CIOReview
Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
| | November 20159CIOReviewin the cloud. Additionally, we are leverag-ing the Department of Health and Human Services Sandbox, a cloud PaaS option, to develop and host our precision medicine platform. Ultimately, FDA will utilize cloud-based tools for rapid provisioning of IT infrastructure, automated testing and deployment, efficient migration of work-loads across cloud environments, auto-mated provisioning of application stacks and end-user applications.What are the restrictions around a regulatory agency using the cloud? We can't put everything in the cloud because sensitive and high-risk data, such as trade secrets, must remain on-site under the Federal Information Security Manage-ment Act (FISMA) and Federal Risk and Authorization Management Program (Fe-dRAMP), which ensure that controls are in place before we can authorize a pro-duction system. All systems that process, store or transmit FDA data, no matter where they reside, must be protected un-der FISMA. The cloud presents significant challenges in implementing controls at a level congruent with the high-risk data. Currently cloud FedRAMP authorizations don't do enough to protect moderate data so agencies must determine how to ad-dress FEDRamp shortcomings to bring the protections in line with FISMA. FDA retains sensitive data, and being the custo-dian of such data demands the responsibil-ity to examine, synthesize and mitigate all related security risks. Just a few years ago, we could put only low data in the cloud. Today, we are exploring the route to en-tering moderate data into the cloud. That's huge; because about 85 percent of FDA data is moderate and about 5 percent is low.This cloud initiative is growing as more ven-dors become FedRAMP-authorized, expanding the number of providers and the type of data we can securely host in the cloud. The cloud vendor and management land-scape is rapidly maturing. Today, we can do a lot in the cloud: backups, application development, and mobile device manage-ment service. Basically anything we can provide on-site we can get in the cloud.Using the cloud's pay-as-you-go model makes sense for FDA, an agency that's responsible for regulating prod-ucts that account for about 20 percent of consumer spending. Take a hypothetical case of tracking down a foodborne illness caused by Listeria. To do that today, first we need to perform genome sequencing to identify the strain of Listeria and where it came from. Each cycle of DNA testing can take 15 to 20 hours, and chewing through that data can take days on-site. It requires building a robust infrastructure and keep-ing it up to speed. Or we can send that data into the cloud and pay for thousands of large servers dedicated to that work. We can build robust applications on the same day in the cloud. When we're done, we can stop paying for what we no longer need.Recently, FDA tested cloud comput-ing by running a small job, analyzing sequencing data from all of the publicly available Listeria. The entire process was completed successfully in 8 hours. The same process took 3.5 days on the lo-cal high-performance environment. The cloud's versatility and speed would com-bine to give us a perfect high-performance computing environment. In addition to the enrichment and boost of our scientific computing strategy with the cloud, FDA is reconnoitering In-ternet 2 functionality and ramping up our mobility endeavors. The cloud fits very well with our mobility strategy because it's mobile-native and mobile-ready. In the cloud, you can make an application mobile simply by checking a box. Build-ing that app in-house and then making it mobile would not be as easy or seamless. The cloud is a powerful tool. It's agile, cost-effective and ef-ficient. Cloud technology is a revolution that will reshape the way we do business to achieve FDA's goals, promoting inno-vation and catapulting us as a federal model of a successful IT organization.Today, we can do a lot in the cloud: backups, application development, and mobile device management service. Basically anything we can provide on-site we can get in the cloudTodd Simpson
< Page 8 | Page 10 >