1. The Cloud as a Platform
for Better Health
Presented by: Jinesh Varia
02/23/2012
DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily represent official policy or position of HIMSS.
8. On-Premise Infrastructure is Costly
& Complex
Large Capital Expenditures
Underutilized IT Assets
Patching Software
Out of Datacenter Space
Scaling down as needed
Slow IT Deployments
Contract negotiation
Scaling up quickly
Prices too high for IT products
Managing physical growth
“IT spends 80% of its time and resources keeping the lights on”
9. Cloud Computing Benefits Are Real
No Up-Front Low Cost Pay Only for
Capital Expense What You Use
Self-Service Easily Scale Up Improve Agility &
Infrastructure and Down Time-to-Market
Deploy
10. The AWS Cloud
Tools to access
services
Cross Service
features
High-level building
blocks
Low-level building
blocks
11. Global Infrastructure
GovCloud US West US West US East South EU Asia Asia
(US ITAR (Northern (Oregon) (Northern America (Ireland) Pacific Pacific
Region) California) Virginia) (Sao Paulo) (Singapore) (Tokyo)
AWS Regions
AWS Edge Locations
12. Enterprise Cloud Strategy
Cloud
Benefits
Zero upfront investment
Build a
New
Cloud-Ready
applications On-demand provisioning
Cloud Design
Instant scalability
Strategy
Existing Planned Phased
Auto scaling and elasticity
Applications migration
Pay as you go
Health 2.0 Startup Removes undifferentiated
heavy lifting
or
SMB Firm Developer productivity
or Automation
Large Enterprise
13. Choice of development and
system management tools Choice of location (Region)
Purchasing Options
Choice of Operating Systems On-Demand, Reserved, Spot,
Linux, Windows, Suse, RedHat…. Invoice, Credit Card
Flexibility
Choice of Databases (Commercial)
Oracle, SQL Server, MySQL, Programmable Infrastructure
PostGres…
Choice of programming language
Choice of as much or as little
– Java, Ruby, Python, Perl, .NET..
And only pay only what you use
15. The Cloud as a Platform
For Collaboration – Data
16. Data Collaboration
• Storage Services
• Amazon S3
• Amazon EBS
• Amazon DynamoDB
• Transfer Services
• AWS Import/Export
• AWS Storage Gateway
• Identity and Access
Management
• Federation
• Encryption features
• Amazon S3 Server
Side Encryption
• Client side encryption
• Key Management
(Partners)
17. BioSense 2.0 protects the health of the
American people by providing timely
insight into the health of communities,
regions, and the nation by offering a
variety of features to improve data
collection, standardization, storage,
analysis, and collaboration.
Facts:
1. Authorization to Operate (ATO) from CDC
2. FISMA- Moderate
3. CDC use NIST Standards for Certification &
Accreditation Process (NIST SP 800-18, NIST SP
800-37, NIST SP 800-53)
4. Launched on 15 Nov 2011
5. In AWS GovCloud Region (US-Persons only)
18. Hospital
State
Data
HIE Lockers
Warehouse
State/Local
Health User/ Admin
System State Health
Department BioSense
Essense
Authorized
Collaborator
Hospital
HIE
CDC User
Health
System State Health
Dept. Cloud
21. The Cloud as a Platform
For Collaboration – Data
22. The Cloud as a Platform
For Collaboration – Data
For Clinical Research
23.
24. Patient Specific Education at Point Of Care Moment
Clinical Disease
Clinically Actionable /
Evidenced Based
Information at the Global
Patient Point of Care Clinically
Molecular Specific Molecular
Moment Actionable
Information Information
Disease Treatments
Patient Specific
Physician
Education
They create a patient specific story
designed to support treatment decision
25
25. Personalized Medicine
Service
• 8 Algorithms
• 54K molecular data
points • Four content stores
• Asynchronous • 30M+ records
analysis • Textual search
engine
26. OncInsights Report
• Interactive
• Explore Evidence
• Easy to Navigate
Clinical Knowledge System
Alignment of molecularly
identified therapeutic
candidates …
With clinically relevant
knowledge in the disease
context
• Scientific Literature
• Clinical Trials
• Compendium Support
27. The Cloud as a Platform
For Collaboration – Data
For Clinical Research
28. The Cloud as a Platform
For Collaboration – Data
For Clinical Research
For Data Protection
31. Dedicated Instances
On-demand Reserved Spot Dedicated
Instances Instances Instances Instances
• Pay as you go • Onetime • Requested • Standard and
upfront + Pay Bid Price and Reserved
as you go Pay as you go • Single Tenant
• Starts from • $56 for 1 • $0.005 /Hour Instances
0.02/Hour year term as of today at • $10/Region +
and then 9 AM 0.105/Hour
$0.01/Hour
For Steady For Time- For Regulatory
For Spiky
State insensitive and Compliant
Workloads
Workloads workloads Workloads
32. The Cloud as a Platform
For Collaboration – Data
For Clinical Research
For Data Protection
33. The Cloud as a Platform
For Collaboration – Data
For Clinical Research
For Data Protection
For Corporate Apps
34. Extend your existing datacenter
10G
DirectConnect
Amazon
Corporate Location
Virtual Private
Data Center Cloud
35. Corporate
data center
Availability Zone 1
DirectConnect
Location
10G
Router Private
Customer VPN Gateway Subnet
Gateway
Corporate
Headquarters
Internet Public Subnet
Gateway
Amazon VPC
Availability Zone 2
Branch Offices
Amazon S3 Amazon SES
New Enterprise IT Network Amazon SimpleDB
AWS Region
Amazon SQS
architecture
36. Cloud-based NLP Service
A Strategy for
Deploying Secure
Cloud-Based
Natural Language
Processing
Systems for Applied
Research Involving
Clinical Text
David Carrell
37. Built on Security Standards
Certifications Physical Security HW, SW, Network
SOC1 Type 2 Datacenters in Systematic change
(SAS-70) nondescript facilities management
ISO 27001 Physical access Phased updates
strictly controlled deployment
PCI DSS 2.0 for
EC2, S3, EBS, VPC, Must pass two-factor Safe storage
RDS, ELB, IAM authentication at decommission
least twice for floor
FISMA Moderate Automated
access
Compliant Controls monitoring and self-
Physical access audit
Enables HIPAA &
logged and audited
ITAR Compliant Advanced network
Architecture protection
AWS Security and Compliance Center: http://aws.amazon.com/security
38. Security is a Shared Responsibility
SOC1 Type 2 Audit
Encrypt data in transit
ISO 27001/2 Certification
Encrypt data at rest
PCI DSS 2.0 Level 1-5
Protect your AWS Credentials
HIPAA/SOX Compliance
Rotate your keys
FISMA A&A Moderate Infrastructure Application Secure your application
FEDRamp/GSA ATO Security Security
How we secure our How can you secure your
infrastructure application and what is
your responsibility?
Services Security
Enforce IAM policies
What security options
Use MFA, VPC, Leverage S3
and features are available
bucket policies, EC2 Security
to you?
groups, EFS in EC2 Etc..
39. Security and Compliance Assessment
You own the data, not AWS.
You choose which geographic location to
Involve your store the data. It doesn’t move from AWS
region unless you decide to move it.
Security and You have the flexibility to decide when and
how you will encrypt your data while it is
Compliance in transit and while it is at rest based on
sensitivity of your data
Teams early in You can download or delete your data
whenever you like.
the process You can set highly granular permissions to
manage access of a user within your
organization to specific service operations,
data, and resources in the cloud for
greater security control.
40. The Cloud as a Platform
For Collaboration – Data
For Clinical Research
For Data Protection
For Corporate Apps
41. The Cloud as a Platform
For Collaboration – Data
For Clinical Research
For Data Protection
For Corporate Apps
For Platforms
42.
43.
44.
45. The Cloud as a Platform
For Collaboration – Data
For Clinical Research
For Data Protection
For Corporate Apps
For Platforms
47. Thank you!
Jinesh Varia
jvaria@amazon.com Twitter:@jinman
http://linkedin.com/in/jinman
Notes de l'éditeur
Technology innovation has always driven the growth of Amazon.com. As Amazon expanded its product offerings for retail customers, the company also expanded customer segments. After over a decade of building and running a highly scalable web application, Amazon.com, the company realized that it had developed a core competency in operating massive scale technology infrastructure and datacentres, and embarked on a much broader mission of serving a new customer segment—developers and businesses—with a platform of web services they can use to build sophisticated, scalable applications. In 2006, we launched Amazon Web Services and officially began offering businesses and developers access to the web scale computing services based on Amazon’s own back-end technology infrastructure. AWS gives any developer the keys to this infrastructure, which they can use to build and grow any business. This makes it possible for any business to reach the scale of major internet players like Amazon.com, but without the expensive price tag they would have to pay to build and maintain such a reliable, secure, and scalable infrastructure. “It's not customers' job to invent for themselves. It's your job to invent on their behalf. You need to listen to customers. You need to invent on their behalf. Kindle, EC2 would not have been developed if we did not have an inventive culture.” - Jeff Bezos, Founder & CEO, Amazon.com
To give you an idea of growth and investment that we are doing and how much capacity we are adding to meet our demand. In the year 2000, Amazon.com was a 2.7B enterprise. Today, AWS is adding amount of storage and compute capacity that Amazon required in year 2000 every day. So conceptually, five days from now, it will be five times the capacity required to run 2.7B enterprise. If you think about it, its huge.
To give you an idea of growth and investment that we are doing and how much capacity we are adding to meet our demand. In the year 2000, Amazon.com was a 2.7B enterprise. Today, AWS is adding amount of storage and compute capacity that Amazon required in year 2000 every day. So conceptually, five days from now, it will be five times the capacity required to run 2.7B enterprise. If you think about it, its huge.
Our customers continue to make very heavy use of Amazon S3. We now process up to 500,000 S3 requests per second. Many of these are PUT requests, representing new data that is flowing in to S3. As of the end of the fourth quarter of 2011, there are 762 billion (762,000,000,000) objects in S3.
We have customers in 190 countres. You will notice that I have some big brand names like shell, Capital IQ
To understand why there’s all this excitement, it’s helpful to look at analogies of some major changes that have occurred in other industries over time. Here’s a picture of our CEO at the museum of a beer manufacturing facility in Belgium. This is their electric generator that they used over 100 years ago. There was no electric grid or utility industry then. If you wanted electricity, you made it yourself. That probably seemed very natural at the time – but I guarantee you that making their own electricity didn’t make their beer taste any better. Well, a couple decades later, the electric grid sprang up, and companies stopped making their own electricity; that was a fundamental shift in how they consumed one of their major inputs, and this freed them up to focus on things that likely mattered a lot more to their customers – like the beer. We think the chance exists for the company-owned data center to undergo just as fundamental a transformation over the coming years, as companies realize that they don’t necessarily have to be experts in this. People are now starting to glimpse that future, and find it pretty exciting.
Businesses of all sizes need business applications to implement new ideas, streamline existing businesses, drive sales, and increase productivity. But behind each business application there is a sea of complexity and cost. Business applications need servers, storage, datacenter space, power, bandwidth, networking, cooling, etc. They also need development, testing, quality assurance, production and fail-over environments. It’s easy to see why even the largest companies with the best IT departments face significant challenges to get the business applications they need. The reality is that buying and managing on-premise infrastructure to run business applications is costly and complexIt’s very common for business users to wait months for new physical servers to be ordered and delivered. Meanwhile IT is busy managing the purchase process, negotiating contracts, discussing support options, etc. When the servers arrive, IT still has a lot of heavy lifting to do before they are ready to run business applications: find datacenter space, install the software stack, optimize settings, etc. And when the applications are finally deployed, IT has to maintain the new environment, manage uptime, apply patches, scale up or down, etc. It’s no surprise that most organizations spend a large portion of their IT budgets keeping the lights on. In fact, Gartner estimates that the average IT department spends 80% of its time and resources just maintaining existing systems.This means that very little is left for IT to drive innovation and respond quickly to business needs.
Cloud computing is a better way to run your business. The cloud helps companies of all sizesbecome moreagile. Instead of running your applications yourself you can run them on the cloud where IT infrastructure is offered as a service like a utility. With the cloud, your company saves money: there are no up-front capital expenses as you don’t have to buy hardware for your projects. The massive scale and fast pace of innovation of the cloud drive the costs down for you. In the cloud, you pay only for what you use just like electricity.The cloud can also help your company save time and improve agility – it’s faster to get started: you can build new environments in minutes as you don’t need to wait for new servers to arrive. The elastic nature of the cloud makes it easy to scale up and down as needed. At the end of the day you have more resources left for innovation which allows you to focus on projects that can really impact your businesses like building and deploying more applications. “With the high growth nature of our business, we were looking for a cloud solution to enable us to scale fast. Think twice before buying your next server. Cloud computing is the way forward.” - Sami Lababidi, CTO, Playfish
We have really come a long way. Today, Amazon Web Services is not just one service but a suite of services that enterprises can leverage to deploy highly mission-critical applications with confidence.
Amazon Web Services is steadily expanding its global infrastructure to help customers achieve lower latency and higher throughput. As our customers grow their businesses, AWS will continue to provide infrastructure that meets their global requirements.
Andy did his research and came up with 2 part strategy for the company. First part was around desiging green field applications optimized for the cloud from day one. The other part was having phased driven migration plan for the existing application -line of business applications so that they too can take advantage of the all the benefits the cloud provides. This strategy has worked for several of our customers and I think it perfectly prudent to have Hybrid applications some applications running in-house while moving the rest of applications to the cloud.
BioSense 2.0BioSense 2.0 protects the health of the American people by providing timely insight into the health of communities, regions, and the nation by offering a variety of features to improve data collection, standardization, storage, analysis, and collaboration.Using the latest technology, BioSense 2.0 integrates current health data shared by health departments from a variety of sources to provide insight on the health of communities and the country. By getting more information faster, local, state, and federal public health partners can detect and respond to more outbreaks and health events more quickly.BioSense 2.0 is community controlled and user driven. This approach ensures that it remains flexible and responsive to users’ changing needs and that the development and evolution of BioSense 2.0 will continue in phases after November.CDC funded the Association of State and Territorial Health Officials (ASTHO) to host this new environment and, in coordination with in coordination with the Council of State and Territorial Epidemiologists (CSTE), National Association of County and City Health Officials (NACCHO), and International Society for Disease Surveillance (ISDS), facilitates a governance body of state and local health stakeholders that represents all BioSense 2.0 users.
BioSense 2.0BioSense 2.0 protects the health of the American people by providing timely insight into the health of communities, regions, and the nation by offering a variety of features to improve data collection, standardization, storage, analysis, and collaboration.Using the latest technology, BioSense 2.0 integrates current health data shared by health departments from a variety of sources to provide insight on the health of communities and the country. By getting more information faster, local, state, and federal public health partners can detect and respond to more outbreaks and health events more quickly.BioSense 2.0 is community controlled and user driven. This approach ensures that it remains flexible and responsive to users’ changing needs and that the development and evolution of BioSense 2.0 will continue in phases after November.CDC funded the Association of State and Territorial Health Officials (ASTHO) to host this new environment and, in coordination with in coordination with the Council of State and Territorial Epidemiologists (CSTE), National Association of County and City Health Officials (NACCHO), and International Society for Disease Surveillance (ISDS), facilitates a governance body of state and local health stakeholders that represents all BioSense 2.0 users.
CloudPrime’sHealthDirect provides an easy-to-deploy service for healthcare application integration in a HITECH and HIPAA-compliant mannerCloudPrime establishes secure network connections between end-users and Amazon EC2, allowing customers like the Wound Center to transfer patient and billing files between medical centers.In addition to meeting privacy and safety regulations, the Wound Center is achieving $433,000 in cost savings each year while concentrating their efforts on their core duties, rather than looking for errant files
Building a Community PartnershipAround Personalized OncologyA personalized medicine serviceFormed: 2009 - Grand Rapids, MichiganFounded by stakeholders of a decade of development by Van Andel Institute and three west Michigan oncology groupsFocus: Created to support community oncologists in enhancing personalized treatment of their patientsUnlocking the world of information in real time, within the oncologists patient flowLeveraging the latest complete molecular profiling techniques to guide therapeutic intervention decisionsAligning the latest evidenced based and actionable information at the point of treatment decision
AWS During Normal Commercial OperationsMolecular data is provided to Personalized Medicine Engine (PMed Engine) in the cloudAlgorithms and predictions are calculated and drug data provided back to the HIPAA compliant hostDrugs within disease context are sent to four content stored in the cloud to align drug / disease context
DiskAgent provides a HIPAA compliant soluton for continuous online data backup, data loss prevention and protection against identity theft.Amazon S3 availability and encryption capabilities enable DiskAgent to to meet HIPAA’s contingency access control requirements.As a result of the partnership with AWS, DiskAgent’s customers no longer need to worry about data availability and encryption and can instead focus on other mission critical information technology projects.
You can choose to deploy and run your applications in multiple physical locations within the AWS cloud. Amazon Web Services are available in geographic Regions. When you use AWS, you canspecify the Region in which your data will be stored, instances run, queues started, and databases instantiated.For most AWS infrastructure services, including Amazon EC2, there are seven regions: US East (Northern Virginia), US West (Northern California), EU (Ireland), Asia Pacific (Singapore) and Asia Pacific (Tokyo), AWS GovCloud (US) and US West (Oregon).Within each Region are Availability Zones (AZs). Availability Zones are distinct locations that are engineered to be insulated from failures in other Availability Zones and provide inexpensive, low latency network connectivity to other Availability Zones in the same Region. By launching instances in separate Availability Zones, you can protect yourapplications from a failure (unlikely as it might be) that affects an entire zone. Regions consist of one or more Availability Zones, are geographically dispersed, and are in separate geographic areas or countries. The Amazon EC2 service level agreement commitment is 99.95% availability for each Amazon EC2 Region.
Mix and Match to get the best bang for buck and further savings.Several of our customers have certain type of regulatory workloads that restrict them to run applications on the same physical host as other customers. Noisy Nieghbor Syndrome. We solved that by introducing Dedicated Instances. Dedicated Instances are available only within VPC where only one customer can spin up instances on one physical host.
You can extend your corporate datacenter to the cloud. Create a private slice of the public cloud and define your own network topology so that your corporate network can breathe in and breathe out. This year, we also released one dedicated
This is how most of the enterprises are leveraging VPC – What I call the new Enterprise IT network architecture – which will be powered by the cloud.
Natural language processing (NLP) of clinicaltext offers great potential to expand secondary use ofhigh-value electronic health record (EHR) data, but abarrier to adopting NLP is the high total cost ofoperation, driven mainly by the costs and limitedavailability of technical personnel in applied healthresearch settings.
Examining AWS, you’ll see that the same security isolations are employed as would be found in a traditional datacentre. These include physical datacentre security, separation of the network, isolation of the server hardware, and isolation of storage. AWS customers have full control over their data: they own the data, not us; they choose which location to store the data and it doesn’t move unless the customer decides to move it; they can encrypt their data at rest and in motion, just as they would in their own datacenter. Amazon Web Services provides the same, familiar approaches to security that companies have been using for decades. Importantly, it does this while also allowing the flexibility and low cost of cloud computing. There is nothing inherently at odds about providing on-demand infrastructure while also providing the security isolation companies have become accustomed to in their existing, privately-owned environments.AWS is a secure, durable technology platform with industry-recognized certifications and audits: PCI DSS Level 1, ISO 27001, FISMA Moderate, HIPAA, SAS 70 Type II. Our services and data centers have multiple layers of operational and physical security to ensure the integrity and safety of your data. Visit our Security Center to learn more http://aws.amazon.com/security/.Certifications and Accreditations: AWS has successfully completed a SAS70 Type II Audit, and will continue to obtain the appropriate security certifications and accreditations to demonstrate the security of our infrastructure and services. PCI DSS: We finalized our 2011 PCI compliance audit, publishing our extensive Report on Controls (ROC) with an expanded scope. Our new November 30, 2011 PCI Attestation of Compliance, a document from our auditor stating we are compliant with all 12 PCI security standard domains, is available now for customers considering or working on moving PCI systems to AWS. The new Attestation of Compliance document includes some key changes this year: This year we’ve added RDS, ELB, and IAM as in-scope services. The addition of these services is fantastic news for PCI customers since they can now leverage RDS to store cardholder and transaction data, use ELB to manage card transaction traffic, and rely on IAM features as validated control mechanisms that satisfy PCI security standard requirements. Consistent with last year, EC2, S3, EBS, and VPC continue to be in scope. Physical Security: Amazon has many years of experience in designing, constructing, and operating large scale data centers. AWS infrastructure is housed in Amazon-controlled data centers throughout the world. Only those within Amazon who have a legitimate business need to have such information know the actual location of these data centers, and the data centers themselves are secured with a variety of physical barriers to prevent unauthorized access.Secure Services: Each of the services within the AWS cloud is architected to be secure and contains a number of capabilities that restrict unauthorized access or usage without sacrificing the flexibility that customers demand. Data Privacy: AWS enables users to encrypt their personal or business data within the AWS cloud and publishes backup and redundancy procedures for services so that customers can gain greater understanding of how their data flows throughout AWS.“In essence, the security system of AWS’s platform has been added to our existing security systems. We now have a security posture consistent with that of a multi-billion dollar company.” - Jim Warren, CIO, Recovery Accountability and Transparency Board (RATB)
Security is not optional. We have to built it every single layer right from perimeter to the application. In the cloud, security is a shared responsibility. Infrastructure security is responsibility of the AWS. This year amazon worked really hard and now have achieved all the security certifications. Best of all you get all these security certifications for free. Even if you don’t have credit card workloads, you still get the same secure infrastructure. For Infrastructure security, you can get full SAS 70 audit report on requestFor Services Security, we provide detailed technical documentation on how to use the featuresFor Application Security, we have security bulletins (security center), provide you with security guidance, Premium Support
What is Numera|Social?Numera|Social is a Facebook and mobile application to help people improve their health. We have paid quite a bit of attention to the nuances of what it really takes for people to change their behavior and we’ve tried to implement that through a social plus mobile platform that we’re making available to all sorts of health-centered organizations to take on as their own.How does it work?In Facebook, (users) can launch the app like Farmville or any other social game... First an individual would go in and really think through their goals -- what do they want to accomplish? Once you’ve set goals, we then recommend personal health action plans to you, which are really the center of the application... There’s so much health information out there on the web that people actually get stuck, they can’t make a decision, so what we’ve tried to do is work with experts to develop action plans that really give people a blueprint to how they achieve their goal.For less than the cost of a full-time developer, you can immerse consumers in your own Facebook and iPhone turnkey applications to keep them engaged in your programs. Research proves that compelling action plans and social network interaction fuels participation. Numera Social brings your brand to life throughout the day by offering individuals your expertise, combined with the support of their peers and friends. Deploy with health coaching guidance you develop, or choose from our growing library of expert behavior-change plans and challenges. Spark a chain reaction that fuels healthy behavior, better outcomes, and lower costs.Numera Social’s integrated Facebook and iOS apps provides you with a platform to help individuals focus on:Goals. Tools to help establish areas of focus and achievable objectives.Action. Expert plans and challenges that fuel individual and peer-supported progress and success.Results. Sustained engagement, compliance and outcomes are measured using objective data.