Healthcare Organizations Cloud Computing in

balanceonionringsInternet and Web Development

Nov 3, 2013 (3 years and 7 months ago)

84 views

NATIONAL SECURITY • ENERGY & ENVIRONMENT • HEALTH • CYBERSECURITY
Healthcare Organizations
Cloud Computing in
WH I T E P A P E R
A perspective from Science Applications International
Corporation (SAIC)
© SAIC. All rights reserved.
2
CLOUD COMPUTING IN HEALTHCARE ORGANIZATI ONS
Table of Contents
Cloud Computing for Healthcare
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3
Benefits of Cloud Computing
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6
Potential Cloud Computing Risks
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8
Security in the Cloud
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9
Strategic Decisions Before Cloud Adoption
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
11
Engineering, Implementation, and Cloud Management Services
. . . . . . . . . . . . . . . . .
12
SAIC: Walking the Talk
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
14
Getting Help with the Cloud
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
15
Looking Ahead
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
17
3
CLOUD COMPUTING IN HEALTHCARE ORGANIZATI ONS
With unprecedented pressures on healthcare organization
(HCO) leaders to deliver more with less, many are looking
for technology solutions to help realize goals for improved
service quality and efficiency. Technology experts at
Science Applications International Corporation (SAIC)
understand implementing complex health information
technology (HIT) systems can be challenging enough; but
managing on-going operations with IT departments that
are chronically underfunded and understaffed has a lot of
CIOs looking to the cloud for answers to an equation that’s
tough to balance.
What is Cloud Computing?
Cloud computing is the delivery of IT infrastucture assets
such as server capacity and software applications over
the Internet on a utility basis. Cloud computing offers
convenient, rapid and timely access to a shared pool
of computing resources. Such resources can be strictly
infrastructure components (i.e., networks, servers,
storage, etc.) or can include software to facilitate ready
access to applications and services.
Cloud computing resources offer attractive flexibility;
as usage demand ebbs and flows, the amount of
“horsepower” being consumed can be adjusted to meet
changing computing needs. But cloud computing is not
just a new name for “resource virtualization.” Features
such as self-service provisioning of resources, and
advanced use-metering distinguish cloud computing as
a new and transformational technology that promises to
make the “cloud” a utility-like resource.
As with all transformational models, the business value
to be gained through cloud computing is proportional
to the thought invested up front. Organizations that are
truly serious about moving their assets and processes
to the cloud should first consider some important
strategic questions about their business processes and
computing needs before selecting a technical solution.
The strategy questions may seem vexing since they require
engagement from the leadership ranks of the organization.
But close attention to strategic planning will empower
organizations to invest in solutions that will help them
address their current computing needs, while providing a
sustainable path to the future.
The Preferred Computing Solution for Healthcare
In cloud computing, the focus is on the selection of
one of three service models - Software as a Service
(SaaS), Platform as a Service (PaaS), or Infrastructure
as a Service (IaaS) described in the table on page 4.
With an understanding of an HCO’s goals, needs, and
constraints, a cloud solution can be engineered to deliver
specific, externally hosted applications, a complete
computing platform for local applications to use, or simply
rapid access to flexible and scalable computing. Cloud
computing could be the centerpiece of the healthcare
CIO’s strategic IT planning.
End users (such as a person, a department, a clinic, or
an IT organization) can order services through a self-
service catalog located on the Internet or private network.
Service options should be chosen to maximize business
value to the organization based on the strategic decisions
mentioned above. The catalog should clearly define
service levels and associated pricing, and services should
be obtainable by submitting a service request. Once the
service request transaction is complete, the service is
Cloud Computing for Healthcare
4
CLOUD COMPUTING IN HEALTHCARE ORGANIZATI ONS
rapidly established and access is granted. An example of
a provisioned service is the activation of a group of new
users for analytics applications hosted on a cloud-based
data warehouse. Cloud computing offers HCO customers
a much easier way to obtain and pay for services, freeing
them to concentrate their intellectual capital on their core
healthcare business.
When getting started with cloud computing, healthcare
managers will face a decision about the type of cloud to
establish. Many initially opt for a private cloud — where
the service provider dedicates to the customer a private
suite of virtual resources that are provisioned to the
organization — because it is perceived as a less risky first
step and, in many cases, side-steps the perceived security
and privacy issues associated with off-site hosting.
However, there is growing interest in public and community
cloud offerings. SAIC believes that ultimately, most
organizations will opt for a hybrid cloud architecture – a
mixture of cloud types designed for maximum flexibility
and business value. A summary of service models and
cloud types is presented in the table below.
Service Model
Description
Software as a Service (SaaS)
The service provider offers an application for use by the customer. Web-based electronic health records
(EMRs) and patient portal systems are examples of applications that can be offered as a cloud service. The
user – and the user’s organization – has nothing to do with running the software or hardware involved with
the application. They simply access the SaaS via a Web browser.
Platform as a Service (PaaS)
The service provider offers a software platform and protocol stack on which a customer’s application can
run. For example, a hospital-licensed application could be managed in the cloud utilizing a MySQL or Oracle
database instance offered by the PaaS provider.
Infrastructure as a Service (IaaS)
The service provider offers computing horsepower on demand. This offering serves those who simply wish to
acquire computing horsepower when they need it without having to maintain it locally. Such capability tends
to be viewed as an extension of the local data center and requires more direct involvement from IT staff.
Cloud Types
Characteristics
Private
A private cloud devotes resources to a single customer. Private clouds can be a cluster of networked
servers at the customer’s location or a dedicated, segmented, and protected area on a provider’s network.
Either way, this offers the customer organization additional flexibility over stand-alone or virtual servers,
but is typically more costly than other cloud types due to customized service and dedicated resources.
Public
A public cloud offers service to a range of customers across organizational boundaries without regard to
the nature of the data involved. Among cloud solutions, this option offers scalable service, a very high level
of availability and redundancy, and a very attractive price point. Public clouds maximize economies of
scale, providing customers with the lowest cost and highest flexibility.
5
CLOUD COMPUTING IN HEALTHCARE ORGANIZATI ONS
Cloud Types
Characteristics
Community
A community cloud offers benefits of both the private and public clouds. Essentially, community
clouds are public clouds whose tenants are limited to a defined group or class of customers. This could
include a cloud for hospital consortia such as an integrated delivery network (IDN) or an accountable
care organization (ACO). These offerings are optimized for the customer community, and for regulated
industries, such as healthcare, so that they comply with all applicable regulations. For example, a
healthcare community cloud would be engineered to comply with Health Insurance Portability and
Accountability Act (HIPAA) security and privacy requirements.
Hybrid
Integrating elements from the previous three types, hybrid cloud is custom-engineered, frequently for a
particular customer. Many customers, like hospitals and physician organizations that may be closing data
centers, desire to integrate existing assets with an externally-hosted cloud solution.
6
CLOUD COMPUTING IN HEALTHCARE ORGANIZATI ONS
Cloud computing offers both tangible and intangible
benefits to healthcare organizations. Through self–service
ordering, reduced capital investment, and an abundance
of performance metrics, healthcare CIOs can both
improve the quality of service and reduce their costs. A
move to the cloud also offers intangible benefits to long-
suffering CIO offices struggling with more mandates than
available resources.
Benefits of Cloud Computing
Process

Immediate self-service through a Web-based service catalog triggering a service request and subsequent
automated work flow

Improved scalability to meet mission/business demand and surges

Improved mission/business agility through rapid provisioning
Investment

Buy only as much as you need when you need it, using a metered subscription (pay-as-you-go) model

Reduced or no up-front capital investment for new information services

Reduced management and maintenance for existing information services
Value

Measurable services

Proactive service continuity in the event of an outage or disaster

Improved accessibility and portability through open and simplified architecture

Security custom tailored to the business need
Intangible

Focus intellectual capital on core business activities

Transfer of service responsibility to an external party

Reinvest IT expertise and capital on improved service and emerging issues

Improve the reputation and influence of the organization
It’s important to note that setting one’s sights on cloud
computing is not an all-or-nothing proposition. Process,
investment, value, and intangible benefits can be partially
achieved by working toward cloud computing without a
complete adoption. A seasoned technology partner with
strong skills in solution development through integration of
new and existing assets is essential.
7
CLOUD COMPUTING IN HEALTHCARE ORGANIZATI ONS
Cloud Computing Opportunities for Healthcare
The following is a list of ‘use cases’ where cloud computing
can bring value to the HCO. SAIC is assisting organizations
with ‘cloudifying’ many of these functions.
Mission-Driven

Hospital-based electronic health records (EHRs)

Community-based health information sharing

Integrated delivery networks (IDNs)

Ambulatory EHR and practice management

Personal Health Records (PHRs)

Patient accounting, financial and billing systems

Enterprise Resource Planning (ERP) systems

Clinical ancillary systems such as Laboratory
Information Management Systems (LIMS) and Electronic
Prescribing (E-prescribing)

Consumer communications and social media

Cyclical and seasonal mission requirements (e.g.,
orthopedic services related winter falls, flu season spike
in demand)

Statistical and analytical functions requiring large-scale
scientific and technical computing (outcomes analysis,
business intelligence)

Episodic requirements which can benefit from rapid,
on-demand cloud provisioning (e.g., emergency
management, outbreak management, and
food poisoning)

e-Filing efforts comprising complex multi-directional
information submission, public collaboration, benefits
transfer, and grants management

Broad and distributed quality, revenue, professional
association or network responsibilities requiring
information gathering, modeling, data mining,

visualization, etc.
Cross-Cutting

Communications (email, messaging, and mobile) and
workflow management

Information discovery, archiving, search and retrieval,
records management, and digital notary

Marketing, online training, and information
dissemination

Employee orientation, announcements, services,
training, and networking

Mobile application access and delivery

Backup and Recovery and Continuity of Operations
(COOP)

Data gathering and situational awareness.
8
CLOUD COMPUTING IN HEALTHCARE ORGANIZATI ONS
All computing solutions have inherent risks; and cloud
computing is no exception. An organization must ensure
that its risk exposure is reduced by adopting a cloud
strategy that identifies and quantifies risk, avoids it if
possible, and mitigates it if necessary.
The following table summarizes major risks, typical
exposure, and mitigation response for cloud computing:
Potential Cloud Computing Risks
Risks
Mitigation/Avoidance Strategies
Security, including non-compliance with the
HIPAA Security Rule, and malicious intrusions
Security must be engineered into the design of the cloud and cloud monitoring and management
processes. Use of National Institute of Standards and Technology (NIST) standards, cloud
management tools for role-based access, and encryption of data at rest and data in motion will
reduce vulnerability. Clear Service Level Agreements establishing responsibilities of the provider
and the user are essential to controlling access, use, and management of sensitive data.
Privacy risks, including non-compliance with the
HIPAA Privacy Rule, breach exposures of private
information, and identity disclosures resulting
from data mining and advanced analytics
Policies and practices must be implemented that assure compliance with the HIPAA Privacy Rule.
Monitoring to identify and prevent potential intrusions. Measuring and reducing the probability of
identity disclosure. Ensuring that the proper contractual and legal protections are enacted.
Lack of transparency into cloud environment
Use of cloud-compatible auditing and logging tools is critical for maintaining a “window” into the
cloud to monitor security, availability, capacity, and performance.
Lack of support for regulations and service levels;
possibility of cloud supplier bankruptcy
HCOs need to apply due diligence in the selection of cloud service providers. Contracts need to
clearly assign responsibilities for regulatory compliance, and delineate monitoring service levels
using cloud management tools.
Availability issues including outages, low
bandwidth, unproven cloud providers, and no
end-to-end monitoring
Lessons learned from high visibility cloud outages suggest that well-engineered systems suffer
scant downtime. Building redundancy and extensive use of monitoring, and metering right into a
cloud strategy will pay dividends over time.
Incompatibility of cloud with customer
architecture and service management processes
Most customers will have legacy infrastructure that must be integrated into a cloud strategy.
A good design will overcome potential incompatibility through use of a consistent technical
reference model, architectural standards, and best practices.
Compatibility of cloud with customer finance
model and charging mechanisms
Cloud hosting vendors can provide the information to both examine expenses and charge-back
to internal customers. When merged with a detailed distribution of legacy capital investment,
transition-operation labor, and maintenance costs can result into transparent cost pools for
charge-back.
9
CLOUD COMPUTING IN HEALTHCARE ORGANIZATI ONS
Challenges
A May 2011
Computerworld
survey showed that, for
security reasons, IT leaders within FORTUNE 1000
®

companies remained wary of public cloud adoption. HCOs,
however, increasingly recognize the business value and are
gravitating toward cloud solutions. This fact is underscored
by a 2010 survey, which reported that about 32 percent of
HCOs already use some form of cloud computing, and 73
percent reported that they plan to move more applications
to the cloud (
FierceHealthIT
; June 28, 2010). But most
HCOs, by a significant margin, preferred the control and
certainty of a private cloud as a first step toward cloud.
Notwithstanding those preferences, all cloud models have
potential vulnerabilities that must be mitigated.
Traditional computer security has many similarities to
historical military tactics in protecting a city. A perimeter
is established and fortified, a small number of gates are
guarded to allow trusted persons to pass through, and
guards both scan the horizon and keep tabs on potential
threats inside the walls. As technologies such as catapults
and cannons evolved, such traditional approaches still
had value, but were adjusted and augmented to keep
pace – thus leading to today’s network “firewalls” and
demilitarized zones (DMZs).
Cloud computing can complicate security planning
and execution by making it more difficult to discern an
organization’s “perimeter” because the organization’s
virtual resources are now located on the cloud hosting
provider’s premises. Thus, security and privacy policy
must be extended to cloud services providers as part
of contracting terms. By being able to dynamically
extend a department’s computing infrastructure beyond
its perimeter, cloud computing offers cost-effective,
scalable, on-demand service. But it ushers in an age of
interdependence and inter-connectivity between customer
and provider that organizations may be unaccustomed to
experiencing.
Such a new reality requires the establishment of a trust
relationship in all phases of service delivery including
security. Many health entities will find this newfound
delegation of direct control to a services provider to
be uncomfortable at best and possibly unacceptable
for some applications. Security officers, who often
feel personally responsible for the defensive posture
of the organization, may struggle with the inherent
limitations on their ability to inspect and test the
service provider’s security mechanisms. Again, clearly
articulated expectations and responsibilities should be
established in Service Level Agreements and in Business
Associate Agreements.
To further muddy the security waters, the infrastructure
needing security controls and protection can expand
and contract on the fly. Sophisticated management
tools and flexible vendor agreements will allow CIOs to
establish and manage multiple cloud infrastructures.
Applications and data may be dynamically moved among
private, community and public clouds as circumstances
warrant. This constant change offers a new dimension of
complexity in security planning and implementation.
The Good News
On the other hand, having valued clinical data centrally
managed by an entity whose success (and continued
viability) depends upon its ability to effectively manage
and protect the confidentiality and integrity of those
data is far less risky than having the data distributed
Security in the Cloud
10
CLOUD COMPUTING IN HEALTHCARE ORGANIZATI ONS
across multiple platforms protected by varying security
mechanisms, and managed by people with varying
degrees of security expertise. Consider, for example, a
small clinic that wants to adopt an EHR application in order
to qualify for Medicare incentive payments. Who is likely
to be more capable of assuring that the application and
its data will be available when it is needed – the clinic’s
office manager who also serves as its tech support, or a
reputable service provider who offers an EHR application
as a service?
With proper strategy, assessment, and design, cloud
computing is secure. Similar to keeping your money in
a bank rather than at home, cloud computing is often
more secure than existing data centers, particularly in
HCOs with limited funding and staffing for technology
modernization and on-going support. Cloud security starts
with the traditional security components and extends
them across the virtual and dynamic boundaries of an
organization’s infrastructure. Like legacy infrastructure,
a complete solution for cloud security involves the
integration of multiple cloud computing management
solutions to provide:

Access control

Encryption

Vulnerability scanning and monitoring

Audit logging and reporting
What is different is that multiple organizations are
responsible for the implementation and oversight of such
tools. Trust arrangements must be identified among the
customer, hosting provider, cloud engineering integrator,
and potentially other vendors to set security expectations,
define roles, ensure transparency, and populate metrics.
Once these are in place and operational, cloud security will
become a routine part of infrastructure management.
In 2011, the CIO of the United States touted the security
of cloud and published a directive for all government
agencies to consider cloud first before investing in other
options.
“Federal Risk and Authorization Management Program
(FedRAMP) defined requirements for cloud computing
security controls, including vulnerability scanning, and
incident monitoring, logging and reporting. Implementing
these controls will improve confidence and encourage
trust in the cloud computing environment.”

Vivek Kundra
The CloudShield Solution
For federal agencies, large integrated delivery networks,
and health information exchange organizations with a
need for highly robust cloud security monitoring, SAIC
offers CloudShield, a complete solution that addresses the
central challenges of cloud computing security:

Securing network infrastructure against increasingly
sophisticated external threats

Implementing fine-grained service-and subscriber-level
policy and bandwidth management in an era of complex
converged networks
The CloudShield deep-packet inspection platform offers
a comprehensive solution to the challenges of our most
demanding customers, delivering outstanding services
management and infrastructure security capabilities while
transforming the speed and economics of delivering “in-
the-cloud” services.
11
CLOUD COMPUTING IN HEALTHCARE ORGANIZATI ONS
The key to successful cloud design and implementation
is to develop a comprehensive strategy that will
meet the organization’s short and longer-term needs.
An experienced cloud consulting firm can guide an
organization through key questions such as:
What are the goals for implementation?

Which of the process, quality targets, value measures
and intangible benefits does the organization want to
achieve?

What is the long-term vision for the provision of
computing services?

What business needs are driving the initial target
implementation and what is the timeline?

Is there an internal charge-back mechanism that needs
to be supported?
Which security, privacy, and continuity considerations
will affect the design of your implementation?

What are the HIPAA, Gramm-Leach-Bliley, or other data
privacy-related factors that drive a cloud solution?

How mission-critical is the data and what level of
availability is desired?
Do existing infrastructure and vendor relationships
impact the design of a solution?

Is there an installed base of in-house technology that
could benefit by being included in the solution?

Do the applications require a specified computing
platform, both hardware and software?

Is there another reason – like the knowledge base of
the in-house IT staff – that suggests the inclusion of a
particular technology?
What level of cloud management does the organization
wish to directly undertake?

Who will be ordering and monitoring service—end users
or the CIO staff on their behalf?

What skill mix does the CIO staff bring to the table or
are willing to develop?

Does the CIO wish to delegate workload and
responsibility to an external party?
The answers to these example questions, and the
discussion that will ensue, will form the basis for initial
solution development and the preparation of a long-term
roadmap for cloud computing.
Strategic Decisions Before Cloud Adoption
12
CLOUD COMPUTING IN HEALTHCARE ORGANIZATI ONS
Once the strategic direction of the cloud computing
initiative has been established, an organization will be
ready to engage its technology partner to begin design
and implementation. The technology partner will develop
and present a solution and a project management plan.
If the technology partner sells cloud products as well, the
solution developed will most likely feature its own cloud
management product suite.
A solutions integrator, such as SAIC, on the other hand,
will focus more centrally on the client’s needs and typically
remain vendor-neutral. The proposed solution will employ
the best possible technology for the organization’s needs,
regardless of its origin.
Regardless of which type of technology partner an
organization chooses (product vendor or integrator),
the following is an example list of services that may be
acquired:

Private cloud implementation


Provisioning of public cloud compute and storage
resources (e.g., Amazon Web Services, Terremark) on
behalf of customers and internal users


Implementation and integration services for the four
types of clouds


Security assessment (certification and accreditation, if
required) of the cloud environment


Risk analysis and mitigation services


Security and privacy analyses


Access controls (identity management, authorization
management and access auditing)

Penetration testing


Cloud infrastructure management and administration


Services management, information assurance, and
cloud control services


Cloud computing testing and acceptance


Enterprise and carrier-class cloud network security
services
Managing Multiple Clouds
SAIC believes that most enterprises will end up with a
hybrid cloud model. Regardless of the risk-reward profile
they choose when starting with cloud implementation,
most organizations will eventually wish to link their
existing infrastructure to public or community cloud
resources. Beyond that, maturity in a cloud program
results in the desire for flexibility to move workload among
available compute and storage resources to get the best
performance, to pursue the best pricing, and to avoid
provider downtime, among other advantages. This will
require the development or acquisition of a capability
known as cloud “brokerage”. With the right cloud broker
tools and know-how, an organization can maximize their
cloud investments, simplify the management of their
multi-cloud environment, and bring order to “cloud chaos”
through the implementation of governance principles.
Governance in the Cloud
Like more traditional computing environments, cloud
requires the definition of expectations, granting of
authority, and verification of performance. But the
unique features of cloud – that both the internal service
provider and the end user may have a limited window
into the operations of the environment – make the need
for automated, rule-based, decision-support all the
more critical.
Engineering, Implementation, and Cloud Management Services
13
CLOUD COMPUTING IN HEALTHCARE ORGANIZATI ONS
When SAIC was contemplating its own corporate
commitment to cloud computing, we developed a list of
needed governance functions. This list includes:

User authentication


Role-based access control


Customizable access privileges


Encryption key management


Intrusion detection and alerting


Audit logging and reporting


Implementation of flexible billing controls
In addition, these functions are required across a multi-
cloud environment. In designing the SAIC cloud solution,
our Cloud Project Management Office conducted research
and selected a vendor for cloud governance management.
The experience SAIC gained from installing, configuring,
and using our cloud governance tool suite allows us
to offer to our customers an unusually broad array of
cloud management services that draw from our own
extensive experience.
14
CLOUD COMPUTING IN HEALTHCARE ORGANIZATI ONS
Moving SAIC’s data center to an enterprise private cloud
was a strategic decision with far-reaching benefits to
the company and its customers. Most often cited by
company executives, “practice[ing] what we preach” is
a fundamental benefit of this effort. SAIC migrated its
company-owned corporate data center from San Diego to
a commercial data center in the Dallas area. In so doing,
SAIC deepened its expertise in cloud migration – from
project management to full operations. This first-hand
experience as a customer of cloud services helps us
understand and address your cloud concerns. For SAIC,
the answer was to move everything to a cloud computing
infrastructure and use carefully architected technologies
to deliver value to the business.
SAIC established an enterprise private cloud based on the
VCE Vblock™ technology. The Vblock is a pre-engineered
virtualization block that features integrated technologies
from partners Cisco
®
, EMC
®
and VMware
®
. On a single
chassis, it combines compute (Cisco
®
UCS family), network
(Cisco
®
Nexus family), storage (EMC Symmetrix
®
or Unified
Storage) and virtualization (VMware vSphere™ 4).
In October 2011, the SAIC Enterprise Cloud was up and
running. Today, we continue to discover new ways to
leverage our cloud architecture and capabilities.
SAIC: Walking the Talk
15
CLOUD COMPUTING IN HEALTHCARE ORGANIZATI ONS
SAIC is a world-renowned information and technology
solutions provider to government and industry. Customer
feedback consistently shows that SAIC’s deep knowledge
of an organization’s business and alignment with its goals
sets us apart from other systems integrators. For cloud
computing transformation, our commitment to close
analysis of enterprise assets and strategic planning in
ongoing collaboration with stakeholders provides the
knowledge and experience an organization needs to
successfully navigate to a cloud solution. For those ready
to maximize benefit, minimize risk, and ensure security
through cloud computing, SAIC’s portfolio of services,
described on page 16, can chart your course toward a
successful cloud implementation.
World-Class Cloud Management and Support
Once you are up and running on your new cloud
environment, SAIC offers world-class cloud management
and IT support services through our award-winning
Integrated Services Management Center (ISMC). The
ISMC provides a cost-effective solution for monitoring
your cloud environment(s) and making sure that they meet
service level objectives and evolve as your organization’s
requirements change. The ISMC provides expert
personnel, automated processes and proven technologies
that can lower the cost and raise the quality of IT services
such as help desk support and data, application and
infrastructure management.
Getting Help with the Cloud
16
CLOUD COMPUTING IN HEALTHCARE ORGANIZATI ONS

Managed Cloud
Cybersecurity Services

ITIL-Compliant Cloud
Administration
and Governance Services
SAIC Cloud Computing
Services Portfolio
Software
as a
Service
(SaaS)
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
User Admin
Portal/
Catalog
Service Desk Support
Users

Assessments – cloud
computing, security,
management

Requirements – cloud
computing, security

Architecture – cloud
computing, security

Training

ITIL-Compliant
eCommerce and
eGovernment Services
Your
Enterprise

Assessments
- Cloud Computing Assessment
- Independent Cloud Security Assessment and Re-assessment
- Cloud Computing Management Strategy
Assessment and De￿nition

Requirements
- Cloud Computing Requirements Development
- Comprehensive Cloud Security Requirements Development

Architecture
- Cloud Computing Architecture Development
- Comprehensive Cloud Security Solution Architecture Development

Training
- Cloud 101 – “Executive-Level Course”
- Cloud 102 – “Practitioner’s Course”

eCommerce and eGovernment – Architecture and Engineering
Services
- Cloud Business Transformation and Service Strategy Consultation
- Cloud Training
- Cloud Prototyping, Piloting, and Demonstration Support
- Cloud Troubleshooting, Diagnostics, and Remediation
- Cloud Testing and Acceptance Services
- Cloud Development and Migration Services Applicable for both
Existing and New:
- Data Centers and Infrastructure
- Systems and Platforms
- Applications, Software, and Services
- Data and Information Flows

Managed ITIL-Compliant Cloud Administration and Governance
Services
- Initial Setup of Cloud Administration and Governance Capability
- Provisioning, Managing, Monitoring, and Controlling Cloud Server
and Storage Resources
- ITIL Service and Help Desk Support
- Con￿guration Management Services
- Cloud Applications and Services O&M
- Cloud Data Loading, Applications Monitoring, and Tuning

Software as a Service (SaaS) Offerings
- Social Networking and All Source Analytical Framework (ASAF)
- CENTER™ (portal and collaboration)
- Records Management Service Components (RMSCs)
- OLIVE™ (virtual reality hosting)

Managed Cloud CyberSecurity Services
- Certi￿cation and Accreditation
- Thread and Risk Analysis
- Technical Vulnerability Analysis (TVA) and Penetration Testing
- Intrusion Detection
- Continuous Monitoring and Reporting
- Persistent PKI Management
- Encryption Software and Services
- Cloud Disaster Recovery and Continuity of Operations (COOP)
- CloudShield
- Common Criteria Testing

Migration
Services
Business
Processes
Data and
Information Flows
Applications,
Software, and Services
Systems and Platforms
Legacy/Existing Data Centers
and Technology Infrastructure
17
CLOUD COMPUTING IN HEALTHCARE ORGANIZATI ONS
Progressive HCOs looking for a highly agile, responsive and
cost effective health IT infrastructure will increasingly be
considering, and in many cases transitioning to, a cloud
environment. As a leading technology partner in cloud
computing, SAIC recommends that organizations consider
the following questions:

Is health information technology (HIT) infrastructure
management a strategic advantage for my HCO and, if
not, should I consider cloud computing as a better way
of managing my IT infrastructure?

What resources would a move to cloud computing
free up, which could be focused on higher value
organizational objectives?

What savings could be achieved by moving to a
cost structure that is directly related to resource
consumption?

How could I exploit the flexibility of cloud technology’s
on-demand resources to deliver more timely and cost
effective HIT solutions?
Looking Ahead
About SAIC
SAIC is a FORTUNE 500
®
scientific, engineering, and technology applications
company that uses its deep domain knowledge to solve problems of vital
importance to the nation and the world, in national security, energy & environment,
health and cybersecurity. The company’s approximately 41,000 employees serve
customers in the U.S. Department of Defense, the intelligence community, the
U.S. Department of Homeland Security, other U.S. Government civil agencies and
selected commercial markets. Headquartered in McLean, Va., SAIC had annual
revenues of approximately $11 billion for its fiscal year ended January 31, 2011.
SAIC: From Science to Solutions
®

© SAIC. All rights reserved. FORTUNE and FORTUNE 1000 are registered trademarks of Time, Inc. in the U.S. and/or other countries. VMware is a registered trademark of VMware, Inc. in the U.S. and other jurisdictions. VCE
and Vblock are registered trademarks or trademarks of VCE Company, LLC or its affiliates in the U.S. and/or other countries. Cisco is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the U.S. and/or other
countries. EMC is a registered trademark of EMC Corporation in the U.S. and other countries.
12-1784
NATIONAL SECURITY • ENERGY & ENVIRONMENT • HEALTH • CYBERSECURITY
FOR MORE I NFORMATI ON
1.888.886.5909
health@saic.com
1710 SAIC Drive • McLean, VA 22102
Visit us at
saic .com/managed-cloud