula7ons will take a lot 7me and resources when performed at internal infrastructures, organiza7ons can benefit from the large parallel processing that cloud solu7ons offer. An important implica7on of this use paOern is that Cloud Compu7ng can bring high volumes of compu7ng power to people and organiza7ons that otherwise could never have such capabili7es to their disposal. It breaks the informa7on asymmetry from the past years, where informa7on was generated by end users but only a few firms (e.g. Microsor, Google, Yahoo, etc.) had the resources to process this informa7on and get advantage from it (Armbrust et al., 2009). Some examples of this use paOern are BT’s calcula7ons of mobile plans, the New York Times conversion of their archives, and the gene7c model tes7ng and simula7ons at Harvard Medical School. BT’s mobile plan calcula7ons were performed more efficiently on a cloud plaxorm than ever before on their internal infrastructure involving millions of records in around 3.6 terabytes of data (DAuria & Nash, 2009). The New York Times converted 4 terabytes of 7ff files into pdf files on Amazon EC2 with substan7al savings in 7me (days instead of weeks) and money (hundreds of dollars instead of thousands). Harvard Medical School used Amazon EC2 to run gene7c tes7ng models and simula7ons resul7ng also in significant cost and 7me savings.
Towards a Healthy Cloud
Page 58 of 218
Juan Hernández Colomina
4.4. Fail-‐over / Backup
One use of Cloud Compu7ng that has been observed in mission cri7cal applica7ons like
hospital’s pa7ent administra7on systems are fail-‐over and data replica7on (DAuria & Nash, 2009). When internal infrastructures fail the produc7on environment is quickly set to the cloud solu7on where the system is replicated. The separa7on of data from applica7ons is a current trend that will make Cloud Compu7ng more aOrac7ve in the near future (Hiner, 2009). To guarantee con7nuity and availability there is an increasingly tendency in web applica7ons to facilitate off-‐line work that is synced to the online environment once the client goes back online (e.g. Google Gears) (Hiner, 2009). Some possible fail-‐ over architectures and their implica7ons are depicted in table 12. Table 12: Fail-‐over architectures using Cloud Compu*ng
Infrastructure
Failover
Availability
Costs
Control
Self Managed
Self Managed
Best Effort
High
High
Self Managed
Cloud
Best Effort + SLA
Moderate
Intermediate
Cloud
Cloud
SLA
Low
Low
Cloud
Self Managed
SLA + Best Effort
Moderate
Intermediate
When a firm uses his own infrastructure and his own failover mechanisms, system’s availability
is guaranteed by the company’s performance (best effort). This kind of solu7on is expensive since monitoring, problem analysis and problem solving is carried out by the organiza7on. However, the organiza7on has the highest degree of control in solving the situa7on at hand. In mixed models where either the infrastructure or the failover mechanism is managed by a Cloud Provider, costs decreases in detriment of control scope. Where organiza7ons deploy a pure cloud construc7on where infrastructure and failover mechanisms are managed by Cloud Providers, the degree of control as well as the costs are minimized. Following the principle of “no single point of failure” we will have to discard the pure managed architectures and the ones using a single (or interconnected) cloud provider as they represent a single point of failure (Armbrust et al., 2009).
There are several examples of organiza7ons leveraging Cloud solu7ons for fail-‐over and
backup. Some examples are 37signals, Zmanda and Jungle Disk. All three organiza7ons have created backup solu7ons on top of Amazon S3 storage solu7on.
4.5. Business Agility / Faster *me to market
Another advantage of Cloud Compu7ng is that it drives innova7on cycles by reducing contract
dura7on and upfront capital investments. Taking this into account, companies can try out projects that are regarded as “too risky” without compromising large amounts of capital (Howarth, 2009) (Broek,
Towards a Healthy Cloud
Page 59 of 218
Juan Hernández Colomina
2009). Moreover, once an applica7on has been deployed on the Cloud it can be delivered simultaneously around the globe to a great variety of devices reducing deployment 7mes significantly. Cloud Users can determine the exact level of resource needed at any moment allowing them to scale up or down when needed. This elas7c character is unique in the sorware world and enables companies to capitalize on market opportuni7es on a much faster pace that they otherwise could (Hinchcliffe, 2009). Examples of this use paOern can be found in PresidioHealth with the PaaS Appistry solu7on, and Siemens and SugarCRM that leverage Windows Azure to achieve faster applica7on development and deployment.
4.6. External Knowledge and Experience A some7mes overlooked use paOern of Cloud Compu7ng is the availability to leverage external (technical) knowledge and experience. Organiza7ons that have limited technical knowledge or have difficul7es in acquiring and maintaining that knowledge can achieve substan7al performance improvements and cost savings by using a Cloud Provider that has that technical knowledge and exper7se (Howarth, 2009) (Cunningham & Wilkins, 2009). Moreover, according to McKinsey research, adop7ng a Cloud Compu7ng solu7ons can lead to savings in IT staff of around 10 to 15 percent (DAuria & Nash, 2009).
Due to the size of Cloud Providers they can aOract the best professionals to assure
compe77veness with other offerings. As highly knowledgeable employees are scarce and expensive, Cloud Users can beOer reallocate exper7se and money to their core business, crea7ng new solu7ons instead of maintaining exis7ng ones (Hinchcliffe, 2009). Examples of organiza7on using Cloud Compu7ng to leverage external knowledge and experience are hos7ng provider GoGrid which builds solu7ons on top of Windows Azure, Associated Press which encourages external developers to build applica7ons on Windows Azure and Rover Apps which uses the Rackspace Cloud to improve the performance of their infrastructure.
Towards a Healthy Cloud
Page 60 of 218
Juan Hernández Colomina
5. Cloudnomics: Cloud Compu*ng Economics As Cloud Compu7ng has significant economic implica7ons we analyze them further in this sec7on. In 7mes of economic difficul7es like nowadays Cloud Compu7ng represents a cash flow friendly approach to provide new projects with the required IT resources (Schadler, 2009) (DAuria & Nash, 2009) (McLaughlin, 2009a) (Spinola, 2009). The elimina7on of upfront investments and the pay-‐ as-‐go billing model are probably the most important financial benefits of this new compu7ng paradigm (Howarth, 2009) (Treese, 2009) (Leighton, 2009). Cloud services are expected to save one third to one half of current opera7ng costs as opera7onal tasks like backup, upgrades and so on are carried out by the Cloud Provider (DAuria & Nash, 2009) (Treese, 2009). In table 13 the financial benefits of Cloud Compu7ng as described by Forrester research are depicted (Forrester, 2008). In order to enable a clear understanding of the economic implica7ons of Cloud Compu7ng we further describe in this sec7on the most relevant ones. Table 13: The Financial Benefits of Cloud Compu*ng (Forrester, 2008)
5.1. Capital Expenses versus Operational Expenses !
In financial terms we can differen7ate two types of expenses: opera7onal expenses (OPEX) and
capital expenses (CAPEX). Opera7onal expenses are incurred when resources are needed to support ongoing businesses while capital expenses are regarded as investments in assets and should be accounted for in the corporate balance sheet. CAPEX investments are subject to amor7za7on periods that spread the impact on the income statement over 7me as prescribed by (inter)na7onal laws. Acquiring new hardware for a data center is a typical example of a CAPEX investment while contrac7ng a Cloud Compu7ng service is an example of an OPEX expense (Schadler, 2009) (Howarth, 2009) (Hiner, 2009) (Kirsner, 2009) (Golkar, 2009) (Michelson, 2009).
Towards a Healthy Cloud
Page 61 of 218
Juan Hernández Colomina
This implies that investment 7mes can be reduced from the amor7za7on horizon (e.g. 4 years) to the fiscal’s year dura7on (e.g. 1 year) as the amount spend for resources in that year is account for directly on the yearly income statement without amor7za7on periods (Spinola, 2009).
According to Forrester, the improvement of investment horizons has specific financial
advantages specially for venture capitalists. Instead of compromising capital for years Cloud Users can pay per month in accordance with the project’s success rate. If a project does not meet the expecta7ons it can be stopped without compromising capital resources (Cunningham & Wilkins, 2009). This form of risk mi7ga7on and the improved cost transparency of Cloud Compu7ng are appealing advantages for CFOs (Schadler, 2009) (Howarth, 2009) (Sheehan, 2009b).
5.2. No large upfront investments & Pay-‐as-‐you-‐go license model One of the most important advantages of Cloud Compu7ng is the reduc7on of the upfront capital expenses in hardware and sorware when crea7ng and deploying solu7ons (Armbrust et al., 2009). This is specially interes7ng for new products or services where demand is highly unpredictable and therefore tradi7onal resource alloca7on can lead to capital losses due to over-‐provisioning or under-‐provisioning (Armbrust et al., 2009). The financial consequences of these two risks are wasted resources or missed revenue respec7vely.
Using Cloud Compu7ng, hardware installa7on and maintenance costs are shired to Cloud
Providers. On the contrary, running your own data center implies installing and replacing every piece of hardware manually with the corresponding opera7ng costs. Specially in countries where IT human capital is rather expensive and difficult to find (e.g. The Netherlands) this is an interes7ng opportunity to take into account given the transparent pay-‐as-‐you-‐go pricing offered in Cloud Compu7ng solu7ons. As a consequence of Cloud’s elas7c character it is possible to reduce upfront investments improving the overall cost efficiency of IT opera7ons.
5.3. Cost reduc*ons Some of the costs associated with running a data center can be categorize as physical costs. Examples of these physical costs are the loca7on where the data center is built, electricity, cooling systems, etc. Recent studies have es7mated that the cost of resources per unit roughly doubles when taking into account these physical costs (Armbrust et al., 2009). According to many experts Cloud Compu7ng is expected to leverage a large diversity of cost savings in ICT opera7ons (Golkar, 2009). According to a IDC research, around 70% of IT budgets are used to maintain current IT capabili7es. Moreover, according to the US department of energy around 85% of compu7ng capacity is idle most of the 7me (Spinola, 2009). If we also take into account the rising energy prizes it is clear why Cloud Compu7ng can significantly contribute to cost efficiency.
Towards a Healthy Cloud
Page 62 of 218
Juan Hernández Colomina
Recent studies have es7mated average server u7liza7on in data centers to be between 5% and 20% (Siegele, 2008). Although this might seem inefficient, we have to take into account that peak workload can mul7ply average u7liza7on by 2 to 10 7mes which needs to be considered when prealloca7ng resources on-‐premises (Armbrust et al., 2009). When the infrastructure is not elas7c then peak capacity must be embedded beforehand in each of the individual physical machines to guarantee the availability and con7nuity of services. This means that when using solu7ons on-‐ premises around 80% to 95% of all resources are “wasted” during non-‐peak periods. The elas7c character of the cloud eliminates the need to account for peak load beforehand since applica7ons can automa7cally scale when needed as demand increases or decreases.
Figure 7: Worldwide Server Spending
Taking into account the divergent resource consump7on of sorware applica7ons and its dynamic development over 7me it does not make much sense to buy IT capabili7es as sets of resources (e.g. mainframes, servers, etc.), but rather as separate resources (e.g. CPU, RAM, etc.) in the amount needed over 7me. Using this approach the match between resource u7liza7on and provisioning reduces resource waste due to underu7liza7on. Moreover the risk of under-‐provisioning resources is also mi7gated (Armbrust et al., 2009).
5.4. Economies of Scale The mul7 tenancy character of web based sorware allows Cloud Providers to achieve economies of scale by sharing physical resources among as many clients as possible (Hinchcliffe, 2009) (Broek, 2009). In Private and/or Internal Clouds this is less relevant and depends on the poten7al savings in the current infrastructure. Among others, economies of scale can be achieved on hardware, sorware, management, energy supplies, physical loca7ons, maintenance, backup, administra7on, etc. According to previous research, by achieving economies of scale Cloud Users can buy their resources at a factor 1/5 to 1/7 than they otherwise would (Armbrust et al., 2009). However, There are significant differences on the billing methods currently applied by Cloud Providers. Billing storage and network bandwidth consump7on is a straight forward task. as the total number of units can be easily divided and consump7on can be measured on those units. However, depending on the virtualiza7on level, computa7onal resources are not as simple to monitor and bill (Armbrust et al., 2009). Towards a Healthy Cloud
Page 63 of 218
Juan Hernández Colomina
Some solu7ons (e.g. Google’s AppEngine) automa7cally scales up and down to changing consump7on demands billing customers for the number of cycles used. Other solu7ons (e.g. Amazon Web Services) charge users on a 7mely basis (e.g. per hour) for the amount of resources available in an instance, regardless of those resources are fully consumed or not. One of the latest developments on cloud based billing methods is Amazon’s Spot Prices which are dynamically set by supply and demand. Cloud Providers can experiment with these billing methods to find the one maximizes their profits.
Towards a Healthy Cloud
Page 64 of 218
Juan Hernández Colomina
6. Risks of Cloud Compu*ng With every innova7on new capabili7es emerge but they imply also new risks to users. As Cloud Compu7ng is an emerging phenomenon Cloud Users should carefully take into account the risks associated with this new model compared to other alterna7ves (e.g. on-‐premises). We base this risk analysis on previous research (Armbrust et al., 2009) (ENISA, 2009) that has iden7fied a series of security issues in Cloud Compu7ng solu7ons. Moreover, we complement these findings with other commercial publica7ons and the perspec7ves of consultants and analysts. We have classified cloud related risks into three groups: opera7onal risks, compliance risks and standards related risks. For each risk we refer to some (par7al) solu7ons for risk mi7ga7on or avoidance currently being offered by Cloud Providers. As security is probably the most men7oned risk of Cloud Compu7ng we describe it separately in the next sec7on (see sec7on 7).
6.1. Opera*onal Risks Opera7onal Risks are encountered by Cloud Users when using a Cloud Compu7ng solu7on. In this sec7on we elaborate on some of the most relevant opera7onal risks in current clouds: service availability and performance, third party and network dependencies, lack of cloud management tools and reputa7on sharing. A. Service Availability The degree of service availability required is highly applica7on dependent. However, high availability is in almost all cases a desired property that improves performance and leads to a beOer user experience. However, although large Cloud Providers should in theory have a more reliable and secure system than individual organiza7ons this is in prac7ce not always the case (Bakker, 2009). Even the most redundant infrastructure can fail as reflected in the list of documented cloud incidents included in appendix E (Leighton, 2009). It is important to note that fully availability (100%) is impossible to guarantee when using shared ungoverned infrastructures (e.g. Internet). Nevertheless Cloud Users should carefully compare historic Cloud Provider’s availability rates with availability rates at their current infrastructure (e.g. on-‐ premises or at another provider). There are few enterprises in the world that can achieve higher availability rates than the largest Cloud Providers (e.g. Google’s 99,9%, Amazon’s 99,95%, Microsor’s 99,95%, etc.). In order to maximize service availability, one possible solu7on could be to implement one of the mixed fail-‐over architectures described previously in this research (see Cloud Use PaOerns). If we combine on-‐premises and cloud solu7ons where one of them is deployed as a fail-‐over we can cover for possible service unavailability. However, this solu7on can increase opera7ng costs significantly as everything needs to be redundantly deployed. For this reason it is important that Cloud Users balance the level of desired availability against the costs of achieving that level. Towards a Healthy Cloud
Page 65 of 218
Juan Hernández Colomina
B. Service Performance In previous research (Armbrust et al., 2009) a analysis has been made on cloud performance for each type of resource. UC Berkeley found that although processing (e.g. CPU) and memory (e.g. RAM) resources can be shared between virtual machines on the cloud without performance detriment, there is a significant performance issue in input/output (I/O) opera7ons between virtual machines on the cloud sharing the same physical disk. This could result in some cases in I/O latencies that could affect service performance. Taking into account that applica7ons are becoming more data intensive and bandwidth costs are not decreasing in price at the same rate than other hardware does, the costs of transferring data to and from the cloud must be taken into account when considering Cloud Providers. With current networking capabili7es, transferring large amounts of data implies large amounts of 7me and money. Calcula7ons in previous research (Armbrust et al., 2009) have discovered that in some cases might be more effec7ve to ship data physically instead of transferring it electronically. This approach is followed by Amazon that allows the physical sending of data containers (e.g. DVD) with data to be stored on their Cloud. Once the media container is received Amazon sets the data on the Cloud User’s S3 service account free of transfer charges. Another approach to deal with network throughput limita7ons could be to limit the amount of data to be stored on the Cloud. As more public data sets (e.g. data.gov sets, geographical loca7ons, zip-‐codes, etc.) become available on the cloud, a firm does not need to transfer all data to the cloud. An applica7on can (re)use these public sets without incurring in transmission costs. Moreover, due to the centralized character of the cloud, these public data collec7ons will be kept up to date without any effort needed from the Cloud User. Future developments in networking technology promises a significant increase in bandwidth reducing the 7me and money needed to transfer large data sets. For example, in 2010 the cost of a 10 Gigabit Ethernet server connec7on is predicted to fall to around $200 (against $1000 nowadays) while the new 40 Gigabit Ethernet and 100 Gigabit Ethernet will soon become available. C. Third Party Dependency Using a Public or External Cloud Compu7ng solu7on can be compared to a certain extend with outsourcing where certain tasks (applica7on development in SaaS, infrastructure opera7ons in IaaS, etc.) become the responsibility of the Cloud Provider. This implies some concessions from the Cloud User when compared to on-‐premises solu7ons where the organiza7on has full control and decision rights over the infrastructure. A Cloud User can however extend the scope of control by clearly defining responsibili7es in their Service Level Agreements (SLAs) with Cloud Providers or by building Internal Clouds. Moreover, Cloud Users should be aware that Cloud Providers can modify the terms of service without the legal obliga7on of directly no7fying Cloud Users about it (Reingold & Mrazik, 2009). Towards a Healthy Cloud
Page 66 of 218
Juan Hernández Colomina
In situa7ons where a firm’s (cri7cal) applica7ons and data are going to be trusted to a third party it is also important to consider the trustworthiness and con7nuity of the provider as well as the reliability of the offering (Bakker, 2009) (Arnold, 2008a) (Hiner, 2009) (Treese, 2009) (Leighton, 2009) (Brynko, 2008). Cloud Users should be aware of the financial situa7on of the Cloud Provider over 7me and develop strategies to cope with possible provider’s bankruptcy. One possible solu7on could be to use more than one Cloud Provider where some are configured as fail-‐overs of the other one(s). D. Network Dependency A Cloud User is always dependent on its Internet connec7on’s reliability and speed to access the service in terms of bandwidth and latency (Arnold, 2008a) (Bakker, 2009) (Golden, 2009). Although some vendors have developed solu7ons that facilitate offline work that is later synchronized when there is an Internet connec7on (e.g. Google gears) it is s7ll not a standard func7onality in all Cloud Compu7ng offerings. Another important considera7on is the ungoverned character of the Internet. When data is transmiOed through this public network the route to be followed is unknown and unpredictable being an inherent characteris7c of the TCP/IP protocol (Leighton, 2009). Depending on the specific network situa7on at a certain point in 7me (e.g. conges7ons, malfunc7ons, etc.) the selected route can be different, which can result in unpredictable network latencies. Although using current networking technologies an organiza7on can transfer data across the globe with latencies of milliseconds, certain types of applica7ons are less tolerant for latencies like for example real-‐7me trading systems. These applica7ons are for this reason not fiOed to be hosted on the Cloud (Armbrust et al., 2009). Although the quality of the network can be par7ally safeguarded in SLA’s (service level agreements), it is not clear wether the economic claims arer a malfunc7on fully cover the damage suffered (e.g. Client lost, Brand damage, etc.) (Bakker, 2009). Moreover, although SLAs can help to prevent failures, they do not solve the problems arising from wrong designed architectures (Sheehan, 2009b). E. Lack of Cloud Management Tools A new paradigm like Cloud Compu7ng requires a new set of tools to monitor, op7mize and automated infrastructures. However, currently most cloud offerings are lacking such tools providing only simple APIs to operate it with significant limita7ons, specially in management func7onality (McLaughlin, 2009a). Some Open Source solu7ons are currently being developed to include management tools out of the box (e.g. Open Nebula, Eucalyptus, etc.). Organiza7ons should carefully evaluate which cloud management tools they need and select the provider that most closely matches the func7onality required.
Towards a Healthy Cloud
Page 67 of 218
Juan Hernández Colomina
F. Reputa*on Sharing In Public Clouds the same physical infrastructure is shared among various Cloud Users. As a consequence, the use of a Cloud Compu7ng solu7on by an user with dubious inten7ons (e.g. spam) can affect the overall performance of that solu7on and its users (Armbrust et al., 2009). For example, if an IP address has been blacklisted due to spam, and then the IP address is reallocated to a new customer the new user will suffer from the other customer’s misbehavior. As this risk mainly occurs on shared infrastructures at the network layer the use of sta7c or reserved IP addresses can address it in most cases.
6.1. Compliance Risks Besides opera7onal risks, Cloud Users should also consider how the envisioned Cloud solu7on complies with the applicable laws and regula7ons in their context. The differences in na7onal legisla7ons between the loca7ons of both Cloud User and Cloud Provider, the lack of transparency of Cloud Provider’s opera7ons and data confiden7ality issues are among the most relevant compliance risks when using a Cloud solu7on. In the following paragraphs we describe this risks briefly. A. Compliance with Laws and Regula*ons Some types of organiza7ons (e.g. Banks, Hospitals, etc.) need to comply with specific regula7ons on how sensi7ve data is stored and the accessed. These regula7ons are developed to safeguard privacy and avoid fraud. Some examples of these regula7ons are PCI, SAS 70, SoX and HIPAA among many others. As current (inter)na7onal laws and legisla7ons are developed in the past for transac7ons with physical goods, the dynamic virtual characteris7cs of Cloud Compu7ng whose infrastructures can span various con7nents presents new challenges for prac77oners (Urquhart, 2009a) (Bakker, 2009).
It is important to note that while in past compu7ng paradigms users maintained full possession
and control over their data, Cloud Compu7ng solu7ons imply new legal considera7ons to take into account due to the fact that the legal responsibility to protect private or confiden7al data s7ll remains on Cloud Users. In this context, an important aspect to take into account is the geographical loca7on of the provider and therefore the rules and regula7ons that the provider has to comply with (DAuria & Nash, 2009) (Mansfield-‐Devine, 2008). Cloud Providers tend to place their new data centers on loca7ons where resources are cheap which are oren developing or underdeveloped countries. These countries might not be the best place to store sensi7ve data (Bakker, 2009). Because a Cloud Provider can be located anywhere in the world, differences in legisla7on become a very important barrier for adop7on (Lewis, 2009) (Reingold & Mrazik, 2009). There are for example significant differences between the EU Data Protec7on Direc7ve and the US Patriot Act. These differences should be considered when selec7ng a provider as for example a Cloud User in the EU must comply with EU legisla7on while his data stored in the USA is subject to USA legisla7on (Mansfield-‐Devine, 2008). If the Cloud Provider is for example located in the USA, then all the Towards a Healthy Cloud
Page 68 of 218
Juan Hernández Colomina
informa7on stored by Cloud Provider is subject to the Patriot Act, and therefore can always be accessed by USA governmental organiza7ons. This is not the case in the European Union, where law enforcement does not always imply default access to sensi7ve informa7on.
A solu7on to these geo-‐localiza7on issues could be that Cloud Providers facilitate the division
of data into country blocks that will comply with the regula7ons of each individual na7on. This is currently offered by various providers like for example Amazon which allows Cloud Users to determine where to store their data, offering the possibili7es of their Ireland’s data center in Europe and two data centers in the USA (west and east coast data centers). This feature is at the moment of wri7ng being incorporated to other solu7ons like Rackspace’s Cloud and Terremark’s Enterprise Cloud among others. B. Lack of Transparency Some recent cloud outages, like the one suffered by Google Apps on May 14th 2009 are genera7ng some concerns among poten7al adopters. The main issue commented on the media is how Cloud Users can “protect something they can’t even see” (Arellano, 2009) (Spinola, 2009). When failures occur in a large distributed system it is very difficult to iden7fy the origin as the system cannot be replicated on a smaller scale. If Cloud Providers do not offer enough transparency and assurance in the form of globally accepted audit (quality) cer7fica7ons it is almost impossible to audit their solu7ons which is a strong barrier for Cloud Users to achieve their compliance requirements. As the level of transparency varies strongly between providers, Cloud Users should select the provider that provides them with the desired transparency to comply with laws and regula7ons. This could be in the form of cer7fica7ons (e.g. SAS 70, ISO, etc.) or by providing full access to the underlaying resources. Moreover, when evalua7ng the pricing of Cloud offerings Cloud Users should take into account the effects of informa7on asymmetry arising from the current lack of transparency in offerings. C. Data Confiden*ality One of the most important barriers for the adop7on of Cloud Compu7ng is the lack of assurance of data confiden7ality. Among others, the loca7on where data is stored, how secure it is stored and transferred to and from the cloud, data access management and procedures for the disposal of data are some of the concerns of Cloud Users related to data confiden7ality.
Data confiden7ality is specially a risk in cloud models where data is transferred outside the
organiza7on through public networks (e.g. Internet) and when storing data on third par7es' systems. Transferring data outside the organiza7on implies an added risk compared to on-‐premises infrastructures as data leaves the organiza7onal domain and its security scope (e.g. firewall) and therefore it cannot be fully controlled by the organiza7on. It is important to note that when data travels over public networks (e.g. Internet) there is no fully control over data confiden7ality unless specific security measures are taken (e.g. VPN networks, Point-‐to-‐point connec7ons, encryp7on, etc.). Towards a Healthy Cloud
Page 69 of 218
Juan Hernández Colomina
A popular statement on the externaliza7on of data storage is “My sensi7ve corporate data will never be in the cloud” (Armbrust et al., 2009). Although this is an understandable point of view there are two important remarks to be made. First of all, in the context of tradi7onal managed hos7ng the client’s data is already stored on a third par7es’ systems so it is not much different to store them on a Cloud Provider’s system if they as trusted as the firm’s hos7ng provider (Howarth, 2009). Secondly, security research indicates that vulnerabili7es are more oren generated internally than externally, by own employees. According to previous research one third of IT professionals oren misuse their rights to access sensi7ve informa7on (Spinola, 2009) This means that storing data on the cloud with secure access policies could even improve current data access management. Cloud Providers have a large dedicated security departments and they invest con7nuously in securing their infrastructure. In words of Forrester’s analyst Jason Staten: “Security is one of the core competencies of the cloud provider” (Golkar, 2009). Taking into account this perspec7ve, trust represents a cri7cal ingredient for the successful adop7on of Cloud Compu7ng (Hiner, 2009) (Mansfield-‐Devine, 2008). The lack of trust with Cloud Compu7ng environments can be compared to some extend with the first developments in ICT where informa7on on screen was regarded to be less reliable than on paper. As this new model matures, trust will become a less relevant issue for adop7on. Some experts suggest the mandatory use of encryp7on to safeguard data confiden7ality (Reingold & Mrazik, 2009) (Brynko, 2008) (Spinola, 2009). Although this is oren the case when transferring data to and from the Cloud Provider, it is oren skipped for cloud stored data as it can imply a significant detriment in the quality of service provided (Reingold & Mrazik, 2009). Nevertheless, it is highly recommended that Cloud Users select a provider that applies encryp7on also to the data stored besides delivering the quality of service needed.
6.1. Standards Related Risks One of the most important barriers for the current adop7on of Cloud Compu7ng is the lack of standards that can lead to vendor lock-‐in situa7ons. Although the Cloud Compu7ng paradigm is rela7vely new, there are a large variety of Cloud offerings being introduced every month. As every Cloud solu7on is different than the other ones, and most of them support only specific vendor’s products (e.g. databases, programming languages, etc.) there is an increasing need for standardiza7on to prevent vendor lock-‐in. Open cloud standards are specially needed to enable cloud inter-‐operability and hybrid models. A. Lack of Standards
Although the “de facto” standard will be set by the stronger Cloud Provider, it is very important
to par7cipate in the development and adop7on of formal standards as they provide choice and flexibility to Cloud Users and avoid vendor lock-‐in situa7ons (Hinchcliffe, 2009). Towards a Healthy Cloud
Page 70 of 218
Juan Hernández Colomina
A series of formal and informal organiza7ons are currently working on the development of Cloud Compu7ng standards like the Open Cloud Consor7um (OCC), the Cloud Standards Coordina7on, the Open Grid Forum’s Open Cloud Compu7ng Interface (OCCI) and the The Open Group Cloud Work Group. The Open Cloud Consor7um (OCC) is a member driven organiza7on that supports the development of standards for Cloud Compu7ng and frameworks for interopera7ng between clouds with a focus in large data clouds. The Cloud Standards Coordina7on (cloud-‐standards.org) is a informal wiki to document the ac7vi7es of the various groups working on Cloud Standards. The Open Cloud Compu7ng Interface (OCCI) working group is an informal group which is currently developing an API specifica7on for the remote management of Cloud Compu7ng infrastructures. The Open Group Cloud Work Group aims to support enterprises of all sizes in their adop7on of Cloud Compu7ng by developing open standards that guarantee portability and avoid vendor lock-‐in situa7ons. In the absence of formal standards, at the IaaS level “de facto” standards are emerging which are oren based on the underlaying virtualiza7on technologies. Amazon’s Xen based AMI format for instances in the cloud (e.g. units of aggregated resources) and VMware’s virtual image format are two of the most common formats that can be currently regarded as “de facto” Cloud Compu7ng standards. B. Vendor Lock-‐in In the early stages of any technological innova7on there is an increased risk for vendor lock-‐in (Reingold & Mrazik, 2009). As vendors are s7ll developing their own vision on Cloud Compu7ng a Cloud User can fall into this situa7on when vendor’s views differ significantly from each other (McLaughlin, 2009a). Specially, the lack of Cloud Compu7ng standards can lead to vendor lock-‐in situa7ons as organiza7ons deploy vendor formats not supported by other vendors. Most cloud APIs are proprietary crea7ng barriers for migra7ng data and applica7on between Cloud Providers. A Cloud User suffering from vendor lock-‐in is more fragile to raises in services prices and to provider's bankruptcy. They would have to accept price increases as they are, and they could be in serious trouble if their supplier goes out of business (Armbrust et al., 2009). Some ini7a7ves to prevent data and vendor lock-‐in are the Cloud Compu7ng Interoperability Forum and The Open Cloud Manifesto by IBM. However their pioneering efforts have not lead yet to an industry wide trend to develop and adopt standards. This lack of standards could seriously difficult migra7ng to another Cloud Provider in the future resul7ng in ver7cal vendor lock-‐in situa7on (Bakker, 2009) (EvereO, 2009).
Towards a Healthy Cloud
Page 71 of 218
Juan Hernández Colomina
7. Cloud Security There is an interes7ng security paradox in Cloud Compu7ng compared to on-‐premises infrastructures. While the concentra7ons of large amounts of resources and data are a more aOrac7ve target to aOackers, Cloud solu7ons are oren more robust, scalable and cost-‐effec7ve, improving the overall security of the solu7on (Reingold & Mrazik, 2009). Nevertheless, Cloud Users need to carefully consider security issues arising from this new paradigm. According to the ENISA report on Cloud Compu7ng security (ENISA, 2009), organiza7onal Cloud Users are confronted with some security issues that are absent at on-‐premises infrastructures. In this sec7on we first look at the arguments that suggest that Cloud Compu7ng is a more secure op7on than on-‐premises to con7nue with the arguments that indicate the contrary. A. Cloud Compu*ng as a more secure op*on than on-‐premises It is oren wrongly assumed that a Cloud infrastructure is per defini7on less secure than an on-‐ premises infrastructure. Most large Cloud Providers have deployed beOer security measures than a small or medium enterprise as their core business depends on it. Moreover, Cloud Providers affirm that their environments are safer than local infrastructures due to the facts that they have backup systems in place by default and perform security updates almost instantly. Some providers have gathered technological exper7se over the years using real-‐7me detec7on systems for on-‐demand security. Moreover, they fragment data across mul7ple loca7ons enabling more efficient disaster recovery and storage solu7ons (Reingold & Mrazik, 2009) and as most aOacks are the result of late sorware updates and server misconfigura7ons due to lack of 7me (Spinola, 2009) they are less likely to take place on a cloud at providers which are highly concerned about updates and server configura7on (c.q. it is their core business). Another important remark that suggests beOer security in the Cloud is the effects of economies of scale on security. The same security measures currently deployed on-‐premises (e.g. Encryp7on, Virtual LANs, firewalls, DMZs, etc.) can also be implemented on cloud environments. As security hardware is rather expensive and due to the economies of scale enjoyed by Cloud Providers, cloud environments can deploy beOer (more secure) hardware and sorware improving the overall security compared to tradi7onal data centers (Armbrust et al., 2009).
One of the most remarkable security benefits in Cloud Compu7ng iden7fied by ENISA is to
leverage the elas7c on-‐demand property of the Cloud as a protec7on against denial of service aOakcs (DDoS). However a new security issue arises in return, the Economic Denial of Services (EDOS) aOack. Although the service is kept available on the Cloud, the unintended use of the applica7on can generate unexpected costs as the cloud infrastructure must s7ll be paid on a usage basis. Nevertheless, the experience and dimensions of Cloud Providers makes them more capable to detect and absorb these aOacks than individual companies with limited resources as they are more oren
Towards a Healthy Cloud
Page 72 of 218
Juan Hernández Colomina
confronted with them and they affect directly the performance of their core business (Armbrust et al., 2009). B. Cloud Compu*ng as a less secure op*on than on-‐premises A cloud infrastructure containing vast amounts of data is a more aOrac7ve target for bad inten7oned individuals (Bakker, 2009) (Treese, 2009) (Mansfield-‐Devine, 2008). By discovering and exploi7ng one single infrastructure they could get their hands on immense amounts of informa7on that would otherwise have take them much more effort to obtain. Moreover, the web based character of Cloud Compu7ng solu7ons makes it more suscep7ble for network aOacks and security exploits at browser level than non web-‐based infrastructures.
Previous research has iden7fied some security issues arising from the use of Cloud Compu7ng.
Among others, access policies, regulatory compliance, inves7ga7ve support, data loca7on, data segrega7on, and recovery and long term viability are some of the security risks when using Cloud Compu7ng (Mansfield-‐Devine, 2008). single sing-‐on solu7on being deployed by many leading internet firms allows • Access Policies: The an user to switch between cloud applica7ons without the need of login every 7me. Although this significantly improves usability, it also represents an important security flaw due to the fact that once the login is compromised then all applica7ons become vulnerable (Mansfield-‐Devine, 2008). This single sing-‐on represents a single point of failure for Cloud infrastructures and it is currently being mi7gated by Cloud Providers by using two factor authen7ca7on methods. In the area of data governance, Cloud Users need to be sure that other • Regulatory Compliance: cloud users will never be able to access their data (Mansfield-‐Devine, 2008). In some cases Cloud Providers have created an infrastructure that fully complies with external regula7ons on this maOer. As an example, Google Apps systems and processes fulfill to SAS 70 Type II audit of control measurements to protect data. Since Cloud Users are oren not allowed to look into the Cloud’s security infrastructure, trust on the provider and on the audit results becomes an important enabler for adop7on (Mansfield-‐Devine, 2008) (Broek, 2009). Compliance issues arise in many cases by the lack of transparency of Cloud Providers but also from the lack of auditors’s technological knowledge (McLaughlin, 2009a). According to a CIO.com survey, adding a Public Cloud to your architectural design will certainly result in more complexity and therefore less understanding from external auditors. Support: It is important to note that when selec7ng a Cloud Provider its security • Inves*ga*ve model should be carefully scru7nized as the customer is oren ler to the audit findings supplied by the provider. Cloud Users cannot respond to audit findings or examine security implementa7ons at provider’s level. Performing a security audit on a cloud based system is almost impossible as Cloud Providers oren do not provide full access to their infrastructure. Moreover, ENISA signals a security risk based on the lack of contractual rights to perform security analysis (e.g. port scans penetra7on tests, etc.) by Cloud Users. Although these analysis are oren performed by Cloud
Towards a Healthy Cloud
Page 73 of 218
Juan Hernández Colomina
Providers, they are not reflected in Service Level Agreements (SLA) which leads to uncertainty on whether they are performed or not, and what are the results. Loca*on, Segrega*on, Recovery and Disposal: ENISA iden7fies some jurisdic7onal issues • Data related to the loca7on of data storage. Moreover, the mul7-‐tenancy and shared resources character of Cloud Compu7ng can represent addi7onal risks for organiza7ons when isola7on mechanisms separa7ng tenants fail (e.g. guest-‐hopping & cartographic aOacks). The integrity of Cloud Provider’s employees should also be taken into account. As security is more oren compromised internally and the cloud represents a large volume of data, Cloud Users must carefully analyze how Cloud Providers protect data from internal security breaches. Procedures for data disposal should also be taken into account. Once data is deleted by a Cloud User, the Cloud Provider must assure that the deleted data cannot be restored, specially in shared infrastructures where hardware is reallocated to a different user. Term Viability: The absence of standard tools, procedures, data formats and services • Long interfaces to guarantee data, applica7on and service portability can significantly difficult the migra7on to other Cloud Provider or to an on-‐premises seung. This situa7on can result in high dependency on a single Cloud Provider and therefore vendor lock-‐in situa7ons. In a situa7on of vendor lock-‐in Cloud Users must also be aware of the risk of provider’s bankruptcy and develop methods to recover data in such situa7ons. & Spoiler Effect of Informa*on: There is a interes7ng paradox in cloud security. As • Disinvestments companies have invested in highly secure and expensive measures like DMZs or firewalls, adop7ng a cloud infrastructure will mean that these measures are not longer necessary because everything is stored outside the organiza7on’s boundaries without direct control on the security measures to protect it (Mansfield-‐Devine, 2008). Moreover, Cloud Users should be aware of the spoiler effect of informa7on. While a company’s infrastructure security is not well known to outsiders, Cloud Provider’s security measures are publicly available, making it easier for hackers to exploit vulnerabili7es (Mansfield-‐Devine, 2008). One of the most important trade-‐offs that Cloud Providers need to make is that of robustness versus pragma7sm of the plaxorm (Hinchcliffe, 2009). While offering enterprise func7onali7es is very important, they nee to deliver them in a pragma7c way to facilitate its adop7on by Cloud Users. Moreover, when selec7ng a Cloud Provider, Cloud Users need to select the offering that provides them with the right balance between robust security and pragma7sm for their specific situa7on. The Jericho Forum and the Cloud Security Alliance (CSA) are laying down the first steps towards solving the security issues of Cloud Compu7ng (EvereO, 2009). The CSA’s Security Guidance for Cri7cal Areas of Focus in Cloud Compu7ng provides guidelines for managing risk, portability and disaster recovery. The Jericho forum has developed a cube model linking specific security issues to each type of cloud, specially when transferring data to and from a provider. Both, the CSA and Jericho forum are currently working together to develop a Cloud Provider accredita7on mechanism.
Towards a Healthy Cloud
Page 74 of 218
Juan Hernández Colomina
In order to achieve beOer security in the cloud, Cloud Users should carefully examine contracts with Cloud Providers, specially regarding the rights and obliga7ons of par7es as well as compliance with laws and regula7ons. Work from the Jericho Forum, CSA and ENISA are good staring points for Cloud Users to analyze the security of poten7al Cloud Providers. They provide guidelines and checklists that can be used to assert the security of Cloud Compu7ng solu7ons that best fits their needs.
Towards a Healthy Cloud
Page 75 of 218
Juan Hernández Colomina
8. The Cloud Compu*ng Marketplace In the previous sec7ons of this research we have provided a defini7on of Cloud Compu7ng, the types of cloud offerings, how they are currently being used and the risks associated with this new paradigm. In this sec7on we con7nue our analysis by selec7ng the three most relevant providers at infrastructure and plaxorm service levels based on our research defini7on. This will facilitate our further analysis on the applicability to the Dutch healthcare sector in the next part of our research. We have excluded SaaS solu7ons from this part of our analysis as they are very specific and use high levels of abstrac7on which makes it very difficult to compare them and evaluate their applicability to the Dutch healthcare sector. Moreover, SaaS applica7on are oren either built on PaaS solu7ons (e.g. Salesforce applica7ons on force.com plaxorm) or they tend to become plaxorms over 7me by offering more flexibility to end users (e.g. APIs). We begin this sec7on by describing some general market data to con7nue with two overviews of the features offered by the three selected IaaS and PaaS providers. We provide also a brief descrip7on of each provider and the latest developments in their offerings. As External Public Clouds are leading the development of Cloud Compu7ng we limit our analysis to this type of clouds.
8.1. General Market Data
The Cloud Compu7ng market has evolved significantly during 2009. Supported by increasing
adop7on by organiza7ons, major providers have incorporated new features every month and new providers have emerged some7mes focused on ver7cal industries. According to The Wall Street Journal the Cloud Compu7ng industry is es7mated to reach $42 billion by 2012 which represents around half of the current sorware industry (Hinchcliffe, 2009) (McLaughlin, 2009a). Gartner researchers are more op7mis7c on their predic7ons as they expect the Cloud Compu7ng market to generate $56 billion by 2009 and $150 billion by 2013 (Gartner, 2009). The popularity of end user web applica7ons based on the Cloud Compu7ng model (e.g. Gmail, Google Apps, etc.) are an indica7on of current use and adop7on. According to a recent study of PEW Internet Research around 69% of Americans are using some kind of cloud service (Siegele, 2008). On the enterprise side the rate of adop7on can be observed from a recent survey performed by AppLabs. Around 50% of the firms affirmed that they are deploying cloud infrastructures or are planning to do it within a year (Solomon, 2009). Around 30% of these organiza7ons have already deployed a cloud infrastructure while 20% is expec7ng to deploy it within a year. However, the remaining 50% of the companies answered that they have no plans to use Cloud Compu7ng in the near future.
There are a large diversity of services offered following the Cloud Compu7ng model. An
extensive overview is offered by the Cloud Security Alliance and its depicted in figure 8. Another interes7ng overview provided by Gartner is included in appendix F.
Towards a Healthy Cloud
Page 76 of 218
Juan Hernández Colomina
Figure 8: OpenCrowd Cloud Taxonomy and Vendors
As observed in the above figure, the large diversity of offerings can be generalized into three main groups of services as discussed in our service model (SaaS, PaaS and IaaS) plus the tools necessary to build them.
8.2. Selected IaaS Providers For the purpose of this research we have limited the amount of IaaS providers to be included in our feature comparison to the top three largest providers measured by the number of occupied instances: Amazon, Rackspace and Joyent. We base our selec7on on the monthly es7ma7on by Guy Rosen described on his blog The Jack of All Clouds.
Towards a Healthy Cloud
Page 77 of 218
Juan Hernández Colomina
Figure 9: Guy Rosen’s Cloud Market Analysis .
In the month December
(see figure 9), according to Guy Rosen’s classifica7on Amazon was s7ll the largest provider, followed by Rackspace and much further by Joyent.
Figure 10: Gartner’s Magic Quadrant June 2009.
According to Gartner’s Magic Quadrant on Hosted Cloud Infrastructure Services of June 2009 (see figure 10) Rackspace can be categorized as an IaaS leader while Amazon and Joyent are considered as visionaries. This indicates that while their completeness of vision is rather similar, Rackspace is able to execute their offerings beOer than Amazon and Joyent. Gartner’s report confirms that our selected IaaS providers not only have large growing customer bases but also develop their Cloud Compu7ng visions and are able to execute them. It is important to note that other organiza7ons regarded by Gartner as leaders (e.g. AT&T, Savvis, Terremark and IBM) focus on leveraging Internal Private Clouds and are therefore not suitable for our analysis. Based on informa7on from the three selected IaaS providers we have created a table (see table 14) containing a comparison among the features offered by them at the moment of wri7ng. When selec7ng the features to be compared we have focused on those that are more relevant to our further analysis of their applicability to the Dutch healthcare sector. As new features are being launched every month, the overview is limited to the services as offered on December 2009.
Towards a Healthy Cloud
Page 78 of 218
Juan Hernández Colomina
Table 14: Feature comparison of selected IaaS providers
Amazon EC2
Rackspace Cloud Servers
Joyent
Dedicated Firewall
No
No
No
VPN
Yes
No
No
SAS 70 Compliance
Yes
Yes
Yes
Role-‐based access control
No
Yes
No
Managed DNS
No
Yes
Yes
99,95%
100%
99,9%
Customized Opera7ng Systems
Yes
No
No
Windows Server 2003 & 2008
Yes
No
No
Linux (e.g. CentOS, Redhat, Ubuntu)
Yes
Yes
No
Yes
Yes
Yes
Drive Failure Protec7on (Backup)
None
Local RAID10
No
Choice of data geo-‐localiza7on
Yes
No
No
Minimum Server Size (RAM)
256 MB
1,7 GB
250 MB
Free inbound traffic
Yes (**)
500 GB / month
Yes
No
500 GB / month
Yes
XenServer
vCloud & XenServer
vCloud
Yes, launching new instances Yes, launching new instances
Yes, without launching new instances Yes, without launching new instances Yes, rBuilder and RightScale
Features Security & Compliance
Control
Guaranteed Up7me in SLA Opera*ng Systems
Storage Persistent (block) Storage
Pricing Model
Free outbound traffic Other Virtualiza7on Technology Elas7city of resources Elas7city of resources Support for hybrid cloud models
Yes (VPC)
Yes Yes No
(*) The provider is currently deploying this feature (**) Available for a limited period of 7me
Towards a Healthy Cloud
Page 79 of 218
Juan Hernández Colomina
A. Amazon EC2 and S3 Amazon was the first organiza7on to offer compu7ng as a service launching its EC2 solu7on in October 2007. Having deployed a immense infrastructure to support its well known retail business Amazon decided to sell next-‐genera7on Web Services by opening up their own IT capabili7es to external customers (Baker, 2007). They rent for example CPU cycles per hour at Amazon’s Elas7c Cloud Compute (EC2) and storage on Amazon’s Scalable Storage Service (S3) billed per gigabyte per month. Amazon currently has fourteen data centers spread over the globe to support more than 88 million users. At any moment in 7me several hundreds EC2 instance are running. Cloud Compu7ng seems to be a profitable business for Amazon as in their latest reported fiscal quarter (September 30th) it included a revenue growth of 29% to $138 million. The compu7ng solu7on EC2 can be categorized as a “Hardware-‐as-‐a-‐service” where users have control over the en7re compu7ng stack. By applying virtualiza7on Amazon offers machine images with the same degree of access as a dedicated server. By allowing users to instantly create or destroy any machine image at any moment applica7ons can scale up and down dynamically becoming truly elas7c (Weiss, 2007) (Holliday, 2009). A feature that differen7ates Amazon from its directly compe7tors is that Amazon enables scalability by adding another image to the Load Balancer instead of increasing the amount of the underlaying resources (e.g. RAM, etc.). Amazon’s storage service S3 hosted around 64 billion objects per August 2009 ranging from 1 byte to 5 gigabytes each. This large amount of storage handles on average around 100.000 I/O requests per second. Amazon allows third par7es to store and distribute their own (modified) AMIs (Amazon Machine Images) trough their infrastructure which are stored on the S3 service (privately or publicly accessible) and can be used to boot EC2 instances. According to some IT analysts (Gartner, 2009) Amazon offers compu7ng services with high levels of granularity applying a usage based pricing model. They are regarded by Gartner as an “innova7ve and extraordinary agile organiza7on responding rapidly to customer demands for features rather than following a set product road map” (Gartner, 2009). The latest features launched by Amazon focus on solving some of the main risks in Cloud Compu7ng: compliance and security. In order to solve issues related to the loca7on of data storage Amazon offers tools that allows Cloud Users to determine, report and track the physical loca7on of their data (Holliday, 2009). Regarding Cloud security Amazon EC2 offers the possibility of using mul7-‐ factor authen7ca7on by using an external authen7ca7on device next to the user's password. Moreover, the launch of the Virtual Private Cloud feature that enables the secure integra7on of Amazon’s offering with on-‐premises infrastructures facilita7ng the deployment of hybrid models. Amazon currently offers three pricing models for their compu7ng instances: On-‐demand, Reserved and Spot Price. On-‐demand is the regular pricing model. Reserved instances are on-‐demand instances that include a discount for one to three years prepaid contracts. Spot Price represents an Towards a Healthy Cloud
Page 80 of 218
Juan Hernández Colomina
innova7ve pricing op7on involving dynamic prices set by supply and demand over 7me. In the Spot Instance pricing model launched in December 2009, each customer can set a maximum price for each type of compu7ng instance that Amazon offers. The spot price of these instances is calculated by Amazon based on supply (available stock of spot instances) and demand (how many customers want that instance at that moment). If the spot price is less or equals the maximum price set by an specific client, the instance is allocated to that client, and he or she is billed according to the spot instance price. However, if the spot instance rises above the maximum set by the customer the instances are automa7cally terminated and resources are reallocated to another customer.
Some days arer the Spot Price pricing model was launched the first graphical tool were
developed to track the development of spot prices over 7me. One of this tools is Cloud Exchange (hOp://cloudexchange.org/) which provides overviews as the one depicted in figure 11 which shows prices of all instance types and OS (Windows and Linux) on all three data centers (USA West, USA East & Europe West).
Although the Spot Price model represents the first steps towards u7lity compu7ng and
dynamic pricing of resources comparable to the financial stock market, this approach has also some limita7ons. First of all, as there are no guarantees on how long a customer will be using a spot instance its applicability is limited to a specific set or workloads, like for example those that are not 7me constrained and can be easily restarted (e.g. batch processing, large data processing and transforma7on, etc.). Second of all, the supply of Spot Price instances is limited by Amazon, as opposed to the “unlimited” supply of on-‐demand and reserved instances. For this reason, prices of spot instances do not necessary need to be supply and demand driven as the quan7ty and prices of each type of instance are determined by Amazon. Amazon can for example decide that spot prices are the only op7on or that there is no stock of spot prices which would influence Spot Prices significantly. The current lack of transparency on this new feature of Amazon EC2 makes it difficult to determine wether they represent surplus capacity or they are just another pricing choice for Amazon. Figure 11 : Cloud Exchange Spot Prices
Towards a Healthy Cloud
Page 81 of 218
Juan Hernández Colomina
As the Spot Price feature is also available on the Amazon’s API, developers can build applica7ons that interact with these prices for example by increasing or decreasing their maximum price if some condi7ons are met. Moreover, by including an abstrac7on layer in their applica7ons to support migra7ons between providers Cloud Users could account for the possible future manipula7on of spot prices by Amazon. Amazon has developed during 2009 a series of partnerships with enterprise sorware producers (e.g. Oracle, IBM, etc.). For example, in February 2009, the partnership agreement between Amazon and IBM represented an important step towards the adop7on of Cloud Compu7ng as a new delivery method for enterprise’s products and services. IBM offers infrastructure sorware on-‐demand on the Amazon cloud EC2 where current IBM clients can use their exis7ng licenses also on the EC2 plaxorm. IBM products that are available on the cloud are among others IBM DB2, Informix Dynamic Server, WebSphere Portal, Lotus Web Content Management and WebSphere sMash. This step to the cloud follows from a recent agreement between IBM and Juniper (a leading network equipment manufacturer) around Tivoli, a sorware applica7on that is able to transfer workloads from and to a public cloud. As of December 2009, Amazon has incorporated Tivoli as a standard offering on its EC2 solu7on. B. Rackspace Rackspace was tradi7onally a U.K. based web hos7ng enterprise which have gained worldwide fame for their “Fana7cal support” business model. Rackspace’s acquisi7on of Mosso added IaaS services to their product porxolio to support the deployment of Public and Private Clouds (Cloud Servers and Dedicated Services respec7vely). In addi7on they also offer storage services (Cloud Files) and PaaS services (Cloud Sites). To facilitate its comparison with Amazon EC2 we will limit our analysis to their Cloud Servers offering. According to John Engates, CTO of Rackspace, the company aims to provide maximum applica7on compa7bility minimizing the need to adapt sorware to be hosted on the Cloud. A central element on their strategy is to enable the further development of Hybrid Clouds for burs7ng between on-‐premises and off-‐premises cloud infrastructures. This is reflected for example in the fully compa7bility of Rackspace’s API with RightScale and rPath’s rBuilder solu7ons. During 2009 Rackspace has reported healthy growth rates. Net revenue for the quarter ending September 2009 was reported to be $162.4 million which is 17.4% more year-‐over-‐year basis and 6.8% more compared to the previous quarter. Cloud revenue increased to $15.3 million, 17% more than the previous quarter. Rackspace reported that Cloud related products represent approximately 10% of its total revenues (5% a year ago) managing 54,655 servers from 80,944 customers. Cloud Servers has access to local RAID10 storage which provides protec7on against drive failures. If any instance fails data is restored by Rackspace free of charge to another instance. They offer also a broad variety of instances, ranging from 256 MB to 16 GB of RAM. Once an instance is Towards a Healthy Cloud
Page 82 of 218
Juan Hernández Colomina
running out of resources it can be expanded without the need to start another instance. Networking resources offered by Rackspace are dedicated and persistent public IP address (no NAT transla7on) with a second private IP address included for free and addi7onal ones against limited costs.
One of the main differences between Rackspace and Amazon is Rackspace’s partnership with
VMware to offer VMware based images next to Xen based ones. This is the result of a strategic alliance between VMware and AT&T, Verizon, Rackspace and BT in a federated cloud plaxorm. A federated cloud integrates various different clouds on an ongoing premises (McLaughlin, 2009a). This vision of federated clouds facilitates migra7ons among those clouds and therefore it reduces the vendor lock-‐in risk. This is reflected on VMware’s vCloud open interface which is developed to facilitate migra7ons between clouds using this format (Kel•ens, 2009). In February 2009, VMware launched its new cloud tool vSphere. VMware’s vSphere is a Virtual Datacenter Opera7ng System (VDC-‐OS) that is designed to support organiza7ons in conver7ng current data centers in Private Cloud infrastructures that can eventually be connected to Public Clouds when needed (McLaughlin, 2009a). The vision of VMware is that ICT departments in the future are going to become internal hos7ng providers and therefore one of their most important tasks will be the effec7ve alloca7on of resources (Kel•ens, 2009). According to VMware, the cloud OS (vSphere) enables companies to deliver IT as a service enabling cloud burs7ng capabili7es (McLaughlin, 2009a). According to VMware the first step in crea7ng a Private Cloud is to virtualize the current infrastructure to then focus in delivering IT capacity to end users. By provisioning services and IT resources to end users trough a self-‐service interface and implemen7ng usage based billing systems an organiza7on can unleash the poten7al of Private Clouds (Sheehan, 2009b). With the launch of vSphere, VMware is addressing the self service provisioning of IT capabili7es. Management, automa7on and billing features will de launched in the coming year (McLaughlin, 2009a). C. Joyent
Joyent offers on-‐demand cost compe77ve virtual servers which they call Accelerators deployed
over a layer of shared networking, rou7ng, load balancing and persistent storage. On the PaaS area Joyent offers Smart Plaxorm to develop applica7ons and determine on the spot which instance is required to run them. For Private Cloud deployment and management Joyent has developed their Cloud Control sorware which is offered to enterprise customers.
Joyent leverages their partnership with Sun Microsystems by suppor7ng at the moment of
wri7ng only the Open Solaris OS. Moreover, Joyent uses Sun’s Solaris Containers and ZFS, and networking hardware and sorware from F5 Networks and Zeus. One of the most significant Joyent’s success stories is the one of the professional social network LinkedIN, which has 45 million users and 16 million unique monthly visitors by August 2009, more than double than a year before. The Joyent IaaS service delivers 331 million page views per month to LinkedIN visitors (by June 2009)
Towards a Healthy Cloud
Page 83 of 218
Juan Hernández Colomina
Gartner recommends Joyent specially for deploying External Private Clouds aimed to deliver rapid elas7city. However, one of Joyent’s limita7ons for organiza7ons outside the USA is that at the moment of wri7ng Joyent’s data centers are all located in the USA. They have Tier One SAS70 cer7fied facili7es located in Emeryville, San Diego, Andover and Dallas.
8.3. Selected PaaS Providers In the PaaS service level we can find a increasing larger number of vendors which try to deliver more flexibility than SaaS solu7ons while providing more abstrac7on from bare metal than IaaS solu7ons. The main goal of these offerings is to facilitate the quick and easy design, development and deployment of (business) applica7ons. Due to the fact that “out-‐of-‐the-‐box” SaaS solu7ons are rather inflexible, and that most organiza7ons do not need to have full control over the underlaying infrastructure, we can expect a trend in the Cloud Compu7ng market place towards the PaaS-‐ificaa7on of services. For the purpose of this research, we have selected Google App Engine, Windows Azure and Force.com as the most relevant PaaS solu7ons. Their features are depicted in table 15. Table 15: Feature comparison of selected PaaS providers
Features
Google App Engine
Windows Azure
Force.com
Supported languages
Java, Python
.NET, PHP, Java
Proprietary
Supported databases
BigTable
MS SQL, MySQL
Proprietary
Billing Method
Resource Usage Based
Instance Based
Applica7on Based
Code Portability
No
No
No
Compliance
not disclosed
ISO 27001
ISO 27001
Data Geo-‐localiza7on
No
Yes
No
Hybrid Models
Yes (*)
Yes (**)
Yes
API available
Yes
Yes
Yes
(*) Secure Data Connectors (**) AppFabric
A. Google App Engine According to Eric Schmidt (Google’s CEO): "Google aspires to be a large por7on of the cloud, or a cloud that you would interact with every day". In Google’s perspec7ve Cloud Compu7ng implies a fundamental change in the management of informa7on. Google believes that as it happened with electricity, IT will become an u7lity in the future being supplied off-‐the-‐wall (Baker, 2007). The paradigm of Cloud Compu7ng was long envisioned by Google’s founders a decade ago when Sergey Brin and Larry Page described their corporate vision: "to organize the world's informa7on and make it universally accessible." Towards a Healthy Cloud
Page 84 of 218
Juan Hernández Colomina
!
Google’s en7re business of around $21 billion in 2008 is built and runs on the cloud (Baker,
2007). Their popular search engine, adver7sement plaxorms and email services (among others) are all developed and maintained on the cloud. The first version of its most important product, Google’s search engine, was developed and deployed on the cloud from the beginning. Moreover, their search algorithm is not calculated on a central data center but concurrently on its network of distributed computers. This extensive experience and exper7se has provide Google with an advanced posi7on in Cloud Compu7ng. In a recent interview with Dave Armstrong, Google’s EMEA Cloud Compu7ng chief (Broek, 2009) he commented on the most important advantages of the cloud: scalability, cost reduc7on and improved collabora7on. Cloud Compu7ng allows organiza7ons to focus on their core businesses that differen7ates them from their compe7tors. For this reason, according to Armstrong, Cloud Compu7ng is an opportunity for every company in any sector, including highly sensi7ve businesses like the banking industry. Companies should just analyze and determine beforehand which informa7on is going to be stored on the cloud and which informa7on will remain on internal on-‐premises systems. He claims that there is no risk for vendor lock-‐in as data can be as easy pulled out than it was push into the cloud. In his own words: “You don’t lose anything by moving to the clouds. You’re just doing things differently” (Broek, 2009). The focus of Google is mainly on Public Clouds (Google AppEngine) providing developers with an applica7on framework and hos7ng to build and deploy their sorware. For enterprise solu7ons Google has partnered with IBM in developing cloud solu7ons for the enterprise. Google has also teamed up with IBM under the ini7a7ve Google 101 to build an University Cloud where students can learn about large scale compu7ng clouds (Baker, 2007). The ini7a7ve has been created by using IBM’s business sorware and Google servers. Although Google’s cloud is framework based, it supports a great variety of programming languages (e.g. Java, Python) without the need to reprogram applica7ons. Currently there are more than 80.000 applica7ons hosted in Google’s cloud (Holliday, 2009). One of the most important programming components of Google’s sorware is MapReduce. Although the company’s search algorithm provide the intelligence, it is the MapReduce applica7on that delivers speed to all its products (Baker, 2007). MapReduce divides each task into very small subtasks that are carried out on its distributed environment. By dividing the task and outsourcing it to thousands of computers, the task is completed within milliseconds. MapReduce combines then the frac7oned results into a significant holis7c answer. For educa7on purposes Google has developed Hadoop, an Open Source version of MapReduce. Although the Hadoop project was started by one of Google’s main compe7tors (Yahoo), Google has worked extensively on promo7ng it (Baker, 2007). Google’s inten7on is to support Hadoop in becoming a standard for Cloud Compu7ng sorware architectures. From a developer’s perspec7ve, Google App Engine is valued for its fully automated and easy to implement scalability, its ease of use Towards a Healthy Cloud
Page 85 of 218
Juan Hernández Colomina
and the usage based pricing. However, developers complain about the API narrowness, the compulsory use of Big Table DB, the lack of support for rela7onal data bases and the lack of code portability.
Google defines clouds as “giant clusters of computers that house immense sets of data too big
for tradi;onal computers to handle” (Baker, 2007). Google’s infrastructure of globally distributed data centers has been crucial for their pioneering role in Cloud Compu7ng (Broek, 2009). Their cloud is con7nuously evolving with investments in data centers es7mated to be around $2 billion a year (Baker, 2007). During 2007 Google added four new data centers to its Cloud with an average unit cost of $600 million. The capacity and capabili7es of its infrastructure makes it an ideal plaxorm to perform resource intensive scien7fic jobs that a decade ago would have been performed in a na7onal lab (Baker, 2007). Google’s architecture includes a worldwide network of thousands cheap self-‐assembled computers (Baker, 2007) which store the enormous amounts of data that enable fast web searching being capable of answering billions of queries within milliseconds. In Google’s vision, reliable sorware enables robust plaxorms and the use of inexpensive hardware (Sheehan, 2009b). This vision is reflect on the hardware that Google uses which is maintained on demand where individual hardware elements are replaced by beOer ones only when they stop working. According to Google, “ The reality is that most businesses don’t gain a compe77ve advantage from maintaining their own data centers” (Sheehan, 2009b). For those enterprises that do need to have (part of) their infrastructure on-‐premises, Google enables the possibility of deploying Hybrid models with their Secure Data Connector that enables Hybrid Cloud models (Holliday, 2009).
In the last quarter of 2008 Google has implemented an innova7ve data center management method on his new data center in Saint-‐Ghislain, Belgium. The new data center has no chillers to support its cooling systems. As chillers require large amounts of electricity to operate, this new method results in improved energy efficiency. Instead of using chillers, Google applies fresh air from outside the data center when temperatures are cool and it uses an on-‐site water purifica7on facility to use water from a nearby industrial canal instead of municipal water.
Using this innova7ve set up, local weather forecas7ng becomes a cri7cal factor in network and
data center management. Belgium's climate ranges from 18 to 22 degrees celsius during summer, while Google maintains his data centers above 26 degrees celsius. Google es7mates that temperature might rise above the acceptable maximum seven days per year on average. When this situa7on occur, Google will turn their Belgium data center off and reallocate compu7ng workloads to other data centers around the globe. This workload management strategy has been denoted as “follow the moon” taking advantage of lower costs for power and cooling during overnight hours, the so called off-‐peak u7lity rates charged by energy providers. Towards a Healthy Cloud
Page 86 of 218
Juan Hernández Colomina
A final remark should be made on the first Cloud based OS, Google’s Chrome OS. During 2009, Google has released their Chrome browser and their Chrome OS based on the former. Both represent a step further in the Cloud Compu7ng paradigm as now Google has opened the door to “empty” thin clients where applica7ons and data storage are cloud based. During 2010 it will become more clear wether this development will be embraced by users. B. Windows Azure Windows Azure was launched in 2008 and it is expected to be open for public use by January 2010. Azure supports the rapid development and deployment of cloud applica7ons (Holliday, 2009). In words of Bob Muglia, president of the Server and Tools Business at Microsor: "MicrosoU is converging on a common developer plaDorm for both servers and services". According to some journalists, Microsor’s strategy is to become the most used cloud opera7ng system (Mitchell, 2009). Gartner research suggest that Microsor is planning to become a market leader in tools for building Private Clouds (e.g. System Center product) as well as in Public Clouds (e.g. MS Azure) (Fergusson, 2008). Azure applica7ons are developed using .NET and compiled arerwards to a Common Language Run7me (CLR) to be used independently (Armbrust et al., 2009). The level of abstrac7on of Azure is somewhere between the Amazon’s EC2 (low abstrac7on) and Google App Engine (high abstrac7on). The programming languages and databases supported on Azure include non-‐Microsor products (e.g. Zend, PHP, MySQL, Java, Eclipse EDI, etc.) as well as Microsor languages and tools (e.g. MS SQL, .NET, Visual Studio as-‐a-‐service, etc.). However, it is important to note that as most Windows applica7on are built on Windows programming tools (e.g. .NET) the migra7on of these applica7ons will be easier to Azure than to any other plaxorm. Although this development means a unprecedented change in Microsor product strategy as compared to tradi7onal sorware models (client or on-‐premises) (Fergusson, 2008) it is important to note that Windows Azure is not a standard Windows OS. This means that developers might need to adapt their applica7ons to be able to run them on Azure.
Microsor recommends organiza7ons to deploy an Hybrid Model to limit their risks while
leveraging some of the poten7als of the cloud paradigm. To support hybrid models Microsor offers Windows Server AppFabric (currently in Beta status). Developers consider Windows Azure as a very simple and powerful role-‐based PaaS solu7on. However, they believe that Azure’s scalability is currently rather poor as it does not support automa7c scaling of instances. In Microsor’s latest Professional Developers Conference in November 2009, the company presented their strategy and latest development around the Azure plaxorm. One of this new developments is PinPoint, an AppStore for business apps developed and deployed in Azure including third party add-‐ons and data sets (comparable to Force.com). Another announcement was project Dallas, a data-‐as-‐a-‐service solu7on which offers large data sets of public and commercial data (e.g. WHO, NASA, etc.) on a pay-‐per-‐use basis. The goal of this project is to enable these data sets to be mashed up by developers on the Azure plaxorm.
Towards a Healthy Cloud
Page 87 of 218
Juan Hernández Colomina
Microsor is also working on the design of its new data centers to deliver facili7es that require no water and have no roofs. This facili7es are aggrega7ons of container formed boxes and are deployed in Chicago and San Antonio for the USA, Dublin and Amsterdam for Europe, and Singapore and Hong Kong for Asia. Their Chicago 700,000 square foot data center which costed more than $500 million and can hold up to 56 containers with a total capacity of 112.000 servers. Currently Microsor runs a more than 85.000 servers distributed across the six data centers. According to Microsor, all data will be replicated to at least three data centers from February 2010. Microsor currently supports only the Windows Server virtual machine format on Azure. Virtual machine server’s pricing ranges from 12 cents per service hour for machines powered by1.6-‐GHz processors and 1.75 GB of RAM up to 96 cents per service hour for eight 1.6-‐GHz chips and 14GB RAM. An example of an enterprise applica7on that is already running on Windows Azure is Capgemini’s ACS applica7on for complex calcula7ons of salaries and pensions which is offered as-‐a-‐ service to Capgemini’s customers. Other case studies on Azure suggest that deployment 7mes can be reduced from six weeks to six minutes while adap7ng 1% of the total code. C. Force.com The success of Force.com is even greater than the one obtained by Salesforce.com SaaS offering of hosted business applica7ons. The company has recently reported that 55% of the HTTPS transac7ons the company processes come through their API (and therefore from third party developed applica7ons) compared to 45% coming from Salesforce's own developed applica7ons.
Force.com focus primarily on enabling the easy development and deployment of custom
enterprise apps like HR, accoun7ng, sales, support, etc. According to Salesforce, organiza7ons can deploy applica7ons five 7mes faster against 50% of the costs compared to tradi7onal sorware development paradigms. Force.com allows developers to reuse exis7ng pre-‐defined data objects, security models, user interfaces, business processes and automated management. Compared to .NET and J2EE, Force.com affirms that it can deliver applica7ons 60% faster at 54% lower costs. Moreover, Force.com enables the integra7on of on-‐premises applica7ons in an Hybrid Cloud model. !
Salesforce last reported annual revenue was $1 billion as of February 2009. By December 2008,
Salesforce had around 51.800 clients and 3.300 employees. Their last reported quarter (third fiscal quarter of 2009) showed a 31% year-‐over-‐year customer increase to 67.900 accounts. Their underlaying infrastructure is based on the mul7-‐tenancy principle, hos7ng more than 135.000 applica7ons build by external developers on the Force.com plaxorm performing around 200 million transac7ons daily by an es7mated 188 million lines of code. Salesforce has obtained the ISO 27001 Cer7fied Security recogni7on and guarantees 99% availability rates. Force.com infrastructure is distributed on three global data centers that are configured for fail-‐over and disaster recovery.
Towards a Healthy Cloud
Page 88 of 218
Juan Hernández Colomina
On their programming layer, Force.com offers a programmable drag and drop user interface and cloud logic, real-‐7me analy7cs, an integrated content library, real-‐7me workflow and approvals, granular security and more than 800 integrated applica7ons. Moreover, Force.com allows user to create (mobile compa7ble) websites for developers to distribute their applica7ons. Users without technical or programming knowledge can deploy a database, design applica7on rules and deploy it onto front-‐ends and dashboards within minutes. For advance applica7on development, Force.com offers developers its own programming language, an Eclipse based IDE, an UI framework, and development and tes7ng environments.
Towards a Healthy Cloud
Page 89 of 218
Juan Hernández Colomina
9. Selec*ng a Cloud Provider The Cloud Compu7ng solu7ons offered nowadays are very diverse and each has unique evolving characteris7cs. For this reason it is important to consider solu7ons that best fit organiza7onal needs and re-‐evaluate the provider periodically (Leong, 2009). A methodology is therefore needed to support the evalua7on of offerings and compare them with other op7ons. In this sec7on we provide an brief descrip7on of some of the considera7ons that we believe an organiza7on has to take into account when selec7ng a Cloud Provider or developing their own Cloud solu7on. There are a number of misconcep7ons when considering Cloud Compu7ng solu7ons (Michelson, 2009). First of all, not all applica7ons need to be clouded, the best approach is to select those that can benefit from it. Second of all, there is no need to replace current resources if they can be reused into an Internal or Private Cloud model. Moreover, there is also no need to change the IT organiza7on or IT processes as long as the Cloud solu7on can fit into the exis7ng ones (Michelson, 2009).
An incremental gradual approach to adopt Cloud Compu7ng is oren recommended, for
example by running first a pilot test, then migra7ng one non-‐cri7cal applica7on and using benchmarking against on-‐premises to decide wether to go further. This approach helps to understand the benefits of Cloud Compu7ng step by step minimizing risks and learning by doing (Arnold, 2008a). Figure 12 : Gartner’s model for selec*ng a Cloud Provider .
Gartner recommends to compare
providers based on a TCO basis that includes not only hardware costs but also human resources, licensing costs and risks (Leong, 2009). Moreover, Gartner has developed a methodology to evaluate providers based on the specific needs of an organiza7on. Among others, the methodology considers cost, opera7onal stability and ability to scale as well as how the solu7on matches the firm’s applica7on architecture, provides the level of desired customer support and meets the organiza7on’s service level, security, privacy and compliance requirements (Leong, 2009). In order to get started with Cloud Compu7ng, Gartner recommends the four step model depicted in figure 12 (Plummer, 2009).
Towards a Healthy Cloud
Page 90 of 218
Juan Hernández Colomina
A. Focus Areas When Selec*ng a Cloud Provider Security is a major concerns by Cloud Users a must therefore carefully be scru7nized beforehand (Brynko, 2008). Storing data outside the organiza7on is in some cases not allowed by laws and regula7ons and end users expect appropriate protec7on of their privacy. Another important considera7on when evalua7ng cloud solu7ons is the transparency of the code (open source vs proprietary) to reduce the risk of vendor lock-‐in and increase applica7on portability and interoperability (Urquhart, 2009a). According to experienced prac77oners, the best approach to evaluate Cloud Compu7ng as a viable alterna7ve is to consider it for each applica7on and project separately (BeOs, 2009). To facilitate this evalua7on, a weighted scorecard approach has been suggested that considers the cri7cal factors influencing the decision (BeOs, 2009). Some examples of situa7ons that could significant benefit from the cloud are applica7ons with high demand vola7lity or that require fast provisioning of resources to improve the 7me-‐to-‐market. The scorecard approach is depicted in table 16: Table 16: Main Considera*ons When Selec*ng a Cloud Provider
Related Area Strategy Capacity Security Disaster Recovery Performance
Architecture & Integra7on Vendor Support
Vendor Compliance
Vendor Health
Ques*on Are any of the cloud advantages source of compe77ve advantage? (e.g. 7me-‐to-‐market, high scalability, etc.) Does the project have a high degree of demand uncertainty? Does the project have high peaks in demand? What is the strategic value and risks associated with the data? How vulnerable is the firm to security threats rela7ve to cloud providers? Can the Cloud Provider provide the Recovery Point Objec7ve (RPO) and Recovery Time Objec7ve (RTO) needed? What are the SLAs and track record of the Cloud Provider? Are there tools for monitoring performance? What is the effect of latency on performance? To what extent does the applica7on/project depends on integra7on with other applica7ons or data? Does the applica7on need to be customized to work in a cloud? Does the provider offer migra7on support, and support for service/performance issues? How compliant is the provider? (e.g. does he meet all necessary regulatory requirements) Are there comparable instances mee7ng the same requirements? Is the provider open to audits from external par7es? Is the provider financially stable? Does he offers compensa7ons for outages and malfunc7ons?
Another interes7ng model for the adop7on of Cloud Compu7ng solu7ons has been developed
by Infosys (Dargha, 2009). To evaluate Cloud Compu7ng offerings, Infosys proposes a weighted scorecard approach based on specific considera7ons to be taken by Cloud Users. Although the list of considera7ons is not complete, Infosys considers it a good start point to evaluate Cloud Providers (Dargha, 2009). The scorecard is depicted in table 17. Towards a Healthy Cloud
Page 91 of 218
Juan Hernández Colomina
Table 17: Infoys Scoreboard Approach
Considera*ons
Weight
Raw Score
Weighted Score
The demand of services is vola7le and unpredictable The service usage is not frequent There is no need for customized services or API The applica7on to be clouded is not mission cri7cal The applica7on is new or recently developed The applica7on is not subject to strict compliance The development plaxorm is not vendor specific The applica7on does not need to be integrated Internal or industry regula7ons allow to store data on the cloud The firm prefers to incur in OPEX rather than CAPEX The applica7on is tolerant to latency and other network performance issues
The priori7es of firms of different sizes are significantly different. Small firms focus on minimizing costs and complexity by elimina7ng the need to own resources. They are willing to trust external providers easier as they are always looking for outsourcing as many non-‐core ac7vi7es as possible (Urquhart, 2009a). On the other hand, large enterprises are more concerned with maintaining their exis7ng ICT investments and they carefully evaluate new investments based on profitability (e.g. ROI) (Urquhart, 2009a). Because large organiza7ons have already invested vast amounts of 7me and money in protec7ng and op7mizing their infrastructures they are not likely to adopt Cloud Compu7ng un7l the same levels can be guaranteed (Urquhart, 2009a). B. Service Model Selec*on Many IT leaders recommend using the cloud to host only certain types of applica7ons and informa7on as not all of them are well fiOed to be clouded. As Cloud Compu7ng has many implica7ons for the way businesses are conducted nowadays it is important to select the cloud services that best fit the business needs without bothering about the technical implementa7on (Arnold, 2008a).
Towards a Healthy Cloud
Page 92 of 218
Juan Hernández Colomina
In order to select the type of service best suited for an specific applica7on the following ques7ons might be considered (Edgewater): standard is the applica7on? (Proprietary / Commodity) • How was it developed? (Legacy / New Applica7on) • When is the 7me and cost of deployment? (Fast & Low / Long & High) • What stable is the applica7on usage? (High Scalability / Low Scalability) • How • Is there a situa7on of vendor lock-‐in? (Yes / No) Answering these ques7on we can determine which service model of Cloud Compu7ng is best fiOed for an specific applica7on. Using these answers we can use a decision framework (see table 18) to determine the best type of service for our situa7on (Edgewater, 2009): Table 18: Cloud Service Model Selec*on Tool
Service Type
Type of Applica*on
Scalability
Vendor Lock-‐in
Code
Deployment Costs
IaaS
Proprietary
Low
Low
Legacy
Low
PaaS
Proprietary
High
High
New
High
SaaS
Commodity
High
High
-‐
Low
C. Deployment and Access Models Selec*on Another important choice is the loca7on of the cloud to be used (Internal or External) (Urquhart, 2009a). Companies that believe they can get what they need from external offerings are more likely to adopt a Public Cloud while firms that are concerned about lock-‐in, data ownership, security and compliance would oren adopt and Hybrid or Internal Cloud (Urquhart, 2009a). An oren recommended approach to deploy cloud solu7ons is to create an Internal Cloud first that out scale to a External Cloud when internal resources cannot fully handle the workload and scales back in once those extra resources are no longer needed (Michelson, 2009). McKinsey recommends organiza7ons to build their own cloud infrastructure and although this can be a good solu7on for some situa7ons, it reduces one of the most important advantages of Cloud Compu7ng cost efficiency (Sheehan, 2009b). For this reason, some authors have proposed a different approach by first examining the organiza7on’s applica7on porxolio looking for cloud candidates, to calculate then the true costs of the internal infrastructure and therefore make founded decisions on wether to deploy an Internal or External Cloud (Sheehan, 2009b).
Towards a Healthy Cloud
Page 93 of 218
Juan Hernández Colomina
The current evolu7on of Cloud Compu7ng offerings can help organiza7ons to decide the level of hybridity that best fit their needs (Dignan, 2009). In some cases, organiza7ons can use Private Clouds that can out scale when needed to Public Clouds and therefore improve con7nuity and availability (Kirsner, 2009). However, most of the Hybrid offerings in the market are partnership based and therefore limit the choice of Public Clouds to the firms involved in the specific vendor partnership. An example is Sun’s Cloud Compu7ng plaxorm or BMCs hybrid solu7ons which among many other can out scale strictly to Amazon’s public cloud (Dignan, 2009) (Kirsner, 2009). Another example is the strategic partnership of VMware with several providers to support migra7ons based on the vCloud format. Another interes7ng approach to determine which type of access and deployment model is best fiOed for an specific applica7on takes into account how mission cri7cal and related to core prac7ces are the resources (Spinola, 2009). First, organiza7on need to determine which on-‐premises IT resources and systems are mission-‐cri7cal and which are not. Second, all resource must be analyzed to iden7fy which ones are sources of compe77ve advantage (core-‐business prac7ces) and which are not (non-‐core prac7ces). By answering these two ques7ons, organiza7on can use table 19 to determine which deployment and access model is best fiOed for that type of resources. Table 19: Cloud Access and Deployment Models Selec*on Tool (Spinola, 2009)
Core vs Mission Cri*cal
Mission Cri*cal
Non Mission Cri*cal
Core Prac*ces
Deploy in Private Internal Cloud
Good candidate for Private Internal Cloud
Non Core Prac*ces
Good candidate for Public cloud
Deploy in Public cloud
Towards a Healthy Cloud
Page 94 of 218
Juan Hernández Colomina
10. Answers to Research Ques*ons Phase 1 To summarize our findings from this research phase we provide in this sec7on the specific answers to the related research ques7ons.
1.
What is cloud compu*ng? How do vendors, consultants, analysts, standards organiza*ons and commercial publica*ons define Cloud Compu*ng?
As Cloud Compu7ng is a rela7ve new concept evolving rapidly over 7me, to elaborate our research defini7on we have taken into account previous defini7ons found in scien7fic papers (Berkeley University, Telefonica R&D, Melbourne University and IEEE), leading ICT consultants and analysts publica7ons (Gartner, Forrester, Accenture and Capgemini), commercial media and publica7ons by standards organiza7ons (NIST). All the defini7ons taken into account can be found in the elabora7on of Phase 1 in this report. From each exis7ng defini7on we have first extracted their main components or features to group them further where seman7cally possible. Features that are not in accordance with the possibili7es of this new paradigm (as reflected by exis7ng solu7ons) and/or are only men7on in few publica7ons have been excluded. Moreover, features that are not a essen7al requirements as demonstrated by some vendors have been also excluded. Arer this analysis we have elaborated the following defini7on of Cloud Compu7ng:
Research Defini*on of Cloud Compu*ng Cloud Compu;ng is the delivery model where on-‐demand elas;c IT capabili;es are offered as-‐a-‐service through the Internet following a usage based pricing model.
There are a large number of IT capabili7es offered according to the Cloud Compu7ng model. Some examples of the most popular services are infrastructures (IaaS solu7ons), plaxorms (PaaS solu7ons), and sorware (SaaS solu7ons).
The main features found in our defini7on are: (1) IT capabili7es, (2) on-‐demand, (3) elas7c, (4)
as-‐a-‐service, (5) internet delivery and (6) usage based pricing model. We will use these features to evaluate if a specific solu7on can be regarded as Cloud Compu7ng or not. Other non essen7al features that have been therefore excluded from the defini7on are virtualiza7on, mul7-‐tenancy use of resources, resource op7miza7on and self-‐service func7onality. A further explana7on on the reasons for excluding these features as well as the analysis performed to achieve our defini7on can be found in the sec7on over Phase 1 in this report.
Towards a Healthy Cloud
Page 95 of 218
Juan Hernández Colomina
2.
What are its advantages / disadvantages? The poten7al advantages of this new paradigm can be inferred from the goals that early
adopters had when adop7ng Cloud Compu7ng solu7ons. For this purpose we have analyzed several case studies on the use of current Cloud Compu7ng solu7ons. The most common advantages found are resource op7miza7on and elas7city, high performance compu7ng, failover and backup, business agility and faster 7mer to market, and leveraging external knowledge and experience. As Cloud Compu7ng has disrup7ve effects on the current delivery of IT capabili7es, we have dedicated a separate sec7on for describing the economic considera7ons of this new paradigm. Some of the economic benefits found are the transforma7on of capital investments into opera7onal expenses, the reduc7on of large capital commitments for the long term, the usage based pricing for improving opera7onal cost efficiency, the mi7ga7on of risks associated with capacity planning, and the realiza7on of economies of scale (and therefore cheaper offerings) by Public Cloud providers. The risks of this new paradigm have been elaborated from the specific characteris7cs of this new paradigm as compared to other op7ons (e.g. on-‐premises solu7ons). Moreover, they have been extensively subject of previous research by public agencies specialized on ICT security (e.g. ENISA). When adop7ng a Cloud solu7on compared to an on-‐premises alterna7ve risks are iden7fied at opera7onal, compliance and standards levels. Opera7onal risks include among others the dependency on external services availability, the performance of solu7ons build over shared resources, the dependence on external providers, the performance of public ungoverned networks (e.g. internet) and the lack of advanced cloud management tools. At the compliance level risks can be iden7fied on the applicability of (inter)na7onal laws and regula7ons, data confiden7ality on Public Clouds due to failures in resource isola7on, and the lack of transparency in external infrastructures. Although some formats (e.g. Amazon AMI for server images) are emerging as de facto standards, there are at the moment of wri7ng no formal standards in Cloud Compu7ng. This creates a serious risk for vendor lock-‐in as organiza7ons can not migrate to and from Cloud solu7ons without adap7ng their applica7ons.
Security is the most important barrier men7oned by organiza7ons for the adop7on of Cloud
Compu7ng. The single sing-‐on feature offered in Cloud solu7ons represents a single point of failure for the infrastructures and it is currently being mi7gated by Cloud Providers by using two factor authen7ca7on methods. As External Private and Public Clouds are oren not physically accessible by clients regulatory compliance is determined by the cer7fica7ons obtained by the provider (e.g. SAS70). Organiza7ons must therefore rely on this cer7fica7ons for their own regulatory compliance. The lack of contractual rights to perform security analysis implies that when an incident takes place organiza7ons can only rely on the audit features and findings provided by the vendor.
Towards a Healthy Cloud
Page 96 of 218
Juan Hernández Colomina
There are several jurisdic7onal issues related to the loca7on of data storage that are par7ally solved by providers offering data geo-‐localiza7on features. When using a External Private or Public Cloud the integrity of Cloud Provider’s employees should also be taken into account as security is more oren compromised internally. Procedures for data disposal should also be taken into account. Once data is deleted by a Cloud User, the Cloud Provider must assure that the deleted data cannot be restored, specially in shared infrastructures where the hardware is reallocated to a different user. Another security issue can be explained by the spoiler effect of informa7on. While a company’s infrastructure security is not well known to outsiders, Cloud Provider’s security measures are publicly available, making it easier for hackers to exploit vulnerabili7es.
3.
What types of cloud solu*ons are being currently offered in the market?
In order to create an overview of the different types of Cloud Compu7ng solu7ons currently available in the market we have described three classifica7on models described in exis7ng publica7ons: the Service Model which implies a trade-‐off between flexibility and abstrac7on (IaaS, PaaS and SaaS), the Access Model according to how access to the service is delimited (Private, Public and Hybrid) and the Deployment Model that takes into account the physical loca7on of the solu7on (Internal, External and Hybrid).
It is important to note that besides the pure Hybrid models (e.g. Public & Private or Internal &
External) there are also several combina7ons possible as we go down the service model stack (SaaS on PaaS or IaaS, PaaS on IaaS). Services can therefore be aggregated so we must take the individual services individually into considera7on and aggregate our conclusions when evalua7ng possible solu7ons. Moreover, each of these combina7ons can have also different dimensions like for example Public SaaS on Private IaaS, or Private PaaS on Public IaaS. This might not be clear at first in current product specifica7on but it is crucial to know the underlaying service composi7on of a solu7on in order to evaluate it properly. We recommend organiza7ons to analyze each service layer of a solu7on separately to find out if it is truly inline with their needs. Each model implies different considera7ons for organiza7ons. For example in the Service Model, when we move from SaaS to PaaS and from PaaS to IaaS the flexibility offered increases while abstrac7on levels decrease (and vice versa). In the Access Model, organiza7ons can choose from exclusive alloca7on of resources (Private Cloud) to mul7-‐tenancy over shared resources (Public Cloud). It is important to note that Public Clouds represent a higher security risk that Private Clouds as isola7on mechanisms can fail (e.g. bad neighbor and cartographic aOacks). However the exclusive use of resources leads per defini7on to lower provider’s cost efficiency and therefore more expensive solu7ons. In de Deployment model organiza7ons can choose to have full control over the solu7on (Internal Cloud) or outsource some management tasks to an external organiza7on (External Cloud). As each situa7on (e.g. project, organiza7on, etc.) requires a different set of features, organiza7ons should carefully evaluate these models and select the one that fit their needs more accurately.
Towards a Healthy Cloud
Page 97 of 218
Juan Hernández Colomina
At the moment of wri7ng several incidents on Public Clouds have been reported due to the lack of proper resource alloca7on (performance issues due to overbooking) and isola7on (cartographic aOacks). For this reason we can conclude that Public Clouds need to evolve significantly in the coming years in order to be ready for enterprise usage. In our opinion organiza7ons will begin using Internal Private Clouds in the near future and evaluate the use cases for Hybrid models once this new paradigm has been proven on a secure and fully controllable environment. Hybrid construc7ons will evolve first by adding connec7vity to External Private Clouds and on a later stage to Public Clouds (Internal and/or External). However, as Hybrid construc7ons are not easy to implement, we recommend that organiza7ons should account for this feature from the first development steps of their Internal Private Clouds, even if they are not planning to use it in the short term. A remark should be made on the consolida7on process currently taking place in the Cloud Compu7ng market, denoted by some prac77oners as the PaaS-‐ifica7on of Cloud Compu7ng services. SaaS solu7ons are becoming more flexible by allowing the development and deployment of third party applica7ons and mashups (e.g. Force.com from Salesforce) while IaaS solu7ons are including increasing levels of automa7on that perform some of the heavy liring in infrastructure management (e.g. Amazon). For the purpose of our research we have selected three IaaS solu7ons (Amazon, Rackspace and Joyent) and three PaaS solu7ons (Google App Engine, Windows Azure and Force.com) and extracted their features for further analysis. We have excluded SaaS solu7ons from this part of our analysis as they are very specific and use high levels of abstrac7on which makes it very difficult to compare them and evaluate their applicability to the Dutch healthcare sector. Moreover, SaaS applica7on are oren either built on PaaS solu7ons (e.g. Salesforce applica7ons on force.com plaxorm) or they tend to become plaxorms over 7me by offering more flexibility to end users (e.g. APIs). A detailed descrip7on of our feature analysis can be found in the Phase 1 sec7on of this report.
Towards a Healthy Cloud
Page 98 of 218
Juan Hernández Colomina
11. Conclusion Phase 1 In this phase of our research we have elaborated a defini7on of Cloud Compu7ng based on other defini7ons given in scien7fic defini7ons and commercial media, as well as perspec7ves from the leading IT analysts and consul7ng firms. To provide a beOer understanding of the concept we have described three cloud taxonomy models, the most common use paOerns, some of its economic considera7ons and the risks involved in adop7ng this new computer paradigm. In addi7on we have included a brief descrip7on of some of the leading cloud offerings and some models that can be used for evalua7ng vendors and their solu7ons.
The increasing demand for internet-‐based services and the current economic downturn have
created a perfect storm for organiza7ons to reevaluate the role of non-‐differen7a7ng compu7ng resources in their infrastructure. The vision of compu7ng technology as an u7lity is gaining acceptance between prac77oners as current innova7on are increasingly enabling this paradigm. Moreover, organiza7ons focus nowadays more on business processes and how to op7mally support them rather than on the underlaying resources. In this context the elas7c character of u7li7es matches current organiza7onal needs and the capabili7es of technology as businesses of all kinds, specially internet start-‐ups and fast growing organiza7ons, must be able to adapt to quickly changing demands. ICT solu7ons must enable rapid scalability to scale (up and down) at the same rate than businesses. Based on defini7ons from scien7fic publica7ons, analysts, consultants, commercial media and the Na7onal Ins7tute of Standards in Technology (NIST) we have elaborated our own defini7on of Cloud Compu7ng: Cloud Compu;ng is the delivery model where on-‐demand elas;c IT capabili;es are offered as-‐a-‐service through the Internet following a usage based pricing model. Moreover, we have described three models to categorize Cloud Compu7ng solu7ons: the Service Model (IaaS, PaaS and SaaS), the Access Model (Private, Public, Hybrid) and the Deployment Model (Internal, External, Hybrid). We believe that organiza7ons will begin using Private Clouds in the near future and evaluate the use cases for Hybrid models once they have been proven on a secure environment. However, as Hybrid construc7ons are not easy to implement, we recommend that organiza7ons should account for this feature from the first development steps of their Private Clouds. We also believe that the large variety of services currently offered will consolidate over 7me in a PaaS-‐ifica7on process where SaaS solu7ons will become more flexible by allowing the development of (third party) applica7ons and mashups (e.g. Salesforce and Force.com) and IaaS solu7ons will include increasing levels of automa7on that perform the heavy liring of infrastructure management. It is clear to us that Cloud Compu7ng should be considered by organiza7ons as a viable alterna7ve to increase IT capabili7es without making long term investments in data centers. As organiza7ons can transform their Capex investments into Opex expenses they can align resource u7liza7on to the success of projects and business ideas, which enables innova7on. Moreover, Towards a Healthy Cloud
Page 99 of 218
Juan Hernández Colomina
organiza7ons can leverage this large amounts of resources for heavy compu7ng tasks that otherwise would be very expensive and would take a long 7me to complete. However, in our opinion not all applica7ons will be run in the cloud and there will not be one single standardized cloud but rather different types of cloud to server different purposes. Some clouds will be specialized non-‐commodi7zed applica7ons and other will be deployed as Private or Hybrid Clouds. Organiza7ons should carefully evaluate the human resource and experience needed for each of these delivery models in order to select the best one for their situa7on. As more and more Cloud Compu7ng offerings are emerging, developers should take into account the possibili7es and limita7ons of deploying applica7ons on the cloud and create sorware that supports such environments. Specifically, they should consider horizontal scalability which implies that applica7ons are not longer bounded to the physical resources available but can run across several physical loca7ons with almost unlimited resources. Systems that are not regarded as compe77ve differen7ators are good candidates to be deployed on the cloud. As they are not source of compe77ve advantage, any effort in upgrading, maintaining or modifying such systems will not create any added valued to the organiza7on and therefore they can be beOer outsourced to reallocate the resources to projects that do enable differen7a7on. Moreover, when considering the type of resources consumed by each applica7on, we can conclude that non-‐mission cri7cal applica7on’s consuming scarce resources that are also used by cri7cal applica7ons are probably the best candidates to be placed on the cloud. It is important to note that some IT resources (the minority) are indeed enablers of differen7a7on and should therefore not be contracted from third par7es. Those applica7ons are key to an organiza7on’s compe77ve advantage and therefore enable the firm to perform beOer than their compe7tors Although the on-‐premises paradigm provides higher levels of control for organiza7ons, in previous researches it is es7mated that 75% of IT expenses are incurred merely to keep the systems running (Arnold, 2008a). Most IT departments have to deal with human resource scarcity which results in a lot of new ideas that remain in the pipeline. An organiza7on can use Cloud Compu7ng to develop services that are interes7ng for the business but that due to lack of resources are not being aOempted.
A final considera7on must be made on the poten7al that Cloud Compu7ng has to provide
compe77ve advantage to firms. A recent study showed that firms using intensively Amazon’s cloud services were realizing savings in storage between 20% and 50% during the last years (Armbrust et al., 2009). When these firms reallocate the savings to their selling prices, they are able to offer cheaper services or products to their clients while maintaining the same quality levels. In this way, companies using cloud services can achieve compe77ve advantage in their markets by cost differen7a7on.
Towards a Healthy Cloud
Page 100 of 218
Juan Hernández Colomina
Before Cloud Compu7ng is widely adopted by enterprises a series of developments must take place on the market. First of all, the great diversity of offerings will need to converge in a form of cloud uniformity to support service and data interoperability and portability. However, the close character of some of the current offerings are major drawback for this development. Moreover, in the future new features that improve safety and reliability must be added to current solu7ons to convince firms that they can regain control when desired. Scien7fic researchers can contribute to the field by researching the main issues in the use of this new paradigm. Certain open ques7on remain that could be further researched in the future. According to UC Berkeley RADSL the following future issues need to be further researched: will be the billing units for the higher-‐level virtualiza7on clouds? • What will be the billing units for flash memory? • What will network bandwidth pricing evolve? • How are the barriers for the improvement of network bandwidth? • What level of abstrac7on in cloud solu7ons will be the dominant one ? • Which and when are cloud standards going to emerge? • How • How would Cloud Providers differen7ate in the future (e.g. services, quality, etc.)?
Certain types of applica7on are expected to contribute to the emergence of Cloud Compu7ng
(Armbrust et al., 2009). Mobile interac7ve applica7ons, parallel batch processing and compu7ng intensive desktop applica7ons are some examples of sorware types that are good candidates to be hosted on the cloud. We can expect rapid developments in the future of these types of capabili7es that can be also subject of further research.
In the remaining sec7ons of this research we use the results of this phase to analyze the
applicability of Cloud Compu7ng solu7ons to the Dutch healthcare sector. Specifically we will use the research defini7on, taxonomies and market analysis to evaluate wether current offerings sa7sfy the condi7ons of this ver7cal sector.
Towards a Healthy Cloud
Page 101 of 218
Juan Hernández Colomina
Research Phase 2: ICT in the Dutch Healthcare Sector Now that we have defined the concept of Cloud Compu7ng and what offerings are currently available on the market (see Phase 1 of this report) we will con7nue in this second phase by analyzing the current trends and opportuni7es in the healthcare sector and the role of Informa7on Technology on this sector. We will narrow our focus to the Dutch healthcare sector and specifically to one of its most important current ICT projects, the introduc7on of a na7onal EPR system (the EPD ini7a7ve). This analysis, together with our findings from Phase 1 will become the step stones for Phase 3, where we will analyze the applicability of current Cloud Compu7ng solu7ons to the Dutch healthcare sector and specifically to the EPD ini7a7ve.
In this second phase of the research we will examine the EPD infrastructure in The
Netherlands. As this type of projects in the European Union are not geographically or poli7cally isolated but they are rather embedded in na7onal context from an interna7onal perspec7ve, we will introduce first the scope of this research with a top-‐down approach, from the European healthcare strategy to the Dutch healthcare perspec7ve (see sec7on 1). We con7nue then by briefly describing the role of technology in the healthcare sector (see sec7on 2) in order to facilitate our further analysis of ICT usage in the Dutch healthcare system with special aOen7on to the introduc7on of EPD (see sec7on 3).
1. Context and Scope
To introduce our analysis of the Dutch healthcare sector and its use of ICT we need first to
consider the scope and context that influence current developments in the sector and the adop7on of technology to support them. For this reason we will discuss first the specific characteris7cs of the healthcare sector (see sec7on A), to con7nue with our analysis of European healthcare taking into account the current concerns of European ci7zens, the current European health strategy and objec7ves and the current challenges of this sector in the European Union (see sec7on B). We will conclude this sec7on by describing the current developments and concerns in the Dutch healthcare sector from a ci7zens point of view as well as from a government perspec7ve (see sec7on C).
1.1. Characteris*cs of the Healthcare Sector
The healthcare sector is probably one of the most demanding sectors and with the highest
impact on ci7zen’s quality of life. Ci7zen’s are not only the main consumers of care services but they are (in many cases) also the source of resources (through taxes) that enable such services. The specific character of the healthcare sector compared to other sectors can be summarized into four main factors: 7mely decision making, broad impact on ci7zens, increasing expenses and increasing service demand:
Towards a Healthy Cloud
Page 102 of 218
Juan Hernández Colomina
Decision Making: Although it is important to carefully determine which is the best solu7on • Timely for a specific situa7on and how to implement it, delays in healthcare improvement ini7a7ves can
• • •
be directly linked to ci7zen’s injuries and deaths that could have been avoided (Gartner, 2009). This impact of decision making on ci7zen’s lives cannot be found in all other industries. Broad Impact on Ci*zens: Healthcare affects all ci7zens in various ways. Either as service consumers (e.g. pa7ents) or as service providers (e.g. tax payers). According to a recent european opinion survey (Eurobarometer, 2008) healthcare is the firh most important issue among European ci7zens. Increasing Yearly Expenses: On average healthcare expenses as percentage of gross domes7c product (GDP) in Europe have been con7nuously rising during the past decades (from 3,1% of GPD in 1960 to 8,8% of GDP in 2006). As healthcare expenses growth rates have been higher that GDP growth rates, analysts expect an exponen7al increase of healthcare costs in the future reaching 15% of GDP by 2020 (Gartner, 2009). Increasing Service Demand: The increasing growing costs are largely originated by an increasing demand for healthcare services. This increase in demand is caused by longer life expectancies and aging popula7on as well as by new lifestyles which imply more (and more intensive) healthcare services (Gartner, 2009) (Stroetmann, Jones, Dobrev, & Stroetmann, 2006). Some examples of these new lifestyles are increasing alcohol consump7on and increasing average weight of ci7zens.
1.2. Healthcare in the European Union In our effort to delimit the scope of our analysis, we will focus in this sec7on on the healthcare sector at the European level. For this purpose, we will briefly describe the evalua7on of actual European Health systems from a ci7zen perspec7ve (see sec7on B.1), the current concerns of European ci7zens and its rela7onship with healthcare (see sec7on B.2), the European wide health strategy and objec7ves (see sec7on B.3) and the current challenges of healthcare in Europe (see sec7on B.4). A. European Healthcare Systems The health sector in Europe is very heterogenous and complex as it includes a great variety of different na7onal healthcare systems and it serves a wide variety of customers, in some situa7ons even across na7onal systems (Stroetmann, Jones, Dobrev, & Stroetmann, 2006). Na7onal healthcare systems vary strongly in their public/private delivery and financing. The sector is usually highly regulated by (inter)na7onal, regional and/or local laws and regula7ons. In most cases, healthcare services are delivered by public, non-‐profit organiza7ons leading to the absence of compe77on and free market mechanisms. As a result, cost efficiency is a lower priority compared to other sectors. According to the eBusiness Watch report, the healthcare sector was by the year 2000 the most dominant economic sector in the EU (Stroetmann & Stroetmann, 2004b). It employs more than 15 million people (9% of the total jobs in the union) and it represents 500 billion euros expenditure (more than 6% of the total European GDP). When analyzing healthcare expenditure by the source of financing per country we observe that The Netherlands has lower public expenditure than the Towards a Healthy Cloud
Page 103 of 218
Juan Hernández Colomina
European average (68% and 74% respec7vely) while its private financing is higher than the European mean (32% and 26% respec7vely). In general, Europeans are highly sa7sfied with their health and the medical services in their local areas. Around 81% of Europeans are sa7sfied with their state of health while 72% is sa7sfied with the health services they can access locally (Eurobarometer, 2009). Beside the effects of the economic malaise and the posi7ve evalua7on of personal health and care services provided, “healthcare systems” is s7ll the number one non-‐economic issue for Europeans. In the two latest european barometers (waves 70 and 71) we observe that healthcare systems are the fourth most important issue arer three economic related issues (infla7on, economy and unemployment). European countries are confronted with increasing long term healthcare needs due to the fact that ci7zens live longer and the “baby boom” genera7on becomes older. For this purpose, in 2002 three guiding principles for the reform of healthcare systems were defined by the European Council: healthcare accessibility for every ci7zen, high quality of care and long term financial sustainability.
In a special Eurobarometer report from the European Commission on healthcare in the
European Union the results of interviews with more than 28.000 Europeans from 27 different European countries are analyzed to support the development of long term healthcare strategies by member states (Eurobarometer, 2007). When evalua7ng hospitals, around 71% of Europeans rate the quality of na7onal hospitals as very good (15%) or fairly good (56%). On the opposite side, around 25% of Europeans believe that hospitals are fairly bad (20%) or very bad (5%) (Eurobarometer, 2007). In The Netherlands, hospital’s evalua7ons score above the European average with 87% of Dutch ci7zens claiming that their hospitals are fairly good or very good. If we observe the evalua7on of services provided by medical specialists, we observe the same sa7sfac7on scores as with hospitals. At European level 74% of ci7zens values the quality of specialist care as good or very good while in The Netherlands around 83% is sa7sfied with the quality of specialist care provided. The availability and accessibility of hospitals in the European Union is posi7vely evaluated by Europeans (76% affirmed to be very easy or fairly easy). However, in The Netherlands, ci7zens evaluated accessibility and availability of hospitals slightly lower than the quality of services provided (80% answered that hospitals are very easy or fairly easy to reach) (Eurobarometer, 2007). An important remark should be made on the fact that 8% of European ci7zens (7% in The Netherlands) could not obtain health services when needed due to the lack of availability or accessibility of hospitals. The availability and accessibility of specialists care in Europe scores lower than when evalua7ng it at hospitals (Eurobarometer, 2007). Around 62% of Europeans considers that medical specialist care is easy or very easy accessible. In The Netherlands the percentage is slightly higher than average as 66% of Dutch ci7zens affirm that specialist care is easy or very easy to access. Around 9% of
Towards a Healthy Cloud
Page 104 of 218
Juan Hernández Colomina
European ci7zens (7% in The Netherlands) could not obtain specialist’s care because they were not accessible or available. Family doctors and GPs are beOer evaluated by European ci7zens than hospitals and medical specialists (Eurobarometer, 2007). From all correspondents, 84% considers the quality of care provided by family doctors as good or very good. In The Netherlands the percentage is even higher, with around 89% of Dutch ci7zens evalua7ng their family doctor’s quality of care as good or very good. The same differences are observed when evalua7ng the accessibility and availability of care provided by family doctors. Around 88% of European ci7zens and 92% of Dutch ci7zens considers that family doctors are easy or very easy accessible and available. B. Current Concerns of European Ci*zens In the latest report of the Eurobarometer public opinion research by the European Commission (Eurobarometer wave 70) the effects of the economic crisis are clearly ascertained by European ci7zens. The average unemployment rate in the European Union is expected to rise up to 8,1% by 2010 having a significant impact on European consumer’s confidence. As a result the Economic Sen7ment Indicator reached its lowest point since 1993 (Eurobarometer, 2008). Europeans are primarily concerned about the deteriora7on during 2009 of na7onal employment rates and economies, followed by the economic situa7on in the European Union and the world. A recent report from the European Commission (The Europeans in 2009) reflects on the shir in ci7zen’s opinion from a ‘feel-‐good’ to a ‘feel-‐bad’ situa7on in both their personal and economic perspec7ves. The accelerated recession that we are experiencing during 2009 was not an7cipated by economic experts and analysts. While 8,2% of Europeans did not have a job by January 2009, experts expected those levels of unemployment by 2010. Economic growth is reaching its lowest rates since the second World War. This nega7ve economic context is affec7ng the lives of Europeans and the expecta7ons they have for the future (Eurobarometer, 2009).
Even though the economic crisis is having a deep impact on all aspects of society, s7ll three out
of four Europeans are sa7sfied with the life they lead (Eurobarometer, 2009). However, the percentage of unsa7sfied Europeans is the highest since 1995. In The Netherlands 96% of ci7zens are sa7sfied with their lives. This is significantly higher than the European average (75%) and is also the third highest sa7sfac7on rate within the European Union.
Towards a Healthy Cloud
Page 105 of 218
Juan Hernández Colomina
Figure 13: Current Concerns of European Ci*zens
Inflation Economy Unemployment Crime Healthcare Pensions Immigration Taxation Housing Education Terrorism
Although European ci7zens are now more concerned with economic issues
37% 37%
like infla7on or unemployment, there are a significant number of people which considers healthcare systems to be an important current na7onal issue (Eurobarometer, 2009). In the three latest Eurobarometer researches
26% 17% 16% 10% 9%
healthcare systems were the fourth (EB 67 to EB 69) and firh (EB70) major concern of Europeans at na7onal level, arer economic related issues and safety (e.g. crime). The
8% 8% 7% 5% 0
0,1
0,2
0,3
0,4
results are shown in figure 13.
Issues at national level (EB70)
When europeans are asked about their concerns at personal level, healthcare becomes the third most important issue arer infla7on and the economic situa7on (Eurobarometer, 2008). This is specially the case in The Netherlands, the only European country where healthcare systems are the number one concern at personal level, men7oned as first priority by 37% of all correspondents. It is important to note that concerns about healthcare systems increases with the age of the correspondent. This is in accordance to the dependency on healthcare services, where older ci7zen’s are usually more dependent on healthcare than younger ones. When Europeans are consulted on where decisions affec7ng healthcare should be made, the majority (66% of correspondent) considers that they should be taken at na7onal level by the government (Eurobarometer, 2008). C. European Health Strategy and Objec*ves
The right of universal access to healthcare has been recognized by the European Union in the
Charter of Fundamental Rights of the EU (European Parliament, 2000) and it has been incorporated in the overall strategy of the European Union (European Commission, 2007). The Charter of Fundamental Rights of the European Union (European Parliament, 2000) describes the right of healthcare in ar7cle 35: “Everyone has the right of access to preven7ve healthcare and the right to benefit from medical treatment under the condi7ons established by na7onal laws and prac7ces.” The European Commission’s publica7on “ Together for Health: A Strategic Approach for the EU 2008-‐2013” describes the strategy and objec7ves that member states should follow in the coming years to improve the quality of healthcare services. Healthcare is a essen7al element of every ci7zen’s life and it must therefore be effec7vely supported by na7onal and european policies, laws and regula7ons (European Commission, 2007).
Towards a Healthy Cloud
Page 106 of 218
Juan Hernández Colomina
Although member states are directly responsible for the care services provided to ci7zens and the suppor7ng policies, there are certain situa7ons where coopera7ve ac7on at European level is required (e.g. pandemics, free movement of ci7zens, etc.). Moreover, the delivery of healthcare services is explicitly men7oned in the EC Treaty (ar7cle 152): “high level of human health protec7on shall be ensured in the defini7on and implementa7on of all Community policies and ac7vi7es” (European Commission, 2007). This statement has been reaffirmed in the Reform Treaty in Lisbon the 19th of October of 2007. Besides reenforcing the importance of healthcare, the Commission encourages member states to cooperate with other countries on health related issues.
The need for an European wide health strategy is the result of three main growing challenges
that affect the health services provided to ci7zens: demographic changes, global threats and the rapid evolu7on of technologies (European Commission, 2007). These three challenges are related to the European strategic objec7ves of solidarity, security and prosperity respec7vely. As the average age of Europeans increases (for example The Netherlands expects that in 2030 around 35% of the popula7on will be older than 55 years) the sustainability of current na7onal healthcare systems will be significantly affected. Global threats like for example pandemics, global warming or bioterrorism require rapid response and extensive coopera7on among all member states. The rapid evolu7on of new technologies can enable new capabili7es for predic7ng, preven7ng and trea7ng illnesses. The strategy developed by the European Commission includes four fundamental principles to guide european and na7onal healthcare ini7a7ves from 2008 to 2013 (European Commission, 2007). The principles are: (1) strategy based on shared health values, (2) health in the greatest wealth, (3) health in all policies and (4) strengthening the European Union voice in global health. This principles are elaborated in appendix G. As a part of the European Commission healthcare strategy, the commission have elaborated three strategic objec7ves to cope with current challenges. These strategic objec7ves are elaborated in the following paragraphs: good health in aging Europe: Current low birth rates and increased ci7zen’s longevity • Fostering result in an increasing aging of the European popula7on (Stroetmann & Stroetmann, 2004a). According to EC by 2050 the number of ci7zens older than 65 years will grow by 70% and the number of ci7zens older than 80 years will grow by 170% (European Commission, 2007). This developments will increase the demand for healthcare services while the working popula7on decreases at the same 7me. In order to maintain the sustainability of healthcare systems it is important to improve the health status of this aging popula7on. For this reason the commission proposes specific ac7ons to promote healthy lifestyles and prevent and treat diseases. To achieve this objec7ve the commission proposes four ac7ons: promote healthy lifestyles among ci7zens, develop specific ac7on against factors affec7ng health (e.g. tobacco, alcohol, etc.), improve the preven7on and treatment of rare diseases and improve the policies for organ dona7on and transplanta7on.
Towards a Healthy Cloud
Page 107 of 218
Juan Hernández Colomina
ci*zens from health threats: Safety, security and protec7on of European ci7zens • Protec*ng against health threats is an obliga7on of every member state as stated in the EC Ar7cle 152.
•
Globaliza7on, global warming and terrorists threats have added new challenges to this objec7ve that require collabora7on between member states and interna7onal actors (European Commission, 2007). To successfully achieve this objec7ve the commission proposes to strength the mechanisms for detec7on and response to health threats and to research how climate change affects ci7zens health. Suppor*ng dynamic health systems and new technologies: The European Commission believes that new technologies can significantly contribute to the sustainability of current healthcare systems. Emerging technologies like for example eHealth, genomics and biotechnologies can improve the preven7on of illness, the delivery of care services and the treatment of ci7zens. The commission believes that eHealth can contribute to beOer ci7zen centered care as well as to lower costs and improve interoperability across na7onal boundaries. Moreover, eHealth can facilitate ci7zen’s mobility within the EU and improve their safety. The proposed ac7ons are the crea7on of a framework for safe, high quality and efficient health services, the support of member states in managing innova7on in health systems and the support of implementa7ons and interoperability of eHealth solu7ons. D. Future Challenges for Healthcare in Europe
The main goal of healthcare is to provide ci7zens with 7mely and qualita7ve care. For this reason, aligning healthcare services to the specific needs of pa7ents at a certain point in 7me is a growing concern for all member states. Member states and healthcare organiza7ons need to cope with the con7nuously growing demand for health services while improving the quality and efficiency of those services. According to previous research (Gartner, 2009) this implies changing current healthcare systems from a physician-‐centric to a pa7ent-‐centric perspec7ve. According to previous research, policy makers and healthcare organiza7ons need to align their efforts towards the following challenges (Gartner, 2009): Demand: effec7vely and efficiently mee7ng growing demand. • Growing of Care: equal access, less wai7ng 7mes and beOer resource u7liza7on. • Availability of Care: coordina7on and informa7on sharing among healthcare providers. • Con*nuity pa7ent-‐centric healthcare reinforcing the pa7ent’s role in healthcare. • Empowerment: Safety: evidence based services that reduce the risk of harm. • Pa*ent of Care: effec7ve and efficient healthcare that improves customer sa7sfac7on. • Quality Scale Risks: ability to mi7gate or avoid large scale healthcare risks like pandemics, • Large bioterrorism and health consequences of climate change.
1.3. The Dutch Healthcare System The main actors in the Dutch healthcare sector are pa7ents, healthcare providers, insurance companies, pa7ent associa7ons, informa7on systems providers and government organiza7ons (Stap, Verhoosel, Bekkum, & Mos, 2007). The Dutch healthcare system is one of the most priva7zed systems within the EU. The percentage of private expenditure related to GDP in health is the third largest in the EU (around 3,7% of Dutch GDP) (Ebusiness Watch, 2006). Only Switzerland and Greece have Towards a Healthy Cloud
Page 108 of 218
Juan Hernández Colomina
higher private financing of health services related to their GDPs. From the total Dutch health expenditure around 33% is used to finance hospital ac7vi7es which is in line with the EU average (Ebusiness Watch, 2006). As in the rest of the EU, the financial sustainability of Dutch health system is at risk due to socio demographic developments, while at the same 7me ci7zens expect that the quality of care services improve over 7me. According to data from 2004, the costs of the Dutch healthcare system are es7mated to be around 45 billion euros per year, represen7ng 9,2% of the na7onal gross domes7c product (GDP) (Prou & Smit, 2006). The three main cost areas are hospitals (29%), elderly care (18%) and pharmaceu7cals (11%). As the Dutch system is predominantly private, care service providers nego7ate directly with health insurers. In 2006, public coverage for ci7zens earning less than a predefined threshold (65% of popula7on) was ended, leading to a new system of compulsory private na7onal insurance with basic care for everyone. Insurers must offer the basic package to every ci7zen that request it, while they can compete with other insurers by offering addi7onal care services (Prou & Smit, 2006). Dutch ci7zens pay an annual fee of around 2.000 euros with a refund of around 300 euros per ci7zen if no healthcare services are consumed during a year. Within the basic coverage all primary and secondary care is included. An interes7ng research on recent developments in the Dutch healthcare system has been carried out by the Nivel ins7tute, an organiza7on specialized in healthcare related research in The Netherlands (Nivel, 2009). According to Nivel, Dutch healthcare organiza7ons are going through a deep transforma7on process that affects not only those organiza7ons but every professional that collaborates with them. The size of Dutch healthcare organiza7ons has increased over the past decades due to merges and acquisi7ons (Nivel, 2009), resul7ng in larger hierarchical organiza7ons that create more distance between top execu7ves and care professionals complica7ng their management. In The Netherlands, hospital’s top execu7ves leave their posi7ons on average 2,8 years arer they started in that func7on (Nivel, 2009). This is remarkably low compared to other sectors and countries. Unhealthy behaviors and situa7ons are directly related to an increase in demand of healthcare services (Nivel, 2009). One of these situa7ons is caused by viral infec7ons within Dutch hospital (MRSA) that have double in number of infec7ons between 2002 and 2006. This type of infec7on is hard to find outside hospitals and the bacteria has developed over the years resistance against tradi7onal medica7on (e.g. penicillin). Other types of situa7ons that have been researched by Nivel are the treatment of post stroke depression (a phenomenon that occurs in around 30% of the cases), the increasing number of pa7ents with sexual or rela7onship problems, the treatment of chronic sicknesses (e.g. HIV), the rela7on between professional female athletes and the amount of injuries, the health status of rural versus urban ci7zens and the effect of personal movement on health. One of the most important challenges signaled by Nivel is the lack of medical professionals and medical educators in the (near) future due to demographic developments. As the Dutch popula7on is Towards a Healthy Cloud
Page 109 of 218
Juan Hernández Colomina
aging and some are working part 7me more oren, researchers expect that the healthcare sector will need 25% more professionals by 2025. This challenge is likely to accelerate collabora7on rates among healthcare prac77oners and therefore the adop7on of na7on wide EPD.
The Dutch minister of Health recognizes the social importance of healthcare accessibility and
quality as every ci7zen needs these services some7me in their lives (Klink & Bussemaker, 2008). In a leOer to the Dutch parliament in 2008 he recognizes the pressure on the current system due to the steady increase in demand and cost of care services (Klink & Bussemaker, 2008). Ci7zens are increasingly demanding higher quality of care services at lower prices while at the same 7me they are becoming less tolerant for errors or unexpected circumstances. Due to the evolu7on of medical prac7ces, physicians can treat (cri7cal) medical condi7ons more efficiently and accurately, resul7ng in longer ci7zen’s life expectancy. However, elderly people require more intensive care services than younger ones, and they oren suffer from mul7ple and (in some cases) chronic health condi7ons (Klink, 2009). This indicates that the demand for healthcare services is changing, requiring more mul7disciplinary services leveraged by collabora7on. To cope with these socio demographic developments, healthcare needs to improve opera7onal efficiency, or in other words it needs to provide more and beOer services with less human and capital resources (Klink, 2009). The Ministry believes that innova7on, its diffusion and applica7on are cri7cal factors to deal with these challenges. For this reason, the Dutch government has launched a series of ini7a7ves focused on the crea7on of a healthcare innova7on plaxorm and policies to support innova7on through the use of ICT. It is not only important that innova7ons emerge but also that they are quickly implemented and adopted to leverage benefits for ci7zens, pa7ents and organiza7ons (Klink & Bussemaker, 2008). The Dutch Ministry of Health defines innova7on with the following formula: innova7on equals improvement mul7plied by implementa7on. The government’s role is to create a climate where innova7ons emerge and are rapidly spread, and to guide innova7ons in solving current healthcare challenges. According to the Dutch minister of Health, con7nuous improvements in healthcare quality and opera7onal efficiency are necessary to meet (future) ci7zen’s demands (Klink, 2009). Quality improvements imply measuring, knowing, evalua7ng and improving current performance. The Dutch Ministry of Health has the inten7on to restructure the current health system including the shir of power from providers to consumers and the shir of control from public bodies to insurers (Tange, 2008). The EPD ini7a7ve can be regarded as the first steps towards this redesign. To support innova7on in the healthcare sector, the Dutch Ministry of Health is planning to a significant amount of resources during the coming years (Klink, 2009). While in 2008 the budget for healthcare innova7on was around 14 million euros, in 2009 it increased to 29 million euros. This trend will con7nue in the coming years where 42 million euros will be allocated in 2010, 55 million euros in 2011 and 60 million euros in 2012. Towards a Healthy Cloud
Page 110 of 218
Juan Hernández Colomina
The implementa7on of the Electronic Health Records (EHR) infrastructure in The Netherlands (the EPD project) was ini7ated by the Minister of Health to improve the access and quality of healthcare as well as the cost efficiency of the current system (Deutsch & Turisco, 2009). The aging character of the Dutch society and the mobile character of its ci7zens are some of the contextual factors that can be considered as enablers of this project. Taking into account these circumstances, the Dutch Ministry of healthcare determined that informa7on access, informa7on sharing and communica7on between providers are the cri7cal factors in order to enable more efficient and effec7ve healthcare services (Deutsch & Turisco, 2009). This situa7on lead to the founda7on of the Na7onal IT Ins7tute for Healthcare (NICTIZ), an organiza7on responsible for developing and implemen7ng a na7onal EHR infrastructure.
1.4. Sec*on Summary
In this sec7on we have described the specific characteris7cs of the (EU) healthcare sector, the
evalua7on of current European healthcare systems by ci7zens and the rela7ve importance of health issues compared to other issues within the European Union. Moreover, we have briefly described the European wide healthcare strategy and objec7ves and the challenges that EU health systems are facing in the near future. For the purpose of this research we have further described the characteris7cs of the Dutch healthcare system. There is great variety of heterogenous na7onal healthcare systems within the EU aimed to serve a large diversity of ci7zens. One of the main differences between those na7onal systems is the mix of public versus private delivery and funding of care services. While a pure public model eliminates free-‐markets forces (e.g. cost efficiency, innova7on, etc.), a full private model on the other hand is oren regarded as more expensive and in some cases it limits the access to services based purely on financial reasoning (e.g. low ROI for rare disease research). The healthcare sector in The Netherlands is predominantly private, where public financing is significantly below the EU average. It is important to note that independently of the financing model used, ci7zens are consumers as well as providers in healthcare as they finance it through taxes and/or insurance bills and consume those services when they need them. Moreover, the healthcare sector has significant impact on (inter) na7onal economies as it employs more than 15 million people (9% of the total EU jobs by 2000) and represents around 500 billion euros yearly (more than 6% of the total EU GDP by 2000). Due to the broad impact on ci7zen’s quality of life, the healthcare sector must focus on 7mely decision making as delays in care services can have fatal consequences for pa7ents. Besides 7mely decision making, the healthcare sector is also characterized by two main developments: increasing demand of services and increasing yearly expenses. Healthcare yearly expenses have been growing significantly during the last years, in most cases at greater pace than GDP’s growth rates. If expenses con7nue to grow at the same rate, we can expect healthcare costs to account for 15% of EU GDP by 2020. As a consequence, in order to sustain current systems while maintaining quality governments Towards a Healthy Cloud
Page 111 of 218
Juan Hernández Colomina
need to either reallocate resources from other purposes (e.g. educa7on, transport, etc.) or increase taxes. This increase in costs is mostly caused by the increase in care services demand due to higher ci7zen’s life expectancy, lower birth rates and current lifestyles (e.g. larger alcohol consump7on and higher ci7zen’s weight). In order to cope with these developments, the healthcare sector must con7nuously find new ways to improve the quality and efficiency of services to deliver beOer services to more ci7zens with the same amount of resources. Healthcare has been during the past years the first non-‐economic issue for European ci7zens. A great majority of EU ci7zens are sa7sfied with their health and the quality of health services they can access. At EU level around three out of four Europeans evaluate the services provided by Hospitals and Specialists posi7vely. In The Netherlands, quality sa7sfac7on scores are even higher than the EU average. However, it is important to note that from a EU ci7zen perspec7ve there is a significant gap between the quality of care services provided and their availability and accessibility. In general, ci7zens value the quality of services higher than their accessibility and availability. Specially the accessibility and availability of Specialists services scores significant lower than the quality of the services obtained. Around 8% of EU ci7zens claim they could not access care services provided by Hospitals and Specialists. EU ci7zens are currently very concerned about the effects of the economic crisis as economic growth rates are the lowest since World War two, unemployment rates are expected to raise to 8,1% by 2010 and the Economic Sen7ment Indicator has reached its lowest levels since 1993. Even though the percentage of unsa7sfied Europeans is the highest since 1995, three out of four EU ci7zens are s7ll sa7sfied with their lives. In The Netherlands, almost all ci7zens (96%) are sa7sfied with their lives which is significantly higher that the EU average (75%) being also the third highest sa7sfac7on score in the EU. The Netherlands is the only EU country where healthcare systems are the number one concern at personal level. It is important to note that concerns about healthcare systems increases with ci7zen’s age as dependency and consump7on on those services increases. According to the European Commission, there are three main developments that require modifica7ons of the current healthcare systems: demographic changes, global threats and the rapid evolu7on of technology. In The Netherlands around 35% of ci7zens will be older than 55 by 2030. Pandemics, global warming and terrorism are some examples of global threats affec7ng healthcare. By leveraging new technology developments, organiza7ons can enable new ways of predic7ng, preven7ng and trea7ng illnesses. In order to guide member states in developing new healthcare reforms, the EU Council proposes three basic principles: healthcare accessibility for every ci7zen, high quality of care and long term financial sustainability. Moreover, these principles have been complemented by the EU Commission with four statements that should be taken into account when developing new legisla7on : (1) strategy based on shared health values, (2) health in the greatest wealth, (3) health in all policies and (4) strengthening the European Union voice in global health. Towards a Healthy Cloud
Page 112 of 218
Juan Hernández Colomina
To improve the sustainability of current systems the EU proposes three Strategic Objec7ves: (1) Fostering good health in aging Europe by improving ci7zen’s health and therefore reducing demand of services, (2) Protec7ng ci7zens from health threats which requires collabora7on across na7onal borders and is an obliga7on of every member state, and (3) Suppor7ng dynamic health systems and new technologies to improve preven7on, delivery, treatment and enable cost efficiencies. In the future, EU health systems will face important challenges that can affect the quality and availability of services provided. First of all, countries need to deploy measures to effec7vely and efficiently meet growing demand. Second of all, in order to improve the availability of care, na7ons need to facilitate equal access to ci7zens, reducing wai7ng 7mes and improving resource u7liza7on. Third, member states need to further develop their ability to mi7gate or avoid large scale healthcare risks like pandemics, bioterrorism and health consequences of climate change. Fourth, in order to guarantee and improve the quality of care, countries need to develop effec7ve and efficient healthcare systems that improve customer sa7sfac7on. Firh, services should be based on evidence that reduce the risk of harm. Sixth, systems must evolve towards a pa7ent-‐centric model reinforcing the pa7ent’s role in healthcare. Last but no least, na7ons must foster coordina7on and informa7on sharing among healthcare providers to guarantee the con7nuity of care. The Dutch healthcare system is one of the most priva7zed systems in the EU. From a yearly healthcare budget of 45 billion euros (9,2% of Dutch GDP) around 40% is financed by private organiza7ons and 60% is financed by the government. This percentage of private funding is the third largest of the EU. The majority of the budget is spend on hospitals (33% of the total budget), elderly care ins7tu7ons and pharmacies. In The Netherlands, the financial sustainability of the healthcare system is also under pressure due to demographic changes (longer life expectancies) and the increasing quality of services demanded by ci7zens at lower costs. Other issues affec7ng the current system are the lack of medical professionals as popula7on ages, the decreasing ci7zen’s tolerance for medical errors and the increasing costs of healthcare resources. As a result care organiza7ons need to collaborate more intensively in order to deliver more and beOer care with less human and capital resources. According to the Dutch Minister of healthcare, con7nuous improvements in quality and opera7onal efficiency are necessary to meet future healthcare demand. For this reason, the Dutch government has ini7ated a healthcare reform since 2006, where every ci7zen must obtain a na7onal private insurance that provides him or her access to basic healthcare. This transforma7on is aimed to shir the power from providers to consumers and shir the control from public bodies to insurers. The need to improve opera7onal efficiency is also reflected on the introduc7on of the EPD system for the exchange of medical informa7on across the country. The purpose of this project is to improve the access and quality of healthcare while achieving cost efficiencies by leveraging collabora7on between care organiza7ons. The government believes that innova7on and its diffusion and applica7on are cri7cal success factors to achieve these goals. Towards a Healthy Cloud
Page 113 of 218
Juan Hernández Colomina
2. The Role of Technology in Healthcare According to previous work, EHR systems are necessary to cope with current and future healthcare challenges (Deutsch & Turisco, 2009). Previously research has shown how successfully leveraging ICT in organiza7ons can result in improved effec7veness and therefore superior performance. For this purpose, organiza7ons need to consider healthcare issues as well as general issues, crea7ng a culture of openness, posi7ve autude, pragma7sm, shared goal-‐seung and learning (Gartner, 2009). By implemen7ng the right solu7on in a specific situa7on, eHealth can be a catalyst for healthcare transforma7on with substan7al poten7al benefits.
According to research performed by Harvard Business Review (McAfee & Brynjolfsson, 2008)
the link between technology and compe77ve advantage has become much stronger since the mid 1990s. Organiza7ons that invest in the right ICT ini7a7ves perform significantly beOer than firms that do not invest in those ICT capabili7es. This is also the case in the healthcare sector where some emerging eHealth technologies have resulted in improved performance (Gartner, 2009). Some examples are the Electronic Transfer of Prescrip7ons (ETP), Computer Based Pa7ent Records (CPR) also known as Electronic Medical Records (EMR) and Electronic Health Records (EHR). Successful implementa7ons of these technologies within the EU can be found in Sweden (ETP), Denmark (EHR) and the Spanish province of Andalusia (EHR). The success of this implementa7ons are not only due to the technology itself but also to the cultural change involved.
Other research has demonstrated how using the right approach, context and implementa7on
process, ICT can improve the quality, accessibility and efficiency of healthcare delivery (Stroetmann et al., 2006). To further elaborate on the role of technology in the healthcare sector we will describe the current use of eHealth in Europe (sec7on A) and its main opportuni7es, challenges, drivers and barriers (sec7on B) to con7nue with a descrip7on of the cri7cal success factors for the adop7on of technology in the healthcare sector (sec7on C).
2.1. eHealth in Europe Ini7a7ves at European level for the implementa7on of electronic health systems are supported under the ini7a7ve “Smart Open Services, Open eHealth” (NICTIZ, 2009). Based on the principle of a single European market, the EU has elaborated three key policy objec7ves in healthcare: the crea7on of a European eHealth area, free pa7ent mobility and empowering ci7zens through eHealth tools and services (Stroetmann et al., 2006). Although healthcare is one of the most informa7on intensive sectors in Europe, it does not leverage ICT developments as much as other sectors do. This implies that there is significant poten7al for rapid and sustainable growth by applying ICT in this sector (Stroetmann et al., 2006). ICT is therefore regarded as a cri7cal enabler for the further development of European health systems.
Towards a Healthy Cloud
Page 114 of 218
Juan Hernández Colomina
The eHealth market represents around 2% of total healthcare expenditure in Europe during 2006 (Stroetmann et al., 2006). This is a low percentage when compared to other healthcare related markets (e.g. medical devices). The difficulty to calculate the economic value of eHealth is one of the main factors that are slowing its adop7on in Europe. However, experts predict that the eHealth market will double its size in the near future (Stroetmann et al., 2006). The ini7a7ve “eHealth for a Healthier Europe -‐ opportuni7es for a beOer use of healthcare resources” was launched by the Swedish government in 2008 to research how healthcare can be supported and improved by the use of technology and how technology is connected to poli7cal goals. From July 2009 to December 2009 Sweden represented the Presidency of the Council of the European Union. The methodology applied was to link the benefits of con7nued implementa7on of technologies with the current medical and technology status in six member states by gathering data from 60 clinical studies and 11 eHealth technologies (Gartner, 2009). According to this research, there are significant poten7al healthcare improvements using electronic healthcare (eHealth) as a catalyst due to the fact that for the five poli7cal goals analyzed by Gartner the technology adop7on rates were below 30% (Gartner, 2009). Some examples of technologies that could contribute to improve European healthcare are: Transfer of Prescrip7ons to eliminate or reduce the 5 million yearly outpa7ent • Electronic prescrip7on errors in the European Union. Physician Order Entry and Clinical Decision Support to eliminate or reduce the • Computerized 100,000 yearly inpa7ent adverse drug events. In turn this would free up 700,000 bed-‐days yearly
•
by increasing throughput and decreasing wai7ng 7mes. This poten7al benefit could result in €300 million yearly savings. Electronic Pa7ent Records (EPR) which could save up to €3,7 billion yearly by increasing throughput and decreasing wai7ng 7mes and freeing 9 million bed-‐days yearly.
Another interes7ng yearly report on the adop7on, development and impact of electronic business (eBusiness) technologies within the European Union is The eBusiness Watch (Stroetmann & Stroetmann, 2004a). The reports are periodically extended with industry specific reports to support the needs and challenges of a specific sector. Although the last eBusiness Watch report focusing on the healthcare sector was carried out in 2004 some of the challenges are s7ll valid today. According to the research, eHealth technology has evolved in the last years to become the third largest industry in the EU. Some researchers (Stroetmann et al., 2006) expect that by 2010 eHealth expending can account for 5% of the total health budget of member states. The eBusiness Watch report defines eHealth as “the applica7on of informa7on and communica7on technologies across the whole range of func7ons that affect the health sector”. This is a broad defini7on that includes a great variety of solu7ons like for example tools for health authori7es, personalized health pa7ent systems, networks, telemedicine services, etc. The main goals of these tools are to improve medical outcomes and ci7zen’s quality of life as well as to reduce the costs in pursuing these objec7ves.
Towards a Healthy Cloud
Page 115 of 218
Juan Hernández Colomina
Healthcare systems in the EU need to be prepared for the aging of their ci7zens as the baby boomer genera7on will soon not be part anymore of the working popula7on. This creates significant pressure on the sustainability and efficiency of current healthcare systems. Moreover the pervasive character of chronic sicknesses (e.g. Cancer, Adis, etc.), the increased average weight of ci7zens and the rapid spread of sicknesses (e.g. the H1N1 pandemic) are also developments that affect the future demand of care services. At European and na7onal levels several ini7a7ves have been launched to cope with these issues by leveraging ICT. One of this ini7a7ves is the introduc7on of EHR (or EMR) integra7ng all health related relevant informa7on of a single pa7ent (Stroetmann & Stroetmann, 2004a). This ini7a7ve implies a shir from paper based medical records to electronic records that can be easily accessed to all actors, and in some cases to the pa7ent as well. A special issue of the eBusiness Watch report on ICT in hospital ac7vi7es elaborates the adop7on, implica7ons and issues of ICT in hospital ac7vi7es within the EU (Ebusiness Watch, 2006). Although hospital’s adop7on of ICT is higher compared to other medium and small size healthcare enterprises, it mostly focuses on collabora7on and on purchasing goods and services (e.g. networks, e-‐ collabora7on, e-‐procurement, etc.). There are not many hospitals which have adopted customer facing technologies like online booking or e-‐marke7ng. The most important drivers for the adop7on of technology by hospitals are the expecta7ons from health insurers, gaining compe77ve advantage and the pressure of compe77on (Ebusiness Watch, 2006). The two most significant barriers men7oned by hospitals are security and the cost of technology, followed by the size of the organiza7on, legal issues, system compa7bility and the lack of reliable providers. The most frequent ICT system used by hospitals is the Hospital Informa7on System (HIS). A HIS system is a type of Enterprise Resource Planning (ERP) system with a focus on hospital ac7vi7es. It manages the large amount of informa7on to support communica7on, knowledge management and process efficiency (Ebusiness Watch, 2006). However, technology can also contribute to the achievement of two main goals in healthcare, con7nuity and availability of care services. A final remark should be made on the data security paradox in hospital opera7ons. Although pa7ent data need to be readily available for exchange, it also needs to be protected against unauthorized usage, dele7on or modifica7on. The use of secure server technology, digital signatures, firewalls and public keys in hospitals is twice as high as in other sectors (Ebusiness Watch, 2006).
2.2. eHealth Opportuni*es, Challenges, Drivers and Barriers
The adop7on of technology in the healthcare sector is lower and slower than in other sectors.
Healthcare organiza7ons can be regarded as late adopters of technology. The reasons for this situa7on can be found in the challenges that healthcare organiza7ons face. The European eBusiness Watch report iden7fies a series of challenges and opportuni7es for the adop7on of eBusiness in the healthcare sector (Stroetmann et al., 2006): Towards a Healthy Cloud
Page 116 of 218
Juan Hernández Colomina
Table 20: Opportuni*es and Challenges of eHealth
Opportuni*es •Piggy-‐back on eHealth infrastructure developments •Gain compe77ve advantage from coopera7on in the value chain •Reduce costs and improve services through beOer supply chain management •Enhance marke7ng of services and client loyalty through communica7on
Challenges •Increasing compe77on due to interoperability •Legal, regulatory and security issues •Ensure staff monitoring and training •Adopt a long term view on future developments •Reduce size disadvantages through collabora7on
Moreover, the report of the European Commission iden7fies also a series of drivers and barriers to the adop7on of eBusiness in the European healthcare sector: Table 21: Drivers and Barriers of eHealth
Drivers •Health system guidance and leadership •Compe77on •User friendliness and func7onality •Good prac7ces •Standardiza7on
Barriers •Lack of opportunity awareness •Size of organiza7ons •Interoperability deficits •Financing of eBusiness •Legal, security and privacy issues
By increasing the availability of accurate, complete and relevant clinical data healthcare
providers can improve the quality of their services and deliver them more efficiently and effec7vely (Deutsch & Turisco, 2009). For this reason healthcare is currently experiencing a transforma7on from a physician-‐centric to a pa7ent-‐centric orienta7on that could be accelerated by the right use of the right informa7on technology.
In previous researches a number of advantages have been iden7fied linked to the use of EHR
systems connected to health informa7on exchange (HIE) systems (Deutsch & Turisco, 2009). These advantages can be grouped around the two main goals of healthcare: improve pa7ent safety and improve cost efficiency of processes. EHR systems can improve pa7ent safety by elimina7ng transcrip7on errors, medical errors and adverse medica7on events (e.g. allergies). Efficiency advantages can be found in the reduc7on of redundant tests, improved administra7ve efficiency and faster processing of pa7ents, prescrip7ons and hospital discharges. Moreover, being able to access current pa7ent data on a real-‐7me basis leads to new forms of consulta7on which are more effec7ve and efficient than face-‐to-‐face contact. Some examples of technologies linked to documented benefits in healthcare can be found in previous research (Gartner, 2009). Based on poli7cal goals the technologies are linked to documented benefits with the excep7on of Con7nuity of Care. The poten7al benefits are es7mates from documented benefits in one or more EU member states that could be extrapolated to other countries. The results of Gartner’s research for each poli7cal goal are shown in appendix H to appendix K (Gartner, 2009). Due to the large number of documented benefits, it is important to consider first those technologies that have enabled the most benefits in the past. Some of these eHealth
Towards a Healthy Cloud
Page 117 of 218
Juan Hernández Colomina
technologies with high poten7al are Electronic Medical Records, Computerized Physician Order Entry and Clinical Decision Support systems. In another research on the benefits and costs of eHealth in ten European sites (Stroetmann et al., 2006) researchers quan7fied them by using a Cost Benefit Analysis (CBA) which allows individual site assessments as well as comparing various sites. The researchers found that improved quality can be traced back to five factors: beOer informed ci7zens and providers, informa7on that streamlines care processes, 7meliness of care, safety and effec7veness. Researchers found that all cases under study reflect posi7ve economic impact measured as net benefits at present value. The average payback period was 4 years, being the main beneficiaries healthcare providers (52%), ci7zens (43%) and third party payers (e.g. insurers) (5%). In some countries the adop7on of health informa7on exchange systems (HIEs) have been slow and with moderate success. Previous research has found that the top three obstacles for the adop7on of HIEs in the USA are (1) the funding and par7cipa7on of those ini7a7ves, (2) the legal and regulatory context, and (3) the technical issues (Deutsch & Turisco, 2009).
2.3. Technology Adop*on in Healthcare Many countries are enforcing policies to improve the quality and efficiency of healthcare through the use of ICT solu7ons (Schoen et al., 2006). Some examples are prac7ce and systemwide informa7on systems to track pa7ents as they visit different points of care, to support disease management, to prevent duplica7on and medica7on errors, and to 7mely access pa7ent informa7on (Schoen et al., 2006). In the 2009 HIMSS conference we can find some expert’s presenta7ons regarding the current use of informa7on technology at healthcare organiza7ons. According to one of these presenta7ons (Duke, Hartz, & Jacobs, 2009) Health Informa7on Technology (HIT) nowadays is s7ll predominantly paper based, using systems that are oren not interoperable. Although there is an increasing public pressure on moderniza7on and economic efficiency of healthcare delivery, technological implementa7ons are s7ll taking more 7me than expected and at higher costs than were budgeted beforehand. Some na7onal regula7ons, like the American Recovery and Reinvestment Act (ARRA) of 2009, clearly state that the main goal of technical innova7ons is to achieve added value. For this purpose, future IT implementa7ons must take into account not only the adop7on of technological innova7ons but also the complete (business) process reengineering from paper based processes to digital workflow management. The use of technology in healthcare should therefore aim to achieve real value (e.g. ROI) measured in quality of healthcare, process efficiency and revenue (Duke et al., 2009). The evolu7on of IT transforma7on according to this process-‐technology approach to clinical transforma7on is depicted in the figure 14.
Towards a Healthy Cloud
Page 118 of 218
Juan Hernández Colomina
Figure 14: IT transforma*on model (Duke et al., 2009)
The different process maturity levels (green blocks) and corresponding technological
implica7ons (blue blocks) can be iden7fied by observing the current situa7on: Level 1: The organiza7on cannot fully trust its processes and is suffering from data • Maturity overload where few informa7on is regarded as useful. By automa7ng transac7ons processes can
• • •
be improved shiring the organiza7on to the next level. Maturity Level 2: The focus at this point is to improve processes to be able to do increase process efficiency. By crea7ng informa7on silos, useful informa7on can be gathered and stored appropriately. Maturity Level 3: Once a certain level of efficiency has been achieved, the organiza7on can focus on process reengineering to modify current prac7ces and achieve opera7onal effec7veness. Process redesign can at this level be facilitated by IT processes. Maturity Level 4: Organiza7ons that achieve this level of maturity are able to collaborate outside the organiza7onal boundaries and technology becomes an strategic advantage.
When considering new technological adop7ons from a added value point of view some authors (Duke et al., 2009) propose the use of well known financial ra7os like the benefit-‐cost ra7o, payback period, net present value (NPV) and the internal rate of return. Although these indicators are regarded useful when evalua7ng investment alterna7ves they do not account for intangible costs and benefits. For this reason their use should be limited to complementary measurements to guide decision making. Some examples of intangibles benefits that financial ra7os ignore are compe77ve advantage, brand awareness, regulatory compliance, employee sa7sfac7on and improved management.
Towards a Healthy Cloud
Page 119 of 218
Juan Hernández Colomina
In the implementa7on of Electronic Health Records systems in the United States a number of Cri7cal Success Factors (CSFs) have been iden7fied (Duke et al., 2009). The factors can be grouped into four main areas: Leadership, Management, Func7onality and Technology. The CSFs are shown in the table 22: Table 22: Cri*cal Success Factors for the adop*on of Electronic Health Records
Related Area
Leadership
Cri*cal Success Factor •Management commitment reflected in shared vision •Accordance with organiza7onal strategic objec7ves •Mul7disciplinary governance commiOee ac7vely involved •Clear objec7ves and business case
Management
•Support from senior execu7ves as if it is a clinical project •Added value is clear for employees •Good project management with detailed planning and real 7me monitoring and repor7ng. •Resources and commitment for redesign focusing on process quality, efficiency and reliability •Training, ini7al and ongoing •Adequate communica7on throughout the whole project. •Transparency and feedback to all end users is cri7cal.
Func*onality
•Cri7cal to organiza7onal processes •Broad intended user group •Support for clinical workflow •Horizontal integra7on and use of the system
Technology
•Compa7bility with other technologies in place and alignment with clinical processes •High availability on demand. No latency. •Security, confiden7ality and data integrity •Interoperability
Another approach to evaluate the cri7cal success factors for the adop7on of technology can be found in Gartner research (Gartner, 2009). In order to successfully adopt a new technological solu7ons organiza7ons need to take into account (among other factors) the complexity, governance, local condi7ons, stakeholder engagement, vendor engagement, adaptability and measurement of the envisioned solu7on (Gartner, 2009). In the healthcare sector, in addi7on to these concerns, adopters need to consider the complexity of the medical process, the high sensi7vity of medical and personal data and the need for proven technology due to the low tolerance for errors. The European Commission conducted an empirical survey among healthcare organiza7ons to evaluate their percep7on on the importance of eBusiness applica7on areas (Stroetmann et al., 2006). The applica7ons that are considered highly or very relevant for the healthcare sector are collabora7on, informa7on exchange, online purchasing, efficient e-‐procurement, and web services based integra7on of IT components. Moreover a number of applica7ons are considered to have average relevance in the healthcare sector: e-‐learning, human resource management and virtual private networks. Organiza7ons expect that interac7ve pa7ent informa7on and involvement, and Towards a Healthy Cloud
Page 120 of 218
Juan Hernández Colomina
electronic networking with other actors and organiza7ons are the two most relevant factors in the near future. The most relevant adop7on barriers signaled by healthcare firms are the size of organiza7ons and the complexity and cost of technology.
2.4. Sec*on Summary In order to facilitate our analysis on the applicability of Cloud Compu7ng solu7ons in the healthcare sector, we have described in this sec7on the current role of technology in European healthcare, the most relevant opportuni7es, challenges, drivers and barriers, as well as some cri7cal success factors for the successful adop7on of technology in this sector. As it is also the case in other sectors, business and IT alignment of organiza7onal strategy and processes is crucial for leveraging IT solu7ons. Previous research has found that applying the right approach and implementa7on methodology for a specific situa7on organiza7ons can improve the quality, accessibility and efficiency of healthcare delivery. Some documented cases indicate that organiza7ons that invest in the right ICT ini7a7ves (e.g. eHealth) perform significantly beOer than firms that do not invest in those ICT capabili7es. The poten7al for improvement in this sector is rather large due to the fact that although the healthcare sector is one of the most informa7on intensive industries it does not leverage IT solu7ons as much as other sectors do. Moreover, in order to deal with current challenges (e.g. aging popula7on, pervasive chronic sicknesses, rapid spread of sicknesses globally, etc.) and guarantee the sustainability of healthcare systems, organiza7ons need to take advantage of technological developments. The benefits of technology in healthcare have also been extensively documented. Significant improvements in quality, cost efficiency, process throughput and the reduc7on of medical errors have been directly linked to implementa7ons of Electronic Transfer of Prescrip7ons, EPR and Computerized Physician Order Entry and Clinical Decision Support systems. Other research from Gartner iden7fies significant high poten7al benefits in the adop7on of Electronic Medical Records, Computerized Physician Order Entry and Clinical Decision Support systems. Other research based on financial cost benefit analysis has also demonstrated significant benefits arising from successful ICT implementa7ons like for example beOer informed ci7zens and providers, streamlined processes, 7meliness of care and improved safety and effec7veness. Organiza7ons can improve the quality, efficiency and effec7veness of care services by increasing the availability of accurate, complete and relevant clinical data (e.g. EHR system). Quality is improves as medical errors, adverse medica7on errors and prescrip7on errors are reduced. Efficiency is improved when redundant tests are eliminated, the administra7on process is streamlined, and the organiza7on is able to process pa7ents, prescrip7ons and hospitaliza7ons faster. The main barriers encountered by organiza7ons when adop7ng IT solu7ons are the security and the cost of technology. Although informa7on needs to be exchangeable across organiza7ons it also needs to be protected from unauthorized use. Other barriers found in previous research are the Towards a Healthy Cloud
Page 121 of 218
Juan Hernández Colomina
lack of opportunity awareness, the size of the organiza7on, the lack of interoperability with current systems and legal and privacy issues. The adop7on of technology is mo7vated by the increasing compe77on, the demand for user friendly services and extensive func7onality, previous good prac7ces and standards. Organiza7on can take advantage of technological solu7ons by leveraging current infrastructure investments, gaining compe77ve advantage from coopera7on in the value chain, reducing costs by improving supply chain management and crea7ng economies of scale and synergies through collabora7on. When leveraging solu7ons organiza7ons need to take into account legal, regulatory and security issues as well as the training and monitoring of staff on the envisioned solu7on. IT implementa7ons must include the adop7on of technology as well as complete (business) process reengineering from paper based processes to digital workflow management. As the use of technology in healthcare must aim to achieve real added value (e.g. ROI) measured in quality of healthcare, process efficiency and revenue, organiza7ons should align process maturity with technologies that enables higher value crea7on in the transforma7on process. The ul7mate goal of this transforma7on process is to enable collabora7on outside the organiza7onal boundaries while leveraging technology as a strategic advantage. In previous research a number of cri7cal success factors (CSFs) have been iden7fied for leveraging IT solu7ons. The CSFs can be classified into four areas: management, leadership, func7onality and technology. In the management area some of the CSFs are the support from senior management, clear added value, good project management, employee training and communica7on and a clear focus on process quality, efficiency and reliability. Organiza7onal leaders must develop a shared project vision with clear objec7ves and business case and align it with the firm’s strategy as well as with corporate governance.
The func7onality of the solu7on must focus on suppor7ng organiza7onal and clinical processes
as well as a broad user group and horizontal integra7on. On the technology area, the solu7on must ensure compa7bility with current systems, and guarantee a high level of availability, security and interoperability. Other CSFs found in previous research are the level of organiza7onal and medical complexity, the stakeholder and vendor engagement, the adaptability of the solu7on to be adopted, the sensi7ve character of pa7ent data and the need for proven technology due to the low ci7zen’s tolerance for medical errors and the high impact of those errors. According to healthcare organiza7ons tools that facilitate collabora7on, informa7on exchange, eProcurement and web services are the most relevant for the sector. Specially, interac7ve pa7ent informa7on and involvement and electronic communica7ons are the two most relevant factors in the near future.
Towards a Healthy Cloud
Page 122 of 218
Juan Hernández Colomina
3. ICT in the Dutch Healthcare sector Healthcare professionals need the right informa7on, at the right 7me and at the right place. For this reason, ICT is considered by the Dutch government as an important enabler to cope with healthcare challenges not only by suppor7ng medical research but also improving opera7onal efficiency, specially in an informa7on intensive sector like healthcare (Klink & Bussemaker, 2008). As a consequence, during the past years there has been a growing governmental interest to support healthcare services with ICT (Stap et al., 2007). An example of this interest is the introduc7on of EPR in The Netherlands, which is known as the Elektronisch Pa7ënten Dossier (the EPD project). The EPD is currently an important priority for the government to improve quality, accessibility and affordability of healthcare services. However, due to the priva7za7on of the Dutch healthcare sector, the government has limited enforcing power in how healthcare organiza7ons work (Stap et al., 2007) affec7ng the adop7on of this type of infrastructure. The NICTIZ ins7tute, the Na7onal Ins7tute for ICT in Healthcare (in Dutch, Na7onaal ICT Ins7tuut in de Zorg) was founded in 2002 to s7mulate the use of ICT in the Dutch healthcare sector. NICTIZ is responsible for the realiza7on of the na7onal EPD infrastructure in collabora7on with pa7ent’s associa7ons, healthcare providers, insurers, ICT providers and public bodies. Under their slogan: “BeOer healthcare trough beOer informa7on” the main goal of NICTIZ is to support healthcare organiza7ons in leveraging ICT solu7ons and to enable the condi7ons for electronic exchange of pa7ent informa7on. NICTIZ is responsible for developing and maintaining the AORTA basic infrastructure to facilitate the secure exchange of medical informa7on (e.g. EPD records). Moreover, NICTIZ is responsible for the standards used and cer7fica7on programs for ICT providers and healthcare organiza7ons. Within the EPD ini7a7ve, two components have been first implemented, the Electronic Transfer of GP Observa7ons WDH (Waarneem Dossier Huisartsen) and the Electronic Transfer of Prescrip7ons EMD (Electronisch Medica7e Dossier) (Stap et al., 2007). The EPD ini7a7ve was launched to improve the quality of medical services by providing 7mely, accurate and secure informa7on exchange. Electronic Pa7ent Records (e.g. EPD records) are a specific type of Electronic Health Records (EHR) systems. An EHR is a collec7on of personal medical informa7on that is stored during the en7re life7me of a person. This informa7on is stored and exchanged in digital form on secure infrastructures. The main goal of an EHR system is to guarantee con7nuity of care to a pa7ent as it reflects his or her medical situa7on at a specific point in 7me. Although this is also one of the goals of the EPD ini7a7ve, it is primarily designed to support a specific healthcare process or treatment. Due to the fact that the EPD combines informa7on which is generated and stored at the source (e.g. the care
Towards a Healthy Cloud
Page 123 of 218
Juan Hernández Colomina
provider) it does not provide a complete overview of a pa7ents health situa7on but rather the relevant parts needed to accomplish an specific healthcare task (Stap et al., 2007). Informa7on technology can improve healthcare by suppor7ng decision making and facilita7ng pa7ent’s assessment and monitoring. Moreover, ICT can enable innova7on and the efficient use of physical and human resources (Schoen et al., 2006). One of the main success factors iden7fied in previous implementa7ons is the alignment between those who benefit from the new system and those who pay for it (Deutsch & Turisco, 2009). This is not the case in The Netherlands where the healthcare sector is priva7zed while the EHR implementa7on has been paid by the Dutch government, including the Na7onal Switch Point (Landelijke Schakel Punt, LSP), which is offered free of charge to healthcare providers. The demand of care services in the Dutch healthcare sector will grow significantly in the near future due to the demographic evolu7on of its ci7zens (e.g. aging popula7on, higher average weight, etc.). Collabora7on is also becoming increasingly important among healthcare prac77oners in order to treat rapid spreading threats (e.g. H1N1 virus) or to improve the treatment of care intensive sicknesses (e.g. Cancer, AIDS, etc.). In order to cope with these challenges, the Dutch government has launched new laws and regula7ons, new financing models and has fostered ICT innova7on in healthcare (NICTIZ, 2009).
3.1. ICT in General Prac**oners Offices Primary care professionals are the first point of contact for pa7ents playing a crucial role in preven7on and ongoing care (Schoen et al., 2006). In the Dutch healthcare system general prac77oners (GPs) or family prac77oners (FPs) are the gatekeepers of healthcare services as pa7ents must be referred by them to be able to access further specialized treatments. Moreover, pa7ents can not access various GPs at the same 7me as they need to register at one GP beforehand. The Dutch healthcare system counts with around 9.000 family doctors (GPs) with specialist training in family medicine (Prou & Smit, 2006). GPs are the gatekeepers of the system as they must authorize every pa7ent in order to be further treated by hospitals or specialists. As a result, 95% of primary care condi7ons are solved at GPs (Prou & Smit, 2006). Around 88% of GPs work alone or in prac7ces of two to three doctors. Outside office hours, pa7ents can obtain help from primary care coopera7ves, serving up to 90% of Dutch ci7zens. The computeriza7on of GPs prac7ces in The Netherlands is high. Around 97% of GPs use a computer based GP informa7on system for use in primary care. Around 90% of prescrip7ons are generated electronically (Prou & Smit, 2006).
According to a research from the Commonwealth Fund in The Netherlands, almost all GPs
(98% according to data from 2006) use electronic medical record systems in their prac7ces (Schoen et al., 2006). However, when we look at collabora7on only 45% of all GPs can share records electronically with clinicians outside their prac7ce, 32% can access medical records when outside of office, and 8% provide pa7ents with access to their medical records. Although the great majority of GPs in The Towards a Healthy Cloud
Page 124 of 218
Juan Hernández Colomina
Netherlands can prescribe medica7on electronically and have electronic access to pa7ent’s test results (85% and 78% respec7vely) only few of them (around 10%) has access to pa7ent’s hospital records and can order tests electronically (Schoen et al., 2006).
A large number of GPs (93%) receives electronic alerts when a poten7al medica7on problem
takes place and they send electronic alerts to pa7ents for preven7ve of follow up care (61%) (Schoen et al., 2006). On the other hand, only a minority of GPs (16%) receive electronic alerts to provide pa7ents with test results. The majority of GPs can easily obtain electronic lists of pa7ents by diagnosis (63%) and lists of all medica7ons taken per pa7ent (59%).
As GPs manage the referring-‐to-‐specialist process and the longitudinal care history they are
cri7cal for the coordina7on of care services over 7me (Schoen et al., 2006). When care service span various prac77oners some7mes pa7ents in The Netherlands suffer problems from lack of coordina7on (41%) and unavailable medical records (15%). Around 7% of Dutch GPs have to repeat tests some7mes because the findings cannot be found anymore. In almost all cases (96%) GPs affirm that they get informa7on back from referred professionals. In this research we delimit our analysis from now on to one of the largest ICT implementa7ons in Dutch healthcare, the introduc7on of a na7onal infrastructure for the exchange of electronic medical records known in Dutch as the EPD. The government plans to make the use of this infrastructure compulsory by law to all healthcare organiza7ons in The Netherlands, including GPs, hospitals, pharmacies, etc. At the moment of wri7ng the EPD project has completed the first pilots successfully while healthcare organiza7ons are deploying cer7fied solu7ons that can connect to this infrastructure.
Towards a Healthy Cloud
Page 125 of 218
Juan Hernández Colomina
4. Electronic Pa*ent Records in The Netherlands The project for the introduc7on of Electronic Pa7ent Records (EPD in Dutch) in The Netherlands was officially launched by the Dutch Ministry of Health in September 2008, when a law came into force allowing the use of ci7zen’s social security numbers (in Dutch burgerservicenummer or BSN number) in the healthcare sector (NICTIZ, 2009). The EPD project aims to implement a basic “empty” infrastructure containing strictly index and reference systems that connects all individual sources were pa7ent informa7on is registered and stored (for example at a GP office or hospital) (Tange, 2008).
The main goal of this inter-‐organiza7onal infrastructure is to share pa7ent medical informa7on
in a fast and reliable way in order to prevent communica7on errors and therefore to improve the quality of care provided to ci7zens (Tange, 2008). As informa7on is stored and maintained at its origin, it is always kept up to date by minimizing the delay between the origin of informa7on and its registra7on. The index system is implemented at the na7onal switch point (in Dutch Landelijk Schakel Punt or LSP) that contains pointers to all registered EPD records of each pa7ent. When a clinician needs medical informa7on about a specific pa7ent, the index systems pulls the informa7on on demand from the provider’s systems and sends it to the clinician reques7ng it. The switch point is at all 7mes empty, containing only the informa7on needed to gather the data (index and reference system) from a provider’s systems (Tange, 2008).
Once the EPD project has been completed, all healthcare providers and insurers will benefit
from secure electronic informa7on exchange of pa7ent’s data (Prou & Smit, 2006). Although there are some healthcare regional networks already in place, they exchange informa7on according to the EDIFACT standard. These regional networks are going to be integrated in the na7onal infrastructure which exchanges informa7on following the HL7 version 3 standard. The Ministry of Health plans to reuse these regional networks as aggrega7on channels to connect to the na7onal switching point (Prou & Smit, 2006). Collabora7on between healthcare service providers has been subject of a lot of research in The Netherlands (Nivel, 2009). The recent introduc7on of electronic pa7ent records (EPD) is believed to affect the supply and organiza7on of services in the Dutch healthcare sector. Previous research has observed a higher rate of collabora7on among healthcare actors (Nivel, 2009). Around 50% of Dutch GPs are physically working next to other actors (e.g. pharmacy, physiotherapist, etc.) while 30% of all GPs have actually formal collabora7on agreements with other actors. Moreover, according to Nivel research clinics with more than one doctor collaborate more with other professionals than clinics where a single clinician is located.
Towards a Healthy Cloud
Page 126 of 218
Juan Hernández Colomina
Electronic pa7ent records (EPD) must contain informa7on that is complete, reliable, and well structured (Nivel, 2009). This is not an easy task as pa7ent informa7on is registered and stored by individual clinics or GPs using their own nota7ons and conven7ons. In order to facilitate the exchange of informa7on (EPD) with other professionals, the Associa7on of Dutch GPs (Nederlands Huisartsen Genootschap) has published in 2004 a set of guidelines that every prac77oner should follow in order to support the exchange of informa7on with other clinicians.
4.1. The EPD Agenda In order to cope with the (future) challenges of healthcare, the Dutch government launched two ini7a7ves: an electronic pa7ent record system (the so called EPD) and an ICT basic infrastructure to facilitate the exchange of informa7on in the healthcare value chain. ICT solu7ons that support healthcare delivery, sickness preven7on, clinical examina7on and healthcare logis7cs are considered to be part of the EPD project (NICTIZ, 2009). The basic ICT infrastructure to be used includes standards, agreements, contracts and tools that facilitate the exchange of informa7on in the healthcare sector (NICTIZ, 2009). For the introduc7on of the na7onal EPD infrastructure, a governance body has been created to define the project agenda, facilitate decision making and control the implementa7on (NICTIZ, 2009). The governance includes two bodies: the plaxorm for ICT and innova7on (Plaxorm ICT & Innova7e) and the steering commiOee ICT & innova7on (Stuurgroep ICT & Innova7e). The plaxorm is responsible for defining the agenda while the main func7on of the steering commiOee is decision making and the direct management of implementa7on projects. The governance body is responsible for the execu7on of the project and individual programs. Every subprogram is managed by Program Advise CommiOees (PAC) where the most relevant stakeholders for that specific project are represented. Each program compromises five itera7ve phases: awareness, decision prepara7on, design and valida7on, development and tes7ng and implementa7on. The incremental approach of the EPD implementa7on includes a diverse number of ini7a7ves to be completed in the planning horizon from 2008 to 2013 (NICTIZ, 2009). Figure 15 depicts an overview of these ini7a7ves grouped in the EPD agenda (NICTIZ, 2009):
Towards a Healthy Cloud
Page 127 of 218
Juan Hernández Colomina
Figure 15: EPD Program Overview
The deployment of the EPD infrastructure follows an incremental top-‐down approach star7ng with two func7onali7es: the exchange of informa7on regarding pa7ent’s drug prescrip7ons (EMD, Electronisch Medica7edossier in Dutch) and GPs observa7ons from service encounters at point of service loca7ons (WDH, Waarneemdossier Huisartsen in Dutch) (NICTIZ, 2009). At the moment of wri7ng, the implementa7on and pilot projects for these two types of informa7on have been successfully accomplished and they will be rolled out soon at na7onal level.
4.2. Stakeholders in the EPD ini*a*ve The Dutch government has passed a law in 2009 making the use of the na7onal infrastructure compulsory. However, par7cipants need to obtain the required cer7fica7on obtaining financial incen7ves for those using cer7fied informa7on systems (Tange, 2008). The most relevant actors that are affected by the EPD ini7a7ve are the Dutch government, healthcare providers, tax payers, pa7ents and pa7ent’s organiza7ons, poli7cal par7es, GP organiza7ons, IT vendors and others (Tange, 2008). The stakeholders and their support for the project is depicted in figure 16.
Towards a Healthy Cloud
Page 128 of 218
Juan Hernández Colomina
Figure 16: EPD stakeholders support (Tange, 2008)
The Government is the main ini7ator and advocate of the project. Some healthcare providers (e.g. GPs) support the idea but are opposed to the na7onal infrastructure and prefer regional ones, while other providers (e.g. hospitals) remain indifferent. In general, pa7ents and poli7cal par7es support the idea as they agree with the advantages of the new infrastructure. Nevertheless, the EPD ini7a7ve have found some opposi7on from prac77oners and ci7zens. According to a recent research by the associa7on of GPs, only 4,2% of Dutch ci7zens agrees with the exchange of their electronic pa7ent record through the na7onal switching point (ICTzorg, 2009) (WAKE-‐UP, 2009). Although this research can not be regarded as scien7fic as is strongly biased, it reflects the cri7cal role of GPs as first point of contact and informers.
4.3. Defini*ons A number of concepts must first be defined to fully understand the EPD infrastructure. Theses defini7ons can be categorized into general defini7ons and EPD related defini7ons. General defini7ons are included in appendix L. The most relevant EPD related defini7ons are further elaborated in table 23.
Towards a Healthy Cloud
Page 129 of 218
Juan Hernández Colomina
Table 23: Basic EPD Architecture
Acronym
Term
EPD
Electronisch Pa7enten Dossier
AORTA
-‐
BSN
Burgerservice-‐nummer
SBV-‐Z
Sectorale Berichten Voorziening in de Zorg
UZI
Unieke Zorgverlener Iden7fica7e
LSP
Landelijke Schakelpunt
GBZ
Goed Beheerd Zorgsysteem
XIS
Zorginforma7e-‐ systeem
ZSP
Zorgservice-‐providers
NICTIZ
Na7onaal ICT Ins7tuut in de Zorg
Descrip*on The Electronic Pa7ent Records (EPD) infrastructure aims to support the exchange of accurate and 7mely medical informa7on among healthcare providers at na7onal level under two condi7ons: the pa7ent has approved the exchange of data and the healthcare provider has been authorized (as it has a treatment rela7onship with the pa7ent). The first two func7onali7es to be deployed are the electronic exchange of medica7ons and medical observa7ons dossiers. Na7onal basic infrastructure to facilitate the exchange of medical records. It includes two registers (UZI & SBV-‐Z) and the na7onal switching point (LSP). Ci7zen’s na7onal unique iden7fica7on number. Healthcare providers are obliged by law (from the 1st of June, 2009) to use this numbers in their administra7on as well as when exchanging pa7ent related data. Public en7ty responsible for assigning, maintaining and verifying ci7zen’s BSN numbers. The CIBG public body is responsible for this register. The register is connected to the local ci7zen administra7on systems (Gemeentelijke Basisadministra7e Persoonsgegevens, GBA) Na7onal unique iden7fica7on number for healthcare provider. It can be found in two forms: electronic UZI card and UZI server cer7ficate. UZI cards are used to iden7fy individuals and UZI server cer7ficates are used to iden7fy the servers connected to the na7onal switching point LSP. The na7onal switching point to facilitate the secure electronic exchange of actual pa7ent informa7on at na7onal level. The LSP is an indexing system containing pointers on where to find actual informa7on from a specific pa7ent. A good managed health informa7on system. A type of informa7on system that has obtained the GBZ cer7fica7on due to compliance with all applica7on, implementa7on and exploita7on requirements as defined by NICTIZ. A healthcare informa7on system that has obtained the XIS sorware cer7fica7on as defined by NICTIZ. Healthcare connec7vity provider that facilitates a secure connec7on between the GBZ and the LSP. Public body responsible for the AORTA basic infrastructure, including the management of the switching point (LSP) and the specifica7ons of requirements for healthcare providers.
There is few consistency in the use of general terms like EHR or ICEHR around the globe. Many countries use their own acronyms which are oren very similar to the EHR defini7on. Some examples of the different terms use are: Electronic Pa7ent Records (EPR) in England, Computerized Pa7ent Record (CPR) in the USA, Electronic Health Care Record (EHCR), Electronic Client Record (ECR), Virtual EHR, Personal Health Record (PHR), Digital Medical Record (DMR) and Computerized Medical Records (CMR). ECR is a delimita7on if the term EHR for non-‐medical health informa7on (e.g. social worker, physiotherapist, etc.). A Virtual EHR can be defined as a real-‐7me assembled EHR. The DMR is defined as “a web-‐based record maintained by a healthcare provider or health plan. The DMR can have the func7onality of the EMR, EPR or EHR”. CDR is a term mostly used in Canada to define “an opera7onal data store that holds and manages clinical data collected from service encounters at point of service loca7ons (e.g. hospitals, clinics, etc.)”. CMR can be defined as “a computerized record created by image scanning or op7cal character recogni7on (OCR) of a paper-‐based healthcare record”. Towards a Healthy Cloud
Page 130 of 218
Juan Hernández Colomina
The bri7sh Na7onal Health Service (NHS) defines EPR as “an electronic record of periodic healthcare of a single individual, provided mainly by one ins7tu7on” (ISO, 2005). This defini7on is applied in different countries with slightly different interpreta7ons. In the USA, it is referred to as Computerized Pa7ent Record (CPR). In Europe, the term Electronic Health Care Record (EHCR) is widely used as a synonym for EHR. This term is also used in the CEN standard 13606 but is being increasingly replaced in use by EHR.
4.4. Legisla*ve Context There are two important Dutch laws seung the scope for the na7onal introduc7on of the EPD: one law to regulate the use of ci7zen’s social security numbers in healthcare “Wet gebruik burgerservicenummer in de zorg” and one law to determine the specific characteris7cs of the new infrastructure “Wet op het EPD”. The first law came into force the 8th of April of 2008. The second law was approved in 2009 (NICTIZ, 2009) and will soon come into force arer parliament approval. Besides these two laws that were specifically created for the EPD project, a series of exis7ng laws and regula7ons must also be taken into account as they highly influence some aspects of the infrastructure (NICTIZ, 2009). Some examples are the laws “Wet Bescherming Persoonsgegevens” that specifies how personal informa7on must be handle, the “Wet op Geneeskundige behandelingsovereenkomst” that regulates clinical encounters, the “Wet op de beroepen in de individuele gezondheidzorg” related to independent clinicians and the “Kwaliteitswet zorginstellingen” to guarantee the quality of healthcare services delivered. Although the use of BSN numbers have already been embedded in current laws and legisla7on (see law Wbsn-‐z), the overall use of the EPD infrastructure is at the moment of wri7ng regulated by bilateral agreements between NICTIZ and each healthcare provider. The Dutch government is planning to introduce in the coming years new legisla7on that will govern the use of the EPD infrastructure (Informa7epunt EPD, 2009). As the main goal of the EPD is to share informa7on that can reduce the probability of medical errors resul7ng from incomplete or inaccurate pa7ent informa7on (es7mated on 19.000 unnecessary hospitaliza7ons yearly) it is very important that all healthcare providers are included in the system. For this reason, the Dutch government will enforce par7cipa7on of all healthcare providers by law. Only healthcare providers that have a treatment rela7onship with a pa7ent can retrieve his/ her data from the EPD infrastructure. This requirement is controlled by (1) checking if that provider has previously enlisted informa7on on the LSP regarding that pa7ent or (2) by checking if the pa7ent is registered at the provider’s administra7on and reques7ng confirma7on from the provider that there is a treatment rela7onship and the customer has authorized the exchange of informa7on (Informa7epunt EPD, 2009).
Towards a Healthy Cloud
Page 131 of 218
Juan Hernández Colomina
4.5. Standards
The AORTA infrastructure has been developed to encourage communica7on and informa7on
sharing in the Dutch healthcare sector. The infrastructure has been developed by NICTIZ to facilitate the secure and reliable exchange of medical records between healthcare providers at na7onal level (Stap et al., 2007). For the exchange of informa7on, a number of standards have been selected. The message specifica7ons comply with the HL7 version 3 standard, services are specified in WSDL (Web Service Descrip7on Language) and SOAP (Simple Object Access Protocol) and communica7on follows the HTTPs and TCP/IP protocols. The concepts in process descrip7ons and informa7on models are described according to the CEN EN 13606 standard (Stap et al., 2007). The standard HL7 version 3 specifies requirements regarding communica7on, informa7on, processes and methodologies. Although there is interna7onal pressure to comply with the EU standard CEN 13606, the Dutch government has chosen for this project the American standard HL7 version 3. At the moment of wri7ng there are interna7onal ini7a7ves to merge these two standards but no results have been achieved yet (Tange, 2008). The European norm EN 13606 is a standard created by the European Commission of Normaliza7on (CEN, Comité Européen de Normalisa7on) for the exchange of electronic medical informa7on in a Electronic Health Records system (Stap et al., 2007). The standard is not compulsory for member states but it is recommended to include it in na7onal legisla7on when developing EHR infrastructures. The syntax, structure and seman7cs of EN 13606 have a lot in common with the HL7 version 3 standard developed by ANSI (American Na7onal Standard Ins7tute). The differences are currently being harmonized by the Electronic Healthcare Records Group.
A clear dis7nc7on should be made between registering and exchanging medical informa7on
(Stap et al., 2007). Registering medical informa7on includes recording, modifying and elimina7ng informa7on in Health Informa7on Systems (HIS). De CEN standard EN 13606 focuses on the communica7on of medical records between informa7on systems. The standard’s goal is to create an interface that translates informa7on from an sender’s informa7on system into a exchangeable format (e.g. EN 13606 format) that can be translated again into the recipient’s informa7on system (Stap et al., 2007). Through the use of 13606 adapters the exchange of informa7on is made independent from the structure, syntax and meaning of informa7on stored in individual provider’s systems. The 13606 interfaces are responsible for coding and decoding informa7on in the provider’s systems to an EN 13606 structure, syntax and meaning (Stap et al., 2007). De standard defines what informa7on is exchanged and how does that informa7on looks like but it does not define the communica7on form to be used. The use of the EN 13606 standard is depicted in the figure 17.
Towards a Healthy Cloud
Page 132 of 218
Juan Hernández Colomina
Figure 17: Usage of CEN 13606 Standard
The primary goal of this standard is to specify the structure, syntax and seman7cs of medical data to be exchanged by healthcare service providers (Stap et al., 2007). Healthcare organiza7ons can rely on standards to develop applica7ons that can seamlessly communicate with other providers. The standard has five parts responsible for different aspects of the structure, syntax and seman7cs of informa7on. This five parts and their corresponding coverage of these aspects are depicted in figure 18. Moreover, we briefly describe each of the five parts for clarifying purposes. Figure 18: Components of CEN 13606 Standard
the reference model: this part of the standard specifies the generic model for exchange of • Part 1, EHR data which is the basic structure for all the exchangeable medical informa7on. The structure is
•
created by hierarchically decomposing an EHR extract which is the whole medical record of a pa7ent or a part of it. An EHR extract contains one or more folders containing one or more composi7ons each. A composi7on contains one or more sec7ons and one or more nested subsec7ons with entries. An entry contains one or more elements and/or a cluster of elements (Stap et al., 2007). Part 2, archetypes interchange: the second part of the standard is concerned with the syntax, structure and seman7cs of informa7on. It does not include medical informa7on but rather the
Towards a Healthy Cloud
Page 133 of 218
Juan Hernández Colomina
• • •
tools to define medical concepts and its rela7onships that can be understood and used by different care providers. Once an archetype has been created it can be directly used by healthcare providers. During the informa7on exchange instances of archetypes are communicated which contains the data over a specific pa7ent (Stap et al., 2007). Part 3, reference archetypes and terminology: In this third part of the standard the seman7cs of the aOributes from the first part are specified. It determines which values the aOributes can have to facilitate its correct interpreta7on when they are exchanged. Moreover, it defines reference archetypes to be used with openEHR and HL7 version 3. This defini7ons of archetypes are meant to provide examples on how to use those archetypes with openEHR and HL7 (Stap et al., 2007). Part 4, security requirements and distribu*on rules: Security and reliability are two important requirements for exchanging medical informa7on. This part of the standard focuses on describing a security and access model for a EHR extrac7on, specifying what is needed when exchanging such an extract (Stap et al., 2007). The standard includes role based access control, access rules, access management, informa7on sensi7vity assessment and access policies. Part 5, interface specifica*ons: this last part of the standard specifies the interfaces to the func7onality described in the other four parts of the standard. It includes defini7ons of three interface domains: request EHR extract, request archetype and request audit log extract (Stap et al., 2007).
4.6. Interoperability According to the ISO-‐TR-‐20514 standard there are two specializa7ons (or types) of basic EHRs, shareable EHRs and non-‐shareable EHRs. Moreover, there is one specific type of shareable EHRs, the integrated ICEHR. In order to share informa7on in integrated ICEHR we need to consider two types of interoperability: func7onal and seman7c interoperability. Func7onal interoperability is the capability of two or more systems to exchange informa7on. Seman7c interoperability is the capability of understanding the informa7on being shared according to the previously defined domain model (ISO, 2005). Seman7c interoperability is an essen7al requirement for automated informa7on processing and it implies agreements between sender and receiver regarding standardizes EHR reference models, service interface models, domain specific concept models and terminologies (ISO, 2005). In order to provide effec7ve integrated care services the informa7on gathered must be 7mely exchanged among care providers. The standardiza7on of domain concepts, terminologies and archetypes is essen7al to facilitate interoperability (ISO, 2005). The fundamental characteris7c of an ICEHR is a standardized logical informa7on model based on widely accepted standards (e.g. ISO, CEN & HL7). A logical informa7on model determines the structure and rela7onship of informa7on and it is plaxorm and technology independent. Interoperability of heterogenous informa7on systems is crucial for the success of the EPD ini7a7ve (NICTIZ, 2009). In order to achieve inter-‐organiza7onal system interoperability it is necessary to define beforehand the standards to be used in processes (procedures and guidelines), communica7on (messages, reports, overviews, security, etc.) and languages (structure, terminology and coding). The basic infrastructure of the EPD project includes the following communica7on Towards a Healthy Cloud
Page 134 of 218
Juan Hernández Colomina
standards: usage of BSN numbers to iden7fy pa7ents, usage of UZI card to iden7fy providers, technical implementa7on of communica7on within the infrastructure and the requirements to become a system provider (GBZ or Goed Beheer Zorgsysteem in Dutch).
In the Dutch healthcare sector some processes take place at regional level without requiring
connec7vity with other infrastructures outside that region. These regional infrastructures do not oren comply with the security requirements and standards defined by the EPD project. However they need to be integrated in the na7onal infrastructure in order to facilitate the exchange of informa7on across regions (NICTIZ, 2009). In order to integrate this regional efforts in the na7onal infrastructure, a series of collabora7ve ini7a7ves have been launched that include care providers, insurers, ICT organiza7ons and local public bodies. Due to the reduced size of this regional collabora7ons implementa7ons are accomplished faster and innova7ons emerge fluently (NICTIZ, 2009).
4.7. AORTA Basic Architecture & Interac*ons In order to provide an overview of the EPD infrastructure, we have created an architecture diagram of the AORTA basic infrastructure including all components involved and their basic interac7ons (see figure 19). For clarifying purposes the architecture includes only two qualified GBZ healthcare providers, each with his own ZSP provider. Moreover, the interac7ons depicted represent a single healthcare encounter of one pa7ent and the process of retrieving pa7ent data at another encounter with another healthcare provider. AORTA is the na7onal basic infrastructure to support the exchange of informa7on in the Dutch healthcare sector. The AORTA infrastructure includes the na7onal switching point (LSP), where cer7fied healthcare providers (GBZ) can connect using their cer7fied infrastructure (ZSP) and their cer7fied sorware (XIS). These main components of the AORTA infrastructure are further elaborated on table 24 (Tange, 2008): Table 24: AORTA Components
AORTA Component Two authoriza7on systems
Elements Ci7zen’s social security numbers (BSN) and providers id (UZI)
For healthcare providers (GBZ), connec7on service providers (ZSP) and sorware (XIS). It is not possible to connect to the na7onal switching point without having these cer7fica7ons. The Three cer7fica7on cer7fica7ons include three type of requirements: func7onal (how to register and exchange programs informa7on), implementa7on (how to connect, security and technical performance) and exploita7on (procedures to keep informa7on accurate, 7mely and secure). The LSP (Landelijke Schakel Punt in Dutch) is financed and maintained by Nic7z. It connects the different source systems at na7onal level being the central component of the na7onal A na7onal switching infrastructure where cer7fied systems (GBZ) can connect to exchange data on a point-‐to-‐point point basis. The func7ons of the LSP are to authen7cate and authorize providers and cer7fied systems (GBZ), to subscribe pa7ent in its index and to route requests and replies of standardized data sets. Moreover, it registers all data accessed and by whom. A library of messages Based on version 3 of the HL7 medical communica7ons standard
Towards a Healthy Cloud
Page 135 of 218
Juan Hernández Colomina
In figure 19 the EPD workflows between all actors are depicted (Informa7epunt EPD, 2009). Figure 19: Basic EPD Architecture
The different exchanges of informa7on depicted in figure 19 are: (C) (D)
(E) (F)
At a healthcare encounter, the healthcare provider register the pa7ent data in his own administra7on and informa7on system. The healthcare provider enlists the data on the na7onal switching point (LSP). Enlis7ng means in this context communica7ng the fact that the specific organiza7on (iden7fied by UZI number) has data related to that specific pa7ent (iden7fied by BSN number). The “real” pa7ent data (e.g. medical condi7ons, medicines prescribed, etc.) remains at all 7mes at the organiza7on’s informa7on system. Other healthcare providers can access the pa7ent’s data if they have a care rela7onship with the pa7ent. For this purpose, they request first from the LSP a list of which providers have informa7on regarding an specific pa7ent. Arer the pa7ent has been informed and he/she has authorized the exchange of informa7on, the provider can retrieve the pa7ent data from the other provider(s).
From the architecture diagram we can iden7fy three main steps that every healthcare provider must complete before being connected to the EPD infrastructure: deploy the use of BSN numbers, obtain the GBZ cer7fica7on and implement the connec7on to the LSP (by using an external cer7fied ZSP provider or by obtaining the ZSP cer7fica7on).
Towards a Healthy Cloud
Page 136 of 218
Juan Hernández Colomina
4.8. Security and Privacy Considera*ons
Security, reliability and privacy are important challenges when implemen7ng inter-‐
organiza7onal infrastructures, specially in the healthcare sector. To deal with these challenges, the Dutch government has developed a model of trust that covers laws, regula7ons, informa7on security and control that determines who and in which circumstances can share informa7on (NICTIZ, 2009). The technology applied must ensure that informa7on is securely stored and transmiOed. An appropriate access control policy must guarantee that informa7on is accessed only by authorized users (ISO, 2005). The EPD infrastructure contains a series of controls to detect unauthorized access. These security checks are distributed across the infrastructure and focus on each of the possible weak points. The overall security system is called GKI (Grootschalige Ketenbrede Indringerstest) and it includes three security policies: PvE GBZ, PvE ZSP and PvE LSP. These policies and controls are depicted in figure 20. Figure 20: Security Policies and Controls in the EPD Infrastructure
GBZ
Control GBZ
HOSTING XIS
PvE GBZ
Control XIS
Control SBV-Z
Control UZI
BSN Register
UZI Register
Control ZSP
ZSP
PvE ZSP
Control LSP
LSP
PvE LSP
Security Policies EPD
As shown in figure 20, security controls have been placed at every individual component of the EPD chain: the healthcare organiza7on (GBZ) aiming to connect to the switching point (LSP), the sorware applica7on facilita7ng the connec7on (XIS), the cer7fied service provider that facilitates the Towards a Healthy Cloud
Page 137 of 218
Juan Hernández Colomina
data communica7on (ZSP), the switching point (LSP) and both external registers (SBV-‐Z & UZI) that facilitate the iden7fica7on of ci7zens and healthcare providers respec7vely. For the main three blocks (GBZ, ZSP & LSP) specific security policies have been developed. The controls and policies main goal is to detect unauthorized access to any of the components which therefore could compromise the en7re EPD chain. Pa7ent iden7fica7on in the Dutch healthcare sector is registered using Ci7zen Service Number (Burger Service Nummer, BSN). Although this number is used for several purposes (e.g. taxes, work permits, etc.) it was not authorized to be used in healthcare. For this reason, current legisla7on had to be modified, a process that took three years to be completed (Deutsch & Turisco, 2009). In order to protect pa7ent’s privacy, to ensure that data is kept up-‐to-‐date and to improve the overall security of the new system, pa7ent data is not stored in a central system but instead real-‐7me gathered and assembled by prac77oners when needed (NICTIZ, 2009) (Informa7epunt EPD, 2009) (Prou & Smit, 2006).
Only healthcare providers that have a treatment rela7onship with a pa7ent can retrieve his/
her data from the EPD infrastructure (Informa7epunt EPD, 2009). To protect pa7ent’s privacy, pa7ents have the right to be informed and must be able to block his dossier (fully or par7ally) from exchange with healthcare providers (all or some) (Deutsch & Turisco, 2009). When pa7ent data is enlisted for the first 7me on the LSP, the pa7ent must be informed on the consequences and he/she must authorize the exchange. The blocking (and unblocking) right can be applied by the ci7zen at any 7me. Due to current privacy legisla7on in The Netherlands, before enlis7ng any pa7ent dossier in the LSP for the first 7me, the organiza7on must inform the corresponding public body: the College Bescherming Persoonsgegevens (CBP). The na7onal switching point can be compared with a traffic control tower which contains a reference index to locate where informa7on about a specific pa7ent can be found and wether it can be retrieved. It uses ci7zen’s social security number (BSN numbers) to iden7fy the subject at hand, and it uses UZI numbers to iden7fy the provider reques7ng the informa7on and wether he is authorized to retrieve that specific informa7on (Prou & Smit, 2006). Moreover, the Dutch government provides full audit results to pa7ents regarding access and modifica7ons of their records, including logs on who accessed the data and what type of informa7on was viewed by each person. Moreover, pa7ents can determine if they want to opt in, opt out or opt in with restric7ons (Deutsch & Turisco, 2009). An important mistake made by the Dutch government in the development of their EHR was not to achieve 7mely consensus from pa7ents (Deutsch & Turisco, 2009). The government tried to obtain pa7ent’s general agreement once the system was built and ready to be rolled out by sending pa7ents a leOer of permission. This resulted in pa7ents being surprised and returning 300.000 incomplete or inaccurate leOers which lead to significant delays in rolling out the new EHR.
Towards a Healthy Cloud
Page 138 of 218
Juan Hernández Colomina
4.9. GBZ: Good Managed Health Informa*on Systems
The Netherlands has established a cer7fica7on program for EHRs and connec7on service
providers. The cer7fica7on is based on three types of requirements: func7onal, implementa7on and u7liza7on requirements (Deutsch & Turisco, 2009). Func7onal requirements specify how to store and exchange informa7on, implementa7on requirements are concerned with security and connec7vity issues, and u7liza7on requirements focus on processes and measures to maintain informa7on in the EHR as accurate, 7mely and secure as possible. A. Defini*on of a GBZ organiza*on GBZ is the Dutch acronym for “Goed Beheer Zorgsysteem” which can be translated to English as “Good Managed Health System”. Dutch healthcare organiza7ons are responsible for mee7ng all GBZ requirements in order to obtain this cer7fica7on that allows them to connect to the na7onal switching point (LSP) of the EPD infrastructure (NICTIZ, 2006) (NICTIZ, 2005).
A GBZ is a health informa7on system (or a collec7on of systems) which can be used to
exchange pa7ent informa7on with other healthcare providers through the na7onal infrastructure AORTA (Informa7epunt EPD, 2009). Providers connect to other providers through the na7onal switching point (LSP). To connect to the switching point providers need to use a secure data communica7on network provided by a ZSP qualified provider. The switching point is a reference index system that contains informa7on about what type of pa7ent informa7on is stored on each healthcare provider’s system. For authen7ca7on purposes, providers need to use their UZI cards and server cer7ficates when connec7ng to the LSP. Moreover, the LSP stores extended logging on what informa7on is accessed by each provider. According to the PvE GBZ documenta7on, a GBZ is a XIS applica7on or a collec7on of XIS applica7ons, including the related pa7ent dossiers, that are available to a healthcare provider, facilita7ng the exchange of pa7ent data through a health informa7on management system (ZIM), communica7ng with ZIM through a network address, and is authen7cated by one UZI server cer7ficate which has been assigned to the responsible organiza7on (Tesink, 2009). This includes the measures to guarantee that data is only accessed by authorized individuals, and the manuals and procedures for the users and administrators of those facili7es. In other words, a GBZ includes the ICT capabili7es used by a healthcare provider where one or more XIS cer7fied applica7ons are connected to the na7onal switching point. The main goal of the GBZ cer7fica7on is to ensure that pa7ent data exchanged through the na7onal switching point fully complies with the requirements of integrity and confiden7ality (Tesink, 2009). The importance of delimi7ng the scope of a GBZ organiza7on is explicitly elaborated in na7onal policies (IE BVL e04) (Tesink, 2009).
Towards a Healthy Cloud
Page 139 of 218
Juan Hernández Colomina
A GBZ organiza7on must be able to iden7fy always:
fron7ers of the GBZ system within the organiza7onal ICT infrastructure. • The and how pa7ent data cross that fron7er. • When Confiden7ality: How is ensured that pa7ent data is not accesses by unauthorized individuals • Data or organiza7ons. Integrity: How is ensured that pa7ent data is not received from unauthorized individuals or • Data organiza7ons. is ensured that unauthorized individuals are blocked from physical access to parts of or the • How whole GBZ system. The fron7er of a GBZ organiza7on is delimited by the sorware and system used to connect, the use cases where pa7ent data leaves the organiza7on and the security measures taken to prevent unauthorized access and unauthorized delivery. Moreover, the hardware used must have enough capacity to handle all requests within the required response 7mes. Moreover there must be enough disk space to store all logs. Once data has been received from another qualified healthcare provider, the GBZ must strictly facilitate the following four ac7ons (AE OPV e11) (Tesink, 2009): storing data as addi7on to the pa7ent dossier temporarily (for a maximum of 48 hours) where it can be modified it or deleted it. B. Examples of GBZ systems For clarifying purposes four examples of GBZ systems are illustrated in this sec7on. They include a PC based system (e.g. used by a GP) in figure 21, a client/server system (e.g. used by a Pharmacy) in figure 22, a mul7ple client/server system with a communica7on server (e.g. used by a hospital) in figure 23 and a Applica7on Service Provider (HAP) model in figure 24.
Figure 21: Example of PC Based GBZ
Figure 22: Example of Client/Server GBZ
Towards a Healthy Cloud
Page 140 of 218
Juan Hernández Colomina
Figure 23: Example of Mul*ple Client/Server GBZ
Figure 24: Example of Applica*on Service Provider GBZ
C. GBZ Cer*fica*on Requirements To facilitate the evalua7on of GBZ requirements, NICTIZ has developed a checklist that can be used by healthcare organiza7ons to evaluate the readiness to obtain the GBZ cer7ficate. Only organiza7ons that can answer posi7vely all ques7ons should apply for the cer7fica7on as they are certain to meet all requirements. The checklist is included in appendix I. In the context of this research (cloud compu7ng in Dutch healthcare), availability requirements are the most important boOleneck and therefore they should be carefully evaluated. A GBZ must comply with the following availability requirements (NICTIZ, 2005): must be able to handle messages 24 hours per day and 7 days per week. • A A GmBZ of 1 small outage per month and it must be solved within 15 minutes. • A maximum of 2 large outages per year and they must be solved within 1 day. • The aximum yearly availability must be minimal 99,4%. • In the overall case of new pa7ent data, a GBZ must register it at the na7onal switching point (LSP) within • 15 minutes in the case of new data, and within 1 day in the case of updates or data that has been
•
already registered at least once. The response 7mes of communica7ons between a GBZ system and a health informa7on broker (ZIM) regarding informa7on requests and responses are the following: ➡ Request message of data overview: 0,5 seconds. ➡ Response message with data overview: 0,5 seconds. ➡ Request message of pa7ent data: 0,5 seconds. ➡ Response message with pa7ent data gathered: on average 2 seconds. ➡ Response message with pa7ent data to the requester: 0,5 seconds.
Towards a Healthy Cloud
Page 141 of 218
Juan Hernández Colomina
For clarifying purposes, the response 7mes applicable to GBZ organiza7ons are depicted in figure 25 and 26. Figure 25: Request / Responses Times for Data Overviews
Request / Response times for Data Overview
(a) 0,5 seconds
REQUEST GBZ
ZIM RESPONSE
(b) 0,5 seconds
1 second
Figure 26: Request / Responses Times for Retrieving Pa*ent Data
Request / Response times for Patient Data (c) 0,5 seconds
0,5 seconds
REQUEST
REQUEST ZIM
GBZ RESPONSE
(e) 0,5 seconds
RESPONSE
1 second
GBZ GBZ
(d) 2 seconds
There are three main layers of GBZ requirements: applica7on and data layer, server layer and communica7on layer. Moreover, the standard NEN7510 is used to guarantee appropriate informa7on security (NICTIZ, 2005). The requirements per layer are depicted in the following table 25:
Towards a Healthy Cloud
Page 142 of 218
Juan Hernández Colomina
Table 25: NEN7510 Requirements
Layer
Requirements
•Use of UZI cards to access health data in the na7onal infrastructure •Logging of data retrieved and delivered from/to other organiza7ons including role based access logs. Applica*on •Daily backup procedures and data restore procedures. & Data •Storage of pa7ent data based on BSN numbers (ci7zen’s social security numbers). •Data must be sing-‐in at the LSP before use in the na7onal index system (Verwijsindex VWI).
Server
•Every GBZ must be registered at the na7onal UZI register and obtain an UZI issued server cer7ficate. •To connect to the LSP every GBZ must iden7fy itself with their UZI server cer7ficate. •The authen7ca7on of GBZ takes place through SSL version 3.0 or TLS version 1.0 standards. •Storing the private key of the cer7ficate on the server must include encryp7on mechanisms. •Each GBZ can exclusively communicate through their ZSPs to the LSP. •Access to the opera7ng system or to the GBZ must be protected with login and password combina7on. •The system administrator must ensure that the opera7ng system of a GBZ is securely deployed and updated. •File and mail servers must be protected by an7 virus sorware.
•Incoming and outgoing requests must be accurately handle. •No request must be lost even if the receiver is not available at a certain moment. Communi-‐ •The following standards must be followed: HL7 version 3, SOAP 1.1 / WSDL 1.1 and HTTP(S) / TCP/IP ca*on •Communica7ons must be protected by firewalls. •If VPN connec7ons are used all other Internet traffic must be blocked. •Communica7ons must be encrypted by using SSL version 3 / TLS version 1.0 and a session key of 128 bits.
D. GBZ Cer*fica*on Process In order to obtain the GBZ cer7fica7on, providers need to comply with a series of requirements specified by NICTIZ on their document “Programa van Eisen voor een goed beheer zorgsysteem (GBZ)” (Informa7epunt EPD, 2009). There are five main process steps to obtain the GBZ cer7fica7on: adap7ng the local ICT infrastructure, adap7ng the organiza7on, registra7on, BSN numbers implementa7on and GBZ cer7fica7on (Informa7epunt EPD, 2009). The steps and some descrip7on of the deliverables from NEN7510 are shown in table 26. An overview of all GBZ requirements is included in appendix N. Table 26: NEN7510 Requirements
Step
Descrip*on One of the main requirements to be able to connect to the na7onal switching point (LSP) is to embed the use of BSN numbers in internal ICT systems and administra7on. This includes the technical implementa7on in the internal ICT infrastructure as well as the connec7on to the register (SBV-‐Z). Adap*ng the Another important requirement is that the connec7on between the qualified healthcare provider (GBZ) (internal) ICT and the na7onal switching point (LSP) must be carried out through a data communica7on network infrastructure provided by a qualified provider (ZSP). Moreover, the applica7on connec7ng to the LSP must have obtained the XIS cer7fica7on. In order to comply with these requirements healthcare providers might need to adapt their current ICT infrastructure.
Towards a Healthy Cloud
Page 143 of 218
Juan Hernández Colomina
Besides the technical adapta7on, healthcare providers need to adapt also their organiza7onal processes, including training employees and modifying exis7ng work instruc7ons, manuals and process descrip7ons. The organiza7on must ensure that there are work instruc7ons and user manuals available related to: the use of the (new) XIS sorware, the use of BSN numbers, the process of enlis7ng pa7ent Adap*ng the dossiers, the process of consul7ng pa7ent dossiers, the use of UZI cards and the process of informing organiza*on pa7ents about the EPD infrastructure and their rights. The organiza7on needs to train employees to work with this process modifica7ons in order to ensure accurate process performance. Moreover, the organiza7on must deploy processes that enable availability, maintenance, management and security of the (new) ICT infrastructure. Once the internal ICT infrastructure and processes have been adapted, the organiza7on is ready to Registra*on and submit their enrollment request to the EPD. This includes registering the organiza7on as qualified Enrollment healthcare provider, reques7ng the UZI tools (card, reader and server cer7ficate) and submiung the request for connec7on to the EPD infrastructure From the 1st of June 2009 every healthcare provider in The Netherlands is obliged by law to use ci7zen’s BSN numbers in their administra7on and informa7on systems. This is also a requirements to be met before connec7ng to the EPD infrastructure. In order to embed BSN numbers, organiza7ons need to use Embedding the the UZI tools (card, reader and server cer7ficate) for authen7ca7on purposes. The use of these tools use of BSN have already been documented in the related work instruc7ons and process descrip7on (see Adap7ng numbers the organiza7on above). Moreover, the organiza7on’s ICT systems have already been adapted to include BSN numbers (see Adap7ng the ICT infrastructure above) to facilitate: the request of a pa7ent’s BSN number from the registry (SBV-‐Z), the storage of that BSN number in the internal administra7on, and to be able to exchange pa7ent informa7on based on a BSN number. The last step before connec7ng to the EPD infrastructure is to obtain the GBZ cer7fica7on. The GBZ GBZ cer7fica7on includes requirements that can be grouped into: applica7on requirements, implementa7on cer*fica*on requirements and management requirements.
4.10. ZSP: Healthcare Communica*on Service Providers A cer7fied ZSP organiza7on enables the secure connec7on of a GBZ to the na7onal switching point (LSP). NICTIZ has specified the requirements for ZSP cer7fica7on in their document “Programa van Eisen voor een Zorgserviceprovider (ZSP)” (NICTIZ, 2009). NICTIZ defines a ZSP as a legal en7ty that provides services to healthcare provider by connec7ng a GBZ to the LSP through a data communica7on network (DCN). Besides the data communica7on network a ZSP also includes the devices needed to realize the connec7on to the LSP. Moreover, the ZSP must provide a series of services to GBZs and the LSP including a service desk to communicate malfunc7ons and planned maintenance, and to support the con7nuity of the services provided (NICTIZ, 2009). The main responsibili7es of the ZSP is to manage the connec7on of the GBZ to the LSP using a preven7ve, correc7ve and adap7ve approach. The requirements can be grouped into func7onal, implementa7on and exploita7on requirements. A complete overview of all requirements is included in appendix M. Those requirements defined as op7onal or no longer applicable in the current document version have been excluded from the overview.
4.11. XIS: Cer*fies Health Informa*on Systems The XIS cer7fica7on is a essen7al element of the GBZ cer7fica7on. Healthcare organiza7ons are free to choose the sorware provider that best meet their needs. The only requirement is that the sorware used has obtained a XIS cer7fica7on. Every provider that facilitates sorware connec7vity to Towards a Healthy Cloud
Page 144 of 218
Juan Hernández Colomina
the na7onal infrastructure must obtain the XIS cer7fica7on for its sorware. To obtain the cer7fica7on, NICTIZ runs a series of test scripts to evaluate the sorware connec7on to the na7onal switching point (LSP). If all scripts are completed successfully, NICTIZ issues the XIS cer7fica7on to the sorware producer (NICTIZ, 2006). The XIS specifica7on describes the requirements for messaging and security. The cer7fica7on is obtained once by the sorware producer for a specific sorware product. The same sorware can further be installed in various healthcare organiza7ons without the need to obtain the XIS cer7fica7on for each deployment.
4.12. Current Status of the EPD project The introduc7on of Electronic Pa7ent Records in The Netherlands (the so called EPD project) was launched by the Ministry of Health (Ministerie van Volksgezondheid, Welzijn en Sports) in collabora7on with the Na7onal ICT Ins7tute in Healthcare (NICTIZ) and the CIBG, a public organiza7on responsible for a number of public registers (e.g. UZI & SBV-‐Z registers) (Informa7epunt EPD, 2009). The project is carried out following an incremental approach where first two selected func7onali7es are deployed. For this reason, the Ministry has chosen the medica7on and observa7on dossiers to be the first ones deployed (Informa7epunt EPD, 2009). By 2008, significant progress has been made on the EPD introduc7on (NICTIZ, 2009). The na7onal infrastructure and standards suppor7ng the first two selected func7onali7es (EMD and WDH) have been completed. Pilot projects in selected regions have been successfully realized, while a large number of healthcare organiza7ons and ICT providers have successfully completed the accredita7on process to be connected to the basic infrastructure (LSP, Landelijke Schakel Punt in Dutch). Following these two func7onali7es, the project will con7nue by adding informa7on related to emergency care, lab informa7on and diabetes treatments. The law for the use of ci7zen’s social security numbers (BSN numbers) in healthcare came into force the 1st of June 2009. From that moment all healthcare providers, ins7tu7ons and insurers in The Netherlands must work according to this law (Klink & Bussemaker, 2008). According to TNS research around two thirds of all healthcare organiza7ons have taken measures to use BSN numbers by June 2009. The rest expects to be ready to use BSN numbers by the end of the year 2009 (MVWS, 2009). There are two main applica7ons that providers need to use when working with BSN numbers. One to iden7fy and/or control the BSN number of a pa7ent (SBV-‐Z) and a second one to check if the pa7ent is insured (Vecozo). These two applica7ons have experienced a significant increase in demand, resul7ng in some technical malfunc7ons. The health ministry will work in the coming months to improve the robustness of these two applica7ons improving the availability of the SBV-‐Z and UZI registers which do not comply yet with the requirement of 24x7 up7me (Klink & Bussemaker, 2008) (MVWS, 2009). By June 2009, around 45% of healthcare ICT providers have obtained the cer7fica7on for the use of BSN numbers (BSN Zorg Keurmerk) (Klink, 2009) (MVWS, 2009).
Towards a Healthy Cloud
Page 145 of 218
Juan Hernández Colomina
As providers need to iden7fy themselves to connect to the EPD infrastructure, there have been a large number of requests for provider’s iden7fica7on cards (UZI cards) resul7ng in processing delays (Klink & Bussemaker, 2008). This boOleneck has already been iden7fied in the early stages of the EPD implementa7on. Although the delay has been par7ally reduced it does not yet fully comply with the agreed terms (MVWS, 2009). UZI cards and server cer7ficates are now distributed within the agreed 7mes, but the preceding process of evalua7ng subscrip7ons for healthcare providers suffers a delay of 10 days above the previously agreed 14 days. The total number of healthcare providers to be connected to na7onal switching point (LSP) is 6.368 composed of 4.321 GP offices, 127 GP posts, 1.825 pharmacies and 95 hospitals. Un7l the second quarter of 2009, around 100 providers have been connected (MVWS, 2009). The ministry expects to connect an addi7onal 900 providers by the end of 2009, including 450 GP offices, 50 GP posts, 400 pharmacies and 15 hospitals. During the first half of 2010, the ministry expects to connect another 2.500 providers. By the second quarter of 2009, the na7onal EPD infrastructure provides informa7on of around 360.000 pa7ents. The data has been successfully exchanged around 400.000 7mes un7l June 2009 (MVWS, 2009). Every ci7zen has the right to refuse that his or her pa7ent data is exchanged through the switching point (LSP). Un7l June 2009, more than 350.000 ci7zens are excluded at their own request (Klink, 2009).
The financial costs of the EPD project have been recently reported by the Ministry of health
(Klink, 2009). By January 2009, around 90 million euros have been expended in development and deployment of the EPD infrastructure. This amount can be further subdivided into 67 million for the development of the na7onal infrastructure (LSP, UZI registry and BSN control system),11 million euros to support deployment, pilots and evalua7ons, 3,6 million euros for communica7on and 7,9 million euros for subsidies to providers. The Ministry is also planning to research the Total Cost if Ownership (TCO) of ICT in the healthcare sector. The conclusions of this research will be presented by the end of 2009 (Klink, 2009). An extension of the EPD project currently being planned by the Ministry of Health is pa7ent access to his or her data being shared through the na7onal infrastructure (Klink, 2009). The goal is to provide ci7zens not only with access to view their data but also to be able to digitally refuse the disclosure of his or her personal data. Moreover, as the first two func7onali7es have been deployed with success, the next steps in the EPD agenda will be ini7ated in the near future.
Towards a Healthy Cloud
Page 146 of 218
Juan Hernández Colomina
4.13. Sec*on Summary
According to the Dutch government, ICT is an important enabler to cope with current and
future challenges in healthcare (e.g. age distribu7on, pervasive and care intensive illnesses, etc.) as well as to improve the sustainability (e.g. cost efficiency) of the current system. On one hand healthcare organiza7ons can leverage ICT solu7ons to support medical research and prac7ces, while on the other hand they can be applied to improve the cost efficiency of the system. The growing governmental interest on leveraging ICT for healthcare is reflected for example on the introduc7on of electronic pa7ent records (the EPD project) which aims to improve the quality, accessibility and affordability of care services. However, the Dutch government has limited enforcing power on how healthcare organiza7ons operate as the Dutch health system is predominantly private. In order to s7mulate the use of ICT in Dutch healthcare the government created the NICTIZ organiza7on which is responsible for the realiza7on of the EPD infrastructure in collabora7on with pa7ent’s associa7ons, healthcare providers, insurers, ICT providers and public ins7tu7ons. The main goal of NICTIZ is to develop and maintain the basic infrastructure (AORTA) that supports the na7onal exchange of electronic pa7ent records, including the related standards and cer7fica7on programs. The EPD project was primarily launched to improve the quality of care by enabling 7mely, accurate and secure informa7on exchange among healthcare providers. It is important to note that electronic pa7ent records are a delimited type of electronic health records that include informa7on to support a specific treatment or care process rather than providing a holis7c view of a pa7ent’s health status. For this reason, the informa7on exchanged through the EPD infrastructure is limited to the relevant parts needed at a certain moment in 7me by a healthcare provider.
Family doctors (General Prac77oners or GPs) are one of the most important actors in the
Dutch healthcare system. They are the first point of contact for pa7ents (except in case of emergencies) and they have the decision power to refer pa7ents (or not) to other specialists. The 9.000 family doctors in The Netherlands currently solve around 95% of all primary care condi7ons. There is a clear need for electronic collabora7on between GPs and other medical actors as the great majority of them work alone or share their office with one or two other clinicians. When analyzing the use of ICT in GP offices, we observe high levels of computeriza7on when genera7ng prescrip7ons, using electronic medical records, accessing test results or maintaining their own administra7on in computer based informa7on systems. However, we find lower levels of automa7za7on when accessing a pa7ent’s medica7on history.
Although collabora7on between clinicians is becoming more important due to the increasing
number of sicknesses that require mul7-‐disciplinary approaches, only half of the GPs can share records electronically with prac77oners outside their workplace. Very few GPs receive electronic alerts to provide pa7ents with test results, access a pa7ent’s hospital record, order tests electronically or provide pa7ents with access to their test results electronically. The need for electronic collabora7on Towards a Healthy Cloud
Page 147 of 218
Juan Hernández Colomina
is also reflected on the fact that almost half of the popula7on have experienced medical problems due to the lack of coordina7on among prac77oners. Around one out of ten GPs have repeated tests because the results were not available. Collabora7on is therefore cri7cal to improve the quality of care and achieve cost efficiencies. In order to foster collabora7on between healthcare actors, the Dutch government has launched the EPD ini7a7ve in 2008. The main goal of this ini7a7ve is to improve the quality of care services by sharing medical informa7on in a fast and reliable manner. By 7mely sharing accurate pa7ent informa7on clinicians can prevent communica7on errors that can have fatal consequences for a pa7ent’s health. The EPD ini7a7ve includes several sub-‐projects that are being implemented following a top-‐ down incremental approach from 2008 to 2013. The first two func7onali7es to be implemented are electronic pa7ent drug prescrip7on records (EMD, Electronisch Medica7edossier) and GPs observa7on records from service encounters at point of service loca7ons (WDH, Waarneemdossier Huisartsen). The EPD project is managed by two governance bodies, the plaxorm for ICT and innova7on for defining the EPD agenda and the steering commiOee ICT & innova7on responsible for decision making and the direct management of implementa7on projects. The EPD infrastructure consists of a basic “empty” infrastructure (AORTA) containing index and reference systems (LSP) that connects all individual sources were pa7ent informa7on is registered and stored. It is important to note that pa7ent informa7on is not stored on a central repository but it remains at its origin (e.g. hospital, GP office, etc.) and it is gathered on demand. With this construc7on, data can be kept always updated minimizing the delay between informa7on genera7on and its availability to other prac77oners. The actors related to the EPD project are very diverse and with different perspec7ves on the project. The ministry of health and pa7ent organiza7ons are among the actors that are highly suppor7ve of the ini7a7ve and have strong influence on its adop7on. GP organiza7ons on the other hand are not very suppor7ve. This can become a significant barrier for adop7on as they also have a lot of influence on the use of the envisioned system. There are several laws related to the EPD regula7ng the use of ci7zen’s numbers in healthcare (Wet gebruik burgerservicenummer in de zorg), the characteris7cs of the infrastructure (Wet op het EPD), the use of personal informa7on (Wet Bescherming Persoonsgegevens) and the treatment of pa7ents (Wet op Geneeskundige behandelingsovereenkomst) among others. It is important to note that par7cipa7on of healthcare organiza7ons is currently non-‐compulsory and contractually regulated by bilateral agreements between NICTIZ and each individual provider. The government plans to enforce par7cipa7on by law in the coming years as for the success of the system all providers need to be connected to the infrastructure. Exis7ng regional switching points will be integrated on the na7onal switching point (LSP). Towards a Healthy Cloud
Page 148 of 218
Juan Hernández Colomina
The standards used on the EPD infrastructure are HL7 version 3 for message specifica7ons, WSDL and SOAP for web-‐service descrip7ons and access, HTTPs and TCP/IP for communica7ons and the CEN 13606 for concepts in process descrip7ons and informa7on models. NICTIZ has chosen these standards to facilitate the exchange of informa7on independently from the structure, syntax and seman7cs used at individual provider’s systems. In order to guarantee interoperability between provider’s systems, the EPD ini7a7ve has established three cer7fica7ons that healthcare providers must obtain before connec7ng to the na7onal infrastructure. These programs are the Good Managed Healthcare Organiza7on (GBZ) cer7fica7on, the Healthcare Service Provider cer7fica7on (ZSP) and the Cer7fied Health Informa7on System cer7fica7on (XIS). The XIS cer7fica7on is meant to ensure that sorware connec7ng to the na7onal infrastructure complies with the requirements established by NICTIZ. The ZSP cer7fica7on is designed to enabled the secure connec7on of a GBZ cer7fied healthcare provider (an his XIS cer7fied sorware) to the na7onal switching point (LSP). The GBZ cer7fica7on aims to ensure that exchanged pa7ent data complies with the requirements of integrity and confiden7ality. GBZ requirements are divided into three layers: applica7on, communica7on and server. The requirements focus mainly in guaranteeing the accuracy, availability and security of informa7on exchanges. AORTA is the basic infrastructure suppor7ng the exchange of informa7on. It includes two registers (BSN and UZI registers) for actor iden7fica7on purposes and one switching point (LSP) where providers can connect if they have obtained the required cer7fica7on (XIS, GBZ and ZSP). For each type of cer7fica7on specific requirements are described in three areas: func7onality (how to store and exchange informa7on), implementa7on (security and connec7vity issues) and exploita7on (processes and measures to keep informa7on as accurate, 7mely and secure as possible). These requirements are mandatory to obtain and maintain the cer7fica7on.
Security, reliability and privacy are crucial elements of every inter-‐organiza7onal infrastructure.
This is specially relevant in the healthcare sector due to its high impact of ci7zen’s lives. For this reason, NICTIZ has placed controls at each component of the infrastructure and has developed three security policies for GBZs, ZSPs and the LSP. Access to pa7ent’s informa7on is limited to providers that have a treatment rela7on with that pa7ent, based on previous encounters and/or arer explicit authoriza7on from that pa7ent. Moreover, pa7ents can at any moment in 7me block access to some or all his/her data and/or limit or block the access of certain providers to that data. To facilitate forensic analysis, pa7ents can obtain an audit report containing informa7on on who has accessed their data, what data has been accessed or modified and when. Arer successfully having completed the first two pilots, the two ini7al func7onali7es are being rolled out to all providers. Un7l June 2009, more than 350.000 ci7zens have been excluded from the infrastructure at their own request. At that 7me, the EPD contained informa7on about more than 360.000 pa7ents serving 400.000 exchanges of informa7on.
Towards a Healthy Cloud
Page 149 of 218
Juan Hernández Colomina
5. Answers to Research Ques*ons Phase 2 To summarize our findings from this research phase we provide in this sec7on the specific answers to the related research ques7ons.
5.1. What are the current trends, challenges and opportuni*es in the Dutch Healthcare sector? The healthcare sector has not only a high impact on ci7zen’s lives but also on their na7onal economies. One of the main differences between the healthcare sector and other sectors is that ci7zens are both consuming and funding care services (through taxes and/or insurance bills). Although the healthcare sector in The Netherlands is one of the most priva7zed systems in the EU its sustainability is challenged by the increasing demand of care services as well as by the decreasing ci7zen’s tolerance for medical errors. Healthcare is the number one non-‐economic issue for Dutch ci7zens. Although in general ci7zens are sa7sfied with the quality of care services obtained, there is a significant gap between the quality of services and their accessibility and availability specially for specialist’s care.
The demand of services increases among other developments due to demographic changes
(e.g. longer life expectancies and lower birth rates), pervasive and difficult to treat sicknesses (e.g. cancer), the rapid spread of illnesses (e.g. H1N1) and new unhealthy lifestyles (e.g. higher average weight and increasing alcohol consump7on). In order to deal with these issues, healthcare organiza7ons need to con7nuously find new methods for delivering qualita7ve services to more ci7zens with the same amount of resources by predic7ng, preven7ng and trea7ng illnesses more efficiently and effec7vely. Mostly as a result of the growing demand of services, yearly healthcare costs are also increasing significantly, in some cases even faster the na7onal GDP. Collabora7on between medical prac77oners is a increasingly important requirement not only to guarantee the sustainability of current healthcare systems but also to 7mely react to global threats while improving the con7nuity of care services delivered to ci7zens. In order to cope with current and future challenges the Dutch healthcare sector needs to con7nuously improve the quality and opera7onal efficiency of care services. For this purpose, the Dutch Ministry of Health has ini7ated a reform of the healthcare system in 2006 with the introduc7on of a compulsory private insurance for each ci7zen. As a part of this transforma7on, the Dutch government has started in 2008 with the introduc7on of an na7onal electronic pa7ent record system (EPD) in order to improve the quality and accessibility of healthcare on a cost efficient manner.
Towards a Healthy Cloud
Page 150 of 218
Juan Hernández Colomina
5.2. What is the current role of ICT in the Dutch Healthcare sector?
There is a significant poten7al for improvement in leveraging ICT solu7ons in healthcare.
Although the healthcare sector is one of the most informa7on intensive ones, the use of technological innova7ons is below other less informa7on intensive industries. Nevertheless, there is a large number of documented benefits linked to the adop7on of certain ICT solu7ons like for example improved quality, cost efficiencies, larger process throughputs, the reduc7on of medical errors, beOer informed ci7zens and providers, streamlined processes, improved safety and 7mely care delivery. The proper use of technology can help to foster healthy ci7zen’s behavior and to protect them from large scale threats while increasing the availability of services and mee7ng growing demand on an effec7ve and efficient manner. Family doctors (General Prac77oners or GPs) are one of the most important actors in the Dutch healthcare system currently solving around 95% of all primary care condi7ons. There is a clear need for electronic collabora7on between GPs and other medical actors as the great majority of them work alone or share their office with one or two other clinicians. When analyzing the use of ICT in GP offices, we observe for example low levels of automa7za7on when accessing a pa7ent’s medica7on history while only 50% of all GPs can share informa7on electronically with prac77oners outside their workplace. Moreover, very few GPs can access a pa7ent’s hospital record, order tests electronically or provide pa7ents with electronic access to their test results. From a Dutch ci7zen perspec7ve there is also a clear need for increasing computeriza7on to enable collabora7on between clinicians. Almost 50% of all Dutch ci7zens have experienced medical problems due to the lack of coordina7on while around 10% of the GPs have had to repeat tests because the results of previous tests were no longer available. The Dutch government considers ICT as an important enabler to cope with current challenges in healthcare while improving the system’s sustainability. Not only can technology support medical prac7ces to improve quality but it also can enable significant improvements in opera7onal cost efficiency. This perspec7ve is reflected on the introduc7on of electronic pa7ent records (EPD project) which aims to improve the quality, accessibility and affordability of care by enabling 7mely, accurate and secure informa7on exchange between healthcare organiza7ons. However, it is important to note that due to the private character of the Dutch healthcare sector, the government has liOle enforcing power in how healthcare organiza7ons work. For this reason, the Dutch government has created the NICTIZ organiza7on responsible for s7mula7ng the use of ICT in healthcare as well as for the realiza7on of the EPD project in collabora7on with other healthcare actors. The main goal of NICTIZ is to develop and maintain the basic infrastructure (AORTA) suppor7ng the electronic exchange of medical data (EPD), including the needed standards and cer7fica7ons. In order to limit the scope of our research we have focused our analysis on this project which is one of the largest and most significant ICT projects in the Dutch healthcare sector.
Towards a Healthy Cloud
Page 151 of 218
Juan Hernández Colomina
In previous research we can find significant benefits from the use of electronic medical records systems. By increasing the availability of accurate, complete and relevant clinical data organiza7ons can reduce medical errors in diagnosis, medica7on and treatments and thus improving the quality of services. Moreover, by sharing informa7on among prac77oners, redundant tests are eliminated and processes are streamlined resul7ng in a significant larger throughput. In previous work we can also find a series of barriers for the adop7on of technology in healthcare. The most important barriers are security and the cost of technology, followed by the lack of interoperability with exis7ng solu7ons and legal and privacy issues.
The introduc7on of the EPD infrastructure implies high levels of computeriza7on not only for
governmental bodies but also for healthcare providers of all kinds and sizes. However, the size of a provider can influence the adop7on of this system as many clinics are too small for leveraging high investments in IT. For this reason, organiza7ons need to find new ways to reduce the costs of technology by for example outsourcing it or joining forces with other clinicians to achieve economies of scale. Technology can support healthcare organiza7ons in achieving their two most relevant goals: improve the quality of services and cost efficiency. Healthcare providers can for example leverage technology to improve the quality of care services by automa7ng processes (thus reducing human mistakes), by enabling 7mely decision making (based on the 7mely exchange of accurate pa7ent informa7on) and bridging the current gap between the quality of services and their accessibility and availability (e.g. telemedicine for specialists care). Moreover, organiza7ons can achieve cost efficiencies by enabling affordable (global) collabora7on, by automa7ng tasks to op7mize human resources costs (specially in areas where salaries are rela7vely high like The Netherlands) and by achieving economies of scale and synergies (delivering qualita7ve and efficient services to more ci7zens with the same amount of resources). According to healthcare organiza7ons tools that facilitate collabora7on, informa7on exchange, eProcurement and web services are the most relevant for the sector. Specially, interac7ve pa7ent informa7on and involvement and electronic communica7ons are the two most relevant factors in the near future.
5.3. What are the main policies and legisla*ons affec*ng the use of ICT in Dutch Healthcare organiza*ons? The adop7on of the EPD system by healthcare organiza7ons is currently non-‐compulsory and contractually regulated by bilateral agreements between NICTIZ and each individual provider. The government plans to enforce par7cipa7on by law in the coming years as for the success of the system all providers need to be connected to the infrastructure. Nevertheless, in order to be able to connect to the EPD infrastructure, healthcare providers must obtain three cer7fica7ons (XIS, GBZ and ZSP) elaborated by NICTIZ. For each type of cer7fica7on specific requirements are described in three areas: func7onality (how to store and exchange informa7on), implementa7on (security and connec7vity issues) and exploita7on (processes and measures to keep informa7on as accurate, 7mely and secure Towards a Healthy Cloud
Page 152 of 218
Juan Hernández Colomina
as possible). These requirements are mandatory to obtain and maintain the cer7fica7on and therefore to connect to the EPD infrastructure. Security, reliability and privacy are crucial elements of every inter-‐organiza7onal infrastructure. This is specially relevant in the healthcare sector due to its high impact of ci7zen’s lives. For this reason, NICTIZ has placed controls at each component of the infrastructure and has developed three security policies for GBZs, ZSPs and the LSP.
Towards a Healthy Cloud
Page 153 of 218
Juan Hernández Colomina
6. Conclusion Phase 2 The main goal of this second phase in our research is to perform an analysis of the current trends, challenges and opportuni7es in the Dutch healthcare sector and the role of informa7on technology in that context. The phase is divided into three main blocks. In the first block we have delimited the context and scope of our analysis by taking into account the European and Dutch healthcare systems and the specific characteris7cs of that sector. The second block contains an analysis on the role of ICT in European healthcare. The third and last block provides a study on the use of ICT in the Dutch healthcare sector, with a special focus on one of its most important current projects: the introduc7on of a na7onal electronic pa7ent records system. In this last part we have taken into account the main policies and regula7ons governing the use of ICT on that project. The healthcare sector has not only a high impact on ci7zen’s lives but also on their na7onal economies. One of the main differences between the healthcare sector and other sectors is that ci7zens are both consuming and funding care services. Through taxes and/or insurances ci7zens pay for the services they might consume when needed. Moreover, as the main product of care services is to improve ci7zen’s quality of life, it is crucial that healthcare organiza7ons are able to make decision on a 7mely basis. The healthcare industry is also one of the most economically significant industries as it represents more than 9% of all jobs in the EU and more than 6% of the EU GDP. Healthcare systems in the European Union are very heterogenous and have diverse mixes of public and private funding and delivery. Although there is not an op7mum single model, a pure public model eliminates free-‐market mechanisms which enable innova7on and cost efficiency through compe77on. On the other hand, a solely private model is oren more expensive as healthcare organiza7ons aim to obtain increasingly yearly net profits and therefore focus their efforts on the most profitable ac7vi7es. As a result access to healthcare services (e.g. research, treatment, etc.) for pa7ents with rare diseases can be limited due to its low profitability. Regardless of the specific system in place, the sustainability of almost all systems is challenged by the increasing demand care services as well as by the decreasing ci7zen’s tolerance for medical errors. The demand of services increases among other developments due to demographic changes (e.g. longer life expectancies and lower birth rates), pervasive and difficult to treat sicknesses (e.g. cancer), the rapid spread of illnesses (e.g. H1N1) and new unhealthy lifestyles (e.g. higher average weight and increasing alcohol consump7on). In order to deal with these issues, healthcare organiza7ons need to con7nuously find new methods for delivering qualita7ve services to more ci7zens with the same amount of resources by predic7ng, preven7ng and trea7ng illnesses more efficiently and effec7vely. Mostly as a result of the increasing service demand, yearly healthcare costs are also increasing significantly, in some cases even faster the na7onal GDP. Some experts predict healthcare costs to account for 15% of EU GDP by 2020. This affects the sustainability of current systems if they are not reformed.
Towards a Healthy Cloud
Page 154 of 218
Juan Hernández Colomina
Taking into account the above developments the European Commission believes that na7onal governments must aim to deliver high qualita7ve care services accessible to every ci7zen under a sustainable healthcare system. In order to achieve this, the commission suggests that member states embed healthcare issues in all policies, developing a strategy based on shared health values. In a recent EU research we can observe that although healthcare is the number one non-‐ economic issue for ci7zens, they are rather sa7sfied with the quality of services provided by healthcare organiza7on. Nevertheless, there is a significant gap between quality of services and their accessibility and availability reflected in lower sa7sfac7on scores specially for specialist’s care. Although Dutch ci7zens are even more sa7sfied with quality than the EU average they also reflect some discontent with the access to specialists. It is important to note that the importance of healthcare for ci7zens can be related to their age as older ci7zens consume more care services than younger ones. Due to the fact that the overall age is currently increasing we can expect in the future a growing ci7zen’s concern for healthcare.
The increasing demand and costs of care services reflect the need of collabora7on between
clinicians. Collabora7on is a important requirement not only to guarantee the sustainability of current healthcare systems but also to 7mely react to global threats while improving the con7nuity of care services delivered to ci7zens. The proper use of technology can help to foster healthy ci7zen’s behavior and to protect them from large scale threats while increasing the availability of services and mee7ng growing demand on an effec7ve and efficient manner. For example, current (internet) technologies can leverage collabora7on in a cost efficient manner, improving care services con7nuity and accessibility. The healthcare sector in The Netherlands is predominantly private with public funding significantly below EU average. In order to cope with current and future challenges the Dutch healthcare sector needs to con7nuously improve the quality and opera7onal efficiency of care services. For this purpose, the Dutch Ministry of Health has ini7ated a reform of the healthcare system in 2006 with the introduc7on of a compulsory private insurance for each ci7zen. The transforma7on is aimed to shir the power from healthcare providers to consumers, and the control from public bodies to insurers. As a part of this transforma7on, the Dutch government has started in 2008 with the introduc7on of an na7onal electronic pa7ent record system (EPD) to facilitate the 7mely exchange of accurate medical informa7on. The main goal of this project is to leverage collabora7on in order to improve the quality and accessibility of healthcare on a cost efficient manner. As it is the case in other industries, business and IT alignment is crucial for successful leveraging technological solu7ons in healthcare. By using the right approach and implementa7on methodology for each specific situa7on, organiza7ons can improve the quality, accessibility and efficiency of healthcare delivery. It has been oren demonstrated that those firms that invest in the right ICT solu7ons perform significantly beOer than other ones that do not invest on those solu7ons. According to healthcare organiza7ons tools that facilitate collabora7on, informa7on exchange, Towards a Healthy Cloud
Page 155 of 218
Juan Hernández Colomina
eProcurement and web services are the most relevant for the sector. Specially, interac7ve pa7ent informa7on and involvement and electronic communica7ons are the two most relevant factors in the near future.
There is a significant poten7al for improvement in leveraging ICT solu7ons in healthcare.
Although the healthcare sector is one of the most informa7on intensive ones, the use of technological innova7ons is below other less informa7on intensive industries. Nevertheless, there is a large number of documented benefits linked to the adop7on of certain ICT solu7ons like for example improved quality, cost efficiencies, larger process throughputs, the reduc7on of medical errors, beOer informed ci7zens and providers, streamlined processes, improved safety and 7mely care delivery. The specific advantages of electronic medical records systems have also been subject of previous research. By increasing the availability of accurate, complete and relevant clinical data organiza7ons can reduce medical errors in diagnosis, medica7on and treatments and thus improving the quality of services. Moreover, by sharing informa7on among prac77oners, redundant tests are eliminated and processes are streamlined resul7ng in a significant larger throughput (more pa7ents processed with the same resources). In previous work we can also find a series of barriers for the adop7on of technology in healthcare. The most important barriers are security and the cost of technology, followed by the lack of interoperability with exis7ng solu7ons and legal and privacy issues. Organiza7ons can leverage ICT solu7ons by reusing exis7ng investments in technology, gaining compe77ve advantage from value chain coopera7on, improving supply chain management and benefi7ng from economies of scale and synergies through collabora7on. Moreover, a number of cri7cal success factors (CSFs) have been iden7fied in previous research for guiding healthcare organiza7ons in the adop7on of technology. These CSFs are grouped in four areas: management, leadership, func7onality and technology. The support from senior management, a clear added value, good project management, employee training and communica7on and a clear focus on process quality, efficiency and reliability are the most relevant factors at management level. Organiza7onal leaders must develop a shared project vision with clear objec7ves and business case and align them with the firm’s strategy as well as with corporate governance. The func7onality of the solu7on must focus on suppor7ng organiza7onal and clinical processes as well as a broad user group and horizontal integra7on. On the technology area, the solu7on must ensure compa7bility with current systems, and guarantee a high level of availability, security and interoperability. From a Dutch government perspec7ve ICT is regarded as an important enabler to cope with current challenges in healthcare while improving its sustainability. Not only can technology support medical prac7ces to improve quality but it also can enable significant cost efficiencies in medical prac7ces. This perspec7ve is reflected on the introduc7on of electronic pa7ent records (EPD project) which aims to improve the quality, accessibility and affordability of care services. However, it is important to note that due to the private character of the Dutch healthcare sector, the government has liOle enforcing power in how healthcare organiza7ons work. For this reason, the Dutch Towards a Healthy Cloud
Page 156 of 218
Juan Hernández Colomina
government has created the NICTIZ organiza7on responsible for s7mula7ng the use of ICT in healthcare as well as for the realiza7on of the EPD project in collabora7on with other healthcare actors (e.g. pa7ent’s organiza7ons, insurers, healthcare providers, etc.). The main goal of NICTIZ is to develop and maintain the basic infrastructure (AORTA) suppor7ng the electronic exchange of medical data (EPD), including the needed standards and cer7fica7ons. The EPD ini7a7ve was created to improve the quality of care by enabling 7mely, accurate and secure informa7on exchange between healthcare organiza7ons. Family doctors (General Prac77oners or GPs) are one of the most important actors in the Dutch healthcare system currently solving around 95% of all primary care condi7ons. There is a clear need for electronic collabora7on between GPs and other medical actors as the great majority of them work alone or share their office with one or two other clinicians. When analyzing the use of ICT in GP offices, we observe for example low levels of automa7za7on when accessing a pa7ent’s medica7on history while only 50% of all GPs can share informa7on electronically with prac77oners outside their workplace. Moreover, very few GPs can access a pa7ent’s hospital record, order tests electronically or provide pa7ents with electronic access to their test results. From a Dutch ci7zen perspec7ve there is also a clear need for increasing computeriza7on to enable collabora7on between clinicians. Almost 50% of all Dutch ci7zens have experienced medical problems due to the lack of coordina7on while around 10% of the GPs have had to repeat tests because the results of previous tests were no longer available. The introduc7on of medical pa7ent records (EPD) in The Netherlands is being carried out following a top-‐down incremental approach. At the moment of wri7ng the first two func7onali7es (prescrip7on history and GP observa7ons) are being rolled out arer having completed their pilot phases successfully. The EPD basic infrastructure (AORTA) consists of a basic “empty” switching point (LSP) containing index and reference systems that connects all individual sources were pa7ent informa7on is registered and stored. It is important to note that pa7ent informa7on is not stored on a central repository but it remains at its origin (e.g. hospital, GP office, etc.) and it is gathered on demand. With this construc7on, data can be kept always updated minimizing the delay between informa7on genera7on and its availability to other prac77oners.
The actors related to the EPD project are very diverse and with different perspec7ves on the
project. Some actors with high influence on adop7on support the ini7a7ve (e.g. government and pa7ent organiza7ons) while others actors with high influence are less suppor7ve (e.g. GP organiza7ons). In our opinion, the lack of support of GPs can be linked to the lack of control and trust when relying on externally generated informa7on. The adop7on of the EPD system by healthcare organiza7ons is currently non-‐compulsory and contractually regulated by bilateral agreements between NICTIZ and each individual provider. The government plans to enforce par7cipa7on by law in the coming years as for the success of the system all providers need to be connected to the infrastructure. Another important remark is that ci7zens can at any moment in 7me block their Towards a Healthy Cloud
Page 157 of 218
Juan Hernández Colomina
informa7on en7rely or par7ally from exchange between all or some providers. Un7l June 2009, more than 350.000 ci7zens have been excluded from the infrastructure at their own request. At that 7me the EPD contained informa7on about more than 360.000 pa7ents serving more than 400.000 exchanges of informa7on between providers. AORTA is the basic infrastructure suppor7ng the exchange of informa7on. It includes two registers (BSN and UZI registers) for actor iden7fica7on purposes and one switching point (LSP) where providers can connect if they have obtained the required cer7fica7on (XIS, GBZ and ZSP). For each type of cer7fica7on specific requirements are described in three areas: func7onality (how to store and exchange informa7on), implementa7on (security and connec7vity issues) and exploita7on (processes and measures to keep informa7on as accurate, 7mely and secure as possible). These requirements are mandatory to obtain and maintain the cer7fica7on. The standards used on the EPD infrastructure are HL7 version 3 for message specifica7ons, WSDL and SOAP for web-‐service descrip7ons and access, HTTPs and TCP/IP for communica7ons and the CEN 13606 for concepts in process descrip7ons and informa7on models. NICTIZ has chosen these standards to facilitate the exchange of informa7on independently from the structure, syntax and seman7cs used at individual provider’s systems. In order to guarantee interoperability between provider’s systems, the EPD ini7a7ve has established three cer7fica7on programs that healthcare providers must obtain before connec7ng to the na7onal infrastructure. These programs are the Good Managed Healthcare Organiza7on (GBZ) cer7fica7on, the Healthcare Service Provider cer7fica7on (ZSP) and the Cer7fied Health Informa7on System cer7fica7on (XIS). The XIS cer7fica7on is meant to ensure that sorware connec7ng to the na7onal infrastructure complies with the requirements established by NICTIZ. The ZSP cer7fica7on is designed to enabled the secure connec7on of a GBZ cer7fied healthcare provider (an his XIS cer7fied sorware) to the na7onal switching point (LSP). The GBZ cer7fica7on aims to ensure that exchanged pa7ent data complies with the requirements of integrity and confiden7ality. GBZ requirements are divided into three layers: applica7on, communica7on and server. The requirements focus mainly in guaranteeing the accuracy, availability and security of informa7on exchanges. Security, reliability and privacy are crucial elements of every inter-‐organiza7onal infrastructure. This is specially relevant in the healthcare sector due to its high impact of ci7zen’s lives. For this reason, NICTIZ has placed controls at each component of the infrastructure and has developed three security policies for GBZs, ZSPs and the LSP. Access to pa7ent’s informa7on is limited to providers that have a treatment rela7on with that pa7ent, based on previous encounters and/or arer explicit authoriza7on from that pa7ent.
The introduc7on of the EPD infrastructure implies high levels of computeriza7on not only for
governmental bodies but also for healthcare providers of all kinds and sizes. However, the size of a provider can influence the adop7on of this system as many clinics are too small for leveraging high investments in IT. For this reason, organiza7ons need to find new ways to reduce the costs of Towards a Healthy Cloud
Page 158 of 218
Juan Hernández Colomina
technology by for example outsourcing it or joining forces with other clinicians to achieve economies of scale. Technology can support healthcare organiza7ons in achieving their two most relevant goals: improve the quality of services and cost efficiency. In other sectors, technology has played a crucial role in achieving both of these targets. Healthcare providers can for example leverage technology to improve the quality of care services by automa7ng processes (thus reducing human mistakes), by enabling 7mely decision making (based on the 7mely exchange of accurate pa7ent informa7on) and bridging the current gap between the quality of services and their accessibility and availability (e.g. telemedicine for specialists care). Moreover, organiza7ons can achieve cost efficiencies by enabling affordable (global) collabora7on, by automa7ng tasks to op7mize human resources costs (specially in areas where salaries are rela7vely high like The Netherlands) and by achieving economies of scale and synergies (delivering qualita7ve and efficient services to more ci7zens with the same amount of resources).
Towards a Healthy Cloud
Page 159 of 218
Juan Hernández Colomina
Phase 3: Cloud Compu*ng in the EPD context In this last phase of our research we combine the findings from our previous two phases to iden7fy the most relevant challenges and opportuni7es for adop7ng cloud compu7ng solu7ons in the Dutch na7onal pa7ent records system context. For this purpose we create an ar7fact following the design science research that can support organiza7ons in selec7ng cloud solu7ons that comply with the corresponding legal requirements. We start this sec7on by describing the research methodology followed in this phase (e.g. design science) as it differs significantly from two previous ones. We con7nue then presen7ng our ar7fact’s construc7on and evalua7on to conclude with the answers to the research ques7ons related to this phase of our research.
1. Design Science Research Approach When execu7ng the third phase of our research we have followed Hevner's guidelines for design science in IS research (Hevner et al., 2004). This guidelines are based on the assump7on that knowledge over a design problem and its solu7on is created when building and applying an ar7fact. According to Hevner, design science research focuses on the crea7on of an innova7ve purposeful ar7facts for a specific problem domain where the ar7fact aims to solve an unsolved problem or a known problem in a more efficient or effec7ve way. In this sec7on we provide an elabora7on of these guidelines and how we have applied them in our research.
Guideline 1: Design as an ar*fact In the design science research field, IT ar7facts are defined as constructs, models, methods and instan7a7ons created to solve specific unsolved problems or known problems more efficiently and effec7vely (Hevner et al., 2004). The ar7facts are then evaluated according to how useful they are in solving that specific problem. Constructs are defined as the language in which problems and solu7ons are defined and they are applied in models to represent a real world situa7on. Methods are the processes that guide us to the solu7on while instan7a7ons show how constructs, models or methods can be applied in prac7ce to demonstrate the ar7fact’s feasibility and suitability. The ar7facts created in our research are two main constructs in phase one and two (our defini7on of Cloud Compu7ng and EPD requirements), a model in this third phase (our matching-‐ model) and methods (the processes that we followed to create our defini7on of Cloud Compu7ng and our matching-‐model). The overall goal of this part of our research is to create a meta-‐ar7fact (our matching model) as a solu7on to an unknown problem: if a Dutch healthcare organiza7on can use cloud compu7ng solu7ons to connect to the na7onal electronic pa7ent system.
Towards a Healthy Cloud
Page 160 of 218
Juan Hernández Colomina
The matching model can be used by Dutch healthcare organiza7on to select solu7ons that comply with NICTIZ requirements. Moreover, cloud providers can use the matching model to develop new solu7ons or modify exis7ng ones that could be used in the EPD context. A remark should be made on the fact that we do not provide any instan7a7ons of our matching-‐model due to the fact that there are not yet Cloud Compu7ng solu7ons deployed in the EPD context. Nevertheless, according to Hevner et al (Hevner et al., 2004) all four types of ar7facts are equally important and valid outputs of design science research.
Guideline 2: Problem relevance As in previous design science research the purpose of our research is to acquire knowledge and understanding to enable the development and implementa7on of technology based solu7ons for unsolved problems (Hevner et al., 2004). The problem we aim to solve is to evaluate the feasibility of cloud compu7ng solu7ons taking into account the constrains imposed by the Dutch na7onal pa7ent records systems (EPD). As there are not yet known implementa7ons of cloud solu7ons that connect to the EPD this problem is new and unknown at the moment of wri7ng. The problem is important because Cloud Compu7ng is an emerging technological paradigm that is expected to leverage significant improvements in opera7onal efficiency and effec7veness. As these are also two of the most important goals in current Dutch healthcare, cloud compu7ng represents a business opportunity to decrease cost or maximize revenue when using IT capabili7es in this context.
Guideline 3: Design Evalua*on According to previous work the u7lity, quality and efficacy of a design ar7fact must be carefully evaluated (Hevner et al., 2004). For this purpose we have first carefully evaluated our basic constructs (e.g. defini7on of Cloud Compu7ng and EPD requirements) before including them in our matching-‐ model and we have evaluated the matching-‐model with expert reviews. The expert reviews consisted of unstructured in-‐depth interviews with two experts: Mr Gerard Persoon and Mr. Bert Kabbes. Both have more than 20 years experience in business consultancy in the Dutch healthcare sector and Mr. Kabbes has been interim director of several large Dutch hospitals. The in-‐depth interviews include the evalua7on of our ar7fact's func7onality, completeness, consistency, accuracy and usability. Other aOributes like performance, reliability, and organiza7onal fit were excluded from our valida7on because the experts are not aware of any implementa7on of Cloud Compu7ng solu7ons in the EPD context. The reviews of the model were very posi7ve and some realloca7ons of requirements to different features were performed. Although a deeper ar7fact evalua7on could have been achieved by performing an instan7a7on of the model in prac7ce, we could not find any case in prac7ce to apply our model. Moreover, although there are several wriOen cases on HIPAA compliant US healthcare organiza7ons we could not find any case study on a EPD cloud compu7ng solu7on to instan7ate our model.
Towards a Healthy Cloud
Page 161 of 218
Juan Hernández Colomina
Guideline 4: Research Contribu*ons
According to previous work on design science research must include clear and verifiable
contribu7ons in the areas of design ar7fact, design founda7ons, and/or design methodologies (Hevner et al., 2004). The main contribu7on of our research can be found on theses three areas. On one hand we have designed an unique ar7fact as we cannot find any similar ar7fact in previous work. In the founda7ons area we have created a series of validated constructs in the first two phases that extend and improve respec7vely the Cloud Compu7ng and IT in Dutch healthcare knowledge bases. In the design methodology area our contribu7on can be found in the process of crea7ng our matching-‐ model from an interpreta7ve perspec7ve and based on the assump7ons made throughout this thesis.
Guideline 5: Research Rigor
Research rigor can be evaluated by analyzing how the researcher applies exis7ng theore7cal
founda7ons and research methodologies in deriving research findings (Hevner et al., 2004). To improve our research rigor we have described the process of construc7ng our basic elements and validated them before genera7ng our matching-‐model. We have applied not only exis7ng literature but also how the defini7on of cloud compu7ng is (re)created through human interac7ons by the most relevant actors.
Guideline 6: Design Science as a Search Process An effec7ve ar7fact is considered to use available means to reach a desired end state while complying with constrains determined by the problem’s environment (Hevner et al., 2004). Our matching-‐model uses available knowledge to facilitate the deployment of Cloud Compu7ng solu7ons that comply with the requirements enforced by the Dutch healthcare context (EPD requirements). It is important to note that our matching-‐model does not represent a overall solu7on to the problem but it just aims to support prac77oners and researchers in further explora7ons of this type of delivery models in this type of context. Moreover, as effec7ve design research requires knowledge and understanding of both the applica7on domain and the solu7on domain (Hevner et al., 2004) we have analyzed both separately in our search process to discover if Cloud Compu7ng applica7ons can be applied in the Dutch healthcare domain.
Guideline 7: Communica*on of the research Previous work suggests that research findings must be communicated to technology and management audiences (Hevner et al., 2004). For this reason we have wriOen our thesis with both reader in mind. In our opinion our wri7ng style, vocabulary and argumenta7ons can be understood by business and IT audiences.
Towards a Healthy Cloud
Page 162 of 218
Juan Hernández Colomina
2. Ar*fact Crea*on Following the design science research approach we have created a meta-‐ar7fact (a matching model) to link the results of our previous two phases (see table 27). On one side of our matching-‐ model (the y axis) we have placed the features we have found in our defini7on of Cloud Compu7ng during the first phase of our research. On the other side (the x axis) we have placed the EPD requirements iden7fied during the second phase of our research according to their support or limita7on of the corresponding cloud compu7ng feature. For clarifying purposes we have chosen a coding scheme to iden7fy the corresponding requirement. GBZ requirements are code as “GBZ-‐id” where “id” represents the requirement iden7fica7on number in appendix N. ZSP requirements are coded as “ZSP-‐id” where “id” indicates the corresponding code in appendix M. ZSP codes include three leOers to iden7fy the category followed by two numbers to iden7fy the specific requirement within that category. As our goal is to explore opportuni7es and incompa7bili7es between the cloud compu7ng delivery model and the EPD cer7fica7on requirements we have classified the requirements according to how the feature is supported by a requirement (column supported by) as well as how the feature is delimited (or excluded) by a requirement (column delimited by). Within the “delimited by” category we dis7nguish between those requirements that directly affect a feature and requirements that indirectly limit the implementa7on of a feature.
We consider that a feature is supported by a requirement when the feature capabili7es are
explicitly required by cer7fica7on requirements. We believe that a feature is delimited when a requirement determines some aspect (or the totality) of its implementa7on (e.g. hybrid cloud, private cloud, public cloud, etc.). Some requirements are not included in our matching model as they do not limit or support any of the features. Moreover, requirements can be linked to more than one feature but they always either delimit or support that feature. The usage-‐based pricing model is the only feature not supported or limited by any requirement as organiza7ons are free to choose any economic model to purchase IT capabili7es in the EPD context. Our matching-‐model is presented in table 27.
Towards a Healthy Cloud
Page 163 of 218
Juan Hernández Colomina
Table 27: Matching-‐model for cloud compu*ng in the EPD context
Cloud Features
Enforced By
Delimited By Directly
On-‐demand
ZSP-‐CON-‐01, ZSP-‐ BSC-‐01, ZSP-‐BSC-‐02, GBZ-‐5.1, GBZ-‐5.7
ZSP-‐CON-‐11
Elas7c
ZSP-‐CON-‐01, ZSP-‐ BSC-‐01, ZSP-‐BSC-‐02, GBZ-‐5.1, GBZ-‐5.7
ZSP-‐CON-‐11 ZSP-‐BVL-‐01 ZSP-‐BVL-‐02 ZSP-‐BVL-‐03 ZSP-‐BVL-‐06 ZSP-‐BVL-‐07 ZSP-‐ BVL-‐08, ZSP-‐BSC-‐06, ZSP-‐BSC-‐07, ZSP-‐GBO-‐01 & ZSP-‐GBO-‐02, ZSP-‐BSC-‐08, ZSP-‐ORG-‐01, ZSP-‐ ZSP-‐RSP-‐01, ZSP-‐RSP-‐03, BEH-‐07, ZSP-‐BEH-‐08, GBZ-‐1.1, ZSP-‐BEH-‐03, ZSP-‐BEH-‐04, GBZ-‐1.2, GBZ.3.8, GBZ-‐3.10, ZSP-‐BEH-‐05 GBZ-‐4.1, GBZ-‐4.2, GBZ-‐4.4, GBZ-‐4.6, GBZ-‐4.7, GBZ-‐4.8 GBZ-‐6.1, GBZ-‐6.2, GBZ-‐6.3
As-‐a-‐service
Internet delivery
Usage-‐based pricing
Indirectly
ZSP-‐CON-‐03, ZSP-‐CON-‐07
not applicable
not applicable
ZSP-‐DNS-‐01, ZSP-‐DNS-‐02, ZSP-‐DNS-‐04, ZSP-‐DNS-‐05, ZSP-‐DNS-‐06, ZSP-‐CON-‐05, ZSP-‐CON-‐06, ZSP-‐CON-‐08, ZSP-‐CON-‐09, ZSP-‐CON-‐10, ZSP-‐BVL-‐05, ZSP-‐RSP-‐01 & ZSP-‐RSP-‐03 not applicable
As the EPD is a decentralized infrastructure, connec7vity requirements include features that maximize the infrastructure’s availability and con7nuity. Some examples are the need to be able to handle all messages (ZSP-‐CON-‐01, GBZ-‐5.7), limi7ng the delay of NAT rou7ng (ZSP-‐CON-‐11) or 24x7 availability (ZSP-‐BSC-‐01, GBZ-‐5.1) with a very limited number of outages per year if specific recovery 7mes are met (ZSP-‐BSC-‐02). The on-‐demand and elas7c feature of cloud compu7ng are very useful factors to comply with this type of requirements. ZSP DNS requirements (ZSP-‐DNS-‐id) delimit indirectly how an applica7on can connect to the EPD using domain name protocols. Although EPD requirements include advanced DNS configura7on almost all available solu7ons offer these configura7on op7ons. The most significant limita7ons to the use of cloud compu7ng solu7ons in the EPD context are found in the connec7vity area as the use of components that use the public internet network (ZSP-‐ CON-‐07) is prohibited. This excludes all public cloud solu7ons and many private providers that do not offer private leased connec7ons (e.g. point-‐to-‐point) in The Netherlands. Moreover, the use of fixed IP addresses (ZSP-‐CON-‐03) is not a common feature in public cloud solu7ons re-‐enforcing the need for Towards a Healthy Cloud
Page 164 of 218
Juan Hernández Colomina
private offerings. Other connec7vity requirements delimit indirectly the use of Internet as a delivery plaxorm but there are basic capabili7es available in almost all infrastructures (ZSP-‐CON-‐05, ZSP-‐ CON-‐06, ZSP-‐CON-‐08, etc.)
In the cloud compu7ng model (part of) an IT capability is delivered as-‐a-‐service where the
provider owns the capability and rents it to the user for a specific purpose. For this reason, security of the cloud provider is a very important issue to consider in the EPD context delimi7ng directly the as-‐a-‐ service model to organiza7ons that can provide this kind of assurance. ZSP requirements related to security are to be evaluated at the provider level where he needs to have a security policy (ZSP-‐ BVL-‐01) embedded in the organiza7on (ZSP-‐BVL-‐02), followed by employees (ZSP-‐BVL-‐03), Moreover, it should include an access policy (ZSP-‐BVL-‐06), a con7nuity management plan (ZSP-‐BVL-‐07) and a con7ngency plan in case of security incidents (ZSP-‐BVL-‐08). Response 7me requirements (ZSP-‐RSP-‐01 & ZSP-‐RSP-‐03) implies indirectly serious limita7ons on the as-‐a-‐service feature and on the Internet delivery feature. Current public clouds for example do not comply with the maximum delay allowed in HTTP communica7ons. Some ZSP organiza7onal requirements delimit directly which types of organiza7ons can connect to the EPD (ZSP-‐ORG-‐01, ZSP-‐ORG-‐03) as they exclude directly the as-‐a-‐service model where the provider is not a registered Dutch organiza7on located in The Netherlands or a cer7fied organiza7on (GBZ-‐1.1 & GBZ-‐1.2).
In order to comply with ZSP management requirements the as-‐a-‐service solu7on must include
a 24x7 available system administrator (ZSP-‐BEH-‐01), measuring and repor7ng capabili7es (ZSP-‐BEH-‐03, ZSP-‐BEH-‐04 & ZSP-‐BEH-‐05) and facilitate migra7ons to other solu7ons (ZSP-‐BEH-‐07 & ZSP-‐BEH-‐08). The majority of current cloud offerings have con7nuos monitoring and include measuring and repor7ng capabili7es. The as-‐a-‐service feature is therefore indirectly affected by these features. However, the support for migra7ons is not found in all types of cloud services. The majority of public cloud solu7ons facilitate the migra7on to their solu7on but not to another solu7on. The as-‐a-‐service feature is therefore directly affected by migra7on requirements. The requirements related to the level of user support and the handling of issues is a strong requirement that indirectly excludes public clouds because the as-‐a-‐service model does not normally includes this type of personalized support (ZSP-‐GBO-‐01 & ZSP-‐GBO-‐02). Communica7on issues in cases of malfunc7ons and recoveries (ZSP-‐BSC-‐06 & ZSP-‐BSC-‐08) as well as the fixed schedule for maintenance (ZSP-‐BSC-‐07) are also strong limita7ons to the type of solu7on to be used. Current public clouds for example communicate outages and recoveries through a website and do not have a fixed maintenance schedule.
Several GBZ requirements are concerned with protec7ng the EPD infrastructure against
unauthorized access, misuse and errors (GBZ.3.8, GBZ-‐3.10, GBZ-‐4.1, GBZ-‐4.2, GBZ-‐4.4, GBZ-‐4.6, Towards a Healthy Cloud
Page 165 of 218
Juan Hernández Colomina
GBZ-‐4.7, GBZ-‐4.8, GBZ-‐6.1, GBZ-‐6.2, GBZ-‐6.3). All these features have a strong impact on how the as-‐a-‐ service feature is implemented as the provider needs to include the capabili7es needed for compliance.
3. Ar*fact Evalua*on The field of design science in IS research is regarded in previous work as an applied science discipline reflec7ng the importance of IT (meta-‐)ar7facts that enable the development of concrete IT applica7ons (Iivari, 2007). This is also the main goal of our research, to develop a meta-‐ar7fact (our matching-‐model) to facilitate the deployment of cloud compu7ng solu7ons in an specific context (healthcare in The Netherlands). A design science ar7fact can therefore be evaluated by analyzing how that ar7fact achieves its goal in prac7ce (u7lity and quality) and how efficient it is in achieving it (Hevner et al., 2004). However, there are significant barriers for evalua7ng ar7facts as they are related to the environment where they operate (March & Smit, 1995). According to previous work, the resul7ng meta-‐ar7facts must include knowledge that enables product and process design (Iivari, 2007). We believe that our matching-‐model contains knowledge that can support prac77oners in the design of new (or modified) cloud products and as well as in the design of cloud related processes. By matching a poten7al solu7on with our cloud compu7ng features and evalua7ng the requirements enforced by NICTIZ an organiza7on can select the solu7on that best fits their needs in that context.
In order to evaluate our ar7fact in prac7ce we need to find a Dutch healthcare organiza7on
that it is considering cloud compu7ng solu7ons. We could not find such an organiza7on which means that our matching-‐model should be further evaluated in prac7ce. Nevertheless, taking into account that we build our model based on two already validated constructs created in phase one and two of our research and that we validate the matching-‐model with expert reviews, we can draw some conclusions regarding the completeness and accuracy of our matching-‐model based on the assump7ons made during our research. It is important to note that we could not found specific metrics to measure our variables and therefore the evalua7on of the ar7fact is qualita7ve by nature. Qualita7ve research methods use qualita7ve data (e.g. interviews, documents, observa7on data, etc.) to understand and explain social phenomena (Myers, 1997). Although they are typical social sciences research methods they are increasingly popular in IS research, specially when inves7ga7ng (new) managerial and organiza7onal issues. Moreover, qualita7ve methods are oren found in research performed from an interpre7ve perspec7ve like in our research (Myers, 1997). The main purpose of this type of methods is to inves7gate phenomena taking into account the par7cipant's perspec7ve and the specific social and ins7tu7onal context (Myers, 1997).
Towards a Healthy Cloud
Page 166 of 218
Juan Hernández Colomina
The expert reviews consisted of unstructured in-‐depth interviews with two experts: Mr Gerard Persoon and Mr. Bert Kabbes. Both have more than 20 years experience in business consultancy in the Dutch healthcare sector and Mr. Kabbes has been interim director of several large Dutch hospitals. The experts were asked to evaluate the ar7fact’s quality (e.g. completeness and effec7veness) by analyzing (A) if all relevant requirements and cloud compu7ng features are included in the model and (B) if we make the right assump7ons when evalua7ng and placing requirements in our model. In design science completeness and effec7veness of an ar7fact can be evaluated by how it sa7sfies the requirements and constraints of the problem it was meant to solve (Hevner et al., 2004). For this reason, experts were asked to evaluate our matching-‐model taking into account our defini7on of cloud compu7ng and EPD requirements. According to previous work when there is not a previous outcome of tan ar7fact, as it is also the case in our research, its poten7al usefulness must be es7mated (Järvinen, 2008). Due to the lack of cloud compu7ng implementa7ons in Dutch healthcare the experts were asked to give their es7ma7on of the model’s usability, func7onality and consistency by applying logical reasoning and their own experience. Other aOributes like performance, reliability, and organiza7onal fit were excluded from our valida7on as they need to evaluated once the model has been applied in prac7ce. Nevertheless we have provided some assurance about our ar7fact’s relevance by considering business needs from environmental factors (e.g. people, organiza7on and technology) during our research (Hevner et al., 2004). Experts had no remarks concerning the completeness and effec7veness of our matching-‐ model. as they believe that it contains all relevant features and requirements and they are placed using appropriate logical reasoning. Moreover, the experts reflected that our model could be useful, func7onal and consistent but they agreed on the fact that this should be further evaluated in prac7ce.
It is important to note that the quality of design science ar7facts improves when subsequent
evalua7ons are performed as they oren result in incremental improvements (Hevner et al., 2004) (Gregor & Jones, 2007). However, we could not improve any exis7ng model as we could not find any similar meta-‐ar7fact in previous literature. For this reason we had to create a new meta-‐ar7fact that can be evaluated and improved in further research. This is a typical situa7on when applying design science to build new or innova7ve ar7facts as theories over the applica7on and impact of these ar7facts can be created once the ar7facts are applied in prac7ce (Hevner et al., 2004).
Towards a Healthy Cloud
Page 167 of 218
Juan Hernández Colomina
4. Answers to Research Ques*ons Phase 3 To summarize our findings from this research phase we provide in this sec7on the specific answers to the related research ques7ons.
4.1. What are the most relevant opportuni*es and challenges for adop*ng Cloud Compu*ng in the Dutch Healthcare sector? Current developments in healthcare and in na7onal economies have created the perfect storm for the adop7on of Cloud Compu7ng. The current economic downturn, demographic and social developments, pervasive sicknesses and global threats are among the challenges that reflect the con7nuous need for cost efficiency and 7mely qualita7ve services in healthcare. Collabora7on between prac77oners is increasingly becoming an essen7al requirement to cope with these developments. From our analysis in phases 1 and 2 we observe a match between opportuni7es offered by Cloud Compu7ng models and challenges that Dutch healthcare organiza7ons are facing now and in the future. In order to improve the sustainability of the healthcare system, healthcare organiza7ons can leverage Cloud Compu7ng solu7ons to achieve their two most relevant goals: cost efficiency and quality improvements. As described in phase 1 according to previous research around 80% of IT budgets are used to keep the lights on (maintaining compu7ng resources) while the average server u7liza7on is es7mated by several researches to be between 5% and 20%. This poten7al cost efficiency improvement is specially interes7ng for small healthcare organiza7ons as their budgets are significantly lower than larger ones and they are directly affected by the increase in demand of services (GPs in The Netherlands solve around 95% of primary care condi7ons). However, large healthcare organiza7ons can achieve larger savings as their budgets are larger and therefore there is more scope for improvement. For this reason large organiza7ons should also consider the use case of Cloud Compu7ng solu7ons to op7mize resource u7liza7on.
An specific example on how small and large healthcare organiza7ons can achieve cost
efficiency by leveraging SaaS solu7ons is the use of Google Apps as a replacement for Microsor’s Office tools. Google Apps licenses are much cheaper than Office licenses and they are fully compa7ble with Microsor’s file formats (e.g. doc, ppt, etc.). Moreover, as informa7on is stored remotely clinicians can work from everywhere and they can use the collabora7on features offered by Google Apps to enable simultaneous collabora7on on the same document. However, sensi7ve pa7ent informa7on should not be stored on this solu7on as it is not clear where is physically stored (Google uses a distributed file system) and it could be against na7onal regula7ons that limit the storage of pa7ent informa7on to the na7onal boundaries. Dutch ICT providers can solve this issue by deploying similar solu7ons where informa7on is stored securely within the Dutch territory. Nevertheless, in the past years we have seen a significant number of enterprises migra7ng to Google SaaS solu7ons like for example Rover, Rentokil, the University of Melbourne or Utrecht University. Towards a Healthy Cloud
Page 168 of 218
Juan Hernández Colomina
Another example of how large organiza7ons can also leverage Cloud Compu7ng solu7ons for cost efficiency is the op7mum resource u7liza7on enabled by deploying Internal Private Clouds. In a fully controllable on-‐premises environment organiza7ons can deploy tools that allow automa7c provisioning and scalability over mul7-‐tenant resources. With this approach, large organiza7ons can op7mize the use of previous ICT investments resul7ng in significant improvements in opera7onal cost efficiency and agility. Some tools that can support organiza7ons in this approach are Open Nebula, Eucalyptus, Ubuntu Enterprise Cloud and OpenQRM. Healthcare organiza7ons can also leverage Cloud Compu7ng solu7ons to access an almost unlimited amount of resources to perform heavy computa7onal tasks (e.g. HPC) that in some cases cannot be accomplished on-‐premises due to the large capital investment they require. The usage based pricing model of Cloud Compu7ng enables organiza7ons to use very large amounts of resources for short periods of 7me. Several case studies have demonstrated this advantage not only in the medical research field but also when performing large batch file conversions and tes7ng ICT infrastructures among others (e.g. Harvard Medical Research, NYT, Soasta, etc.). Quality and cost efficiency in care services can also be achieved by enabling efficient collabora7on between clinicians. For this purpose SaaS tools can contribute to connect prac77oners and centralize knowledge. Another op7on for leveraging collabora7on is given by the EPD project, an “empty” infrastructure consis7ng of an index system that enables the retrieval of pa7ent informa7on on-‐demand from decentralized repositories (each of the connected organiza7on’s system). With this approach prac77oners can access each others previous work in order to build their prac7ces on these findings. This results per defini7on on improved cost efficiency (e.g. reused test results, less redundant treatments, etc.) as well on quality improvements (e.g. no contradictory and poten7ally dangerous treatments, less medical errors, etc.).
Another poten7al improvement when using Cloud Compu7ng solu7ons in Dutch healthcare is
the improvement in care service availability and con7nuity. The 7mely decision making character of healthcare due to the high impact it has on ci7zen’s lives implies that prac77oner need accurate medical informa7on on-‐demand to perform their jobs beOer and more efficiently. For this reason, medical informa7on must be always available to clinicians in order to guarantee the delivery of care services to ci7zens. As reflected in some of the case studies analyzed in this report, organiza7ons can leverage Cloud Compu7ng solu7ons for affordable failover and backup mechanisms that improve the con7nuity of care services. Moreover, the elas7c character of Cloud Compu7ng solu7ons guarantees that ICT systems and infrastructures will never suffer from down7mes due to planning errors in resource provisioning and alloca7on.
An interes7ng use case for leveraging Cloud Compu7ng solu7ons in healthcare is to be able to
guarantee the con7nuity of care services in case of large health threats or catastrophes (e.g. pandemics, bioterrorism, earthquakes, etc.). In these situa7ons the demand of care services increases unexpectedly and rapidly crea7ng in some cases a workload that cannot be handle by non-‐elas7c Towards a Healthy Cloud
Page 169 of 218
Juan Hernández Colomina
models. The elas7c character of Cloud solu7ons can solve this issue as more resources are allocated instantly as the demand of care services rises. Moreover, cost efficiency is also improved as resources are scaled down when demand decreases (once the situa7on is back to normal). It is important to note that on-‐demand elas7city of resources leads per defini7on to larger process throughputs which is a necessary development in order to deal with the increasing demand of services. Organiza7ons are constantly challenged by ever changing market condi7ons. This requires them not only to leverage opera7onal agility by adap7ng their processes over 7me but also to use the right tools at the right 7me for each specific situa7on. To meet this needs external and internal sorware providers must reduce the 7me-‐to-‐market of their new applica7ons significantly. By using a PaaS environment for the rapid development and deployment of applica7ons these tools can be delivered on a 7mely basis. This results in significantly lower 7me-‐to-‐market as deployment, maintenance and upgrades have minimum impact on the tool’s availability. A healthcare oriented case study related to this usage of Cloud Compu7ng can be found at PresidioHealth, a HIPAA compliant sorware company which is able to build and deploy SaaS applica7ons 20% faster than before using PaaS. The use of Cloud Compu7ng solu7ons in healthcare is influenced by the size of organiza7ons. In general small healthcare organiza7ons (e.g. GPs, Specialists Clinics, etc.) should focus on cost efficiency by leveraging the usage based pricing model of Cloud Compu7ng solu7ons. Large organiza7ons (e.g. Hospitals, etc.) on the other hand should focus more on resource op7miza7on by building Internal Private Clouds or by using Cloud solu7ons to perform heavy computa7onal on a cost efficient basis (e.g. medical research). For this purpose, hybrid models for non-‐mission cri7cal data or when persistent data is maintained on-‐premises in a n-‐7er architecture (see PresidioHealth case study) are the most recommended use cases for large organiza7ons.
According to healthcare organiza7ons, the most significant barriers for the adop7on of
technology in this sector are security and the cost of technology followed by the lack of interoperability with exis7ng solu7ons and legal and privacy issues. Public Clouds improve the cost of technology for Cloud Users due to service mul7-‐tenancy and Private Clouds achieve the same goal due to resource op7miza7on. Moreover, the security offered by large Cloud Providers might also be in some cases beOer than in certain situa7ons (e.g. small businesses, home networks of doctors, etc.) but legal and privacy issues and the lack of interoperability due to the lack of standards are cri7cal issues that disqualify the largest Public Cloud offerings at the moment of wri7ng. Documented issues in current Public Clouds solu7ons include security incidents, privacy leaks, availability and performance of services. Security in current IaaS Public Clouds has been compromised in the last year by cartography and bad neighbor aOacks that can affect service reliability and performance. Moreover, it is not clear yet what are the procedures for data dele7on and how the full isola7on of tenants guarantees performance. This are important issues in the EPD context.
Towards a Healthy Cloud
Page 170 of 218
Juan Hernández Colomina
The performance (e.g. latency) of the largest Public IaaS offerings is also a cri7cal issue being in some cases too poor to meet cer7fica7on requirements. However, the next networking technology will enable higher bandwidth therefore minimizing the effect of network latency when boOlenecks are generated at the public internet level. Dutch healthcare organiza7ons can select a Cloud Provider in their own country to minimize the effect of latency on performance. During 2009 there has been a number of outages in Public SaaS, PaaS and IaaS offerings witch dura7on and recovery 7mes unacceptable in the EPD context. The lack of features for the proper isola7on from the public internet (e.g. point-‐to-‐point connec7ons) is also another cri7cal issue that that makes current Public Clouds not applicable to the EPD context. Nevertheless, na7onal Cloud Providers specialized in healthcare might offer such solu7ons on a customized basis. For this reasons we recommend the use of large Public Clouds (Internal or External) by Dutch healthcare organiza7ons exclusively for selected uses cases involving non-‐mission cri7cal or non-‐ sensi7ve data. Some examples of these cases are tes7ng applica7ons with dummy data, high performance compu7ng with encrypted or non-‐persistent data, fail-‐over for applica7ons that do not use pa7ent or sensi7ve data (e.g. Medical Model Analysis, Gene7c Tests, etc.). Private Clouds on the contrary are well suited for crea7ng solu7ons that comply with NICTIZ cer7fica7ons. We elaborate on some of the most relevant tools for building Private Clouds in the next sec7on (see sec7on 5, recommenda7on for Cloud Providers). We recommend healthcare organiza7ons to evaluate this tools if they plan to build a Private Cloud to connect to the EPD.
4.2. Which type of Cloud Compu*ng solu*ons fit within the current legisla*ve context and poli*cal agenda in The Netherlands? The Dutch Government is very aware of the challenges that the healthcare system is currently facing. Focus on quality improvements and opera7onal efficiency is repeatedly reflected in their policies and legisla7ons. For this purpose, the Dutch Ministry of Health has ini7ated a reform of the healthcare system in 2006 with the introduc7on of a compulsory private insurance for each ci7zen. The transforma7on is aimed to shir the power from healthcare providers to consumers, and the control from public bodies to insurers. As a part of this transforma7on, the Dutch government has started in 2008 with the introduc7on of an na7onal electronic pa7ent record system (EPD) to facilitate the 7mely exchange of accurate medical informa7on. The main goal of this project is to improve the quality and accessibility of healthcare on a cost efficient manner by enabling collabora7on between medical prac77oners. All three goals (quality, accessibility, and cost efficiency) are also the most common goals found in Cloud Compu7ng adop7on case studies. For this purpose we have limited the scope of our research to the applicability of Cloud Compu7ng in the EPD context.
Towards a Healthy Cloud
Page 171 of 218
Juan Hernández Colomina
The Dutch government believes that if healthcare organiza7ons have 7mely and secure access to relevant, complete and accurate clinical data (e.g. previous health encounters, test results, etc.) they can improve the quality, accessibility and affordability of care services they provide to ci7zens. The EPD is developed to provided these features to Dutch healthcare organiza7ons. An example of the poten7al benefits of the EPD is the reduc7on of medical errors in diagnosis, medica7on and treatments by increasing the availability of accurate, complete and relevant clinical data. As the government has currently no enforcing power to make the use of the EPD compulsory, the Ministry of Health has created NICTIZ, an organiza7on to support healthcare organiza7ons in their use of ICT. NICTIZ has developed a cer7fica7on program to regulate secure access to the EPD infrastructure. Healthcare organiza7ons that want to connect to the EPD need to obtain the GBZ cer7fica7on which includes the use of XIS cer7fied sorware and ZSP cer7fied connec7vity. The XIS and ZSP cer7fica7ons are obtained by the sorware manufacturer and the network provider used to connect to the EPD respec7vely. However, if a healthcare organiza7ons develop their own sorware and want to connect directly to the EPD they need to obtain these two cer7fica7ons previously to the GBZ cer7fica7on. NICTIZ cer7fica7on requirements determine the feasible Cloud Compu7ng models that Dutch healthcare organiza7ons can apply to connect to the EPD. Therefore there are three possible Cloud Compu7ng models (or any combina7on of them): Cloud GBZ, Cloud ZSP and Cloud XIS. A. Cloud GBZ Example
A Cloud GBZ is a health informa7on systems that can connect to the EPD and runs on a Cloud
Compu7ng plaxorm as defined in this research. The informa7on system must provide all Cloud Compu7ng features described in phase 1 of this research and comply with all GBZ cer7fica7on requirements established by NICTIZ (see appendix N). GBZ requirements are grouped in five main areas: prac7cal, organiza7onal, data management, access, connec7on and security. Prac7cal requirements describe the profile of organiza7ons that are allowed to access the EPD and delimit the scope of applica7ons and network providers that can be used. Only healthcare organiza7ons that have completed the UZI registra7on process and have wriOen agreements with their ZSP cer7fied network provider and their XIS cer7fied sorware provider can connect through their XIS applica7on to the EPD. To further analyze the feasibility of the Cloud GBZ model, we assume that the organiza7on is using XIS and ZSP cer7fied providers as they are further elaborated in the Cloud XIS and Cloud ZSP models later on this sec7on. Organiza7onal requirements describe the organiza7onal processes and resources needed to maintain GBZ compliance including training, procedures, documenta7on, support, governance, security, accountability, etc. Requirements in the data management area focus on the use, accuracy and protec7on of pa7ent data. They include requirements for the proper iden7fica7on of pa7ents, dossier management, rights and ini7al registra7on of pa7ents, data storage, data integrity, control and Towards a Healthy Cloud
Page 172 of 218
Juan Hernández Colomina
security. Storage plays a crucial role in data management as GBZ organiza7ons must not only store data during the legal storing 7me but also provide data overviews, daily back ups and discard procedures. The requirements in the access group are created to determine who and how individuals can access the EPD. They include procedures, restric7ons and controls for the use of UZI cards, UZI readers, UZI server cer7ficate, log management, delega7on of responsibili7es, pa7ent (ini7al) approval, data disposal and data integrity. Connec7vity requirements refer to the appointment of responsibili7es related to configuring and maintaining EPD connec7vity. They include requirements to determine the minimum allowed availability (including maintenance), power con7nuity, 7me synchroniza7on, domain name and IP address configura7on, and the accurate alloca7on of resources to guarantee availability and response 7mes. The security requirements area focuses on protec7ng the EPD against unauthorized access or filling by controlling the protec7on of (XIS) sorware interfaces. Arer analyzing all GBZ requirements we have selected the ones that could delimit the possible characteris7cs of a Cloud GBZ solu7on. In prac7cal terms, a Cloud GBZ must be able to allow the installa7on of secure server cer7ficates, to deploy XIS cer7fied sorware and to connect to the EPD through a cer7fied ZSP connec7on (e.g. on-‐premises or external). All supported opera7ng systems in current Cloud Compu7ng IaaS offerings include the configura7on of server cer7ficates. The applicability of XIS and ZSP models are elaborated further in this sec7on.
At the applica7on layer it must be clear which interfaces connect to the EPD as they must be
properly protected against data leakage and unauthorized access. For this purpose, the applica7on must contain features for logging, audit and control and the par7al or total block of pa7ent data exchange. In order to enable secure access to the EPD, the applica7on must also provide support for the use of UZI cards, UZI reader and UZI server cer7ficate including monitoring and repor7ng features, log management and usage control. These features are dependent on the XIS sorware connec7ng to the EPD. Current IaaS and PaaS solu7ons enable the development of such applica7ons in various programming languages (e.g. Java, Python, etc.). The Cloud GBZ must ensure data availability, correctness and security. For this reason, isola7on of the XIS applica7on and pa7ent data are crucial requirements and they can be accessed exclusively for EPD purposes. Based on recent security issues reported in the last year on Public Clouds (e.g. cartography and bad neighbor vulnerabili7es, data leaks, data losses, etc.) we believe that at the moment of wri7ng that Public Cloud models (Internal or External) do not fully comply with these isola7on requirements and with na7onal laws and regula7ons. To guarantee the con7nuity and availability of the EPD connec7on, the Cloud GBZ infrastructure must con7nuously perform above the agreed level, with a maximum of 1 outage per month with no more than 15 minutes down7me, a maximum of 2 outages per year with no more than 1 day down7me and a maximum amount of planned maintenance of 12 7mes per year with a Towards a Healthy Cloud
Page 173 of 218
Juan Hernández Colomina
maximum down7me of 1 hour. Almost all current Cloud Compu7ng offerings have proven higher availability scores over the last year and guarantee them in SLAs. However, some Public Cloud outages and maintenance have resulted in longer recovery and maintenance 7mes than the maximum allowed. The infrastructure must also be able to scale resources in order to handle, the exchange of (HL7) messages and SSL sessions with response 7mes below the agreed maximum. Moreover, the infrastructure must include measures against power shortage (e.g. UPS) and NTP 7me synchroniza7on with an allowed devia7on of one second. In order to enhance security, each connec7on to the EPD must always use a dedicated IP address and domain name and every XIS sorware interface must be properly protected (e.g. firewall, DMZs, etc.). Moreover, the Cloud GBZ must provide scalable storage, daily back ups, stored data overviews and procedures for effec7ve data disposal. All Cloud Compu7ng providers offer large scalability of resources as it is one of the most commercially interes7ng features of such solu7ons. Some them offer automa7c scalability based on pre-‐defined paOerns which enables fully availability in all possible situa7ons. Cloud data centers have also taken measures against power failures (e.g. UPS fail-‐over, replica7on, etc.) and in some cases even more advanced than enterprise solu7ons. Daily back-‐ups, NTP 7me synchroniza7on, data overviews, and IP and domain name configura7on are standard features in available Cloud Compu7ng solu7ons. Response 7mes are an important issue for current Public Cloud models. For example, arer the introduc7on of spot prices, Amazon’s IaaS offering experienced response 7mes much larger than the maximum allowed. Another issue is data disposal procedures in Public Clouds. As resources are reallocated to other customers, it is not clear how current providers eliminated data before realloca7on. Although there have not been any reported leaks of this type, it is not clear wether data is later available to the next customer. Public Cloud providers need to improve their transparency on this issue as most enterprises need this kind of assurance. An example of a possible Cloud GBZ solu7ons is Adastra in its managed hos7ng version together with LSPconnect a plugin to connect to the EPD infrastructure. Both products are offered by E.nova7on B.V. in The Netherlands. Adastra is a XIS cer7fied informa7on management system for organiza7ons that provide primary care arer office hours (huisartsenposten in Dutch). The applica7on is offered to Dutch healthcare organiza7ons in two forms: on-‐premises or in a managed hosted version (SaaS). The SaaS model is developed to allow users to leverage E.nova7on’s data center for full availability and con7nuity of care on a cost efficient manner. E.nova7on has two data centers where data is replicated between them using a SAN storage solu7on. Together with the LSPconnect plugin on its managed hos7ng version they both make a SaaS solu7on that offers a XIS cer7fied applica7on and a ZSP cer7fied connec7on. As these are essen7al requirements to obtain the GBZ cer7fica7on organiza7ons can use these two products to comply with most of the EPD technical requirements.
Towards a Healthy Cloud
Page 174 of 218
Juan Hernández Colomina
B. Cloud ZSP Example A Cloud ZSP is a connectIon to the EPD that runs on a Cloud Compu7ng plaxorm as defined in this research. The connec7on must offer all Cloud Compu7ng features described in phase 1 of this research and comply with all ZSP cer7fica7on requirements established by NICTIZ (see appendix M).
Dutch healthcare organiza7ons can choose to implement their own ZSP cer7fied connec7on to
the EPD or use a external provider for this purpose. A external Cloud ZSP is interes7ng specially for small organiza7ons (e.g. GPs, specialists clinic, etc.) where the costs of a direct connec7on to the EPD are too high. The majority of small organiza7ons do not have enough resources (e.g. capital, human resources, ICT, etc.) to comply with ZSP requirements. For example, for a GP working alone on his own prac7ce it is very complex and expensive to implement 24x7 availability, firewalls, etc. By leveraging the external knowledge and experience as well as the resources of the Cloud ZSP provider they can implement cost efficient EPD connec7vity. The main purpose of the Cloud ZSP provider is to facilitate the exchange of electronic messages between their clients (GBZs) and the na7onal switching point (LSP) including connec7ons to tes7ng and produc7on LSP environments. To achieve this goal ZSP requirements focus on the func7onality, implementa7on and exploita7on of the connec7on. The func7onality of data communica7ons must comply with two groups of requirements: connec7vity and domain name system requirements. The connec7on of the LSP must use a fixed pre-‐ assigned IP address an comply with a set or predefined physical requirements (e.g. UTP, duplex mode, fixed speed, etc.) without making (par7al) use of the public internet network. The connec7on must be able to connect to the UZI register through the LSP’s rou7ng func7onality and to Cer7ficate Authori7es (CAs). Domain name server requirements include registering GBZs hosts and domain names, forwarding DNS zones, management of authorita7ve primary and secondary DNS servers, reverse DNS zones and the configura7on of the LSP’s DNS server as slave for each subdomain.
The implementa7on of the connec7on must also comply with a series of security, availability
and response 7mes considera7ons. ZSP organiza7ons must have security policies embedded in the organiza7on regarding employees, physical security (e.g. network devices), access management, protec7on against internet threats (e.g. virus, spam, hackers, etc.), security incidents and con7nuity management. In general terms the ZSP connec7on must be available 24 hours per day and 7 days per week, with a specific maximum number of allowed malfunc7ons and recovery 7mes per type of malfunc7on. Moreover, the con7nuity of the connec7on and DNS services must be guaranteed by providing sufficient backup and fail-‐over mechanisms to cope with hardware malfunc7ons. The Cloud ZSP must communicate any malfunc7on, its progress and recovery to all connected GBZs and the LSP. Response 7mes of network round trips between GBZs and the LSP must be in 90% of all cases bellow 200 milliseconds. For this purpose, network traffic to the LSP must be priori7zed.
Towards a Healthy Cloud
Page 175 of 218
Juan Hernández Colomina
Exploita7on requirements focus on the ongoing use and maintenance of the ZSP connec7on and they include organiza7onal, management and user support considera7ons. Most of them do not affect the solu7on to be applied as they include contractual and administra7ve requirements to report and solve malfunc7ons, maintenance and other outages. The Cloud ZSP must provide points of contact for user support and system administrators as well as migra7on support to and from other ZSP providers. User support should be priori7zed according to service levels and must be able to handle all issues reported by connected GBZs. When analyzing the applicability of Cloud Compu7ng we observe that isola7on from the public internet network is an issue in current Public Clouds. Although secure VPN connec7ons in Hybrid Clouds are possible (e.g. Amazon’s Virtual Private Cloud) effec7ve public internet isola7on can only be achieved by for example point-‐to-‐point connec7ons which are feature currently not available in Public Clouds. Moreover, as SSL is supported in almost all cases the implementa7on of connec7ons to the UZI register and CAs can also be implemented. Regarding DNS management, current IaaS solu7ons offer all the required func7onality. The only issue we observe is that fixed speed is only offered by some current Public Cloud providers. Looking at current Public Cloud offerings we must also conclude that although they apply high end security tools (e.g. data encryp7on, firewalls, spam and virus protec7on, back-‐ups, etc.), the isola7on and performance of mul7-‐tenant resources s7ll needs to be improved. For example, during the last years cartography aOacks and bad neighbor vulnerabili7es have been reported on Amazon’s EC2. Although the guaranteed availability of Public Clouds currently complies with the maximum allowed malfunc7ons, recovery 7mes even during planned maintenance is in some cases larger than allowed. Another important issue in Public Clouds is the lack of transparency in security architectures, malfunc7ons, their progress and their solu7on. Most providers (e.g. Amazon) communicate malfunc7ons through a web dashboard or website instead of contac7ng users directly. They also do not publish a lot of security specifica7ons to avoid suffering aOacks based on that knowledge (spoiler effect of informa7on). Response 7mes are a crucial issue for the use of current Public IaaS solu7ons. In figure 27. The single trip responses from the USA to Amazon’s EC2 cloud are measured from November 2009 to January 2010. The effect of the spot pricing models is clearly observed in the increase in response 7mes from an average of 50 ms before the introduc7on to much above 200 ms arerwards. In any case the op7mum level of 50 ms is s7ll the maximum allowed by cer7fica7on as the 200 ms round trip from GBZ to LSP means 100 ms round trip to each and therefore four 50 ms single trips.
Towards a Healthy Cloud
Page 176 of 218
Juan Hernández Colomina
Figure 27: Ping latency to Amazon EC2 amer spot price introduc*on
(Source: https://www.cloudkick.com/blog/2010/jan/12/visual-ec2-latency/)
A example of a current Cloud ZSP solu7on is E.nova7on’s LSPconnect plugin to link GBZs and the LSP through a ZSP cer7fied connec7on. The offering is offered both on-‐premises or hosted at E.nova7on’s data center, possibly in combina7on with other solu7ons (e.g. Adastra SaaS solu7on). As the managed hosted version of LSPconnect is ZSP cer7fied to connect to the EPD, it complies with our defini7on of Cloud Compu7ng in a Private External PaaS model so it can be considered a Cloud ZSP solu7on. This is specially interes7ng for small healthcare organiza7ons in order to achieve cost efficient EPD connec7vity without the need to cer7fy their connec7ons or applica7ons. C. Cloud XIS Example All XIS cer7fica7on requirements can be accounted for in the development of the applica7on. Most of the current XIS cer7fied sorware has been developed using the most common programming languages (e.g. Java, .NET, etc.). As these languages are also supported in all IaaS and PaaS offerings it is therefore possible to build XIS (SaaS) applica7ons on them. An example could be the managed version of Adastra which is XIS cer7fied and in also offered as-‐a-‐service at E.Nova7on’s data center which complies with our defini7on of Cloud Compu7ng. A final remark should be made on the fact that the EPD infrastructure is a Cloud Compu7ng environment from each healthcare provider’s perspec7ve where features are forced by requirements in the NICTIZ cer7fica7on program. For example, scalability and elas7city is enforced in requirement to have enough storage and bandwidth to handle all message exchanges. The on-‐demand feature is guaranteed by requirements related to back-‐ups, fail-‐over and con7nuity of opera7ons,. Moreover, ZSP solu7ons are oren offered as-‐a-‐service by external ICT providers and their solu7ons use the internet as the network plaxorm. The usage based pricing model can be included in EPD cer7fied solu7ons by ICT providers although this is currently not oren the case. Towards a Healthy Cloud
Page 177 of 218
Juan Hernández Colomina
4.3. How do current regula*ons facilitate or difficult the adop*on of Cloud Compu*ng? In our research we have focused on the introduc7on of a electronic pa7ent records infrastructure (the EPD), one of the largest and most significant ICT projects in the Dutch healthcare sector. Regula7ons that determine the technical requirements needed to connect to the EPD are developed by NICTIZ in GBZ, ZSP and XIS cer7fica7on programs. We have analyzed these requirements previously in this research and although the majority of them are realis7c and found in other secure inter-‐organiza7onal infrastructures, some requirements have a clear focus on na7onal large healthcare organiza7ons (e.g. hospitals, etc.) and na7onal ICT providers. First, the ICT investments needed to comply with all NICTIZ requirements are in most cases too high for small and medium organiza7ons. On the other hand, required network response 7mes and speed, customized support and dedicated limit the available providers to na7onal ICT provider specialized in healthcare and with custom solu7ons that meet all the needs. As small organiza7ons (e.g. GPs, etc.) need to find ways to meet all the requirements on a cost efficient basis, there are large opportuni7es for intermediaries that deliver part of the solu7on (e.g. a cer7fied ZSP connec7on, a cer7fied XIS applica7on, etc.). These intermediaries deliver the same solu7on to more than one client, therefore capitalizing the investment as sales volume rises. Although this enables cost efficiency for all individual customers, it represents a cost inefficiency for the whole system as these intermediaries increase overall costs with their profit margins. If requirements were more easy and less expensive to implement there will not be intermediaries, therefore reducing the overall cost. Cloud Compu7ng solu7ons outside NL are excluded by legisla7on as pa7ent data must be stored within the Dutch na7onal domain. As a consequence, the largest and more mature Public Cloud vendors are excluded as they are oren locate in the United States. These providers in the USA have demonstrated several HIPAA compliant best prac7ces. Even the USA government has created a Private External Cloud to be used by all governmental bodies and is planning to enforce the use of this cloud by law by 2010. It is important to note that par7cipa7on of all healthcare providers is a cri7cal success factor for EPD ini7a7ve. Although at the moment of wri7ng the use of ICT in Healthcare is not yet enforced by Dutch law, the Dutch government is planning to improve this in the coming years by making EPD par7cipa7on compulsory to all healthcare organiza7ons. The Dutch government should carefully examine Cloud Compu7ng best prac7ces of the USA when developing future laws and legisla7on, taking into account the effects of globaliza7on and improving the limita7ons of data localiza7on and response 7mes.
Towards a Healthy Cloud
Page 178 of 218
Juan Hernández Colomina
Although the cer7fica7on program and architecture of the EPD infrastructure provides enough flexibility to implement many different solu7ons, it implies also a added security risk for the whole system. If n providers connect to the EPD there can be n different construc7ons in place as long as they comply with the requirements. Some might deploy high end hardware or contract leading ICT providers, others might use less reliable hardware or contract smaller ICT providers. This means that in the current situa7on the EPD is as strong as it weakest link. This also implies a significant cost inefficiency for the whole system represented by the sum of differences between the investments made by the weakest GBZ and the investments of all other connected GBZs.
Towards a Healthy Cloud
Page 179 of 218
Juan Hernández Colomina
Research Conclusion The main research ques7on in our research was to inves7gate the feasibility of cloud compu7ng solu7ons to connect to the Dutch healthcare na7onal pa7ents records system. We started our research by crea7ng our own defini7on of cloud compu7ng as it is a rapidly emerging IT delivery model and there are therefore no defini7ons found in previous scien7fic work. We explored not only its features but also its main advantages, risks and use cases among other considera7ons. In the second phase of our research we shired our focus to analyze the Dutch healthcare sector and the role of IT in that sector, focusing further on one of its most significant IT infrastructures, the na7onal electronic records system EPD. To facilitate our feasibility analysis we constructed a matching-‐model in the third phase of our research. The findings of our research indicate that there are several opportuni7es for using cloud compu7ng solu7ons that can connect to the na7onal pa7ent records infrastructure (EPD). The on-‐ demand and elas7c features of this delivery model are cri7cal to achieve the levels of availability and con7nuity that are required by cer7fica7on to be able to connect to the EPD. However, there are also several limita7ons to this new delivery model that exclude the majority of current cloud solu7ons. Nevertheless, this means also that there are several opportuni7es for IT providers in The Netherlands to develop new cloud compliant solu7ons for the EPD. The first significant limita7on of the as-‐as-‐service model in the EPD context versus the on-‐ premises model is that the cloud provider needs to be a Dutch organiza7on and store all data in The Netherlands. Moreover, performance and network response 7mes requirements indicate that the provider's data center needs to be very efficient and not geographically dispersed outside The Netherlands. In our opinion the most significant barriers for the as-‐a-‐service model in the EPD context are found in connec7vity, security, transparency and support requirements. The provider must be able to offer a private leased line and have a strong security policy in place. Although we believe that providers use effec7ve security measures they do not disclose many details related their security strategy. Analyzing current offerings we have to conclude that there are no current public cloud offerings that offers the required level of transparency. The level of personalized support in outages, recoveries and maintenance required by cer7fica7on are also serious barrier and not included in current as-‐a-‐service offerings. As we can observe in our matching-‐model most of requirements delimit directly the as-‐a-‐ service feature and indirectly the Internet delivery feature while we can find several requirements that enforce the scalability and on-‐demand features. This unbalanced situa7on reflects in our opinion that EPD requirements requires high performance under high controlled situa7ons when communica7ng or collabora7ng with third par7es (as-‐a-‐service and Internet delivery).
Towards a Healthy Cloud
Page 180 of 218
Juan Hernández Colomina
Although cloud compu7ng can highly contribute to improve availability and scalability, EPD requirements limit its use to private (internal or external) clouds offered by Dutch providers and that offer a high level of personaliza7on and customiza7on. Due to the high costs related to this level of customiza7on we believe that only specialized cloud providers can offer a compliant solu7on. Based on our research conclusion we further elaborate some recommenda7ons for healthcare organiza7ons, gobernment bodies and ICT providers in the remaining of this sec7on.
1.
Recommenda*ons For Healthcare Organiza*ons
There is a lot of hype surrounding the term Cloud Compu7ng which has resulted into a lot of misunderstandings and wrong assump7ons by Cloud Users. Some think that it is merely a hype around exis7ng technology while others believe that it will have a disrup7ve effect on ICT delivery. Nevertheless, there are several best prac7ces that demonstrate how this new paradigm can be applied while complying with healthcare regula7ons like HIPAA. Smart hybrid construc7ons where persistent data remains on-‐premises at all 7mes are some examples of solu7ons possible in this area. According to healthcare organiza7ons, the most significant barriers for the adop7on of technology in this sector are security and the cost of technology followed by the lack of interoperability with exis7ng solu7ons and legal and privacy issues. Although the security offered by large Cloud Providers might also be in some cases beOer than in certain situa7ons (e.g. small businesses, home networks of doctors, etc.) legal and privacy issues and the lack of interoperability due to the lack of standards are s7ll major issues when using the largest Cloud Providers. We recommend Dutch healthcare organiza7ons to choose a provider specialized in the Dutch healthcare sector that allows the level of customiza7on necessary to comply with EPD requirements and minimizes barriers like the effect of network latency, performance, etc. It is important to note the EPD connec7vity requires some special features such as a connec7on that is properly isolated from the public internet (e.g. a point-‐to-‐point connec7on), strict latency and fully isola7on from other applica7ons to protect the infrastructure from unauthorized access. The use of Cloud Compu7ng solu7ons leads per defini7on of lower cost of technology as it enables beOer resource u7liza7on in Private Clouds and economies of scale through service mul7-‐ tenancy in Public Clouds. In order to offer a compu7ng capability as-‐a-‐service it must reach such standardiza7on levels that consump7on can be seamlessly monitored, measured and billed. We recommend the use of the largest Public Clouds (Internal or External) by Dutch healthcare organiza7ons exclusively for selected uses cases involving non-‐mission cri7cal or non-‐sensi7ve data. Some examples of these cases are tes7ng applica7ons with dummy data, high performance compu7ng with encrypted or non-‐persistent data, fail-‐over for applica7ons that do not use pa7ent or sensi7ve data (e.g. Medical Model Analysis, Gene7c Tests, etc.).
Towards a Healthy Cloud
Page 181 of 218
Juan Hernández Colomina
We believe that Cloud Compu7ng solu7ons can support Dutch healthcare organiza7ons in achieving their most cri7cal goals: cost efficiency, quality, con7nuity and availability of care services. These feature are oren found in exis7ng use cases and best prac7ces. However, organiza7ons must be very careful when selec7ng External Cloud Providers and should avoid the use of the major Public Clouds as they do not offer the requirements needed to comply with na7onal regula7ons. Moreover, they do not provide demonstrated mechanisms for resource isola7on, security and data integrity. For this reason we recommend healthcare organiza7ons to deploy Private Clouds as pilot projects to leverage some of the benefits of Cloud Compu7ng (e.g. resource op7miza7on, agility, etc.) while maintaining full control over security and configura7on. Although we recommend Internal Private Clouds when when there is enough poten7al for resource (e.g. hardware, sorware, etc.) op7miza7on, External Private Clouds can be applied if the provider is located in The Netherlands and complies with ZSP and XIS cer7fica7on requirements. In the recommenda7ons for Cloud Providers we recommend some of the most popular tools to build Private Clouds that organiza7ons can use.
Large healthcare organiza7ons (e.g. hospitals, etc.) can for example build GBZ cer7fied Internal
Private Clouds that connect directly to the EPD. With this model they op7mize resources while suppor7ng compliance with many requirements (e.g. scalability, availability, security, etc.). External Private Clouds are more interes7ng for small healthcare organiza7ons as they do not have the resources (e.g. ICT, capital, human resources, etc.) to leverage Internal models cost efficiently. It is important to note that in any External model organiza7ons should use strong encryp7on when transferring and storing sensi7ve data. A final recommenda7on for organiza7ons building their own Cloud Compu7ng environment is to account for hybrid models from the design phase, even if it will not be used for the 7me being. This will enable many interes7ng features (e.g. horizontal scalability, out-‐burs7ng, fail-‐over, etc.) of Cloud Compu7ng once Public offerings improve their current shortcomings. From our own experience we can affirm that this type of features are very difficult to implement once the solu7on has mature and become more complex and difficult to manage.
2.
Recommenda*ons For Government
Our general recommenda7on to the Dutch government is to invest more 7me and money in researching ini7a7ves to improve the healthcare system’s economic sustainability while improving care services availability and quality. There are many case studies demonstra7ng how commercial organiza7ons have leveraged ICT solu7ons to achieve any of these goals. The government should carefully analyze these best prac7ces and promote the findings among healthcare organiza7ons. ICT is going to have a crucial role in the transforma7on process towards pa7ent centric healthcare. A behavior that Dutch public representa7ves should avoid is to evaluate technology in the media without being correctly informed about it or without falling under their responsibili7es. An example of this behavior is the comments of the secretary of interior Mrs Bijleveld which claimed that Towards a Healthy Cloud
Page 182 of 218
Juan Hernández Colomina
Cloud Compu7ng is not secure for government adop7on. Mrs Bijleveld obviously is not aware of the several USA government best prac7ces (data.gov, apps.gov and the IT Dashboard among others) and the reported public spending improvements (e.g. data center consolida7on, leveraging ci7zen developers, transparency, etc.) without compromising security. We recommend the Dutch government to carefully analyze current USA best prac7ces, and research the applicability of any form of government cloud in The Netherlands. A clear example of the benefits that this could bring is the data center consolida7on that has taken place in the USA government. However, and in accordance with Chain Computeriza7on theory, a government cloud should not be used for centralized storage but to facilitate other type of resources (e.g. applica7ons, frameworks, plaxorm, etc.). The approach of the EPD where data is stored as close as possible to its origin should therefore be maintained as data is kept up to date. The current cer7fica7on system for connec7ng to the EPD can also be improved to facilitate the cer7fica7on of small and medium healthcare providers without the need of ICT intermediaries which result in cost inefficiencies. If ICT providers are needed, geographical limita7ons should be replaced by func7onal requirements which expands the number of feasible providers, resul7ng therefore in cheaper solu7ons due to price compe77on forces.
3.
Recommenda*on for Cloud Providers
There are several opportuni7es for Cloud Providers to offer solu7ons for the EPD infrastructure. Although we consider current large Public Clouds (e.g. Amazon, Rackspace, etc.) as not ready yet to be used in the EPD context, there are several tools available to build clouds that can comply with NICTIZ cer7fica7on requirements (e.g. GBZ, ZSP and XIS) and can be offered to Dutch healthcare organiza7ons. This way Cloud Providers can build Private Clouds (Internal or External) that deliver a Cloud XIS (e.g. a SaaS cer7fied applica7on), a Cloud ZSP (e.g. a PaaS cer7fied plaxorm) and/ or a Cloud GBZ to Cloud Users. Some recommenda7ons for current Public Cloud providers could be to improve transparency of data disposal methods and security, as well as performance and con7nuity of service by improving the dura7on of malfunc7ons and maintenance. Moreover, they can specialize in consul7ng services for the selec7on and implementa7on of GBZ compliant Internal Private Clouds for example for hospitals, or adopt the emerging roles of cloud brokers aggrega7ng and reselling services or inter-‐ cloud connec7vity services. Build Your Own EPD Cloud: Proprietary versus Open Source Solu*ons New Cloud Providers and organiza7ons that plan to build their own (Internal or Private) Cloud have several tools available for this objec7ve. Some of these tools are proprietary while others are provided under the Open Source licensing model. Organiza7ons should carefully consider these two op7ons as they result in significantly different TCOs in licensing, maintenance, upgrades, etc. Towards a Healthy Cloud
Page 183 of 218
Juan Hernández Colomina
Nevertheless using both types of technologies an organiza7on can build a cloud solu7on that can be cer7fied for connec7ng to the EPD infrastructure. One of the most significant developments in proprietary tools to build clouds is VMware’s Acadia joint venture with Cisco and EMC. The partnership aims to accelerate the transi7on of data centers from physical to virtualized and ul7mately to Cloud Compu7ng. They offer the unified delivery of products (vBlocks), service and support on building Clouds by using Cisco’s networking and communica7on (UCS) solu7ons, EMC storage solu7ons and VMware’s virtualiza7on plaxorm vSphere. As all three organiza7ons in the Acadia alliance are market leaders in their own segment (e.g. networking, storage and virtualiza7on), these tools can leverage a very robust and stable solu7on that will only improve over 7me as the join venture realizes its poten7al synergies. However, these solu7ons are also rather expensive compared to other alterna7ves (Xen, Juniper, F5, etc.) as they are oren regarded as enterprise solu7ons. We recommend this tools only for organiza7ons that already have substan7al investments in these technologies (e.g. VMware, Cisco, etc.) that the costs of disinvestment are greater than the extra costs for deploying this new product (vBlocks). For organiza7ons that do not have substan7al vendor related investments in place we recommend to start experimen7ng with Open Source tools for building their own Private Cloud. Among the available Open Source tools we recommend Ubuntu Enterprise Cloud, Eucalyptus, OpenQRM and OpenNebula as they are the most mature tools that enterprises are using nowadays to deploy their own clouds. Ubuntu Enterprise Cloud (UEC) is included with Ubuntu Server Edi7on and integrates a number of open source projects (including Eucalyptus) which makes it a turnkey package to deploy a Private Cloud. We recommend UEC for small and medium organiza7ons with limited infrastructure and/or ICT capabili7es (e.g. human resources, skills, experience, etc.) as it is very simple and fast to deploy (within ten minutes and without advanced IT skills). UEC supports also the smallest clouds (two computers or virtual machines). Eucalyptus (Elas7c U7lity Compu7ng Architecture Linking Your Programs To Useful Systems) is an Open Source sorware for deploying Cloud Compu7ng solu7ons over compu7ng clusters that is compa7ble with Public Clouds (e.g. Amazon interfaces). It uses commonly available Linux tools and Web-‐service technologies as well as support for all major proprietary and Open Source virtualiza7on standards (e.g. Xen, KVM, vSphere, ESX and ESXi). We recommend this tool for organiza7ons have the IT skills and resources needed to deploy and configure a Private or Hybrid Cloud from the command line (without GUIs, Menus, etc.). It is specially interes7ng for organiza7ons that plan to leverage Hybrid Cloud func7onali7es in the near future as it currently supports Amazon’s EC2, S3 and EBS services.
OpenQRM a tool for the delivery of virtual clusters through a single-‐management console and
a well defined API which can be used to integrate third-‐party solu7ons. OpenQRM can create an image of a physical server, write that image to a SAN solu7on and then run the virtual instances on Towards a Healthy Cloud
Page 184 of 218
Juan Hernández Colomina
demand from that SAN. We recommend this tool specially for organiza7ons that already have significant investments in SAN solu7ons and plan to integrate them in their cloud. OpenNebula is an Open Source tool kit for managing any virtual infrastructure in a data-‐center or cluster and is able to support the deployment of Hybrid models to combine local infrastructures with Public Clouds. We recommend OpenNebula for organiza7ons that focus on leveraging Hybrid Clouds for heavy computa7onal tasks (e.g. High Performance Compu7ng) as this tool has already been proven successful in documented case studies at NASA. The Importance of Open Cloud Standards A last remark should be made on the need for open standards in cloud services that will reduce the risk of vendor lock-‐in by facilita7ng service portability and the interconnec7on of several cloud offerings. A lot of current risks associated with the Cloud Compu7ng model can be (par7ally) solved by deploying solu7ons on mul7ples clouds (e.g. third-‐party dependency, availability, vendor bankruptcy, etc.). Cloud Users can benefit from this approach only when these clouds use the same standards and therefore it is cost efficient to migrate between them. At the moment of wri7ng this is not the case as almost every solu7on uses its own standard and most of them are hardware vendor oriented. For this reason we strongly recommend Cloud Providers to adhere to the Open Cloud Manifesto ini7a7ve (hOp://www.opencloudmanifesto.org/) and the DMTF Open Cloud Standards Incubator (www.dmx.org/cloud) and apply their principles on their solu7ons.
The Open Cloud Manifesto has developed a set of core principles for Cloud Providers to enable
a standards based Open Cloud. These principles focus on (1) beOer security through higher provider’s transparency, (2) data and applica7on interoperability and portability by applying standard interfaces for model independent solu7ons (Public Clouds, Private Clouds, etc.) which enables migra7ons to and from the cloud and between Cloud Providers and models, (3) standardized mechanisms for ICT resource governance and management and (4) consistent standards to monitor service performance across mul7ple providers. The DMTF standards focus on the interfaces between Cloud Providers and Cloud Users and between Cloud Providers and developers to enable the accurate management of underlaying resources. These interoperability standards are needed to reduce the risk of vendor lock-‐in and leverage agility by mul7-‐provider solu7ons. Both ini7a7ves have emerged from the Cloud Compu7ng community and include both Cloud Users and Cloud Providers among their members.
Towards a Healthy Cloud
Page 185 of 218
Juan Hernández Colomina
Bibliography Arellano, N. (2009, Jul 5). Cloud control – Top cloud computing risks and how to handle them. ITBusiness.ca , 1-‐2. Armbrust, M., Fox, A., Griffith, R., Joseph, A., Katz, R., Konwinski, A., et al. (2009, Feb 10). Above the Clouds: A Berkeley View of Cloud Computing. Whitepaper UC Berkeley Reliable Adaptive Distributed Systems Laboratory , 23. Arnold, E. (2008). Get your head out of the clouds. Searcher , 16 (10), 50-‐53. Arnold, E. (2008, May 1). Leveraging Clouds to Make You More EfXicient: How SaaS-‐y are you? Online , 6. Aron, D. (2009, Jun 24). IT Strategy is Critical in Volatile Times. Gartner Webinar , 1-‐23. Babcock, C. (2009, Jun 26). Cloud Computing Advocates Detail Its Future . InformationWeek , 1-‐3. Baker, S. (2007). Google and the wisdom of clouds. Business Week (4064), 48-‐55. Bakker, J. (2009, Feb 14). Vijf redenen om de cloud te mijden | Webwereld. Webwereld.nl , 2. Betts, M. (2009, Apr 23). Cloud computing: How to decide 'when to cloud'. Computerworld , 1-‐2. Blankena, F. (2009, Feb 20). Flinke start-‐up kan best zonder servers. Automatisering Gids , 1-‐1. Brinkkemper, S., Saeki, M., & Harmsen, F. (1999). Meta-‐modeling based assembly techniques for situational method engineering. Information Systems, 24(3), 209-‐228. Brodkin, J. (2009, Sep 30). Cloud computing hype spurs confusion, Gartner says. Computerworld , 1-‐2. Broek, M. (2009, Jul 15). Dave Armstrong (Google EMEA) over cloud computing. Marketingfacts.nl , 1-‐2. Brown, M. (2009, Oct 13). Capacity planning and the cloud. Computerworld , 1-‐2. Brown, M. (2009, Feb 9). Cloud computing interoperability. Computerworld , 1-‐1. Brown, M. (2009, Oct 7). What cloud computing isn't. Computerworld , 1-‐2. Brynko, B. (2008, Nov 7). Cloud Computing: Knowing the Ground Rules. Information Today , 1-‐2. Buyya, R., Yeo, C., Venugopal, S., Broberg, J., & Brandic, I. (2009). Cloud Computing and Emerging IT Platforms: Vision, Hype, and Reality for Delivering Computing as the 5th Utility. Future Generation Computer Systems, 25(6), 17. Buyya, R., Yeo, C., & Venugopal, S. (2008). Market-‐Oriented Cloud Computing: Vision, Hype, and Reality for Delivering IT Services as Computing Utilities. Proceedings of the 10th IEEE International Conference on High Peformance Computing and Communications. Cai. (2009). Customer Centric Cloud Service Model and a Case Study on Commerce as a Service. 2009 IEEE International Conference on Cloud Computing. Carr, N. (2008, Jan 15). The Big Switch. Norton & Co Ltd , 22. Towards a Healthy Cloud
Page 186 of 218
Juan Hernández Colomina
Chamberlin, T., & Leong, L. (2009, Jul 2). Magic Quadrant for Web Hosting and Hosted Cloud System Infrastructure Services. Gartner Research , 1-‐11. Chen, W., & Hirschheim, R. (2004). A paradigmatic and methodological examination of information systems research from 1991 to 2001. Information Systems Journal, 14, 197-‐235. Chong, F., & Carraro, G. (2006). Architecture Strategies for Catching the Long Tail. MSDN Architecture Center, 1-‐15. Croon, M., Duijts, J., & Leenards, P. (2009, Jan 9). Modern beheer: andere frameworks. Automatisering Gids , 1-‐1. Cunningham, P., & Wilkins, J. (2009). A walk in the cloud. Information Management , January- February 2009, 1-‐8. Dargha, R. (2009, Apr 14). Cloud Computing -‐ Key Considerations for Adoption. Infosys Technologies , 1-‐8. DAuria, J., & Nash, K. (2009, Jul 6). Cloud Computing Special Part 2: Cloud Control. CIO.com , 1-‐8. Deutsch, D. H., & Turisco, F. (2009). CSC Accomplishing EHR/HIE (eHealth): Lessons from Europe. CSC, 1-‐14. Dignan, L. (2009, Jul 15). BMC to link up with Amazon Web Services for hybrid cloud deployments. ZDnet , 1-‐1. DMTF (2009) Interoperable Clouds: A White Paper from the Open Cloud Standards Incubator. http://www.dmtf.org/about/cloud-‐incubator/DSP_IS0101_1.0.0.pdf Drakos, N. (2009, Jul 1). Technology Trends You Can’t Afford to Ignore. Gartner Webinar , 1-‐32. Dubie, D. (2009, Jul 7). Gartner adjusts 2009 IT spend downward again. Network World , 1-‐1. Duke, J., Hartz, E., & Jacobs, B. (2009). The secret sauce: achieving ROI that justiXies the initial investment. Presentation at the 2009 HIMSS conference. Ebusiness Watch. (2006). ICT and e-‐Business in Hospital Activities. e-‐Business Watch 2006, 1-‐198. Edgewatertech. (2009, Mar 23). Cloud Computing Trends: Thinking Ahead (Part 1) . Edgewatertech , 1-‐3. Eurobarometer. (2007). Health and long-‐term care in the European Union. European Comission, 1-‐247. Eurobarometer. (2009). The Europeans in 2009. European Comission, 1-‐144. Eurobarometer. (2008). Eurobarometer Wave 70. European Comission, 1-‐87. European Commission. (2007). Together for Health: A Strategic Approach for the EU 2008-‐2013. Commission of the European Communities.
Towards a Healthy Cloud
Page 187 of 218
Juan Hernández Colomina
European Parliament. (2000). The Charter of Fundamental Rights of the European Union. OfXicial Journal of the European Communities. Everett, C. (2009). Cloud computing -‐ A question of trust. Computer Fraud & Security Bulletin , 2009 (6), 5-‐7. Feiman, J. (2008, Feb 11). Business Initiatives That Avoid IT Cost Cuts and Promote Investment. Gartner Research , 4. Fergusson, S. (2008). The future of cloud computing. eWeek (17), 2. Foley, J. (2009, Jul 15). A DeXinition Of Cloud Computing -‐ Plug Into The Cloud. InformationWeek , 1-‐3. Galliers, R. D., & Land, F. F. (1987). Choosing Appropiate Information Systems Research Methodologies. Communications of the ACM, 30(11), 900-‐902. Gartner. (2009). eHealth for a Healthier Europe -‐ opportunities for a better use of healthcare resources. se2009.eu, 1-‐84. Golden, B. (2009, Jul 8). Cloud and Web 2.0 Insights from Structure 09 Conference. IDG news service , 1-‐2. Golkar, C. (2009, Jul 15). Top Business and Technology Questions in Cloud Computing. BeyeNetwork , 1-‐7. Graham, C. (2007, Sep 6). IT Leaders Top Three Reasons to Invest in Information Infrastructure. Gartner Research , 4. Gregor, S., & Jones, D. (2007). The Anatomy of a Design Theory. Journal of the Association for Information Systems, 8(5), 312-‐335. Gregor, S. (2006). The Nature of Theory in Information Systems. Management Information Systems Quarterly, 30(3), 611-‐642. GridTalk. (2009, Jan 30). GridBrieXing Grid Computing in Five Minutes. GridTalk , 1-‐4. Group, C. (2009, Jul 2). Cloud Computing Use Cases. Cloud Computing Use Cases Discussion Group , 1-‐22. Harris, J., Daugherty, P., & Tobolski, J. (2009). What the Enterprise Needs to Know About Cloud Computing. Accenture. Hevner, A. R., March, S. T., Park, J., & Ram, S. (2004). Design Science in Information Systems Research. MIS Quarterly, 28(1), 75-‐105. Hinchcliffe, D. (2009, Mar 26). Cloud computing and the return of the platform wars. ZDnet , 1-‐6. Hiner, J. (2009, Jun 19). Four reasons why business will take to the cloud. ZDnet , 1-‐2. Hirschheim, R., & Klein, H. K. (1989). Four paradigms of information systems development. Communications of the ACM, 32. Towards a Healthy Cloud
Page 188 of 218
Juan Hernández Colomina
Hoeffnagel, W. (2009, Jul 16). Gartner brengt aanbieders van cloud computing in kaart. Datacenter Works , 1-‐10. Holliday, J. (2009, Jun 26). Cloud Computing -‐ Show Me the Money. 2009 JavaOne Conference , 1-‐3. Howarth, B. (2009, Jul 6). Cloud Computing Special Part 1: Looking For The Silver Lining . CIO.com , 1-‐8. ICTzorg. (2009). Gekleurd onderzoek anti-‐EPD huisartsen: 95,8 procent wil geen EPD. ICTzorg.com. Informatiepunt EPD. (2008). GBZ vragenlijst verkorte versie. Informatiepunt EPD BSN in de zorg en landelijke EPD. Informatiepunt EPD. (2009). Handboek Landelijk Elektronisch Patientendossier (EPD). Informatiepunt EPD. BSN in de zorg en landelijke EPD, 1-‐206. ISO TR20514 (2005). Electronic health record -‐ deXinition, scope and context. Iivari, J. (2007). A Paradigmatic Analysis of Information Systems As a Design Science. Scandinavian Journal of Information Systems, 19(2), 39-‐64. Järvinen, P. (2008). Mapping Research Questions to Research Methods. Advances in Information Systems Research, Education and Practice, 274, 29-‐41. Järvinen, P. (2003). The stepwise algorithm for selecting an appropriate research method. University of Tampere, Finland, 1-‐12. Järvinen, P. (2000). Research Questions Guiding Selection of an Appropriate Research Method. Hansen, Bichler and Mahrer (eds.), Proceedings of the 8th European Conference on Information Systems 2000, 124-‐131. Järvinen, P. (2000). On a variety of research output types. Proceedings of IRIS23, 1-‐17. Jenkins, A. M. (1985). Research Methodologies and MIS Research. Research Methods in Information Systems, 103-‐117. Jensen. (2009). On Technical Security Issues in Cloud Computing. 2009 IEEE International Conference on Cloud Computing. KelXkens, G. (2009, Feb 24). VMware in hoger sferen met vSphere. Automatisering Gids , 1-‐1. Kirsner, S. (2009, Mar 15). Entrepreneurs look to clouds. The Boston Globe , 1-‐2. Klink, A. (2009). Voortgangsrapportage elektronisch patientendossier. Ministerie Volksgezondheid Welzijn en Sport. Klink, A., & Bussemaker, J. (2008). Innovatie in preventie en zorg. Ministerie van Volksgezondheid, Welzijn en Sport. Leighton, T. (2009, Jul 14). Cloud Computing Framework. Network Computing , 1-‐6.
Towards a Healthy Cloud
Page 189 of 218
Juan Hernández Colomina
Leong, L. (2009, Apr 20). How to Select a Cloud Computing Infrastructure Provider. Gartner Research , 1-‐9. Lewis, S. (2009, Jul 8). Cloud Computing Brings New Legal Challenges. New York Law Journal , 1-‐3. March, S., & Smith, G. F. (1995). Design and natural-‐science research on information technology. Decision Support Systems, 15(4), 251-‐266 MansXield-‐Devine, S. (2008). Danger in the clouds. Network Security , 2008 (12), 9-‐11. Myers, M. D. (1997). Qualitative research in information systems. MIS Quarterly, 21(2), 241-‐242 McAfee, A., & Brynjolfsson, E. (2008). Investing in the IT That Makes a Competitive Difference. Harvard Business Review July-‐August 2008, 98-‐107. McGee, K., Ambrose, C., Apfel, A., Burton, B., Cearley, D., Fenn, J., et al. (2008, Sep 15). The 2007 Gartner Scenario An Annual Report on the Current State and Future. Gartner Research , 31. McLaughlin, L. (2009, Oct 21). Cloud Computing Survey: IT Leaders See Big Promise, Have Big Security Questions. CIO.com , 1-‐5. McLaughlin, L. (2009, Apr 21). VMware vSphere: Does It Solve IT's Biggest Worries About Cloud? CIO.com , 1-‐5. Meijs, S. (2009, Feb 12). IBM stapt op de wolk van Amazon | Webwereld. Webwereld.nl , 1. Michelson, B. (2009, Apr 20). Cloud Slam: Songnian Zhou, Platform, Clouds Moving Into the Enterprise. EbizQ , 1-‐8. Mietzner, R., Leymann, F., & Papazoglou, M. (2008). DeXining Composite ConXigurable SaaS Application Packages Using SCA, Variability Descriptors and Multi-‐tenancy Patterns. The Third International Conference on Internet and Web Applications and Services, 156-‐161. Mietzner, R., Unger, T., Titze, R., & Leymann, F. (2009). Combining Different Multi-‐tenancy Patterns in Service-‐Oriented Applications. Proceedings of the IEEE International Enterprise Distributed Object Computing Conference 2009, 131-‐140. Mitchell, R. (2009, Mar 20). Windows: OfXicial client of the cloud. Computerworld , 1-‐1. Molenaar, T. (2009, Feb 3). Nicholas Carr levert half werk. Computable , 1. MVWS. (2009). Rapportage Invoering Landelijk EPD Q2 2009. Ministerie van Volksgezondheid, Welzijn en Sport. NICTIZ. (2009). ICT in de zorg: resultaten, ontwikkelingen en agenda. NICTIZ. NICTIZ. (2006). Vraag en antwoord LSP en XIS typegoedkeuring. NICTIZ. NICTIZ. (2005). Richtlijn Goed Beheerde Zorgsystemen, De Voorwaarden voor Landelijke e-‐ Communicatie. NICTIZ. NICTIZ. (2009). Programma van Eisen voor een Zorgserviceprovider (ZSP). NICTIZ, 1-‐40. NIVEL. (2009). Jaarboek 2008. Nivel Research. Towards a Healthy Cloud
Page 190 of 218
Juan Hernández Colomina
Open Cloud Manifesto (2009) http://www.opencloudmanifesto.org/ Orlikowski, W. J., & Baroudi, J. J. (1991). Studying Information Technology in Organizations: Research Approaches and Assumptions. Information Systems Research 2, 1-‐28. Perry, G. (2009, Feb 25). Vocabulary of Cloud Computing. Cloudcomputing.sys-con.com , 3. Pettey. (2009, May 15). Gartner IdentiXies the Top 10 Strategic Technologies for 2009. Gartner Newsroom , 1-‐4. Pettey. (2009, Jul 9). Gartner Says Cloud Consumers Need Brokerages. Gartner Newsroom , 1-‐4. Pettey, C. (2009, Jul 8). Gartner Survey Shows Many Users are Underwhelmed by Their Experiences of SaaS. Gartner Newsroom , 1-‐3. Pluijm, H. (2009, May 8). ‘Ook legacy kan naar de cloud’. Automatisering Gids , 1-‐2. Plummer, D. (2009, May 27). The Real Truth About Cloud, SaaS and Saving Money Now. Gartner Webinar , 1-‐24. Plummer, D., & McGee, K. (2008, Jan 29). Gartner Predicts 2008 and Beyond. Gartner Research , 5. Plummer, D., Cearley, D., & Smith, D. (2009, Jun 19). Cloud Computing Confusion Leads to Opportunity. Gartner Research , 1-‐4. Protti, D., & Smit, C. (2006). The Netherlands: Another European Country Where GP's Have Been Using EMRs For Over Twenty Years. Health Care Information Management & Communication, 20. Pultz, J. (2009, Mar 11). How to SigniXicantly Reduce IT Infrastructure and Operations (I&O) Costs. Gartner Webinar , 1-‐26. Pultz, J. (2008, Oct 28). How to SigniXicantly Reduce Network Costs in These Turbulent Times. Gartner Webinar , 1-‐18. Reingold, B., & Mrazik, R. (2009, Jun 4). Cloud Computing: The Intersection of Massive Scalability, Data Security and Privacy. Legal Works , 1-‐5. Robertson, B. (2009, Mar 25). EA and Cost Optimization: Saving Your Company and Yourself! Gartner Webinar , 1-‐27. Ross, W., Payling, R., & Gough, A. (2008, Jan 1). An Early View of Cloud Computing. Capgemini Outsourcing Services , 16. Schadler, T. (2009, Dec 19). Bespaar kosten door cloud computing. Automatisering Gids , 1-‐2. Schiebl, J. (2009, Jun 11). Cloud Computing demystiXied . Skylore , 1-‐5. Schoen, C., Osborn, R., Huynh, P. T., Doty, M., Peugh, J., & Zapert, K. (2006). On The Front Lines of Care: Primary Care Doctors' OfXice Systems, Experiences And Views In Seven Countries. Health Affairs, 25, 555-‐571.
Towards a Healthy Cloud
Page 191 of 218
Juan Hernández Colomina
Scott, D. (2007, Apr 2). Core Topics and Key Issues for IT Operations Management 2007. Gartner Research , 11. Sheehan, M. (2009, Jul 14). Do You Have a Load Balanced Network? ServePath , 1-‐3. Sheehan, M. (2009, May 1). McKinsey’s McCrazy! Flying through the Clouds with Eyes 1/2 Closed . GoGrid , 1-‐6. Siegele, L. (2008, Oct 23). Let It Rise: A Special Report on Corporate IT . The Economist . Smith, M. (2009, Feb 18). Best Practices for Applying Lean in IT. Gartner Webinar , 1-‐19. Solomon, S. (2009, Jun 30). Survey: Cloud computing hits big time. ZDnet , 1-‐1. Spinola, M. (2009, Jun 15). An Essential Guide to Possibilities and Risks of Cloud Computing -‐ A Pragmatic Effective and Hype Free Approach For Strategic Enterprise Decision Making. CloudBook , 1-‐18. Stap, R., Verhoosel, J., Bekkum, M. v., & Mos, E. (2007). De Europese norm EN 13606. TNO Informatie en Communicatietechnologie, 1-‐30. Staten, J. (2009, Apr 13). Deliver cloud beneXits inside your walls. Forrester research , 1-‐14. Stevens, H., & Pettey, C. (2008, Jun 26). Gartner Says Cloud Computing Will Be As InXluential As E-‐ business. Gartner Research , 2. Stroetmann, K., & Stroetmann, V. N. (2004). Electronic Business in the Health and Social Services Sector -‐ Key Issues, Case Studies, Conclusions. The European e-‐Business Market Watch 2004, 1-‐112. Stroetmann, K. A., Jones, T., Dobrev, A., & Stroetmann, V. N. (2006). eHealth is Worth it: The economic beneXits of implemented eHEalth solutions at ten European sites. Commission of the European Communities Information Society & Media Directorate-‐General. Stroetmann, K. A., & Stroetmann, V. N. (2004). Electronic Business in the Heath and Social Services Sector -‐ The quantitative picture. The European e-‐Business Market Watch 2004, 1-‐91. SYS-‐CON. (2009, Jun 11). 100 Players in the Cloud Computing Ecosystem. Cloud Computing Journal , 1-‐9. SYS-‐CON. (2009, Jun 11). Cloud Computing Expo: Cloudera One Ups Amazon . Cloud Computing Journal , 1-‐2. SYS-‐CON. (2009, Jun 11). Public, Hosted, and Internal Clouds DeXined. Cloud Computing Journal , 1-‐2. SYS-‐CON. (2009, Jul 7). Top Cloud Computing Solutions People are Looking For in 2009 . Cloud Computing Journal , 1-‐2.
Towards a Healthy Cloud
Page 192 of 218
Juan Hernández Colomina
Tange, H. (2008). Health Policy Monitor: Electronic Patient Records in The Netherlands. Bertelsmann Stiftung. Tesink, W. (2009). GBZ-‐grenzen. NICTIZ. Treese, W. (2009, Dec 20). Movin to the Cloud. netWorker , 1-‐3. Urquhart, J. (2009, Jul 14). Lawyers shine light on real cloud concerns. CNET , 1-‐4. Urquhart, J. (2009, Jul 7). Three debates that will beneXit cloud computing. CNET , 1-‐4. Vaquero, L., Rodero-‐Merino, L., Caceres, J., & Lindner, M. (2008). A break in the clouds: towards a cloud deXinition. SIGCOMM Computer Communication Review , 39 (1). Vries, F., & Bergh, A. (2009, Mar 6). Hoe applicatiesourcing te contracteren? Automatisering Gids , 1-‐4. WAKE-‐UP. (2009). Resultaten L-‐EPD Pilot-‐onderzoek. Comite WAKE UP. Webster, J., & Watson, R. T. (2002). Analyzing the past to prepare for the future: Writing a literature review. MIS Quarterly, 26(2), 13-‐23. Weiss, A. (2007). Computing in the clouds. netWorker , 11 (4). Wijkstra, J. (2009, Jun 5). Leveranciers verwachten veel van cloud en SaaS. Automatisering Gids , 1-‐3. Woods, D. (2009, Jul 7). Questioning Oracle's Cloud. Forbes , 1-‐2. Zaal, R. (2009). 'Dikke' IT: Het baat niet, maar schaadt wel. Automatisering Gids (2), 1. Zaal, R. (2009, Jun 6). ‘De wolk’ blijft nog jaren vormeloos. Automatisering Gids , 1-‐1.
Towards a Healthy Cloud
Page 193 of 218
Juan Hernández Colomina
Appendix A: General Thesis Informa7on Student Name:
Juan Hernández Colomina
Student Number:
0322512
E-‐mail:
jhernand@cs.uu.nl
Thesis Blog:
www.cloudme.eu
Master Program:
Master in Business Informa7cs
Star;ng Year:
2007-‐2008
Title of Thesis:
Towards a Healthy Cloud: An Analysis of Cloud Compu7ng
Solu7ons for the Dutch Healthcare Sector
Planned Start Date:
1st of June 2009
Planned End Date:
28th of January 2010
External Organiza;on:
E.Nova7on
External Supervisor:
Kor Tops (Manager Engineering)
Internal Supervisor:
Ronald Batenburg
Internal Supervisor 2:
Slinger Roijanckens
Towards a Healthy Cloud
Page 194 of 218
Juan Hernández Colomina
Appendix B: Process Deliverable Diagram
Towards a Healthy Cloud
Page 195 of 218
Juan Hernández Colomina
Appendix C: Project Planning and Deliverables
Towards a Healthy Cloud
Page 196 of 218
Juan Hernández Colomina
Appendix D: TwiOer’s cloud compu7ng community TwiRer Nickname
Real Name
Organiza*on
Posi*on
swardley
Simon Wardley
Canonical (Ubuntu)
Sorware Services Manager
samcharrington
Sam Charrington
Appistry
Product Manager
jamesurquhart
James Urquhart
Cisco
Product Marke7ng and blogger at cnet.com
Beaker
Christofer Hoff
Cisco
Director Cloud & Virtualiza7on Solu7ons
krishnan
Krish Nan
Diversity Limited
Lead Analyst, researcher & blogger
Jakewk
Jake Kaldenbaugh
NEC
Director, Strategy & Business Development
ShlomoSwidler
Shlomo Swidler
Orchestratus
Founder
befreax
Thijs Metsch
Sun / Oracle
Cloud Sorware Engineer. OCCI Founder.
joeweinman
Joe Weinman
AT&T
Business Development & Strategist
JSchroedl
Jason Schroedl
newScale
VP of Corporate & Product Marke7ng
Lounibos
Tom Lounibos
SOASTA
CEO
ranybias
Randy Bias
Cloudscaler
CTO
GeorgeReese
George Reese
enStratus
CTO & O’reilly Cloud author.
ruv
Reuven Cohen
Enomaly
Founder
samj
Sam Johnston
Technical Program Manager
guyro
Guy Rosen
Vircado
Co-‐founder & blogger
jayfry3
Jay Fry
CA
Strategy VP cloud business
SimonYates
Simon Yates
Forrester
VP CIO group
Staten7
James Staten
Forrester
Industry Analist
usnistgov
NIST
NIST
Standards Organiza7on
simonabrahams
Simon Abrahams
Rackspace
Marke7ng Director
Werner
Werner Vogels
Amazon
CTO
borjasotomayor
Borja Sotomayor
University of Chicago
PhD researcher
lmclaughlin
Laura McLaughlin
CIO.com
Senior News Editor
je…arr
Jeff Barr
Amazon
Web Services Evangelist
opennebula
Open Nebula
Open Nebula
cloud compu7ng open source toolkit
tombiO
Tom BiOman
Gartner
cloud compu7ng and Virtualiza7on Analyst.
Towards a Healthy Cloud
Page 197 of 218
Juan Hernández Colomina
Appendix E: Cloud Compu7ng Outages During 2008 Source: hRp://wiki.cloudcompu*ng.org/wiki/CloudCompu*ng:Incidents_Database
Towards a Healthy Cloud
Page 198 of 218
Juan Hernández Colomina
Appendix F: Gartner’s 2009 overview of IaaS providers Provider
Strengths
Cau*ons
Amazon
+ EC2 has revolu7onized the market with granular, by-‐the-‐hour pricing for virtual servers. It also has a CDN service coupled with its S3 storage service. + Amazon Web Services (AWS) dominate the public percep7on of cloud infrastructure services. + Amazon is innova7ve and extraordinarily agile, responding rapidly to customer demands for features, rather than following a set product road map. + An ecosystem of third-‐party vendors offer tools and services that extend the capabili7es of Amazon's plaxorm. Also, Amazon has extensive partnerships with sorware vendors, who provide prebuilt packages (Amazon Machine Images) for the EC2 environment. + Recommended use cases: self-‐managed. The AWS offerings encompass both cloud system and applica7on infrastructure. Each service should be evaluated separately; customers can adopt individual services without needing to use the others.
-‐ Support is a paid feature, and while it is responsive and expert, it is primarily geared toward technically knowledgeable users. Amazon does not offer managed or professional services. -‐ Amazon cannot provide private connec7vity, private VLANs or "hybrid cloud" solu7ons. -‐ Amazon does not allow third-‐party audits of its infrastructure, although it does plan to obtain SAS 70 cer7fica7on for its data centers. -‐ Amazon meets enterprise needs such as invoices on a one-‐off basis. It does not normally customize terms and condi7ons.
AT&T
+ AT&T offers a wide range of Web-‐hos7ng services, typically priced at a slight premium. Its Synap7c Hos7ng u7lity plaxorm is compe77vely priced. + AT&T has very strong technical competence, reflected in both solu7ons engineering and opera7ons. + AT&T has one of the beOer customer service portals. + AT&T has a substan7al global data center footprint, as well as a global content delivery network. + AT&T has the broadest and deepest cloud compu7ng vision of any carrier. It has an ambi7ous and comprehensive road map of services that are highly integrated with its network capabili7es. + Recommended use cases: self-‐managed; mainstream managed; highly complex; global porxolio; enterprise applica7ons.
-‐ Customer service has improved significantly in the last year, but is s7ll highly variable in quality. -‐ AT&T is oren inflexible in both sales and service, and support is primarily reac7ve. -‐ The sales process can be difficult, complex and slow. -‐ Customers who need to connect their hosted infrastructure to a non-‐AT&T network should obtain a wriOen agreement of coopera7on from AT&T
Towards a Healthy Cloud
Page 199 of 218
Juan Hernández Colomina
Provider
Strengths
Cau*ons
CSC
+ CSC offers managed hos7ng services at average prices. Its roots as a full-‐service IT outsourcer result in a depth of services, including ver7cal applica7on support, staff augmenta7on offerings and a broad, deep suite of security offerings. + CSC has made significant investments in virtualized plaxorms and u7lity compu7ng services, including a unique and innova7ve workflow-‐driven provisioning system for cloud infrastructure. + CSC has made significant strides in improving the quality of its products and customer service portal, and its future road map is ambi7ous. + Recommended use cases: mainstream managed; enterprise applica7ons.
-‐ Quality of account management depends on customer size and loca7on. -‐ Communica7ons between different opera7on and product groups can be poor, leading to tasks "falling between the cracks." -‐ CSC is a fast follower rather than a technology innovator.
GoGrid
+ GoGrid (previously ServePath) offers coloca7on, managed hos7ng, CDN services and a Xen-‐based selfmanaged cloud hos7ng service called GoGrid. Its prices are very compe77ve. + The GoGrid service offers a 100% up7me service-‐level agreement and highly responsive customer service. + GoGrid has a produc7zed "hybrid cloud" offering, combining GoGrid virtual servers with dedicated database servers, coloca7on space and private connec7vity. + GoGrid has a clean, aOrac7ve, easy-‐to-‐use Web-‐based user interface. + GoGrid has pursued interoperability as a key strategy. Its provisioning applica7on programming interface (API) is supported by third-‐party tools, such as RightScale. It also plans to offer its technology as a managed service within the data centers of partner service providers and individual customers. + Recommended use cases: self-‐managed; mainstream managed.
-‐ Although GoGrid has mul7ple data centers, the GoGrid service is currently only available in its San Francisco data center. GoGrid will be available in Europe by the end of 2009. -‐ GoGrid's primary compe77on is Amazon's EC2, and GoGrid faces considerable challenges in matching Amazon's pace of innova7on and easy access to capital for infrastructure build-‐out.
Towards a Healthy Cloud
Page 200 of 218
Juan Hernández Colomina
Provider
Strengths
Cau*ons
IBM
+ IBM offers very high-‐end managed hos7ng -‐ IBM's services are highly customized, services. It excels in delivering complex resul7ng in high prices and lengthy sales configura7ons, specially those requiring cycles. addi7onal IT services. -‐ IBM hos7ng contracts are lengthy and + IBM can provide excellent applica7on hos7ng complex, and frequently include inflexible and management for ERP, CRM and other terms and condi7ons that shir the risk complex environments. onto the client and away from IBM. + IBM offers a component-‐based u7lity hos7ng Service-‐level agreements are customized to plaxorm, as well as public cloud system each individual contract. Cloud contracts infrastructure services such as Compu7ng on are shorter, simpler and more Demand for scien7fic compu7ng and similar standardized. needs, and Informa7on Protec7on Services -‐ IBM uses partners to deliver smaller for cloud-‐based business con7nuity. configura7ons, which increases client + Recommended use cases: highly complex; communica7on issues and impairs quality global porxolio; enterprise applica7ons. control. -‐ IBM has a comprehensive strategy for cloud compu7ng, across its many lines of business. IBM's cloud system infrastructure services road map is primarily focused on private clouds.
Joyent
+ Joyent provides on-‐demand, cost-‐ compe77ve virtual servers called Accelerators. It can provide physically dedicated Accelerators, as well as colocated equipment, to customers who have specific needs for such servers. + Joyent's technology stack includes numerous technologies from Sun, including Solaris Containers and ZFS. + Joyent's strategy for scaling infrastructure emphasizes the role of network elements, par7cularly applica7on delivery controllers from F5 Networks (hardware) and Zeus (sorware) + Recommended use cases: self-‐managed.
-‐ Joyent's support, while very responsive and highly expert, is reac7ve. It offers managed services on a 7me and materials basis. -‐ Joyent's professional services are limited and focused on high-‐scalability projects. -‐ Joyent sells primarily online. Rather than field sales, it relies on sorware vendor and integrator partnerships to reach enterprise customers. -‐ Although Joyent plans to expand globally, it currently only has data centers in the U.S.
Layered Technologies
+ Layered Technologies' compe77vely-‐priced service offerings include dedicated hos7ng as well as VDC services based on 3Tera's AppLogic and Parallels' Virtuozzo Containers, and Microsor Hyper-‐V-‐based u7lity hos7ng. Its managed services are offered in 7ers. + Layered Tech's customer service is rela7vely responsive and proac7ve, compared to other providers of self-‐managed and simple managed hos7ng. + Layered Tech has invested substan7ally in automa7on, and offers fast provisioning as well as API accessibility. + Recommended use cases: self-‐managed; mainstream managed.
-‐ Layered Tech is in the midst of a business transforma7on focused on moving the company up-‐market. -‐ Layered Tech currently primarily serves the small and midsize business (SMB) segment, not the enterprise. -‐ Layered Tech's lack of brand awareness and sales presence places it at a compe77ve disadvantage in the market. -‐ Layered Tech's large menu of service offerings can create buyer confusion.
Towards a Healthy Cloud
Page 201 of 218
Juan Hernández Colomina
Provider
Strengths
Cau*ons
Media Temple
+ Media Temple has a diverse but integrated product porxolio that spans shared, virtual private and dedicated hos7ng, with an upgrade path between them. + Media Temple's compe77vely-‐priced services are usually bought on-‐demand, without a contract. + Media Temple understands its core target market of interac7ve agencies, adver7sing agencies, media companies and social media publishers. + Recommended use cases: self-‐managed. MediaTemple should also be considered for marke7ng microsites where low-‐cost elas7c scalability is a requirement.
-‐ Media Temple offers managed hos7ng (which it brands "cx") to a limited number of customers, seeking a closer partnership with the customer's IT staff. -‐ Media Temple's technology plaxorm is built on top of Parallels, limi7ng its aOrac7veness to enterprise customers. -‐ Media Temple experienced recurring outages with the first genera7on of its "gs" shared hos7ng service. This service has since been re-‐architected; new customers are provisioned on the second-‐genera7on service. -‐ Media Temple only has data centers in the U.S.
NaviSite
+ NaviSite's diverse product porxolio addresses both infrastructure and applica7on management needs. It also offers a content delivery network. Its prices are average. + NaviSite has an innova7ve, specialized product road map that takes advantage of the company's applica7on management capabili7es. + NaviSite's cloud compu7ng strategy is based on its AppStructure plaxorm, which encompasses not only VMware-‐based infrastructure, but also collabora7on and integra7on capabili7es. + Recommended use cases: mainstream managed; highly complex; global porxolio; enterprise applica7ons.
-‐ NaviSite's complex product porxolio can confuse the buying process. -‐ NaviSite's marke7ng and sales presence is limited and hinders the company when compe7ng against larger, more established providers. -‐ NaviSite's only non-‐U.S. data center is in the U.K. -‐ NaviSite is a moderate-‐size provider, and is trying to spread its resources over a very broad set of service offerings.
OpSource
+ OpSource has been focused solely on SaaS enablement. Its compe77vely-‐priced services are specifically targeted at SaaS provider needs, although it plans to expand into more general cloud infrastructure offerings. + OpSource provides adjunct services to SaaS providers, such as an on-‐demand billing plaxorm, integra7on services (branded "OpSource Connect"), custom applica7on management and help desk support. + Recommended use cases: SaaS infrastructure (mainstream managed and highly complex hos7ng).
-‐ OpSource's quality of service delivery and support is inconsistent. The more customized the solu7on, the greater the challenges encountered in delivery. -‐ OpSource has experienced recent outages due to its storage fabric. It has since re-‐ architected its storage services. -‐ OpSource is expanding into general cloud infrastructure services, but to date, its offerings have been focused on a narrow market segment. -‐ OpSource's only non-‐U.S. data center is in the U.K., although it can offer services across a broader footprint via its partnership with NTT.
Towards a Healthy Cloud
Page 202 of 218
Juan Hernández Colomina
Provider
Strengths
Cau*ons
Quality Technology Services
+ Quality Technology Services offers wholesale and retail coloca7on, managed hos7ng (including a u7lity hos7ng plaxorm, "QVI"), and media services, at very compe77ve prices. + Quality Tech grew through the acquisi7on of ITC Deltacom's eDeltacom business, IBM's coloca7on business and Globix's hos7ng business. It is an IBM partner for SMB hos7ng; IBM is a key channel, and extends Quality Tech's capabili7es. + Recommended use cases: self-‐managed; mainstream managed.
-‐ Quality Tech only has data centers in the U.S. -‐ Quality Tech's product road map is very conserva7ve. The company invests in technologies once they have achieved widespread mainstream adop7on. -‐ Quality Tech's customer portal has only basic func7onality.
Rackspace
+ Rackspace offers managed hos7ng and cloud infrastructure services at compe77ve prices. It also has a Limelight Networks CDN partnership that can be used in conjunc7on with its cloud storage service. + Rackspace has industry-‐leading customer service. It is proac7ve, highly responsive and "high touch," interac7ng frequently with its customers. + Rackspace has a broad and ambi7ous cloud road map which integrates the full range of its service offerings. + Rackspace has par7cularly strong support for open source technologies. + Recommended use cases: self-‐managed; mainstream managed; highly complex; global porxolio.
-‐ Rackspace's sales and support quality has become inconsistent, due to its extremely rapid growth. -‐ Rackspace is at its best when it is delivering formally produc7zed offerings, not one-‐off customized arrangements. -‐ Although Rackspace is a strong player in the enterprise segment, its product porxolio, professional services and customer portal are more limited than those of other leading providers. -‐ Although Rackspace is a global provider, it has a limited geographic footprint in North America.
Towards a Healthy Cloud
Page 203 of 218
Juan Hernández Colomina
Provider
Strengths
Cau*ons
Savvis
+ Savvis offers a broad range of hos7ng services, including a VMware-‐based u7lity plaxorm called "Dedicated and Open Cloud Compute" (formerly Virtual Intelligent Hos7ng). Its services are priced at a slight premium. + Savvis's quality of sales and service delivery is good. It is very good at exploi7ng technology and has an excellent customer service portal. + Savvis has an ambi7ous road map for cloud infrastructure offerings, as well as SaaS-‐ enablement services that include a marketplace and other complementary services. + Savvis is par7cularly strong in the financial ver7cal, for which it offers specialized products and services that take advantage of its network. + Recommended use cases: self-‐managed; mainstream managed; highly complex; global porxolio; enterprise applica7ons.
-‐ Savvis's customer service has improved recently, but it must demonstrate that these improvements are sustainable. -‐ Savvis has ra7onalized its product offerings, but the breadth of op7ons can s7ll lead to buyer confusion. -‐ Savvis has refocused its sales force on selling managed hos7ng, rather than coloca7on, but coloca7on remains a distrac7on for its sales team.
SorLayer
+ SorLayer offers fast-‐provisioned dedicated -‐ SorLayer does not offer any managed and Xen-‐based cloud hos7ng at compe77ve services. Its customer support does not prices. It also has an Internap CDN hand-‐hold; customers are expected to be partnership that can be used in conjunc7on technically proficient and willing to read with its cloud storage service. the documenta7on. + SorLayer has an extensive product road -‐ SorLayer does not allow hardware map. It includes many value-‐added services excep7ons to its standard configura7ons. with all configura7ons, such as TippingPoint-‐ -‐ SorLayer sells primarily online. It engages based intrusion preven7on and distributed in very limited marke7ng and sales, and denial of service (DDoS) mi7ga7on, and local has liOle brand recogni7on. and global load-‐balancing. + SorLayer has an extensive customer portal with an array of tools for self-‐management of both dedicated and virtual devices. Func7onality can also be accessed via an API. + SorLayer uses its wiki to provide thorough, well-‐organized documenta7on. + Recommended use cases: self-‐managed.
Towards a Healthy Cloud
Page 204 of 218
Juan Hernández Colomina
Provider
Strengths
Cau*ons
SunGard
+ SunGard Availability Services has deep and broad exper7se in business con7nuity, but also has a significant coloca7on and managed hos7ng business. Its prices are average. + SunGard is very process-‐oriented and highly conscious of enterprise security requirements. + SunGard con7nues to expand and improve its product porxolio, and can capably manage a broad range of requirements. + Recommended use cases: mainstream managed; enterprise applica7ons.
-‐ SunGard's customer service processes can result in a "hot potato" scenario between mul7ple opera7ons groups, where no one accepts responsibility and accountability for solving the customer's problem. SunGard is presently transforming its customer service model to address these issues. -‐ SunGard can be inflexible, and some7mes struggles to manage high-‐growth, high-‐ change environments. -‐ SunGard's near-‐term cloud infrastructure road map is primarily focused on business con7nuity capabili7es, although it will be expanding into other cloud compute services.
Terremark
+ Terremark is a leader in virtualized, VMware-‐ -‐ Although Terremark is a global provider, it based infrastructure services, with its has a limited geographic footprint in North Infinistructure u7lity hos7ng and Enterprise America. Cloud VDC offerings. It also offers carrier-‐ -‐ Terremark's service porxolio is not as neutral coloca7on. Its prices are average. broad as its largest compe7tors. + Terremark is a technology innovator with very good customer service, a good customer portal and extensive automa7on. It has a well-‐thought-‐out and aggressive cloud infrastructure road map that is focused on enterprise requirements. + Terremark offers superb engineering support. It is willing to take on "bleeding-‐ edge" technologies, legacy infrastructures and other unusual requirements. + Terremark is par7cularly strong in the government ver7cal. Its "NAP of the Capital Region" data center is specialized for serving U.S. federal government needs. + Recommended use cases: self-‐managed; mainstream managed; highly complex; global porxolio.
Towards a Healthy Cloud
Page 205 of 218
Juan Hernández Colomina
Appendix G: Healthcare Strategic Principles of the EU (European Commission, 2007) (European Parliament, 2000) EU Principle
Descrip*on
Proposed Approach
Strategy based on shared health values
Na7onal and european health policies must focus on clear values. In June 2006, the European Council elaborated a list of common values and principles: universality, access to good quality care, equity and solidarity . Moreover, the European Charter of Fundamental Rights explicitly recognizes every ci7zen’s rights of access to preven7ve care and to benefit from medical treatment.
(A) Improve the adop7on of fundamental health values (B) Create a system of EC health indicators by exchanging health related informa7on among member states (C) Decrease current inequi7es in healthcare services within the EU (D) Promote health literacy programs for different age groups.
Health in the greatest wealth
Healthcare is also crucial to achieve economic produc7vity and prosperity. Inves7ng in healthcare should be considered an investment and should include investments in preven7ng, protec7ng and improving ci7zens health.
Development of a program of analy7cal studies of the economic rela7onships between ci7zen’s health, health investments and economic prosperity.
Health in all policies
It is important to consider health related issues not only in the development of health policies but also in all european policies to leverage cross sectorial synergies.
The importance of sustained collec7ve leadership in global health is crucial in order to provide ci7zen’s with beOer Strengthening the EU voice healthcare services. The EC suggest that in global health worldwide health can be improved by globally sharing EC values, experience and exper7se in health related issues.
Towards a Healthy Cloud
Page 206 of 218
Strength the integra7on of health concerns into all policies of the EC, member states and regional authori7es.
(A) Enhance the EC status and coopera7on in interna7onal organiza7ons (B) Promote the implementa7on of interna7onal health agreements.
Juan Hernández Colomina
Appendix H: Enabling Technologies for Pa7ent Safety Technology
Documented Benefit
Electronic Medical Records (EMR)
• •
83% reduc7on in 90 day readmission rate for Conges7ve Heart Failure (CHF) pa7ents 32% reduc7on in diabe7c death
Computerized Physician Order Entry (CPOE)
• • • • •
60 % reduc7on in poten7al adverse drug events 41% reduc7on in drug interac7on errors 39% increase in formulary drug compliance 17% reduc7on in Adverse Drug Events (ADE) 84% reduc7on in missing dose medica7on errors
Electronic Transfer of Prescrip7ons (ETP)
•
15% reduc7on in prescrip7on error
Business Intelligence (BI)
•
10.3% reduc7on in Hospital Acquired Infec7ons (HAI)
RFID and Barcoding
•
83% reduc7on in medica7on errors due to mistaken iden7ty
Towards a Healthy Cloud
Page 207 of 218
Juan Hernández Colomina
Appendix I: Enabling Technologies for Quality of Care Technology
Documented Benefit
Electronic Medical Records (EMR)
• • • • • • •
10% increase in number of pa7ents seen by GP 9% reduc7on in the growth rate of acute admissions 32% reduc7on in diabe7c death 52% rise in pa7ents with documented self management goals 83% reduc7on in 90 day readmission rate for Conges7ve Heart Failure (CHF) pa7ents 7% reduc7on in average length of stay in hospital 48% reduc7on in duplicate laboratory/chemistry tests
Computerized Physician Order Entry (CPOE)
• • • • •
17% reduc7on in Adverse Drug Events (ADE) 39% increase in formulary drug compliance 60 % reduc7on in poten7al adverse drug events 84% reduc7on in missing dose medica7on errors 41% reduc7on in drug interac7on errors
Electronic Transfer of Prescrip7ons (ETP)
•
15% reduc7on in prescrip7on error
Business Intelligence (BI)
•
10.3% reduc7on in Hospital Acquired Infec7ons (HAI)
• • •
22% gain in clinical staff produc7vity 83% reduc7on in medica7on errors due to mistaken iden7ty 75% reduc7on in cases of medicines running out where RFID is used for stock control and inventory management
Electronic Health Records (EHR)
• •
7% decrease in number of GP appointments replaced by telephone contacts 22% gain in clinical staff produc7vity
Electronic Appointment Booking
• • •
Reduc7on of 816 inappropriate referrals to secondary care per year per primary care unit 33% reduc7on of Did Not AOends (DNA) 16% reduc7on in wai7ng 7mes for first outpa7ent appointment
• • •
60% improvement in radiologist produc7vity measured in number of tests read per radiologist 99% reduc7on in lost images 99% reduc7on in number of repeat imaging tests
Personal Healthcare Records (PHR)
•
55% reduc7on in hospital admissions for Conges7ve Heart Failure (CHF)
Pa7ent Portals
•
50% reduc7on in admin staff 7me spent filing and managing forms
Telemedicine
• •
25% reduc7on in average number of bed days for admissions for chronic condi7ons 19% reduc7on in hospital admissions for chronic condi7ons
RFID and Barcoding
Picture Archiving and Communica7on Systems (PACS)
Towards a Healthy Cloud
Page 208 of 218
Juan Hernández Colomina
Appendix J: Enabling Technologies for Availability Technology
Documented Benefit
Electronic Medical Records (EMR)
• • • •
10% increase in number of pa7ents seen by GP 9% reduc7on in the growth rate of acute admissions 83% reduc7on in 90 day readmission rate for Conges7ve Heart Failure (CHF) pa7ents 7% reduc7on in average length of stay in hospital
RFID and Barcoding
•
20% increase in the number of pa7ents discharged by noon
Electronic Health Records (EHR)
• •
7% decrease in number of GP appointments replaced by telephone contacts 22% gain in clinical staff produc7vity
Electronic Appointment Booking
• • •
Reduc7on of 816 inappropriate referrals to secondary care per year per primary care unit 33% reduc7on of Did Not AOends (DNA) 16% reduc7on in wai7ng 7mes for first outpa7ent appointment
Picture Archiving and Communica7on Systems (PACS)
• •
46.5% increase in volumes of tests (increase in throughput) 60% improvement in radiologist produc7vity measured in number of tests read per radiologist
Personal Healthcare Records (PHR)
• •
35% reduc7on in number of redundant tests 55% reduc7on in hospital admissions for Conges7ve Heart Failure (CHF)
Pa7ent Portals
•
9,7% reduc7on in number of GP appointments
Telemedicine
• •
25% reduc7on in average number of bed days for admissions for chronic condi7ons 19% reduc7on in hospital admissions for chronic condi7ons
Towards a Healthy Cloud
Page 209 of 218
Juan Hernández Colomina
Appendix K: Enabling Technologies for Empowerment Technology
Documented Benefit
Electronic Medical Records (EMR)
•
52% rise in pa7ents with documented self management goals
Electronic Health Records (EHR)
•
7% decrease in number of GP appointments replaced by telephone contacts
Pa7ent Portals
•
9,7% reduc7on in number of GP appointments
Towards a Healthy Cloud
Page 210 of 218
Juan Hernández Colomina
Appendix L: General eHealth related defini7ons Concept
Defini*on
Source
eHealth
The interac7on between pa7ents and health-‐service providers, ins7tu7on-‐to-‐ ins7tu7on transmission of data, or peer-‐to peer communica7on between pa7ents and/or health professionals. Examples include health informa7on networks, electronic health records, telemedicine services, wearable and portable systems which communicate, health portals, and many other ICT based tools assis7ng disease preven7on, diagnosis, treatment, health monitoring and lifestyle management.
European Commission
Electronic Health Record (EHR)
A longitudinal health record that provides physician and pa7ent access to clinical details registered during one or more treatments. The main goal of EHR is to maintain a integrated record of a pa7ents health status in order to support the con7nuity and efficiency of care services to be provided. It also facilitates communica7on among care professionals and therefore it benefits both pa7ents and clinicians. Other secondary uses of EHR are for example research, educa7on, quality management, billing, etc.
Gartner
Electronic Medical Record (EMR)
A repository of a pa7ent’s health data which is oren registered by a single organiza7on or ins7tu7on. An EMR is a narrower healthcare record than an EHR. Typically, an EMR contains a part of the EHR but described in a more extensive way.
Gartner
Archetype
A domain specific model that defines the structure and business rules of the concept. Examples of medical archetypes are “family history”, “blood pressure”, etc.
ISO-‐TR-‐20514
Technical Archetypes
A computable expression of a domain specific concept in the form of structured constrains statements based on some reference informa7on model.
ISO-‐TR-‐20514
Architecture
A set of descrip7ve representa7ons for describing and object and maintaining it.
ISO-‐TR-‐20514
Clinical Data Repository (CDR)
A data store that registers and manages clinical data collected at care service loca7ons (e.g. hospitals, pharmacies, GPs, etc.).
ISO-‐TR-‐20514
Electronic Health Record Architecture (EHRA)
The generic structural components from which all EHRs are built, defined in terms of an informa7on model.
ISO-‐TR-‐20514
EHR extract
Unit of communica7on of all or part of the EHR consis7ng of one or more EHR composi7ons.
ISO-‐TR-‐20514
EHR node
A physical loca7on where EHRs are stored and maintained.
ISO-‐TR-‐20514
Towards a Healthy Cloud
Page 211 of 218
Juan Hernández Colomina
Concept
Defini*on
Source
EHR system
The set of components that form the mechanism by which EHRs are created, used, stored and retrieved. It includes people, data, rules and procedures, processing and storage devices, and communica7on and support facili7es. It can also be defined as a system for recording, retrieving and manipula7ng informa7on in EHRs. They can be non-‐shareable local systems (EHR), shareable regional or na7onal systems (ICEHR), ISO-‐TR-‐20514 and (inter)na7onal indexes of ICEHR. The most significant components of an EHR infrastructures are data messaging services, locator applica7on, secure network infrastructure, connec7vity services to end user’s applica7ons, a central data repository, a pa7ent portal with view and/or update func7onality, and a data warehouse for research purposes.
Basic EHR
A repository of informa7on about the health state of a pa7ent in computer processable form. It includes both shareable and non shareable EHRs. If the EHR is shareable it can be exchanged at three levels: between clinical disciplines or users, ISO-‐TR-‐20514 between different applica7ons at a single EHR node, and across different EHR nodes. The capability of EHRs to be shared across different nodes is the basic element suppor7ng Integrated Care Electronic Health Record (ICEHR).
Integrated Care Electronic Health Record (ICEHR)
A repository of informa7on about the health state of a pa7ent in computer processable form, where the informa7on is stored and transmiOed securely and it is accessible by mul7ple authorized users. The registered informa7on is retrospec7ve, ISO-‐TR-‐20514 concurrent and prospec7ve, providing a complete, longitudinal and persistent record of all past, present and future care services regarding an specific pa7ent.
Personal Health Records (PHR)
A special type of EHR where the PHR is under the control of the subject of care and the informa7on registered is (partly) submiOed by the pa7ent. It can complement ISO-‐TR-‐20514 EHR by including output from pa7ents and providing control of personal informa7on by the subject under study.
Towards a Healthy Cloud
Page 212 of 218
Juan Hernández Colomina
Appendix M: NICTIZ’s ZSP Cer7fica7on Requirements ZSP Func*onal Requirements (Data Communica*on)
Category
Connec7vity
Domain Name System
Code
Requirement
CON-‐01
Facilitate all electronic message exchange between GBZ(s) and the LSP
CON-‐02
Enable GBZ access to tes7ng and produc7on LSP environments
CON-‐03
Use fixed DCN’s IP address as assigned by the LSP (the IP address becomes responsibility of the ZSP)
CON-‐05
Apply UTP connec7on with a speed of 10/100/1000 Mb/s where speed and duplex mode are configured as fixed and the connec7on is realized at layer 3 (IP rou7ng layer)
CON-‐06
Install and manage network component at layer 2 or 3 at the GBZ loca7on to enable domain differen7a7on and monitoring
CON-‐07
Do not use (sub)component must be used that makes (par7al) use of the public internet network
CON-‐08
Enable access of GBZ(s) to the UZI register through the LSP’s rou7ng func7onality.
CON-‐09
Facilitate access of GBZ(s) to the Cer7ficate Authori7es of the LSP’s server cer7ficate through the LSP rou7ng func7on, and access to other CAs of the trust chain for LDAP and OCSP
CON-‐10
Route IP addresses assigned by the LSP to the LSP entry points
CON-‐11
Use of NAT (Network Address Transla7on) can not have nega7ve impact on the connec7on(s)
DNS-‐01
Register at DNS servers: all hosts and domain names of connected GBZs, and the forwarding of all DNS zones to the LSP (if ZSP not authorita7ve)
DNS-‐02
Manage authorita7ve DNS servers: primary and secondary DNS server, reverse DNS zone for each DNS forward, LSP as slave DNS server for each subdomain (forward and reverse DNS entries)
DNS-‐03
Create subdomains with a maximum of 15 characters and with meaningful seman7cs for the user, with a maximum of 3 subdomain levels
DNS-‐04
Update DNS cache when requested by LSP
DNS-‐05
Minimize DNS caching by using appropriate TTL configura7on
DNS-‐06
Forward zones in AORTA-‐ZORG.NL to the LSP DNS if the ZSP is not authorita7ve.
Towards a Healthy Cloud
Page 213 of 218
Juan Hernández Colomina
ZSP Implementa*on Requirements
Category
Security
Code
BVL-‐01
Create and implement an informa7on security policy
BVL-‐02
Embed security in the organiza7on
BVL-‐03
Define security requirements to be followed by employees
BVL-‐04
Define security requirements for physical security (e.g. devices)
BVL-‐05
Protect LSP and GBZ(s) from spam, viruses and other threats that can gain access through the DCN
BVL-‐06
Define access security policy
BVL-‐07
Define requirements regarding con7nuity management
BVL-‐08
Define requirements regarding security incidents
BSC-‐01
Ensure system availability 24 hours per day and 7 days per week
BSC-‐04
Ensure that malfunc7on frequency and recovery comply with the specifica7ons of the LSP per type of malfunc7on: -‐ Class 1 outages: 4 7mes per year (if recovery 7me < 15 min), 2 7mes per year (if recovery 7me < 12 hours & > 15 min) and 1 7me per year (if recovery 7me < 4 days & > 12 hours). -‐ Class 2 outages: 12 7mes per year (if recovery 7me < 15 min), 4 7mes per year (if recovery 7me < 12 hours & > 15 min) and 2 7mes per year (if recovery 7me < 4 days & > 12 hours). -‐ Class 3 outages: 12 7mes per year (if recovery 7me < 15 min), 12 7mes per year (if recovery 7me < 12 hours & > 15 min) and 4 7mes per year (if recovery 7me < 4 days & > 12 hours).
BSC-‐05
Deploy back up procedures to guarantee con7nuity of connec7vity and DNS services if a (hardware) component fails
BSC-‐06
Communicate to the GBZ any par7al or fully discon7nuity of service, including reach, progress and recovery
BSC-‐07
Schedule planned maintenance between 03:00 AM and 07:00 AM
BSC-‐08
Communicate each recovery from malfunc7on to the LSP and GBZ(s)
RSP-‐01
Ensure that network round trip delay between GBZ(s) and LSP is no more than 200 milliseconds in 90% of the cases
RSP-‐03
Enable priori7za7on of network traffic to the LSP
Availability
Response Times
Requirement
Towards a Healthy Cloud
Page 214 of 218
Juan Hernández Colomina
ZSP Exploita*on Requirements Category
Organiza7on
Management
User Support
Code
Requirement
ORG-‐01
Ensure that ZSP is registered at the Dutch chamber of commerce (Kamer van Koophandel).
ORG-‐02
Posi7on the ZSP as main subcontractor when using third party services
ORG-‐03
Par7cipate in discussion sessions organized by the LSP
ORG-‐05
Ensure a good service desk: reachable on work days from 08:00 AM to 05:00 PM (with an emergency number outside this 7me frame) and being able to es7mate recovery 7mes and to report recovery progress.
ORG-‐06
Classify malfunc7ons: Class 1 if DCN is unreachable, Class 2 if limited func7onality and Class 3 if it is fully func7onal with some outages.
ORG-‐07
Solve malfunc7ons: immediately (Class 1), within 4 hours (Class 2) or within 24 hours (Class 3)
BEH-‐01
Ensure that the contact data (e.g. telephone number) of the DCN’s system administrator is known by the system administrator of the LSP where it can be contacted 24x7
BEH-‐02
Ensure capabili7es to localize the domain of a malfunc7on in the network
BEH-‐03
Measure and report to the LSP used and available bandwidth per connec7on per GBZ (measurements of minimal 20 connec7ons concurrently if available)
BEH-‐04
Report monthly to the LSP the frequency and dura7on of network outages
BEH-‐05
Report monthly to the LSP and GBZs the recovery 7mes of all outages
BEH-‐06
Ensure that planned maintenance (if affects func7onality) is communicated to LSP and GBZs at least 5 working days in advance.
BEH-‐07
Support the migra7on to another ZSP to be completed within 3 weeks arer the new ZSP’s infrastructure is ready
BEH-‐08
Facilitate migra7ons to other ZSPs to guarantee con7nuity of services
GBO-‐01
Deliver user support with a service level that matches the priority of issues
GBO-‐02
Handle and manage all issues signaled by GBZs
Towards a Healthy Cloud
Page 215 of 218
Juan Hernández Colomina
Appendix N: NICTIZ’s GBZ Requirements Overview Area
Prac7cal Requirements
Organiza7onal Embedding
Data Management
Towards a Healthy Cloud
Requirement 1.1.
Healthcare informa7on system has the XIS cer7fica7on.
1.2.
A ZSP cer7fied network provider is used.
1.3.
Organiza7on has been subscribed in the UZI register and has received UZI cards, card readers and UZI server cer7ficate.
1.4.
WriOen agreements with related third par7es.
1.5.
The organiza7on uses the EPD infrastructure for the goal determined by the used XIS applica7on.
2.1.
Some employee is direct responsible for con7nuos GBZ compliance regarding direct and delegated responsibili7es.
2.2.
Employees are trained to work with the EPD and have wriOen procedures and user manuals (i) (ii). An employee is directly responsible for employee training, manuals and procedures.
2.3.
Organiza7on provides first line support and incident registra7on during office hours. An employee is directly responsible for this.
2.4.
The organiza7on has a list of error codes provided by the switching point and the related ac7on to be taken.
2.5.
Organiza7onal policy and measures to ensure data availability, correctness and security (data not accessed by unauthorized people). An employee is directly responsible for these policies and to ensure its compliance.
2.6.
Applica7ons connected to the EPD are tested before being used in produc7on. An employee is directly responsible for this.
3.1.
Procedures for using BSN numbers.
3.2.
Delimited scope of GBZ and dossier management.
3.3.
Regular control to check if pa7ent data has been ini7ated.
3.4.
To protect the GBZ environment, the organiza7on has an overview of XIS interfaces, interfaces are protected against data leakage and data on the na7onal EPD is protected against unauthorized access.
3.5.
Regarding data submission to the na7onal switching point, the organiza7on has an overview of which data has been submiOed, a policy to determine which data is going to be submiOed and it performs periodic random control checks.
3.6.
The organiza7on is able to protect complete o par7al pa7ent data from exchange in the EPD, informing the pa7ent about the consequences.
Page 216 of 218
Juan Hernández Colomina
Data Management Area
Access
Requirement 3.7.
The organiza7on is able to submit informa7on which is stored within the legal storing 7me. Including an overview of the data stored, a daily remote back up of the data, and a policy to discard data when the legal storing 7me has passed.
3.8.
Regarding the integrity of data, the organiza7on must ensure that the data submiOed corresponds with the related pa7ent dossier.
3.9.
The organiza7on informs pa7ents about the exchange of his/her data on the na7onal infrastructure.
3.10.
The organiza7on ensures that pa7ent data is exclusively exchanged through the na7onal EPD infrastructure.
4.1.
Controlled use of UZI cards by employees. Providing training and tools for the correct use and performing control checks and sanc7ons to ensure this.
4.2.
Access log of pa7ent data. Delega7ons are properly managed by: having a direct responsible employee for managing delega7ons, employees obtain proper delega7on, employees are controlled on the appropriate exercise of delega7ons, delega7ons are controlled and preven7ng that employees obtain conflic7ng delega7ons.
4.3.
Inform pa7ents over EPD and obtain pa7ents approval before exchanging his/ her informa7on.
4.4.
Instruc7ons to protect pa7ent data from unauthorized access.
4.5.
The use of UZI cards is limited to the interfaces between the UZI card, the UZI reader en the informa7on system in every work sta7on.
4.6.
The connec7on to the switching point takes place through a server that uses the UZI server cer7ficate, which is protected according to the policies of the UZI register and there are procedures and instruc7ons for administrators.
4.7.
Data obtained through the EPD infrastructure is deleted arer use, including half processed data en data temporary saved on devices.
4.8.
The exchange of informa7on is regularly controlled, including log management and checks to detect unauthorized access.
5.1.
24x7 accessibility and management with a maximum of 1 outage per month with no more than 15 minutes down7me, and a maximum of 2 outages per year with no more than 1 day down7me.
5.2.
A system administrator is directly responsible for seung up and maintaining connec7vity to and from the EPD infrastructure.
5.3.
The system administrator ensures the accurate use of DCN, IP address, domain name, HL7 messages and NTP 7me synchroniza7on.
5.4.
There is a plausible protec7on against energy shortage.
5.5.
The 7me used by the server can vary a maximum of 1 second from the used NTP server 7me.
Connec7on Towards a Healthy Cloud
Page 217 of 218
Juan Hernández Colomina
Area Connec7on
Security
Requirement 5.6.
When configuring IP addresses and/or domain names the system administrator must ensure that they comply with ZIM tests and ZIM opera7onal context, that they are not internally used for other purposes, and that planned maintenance takes place a maximum of 12 7mes per year with a maximum down7me of 1 hour.
5.7.
Regarding capacity planning the system administrator must ensure that there is enough compu7ng capacity to support the exchange of messages, to support all SSL sessions and to comply with the agreed response 7mes. Average response 7mes are periodically analyzed and registered in wriOen.
5.8.
The system administrator must ensure that when requested by na7onal EPD system administrator the UZI cer7ficates and related applica7ons are loaded, configured and stopped.
6.1.
Overview of XIS interfaces.
6.2.
Protec7ng interfaces against leaks.
6.3.
Protec7ng the EPD against unauthorized filling or access.
(i) The training program of employees should at least include the following items: - Informing pa7ents on the use of BSN numbers and the exchange of their informa7on at na7onal level. - Informing pa7ents on the possibility to exclude their data from exchange at na7onal level. - Process to be carried out if a pa7ent wants to exclude his data from exchange. - How to look a BSN number up and link it to the corresponding internal index. - How to deal with difficult names and diacri7cal marks. - Understanding the importance of and requirements for accurate dossiers. - Condi7ons for the use of the EPD. - Rules and alerts when login terms are not followed. - Responsibili7es regarding informa7on requests. - Condi7ons that allow to copy gathered informa7on to local informa7on systems. - Condi7ons for delega7ons of use and how to avoid unauthorized delega7ons. - The process of transferring a full pa7ent’s dossier. - How to handle error messages and problems and how to contact the help desk - How to report suspicion or certainty of weak points or threats to the EPD (ii) The procedures and user manuals should at least include the following items: - Informing pa7ents on the exchange of informa7on at na7onal level - Informing pa7ents on the possibility to exclude their data from exchange at na7onal level. - Process to be carried out if a pa7ent wants to exclude his data from exchange. - Procedure to look BSN numbers up and link them to internal index numbers - Reques7ng, denying, replacing, blocking and communica7ng lost of UZI cards - Copying requested data to local informa7on systems - Delega7on of access to the EPD - Transfer of dossiers - Possible error codes and the ac7on to be taken - How to contact the help desk - How to report suspicious or real weak points or threats to the na7onal infrastructure - A detailed list of error codes and consequent ac7ons provided by the switching point
Towards a Healthy Cloud
Page 218 of 218
Juan Hernández Colomina