Securing the Cloud for Real-Time Research
During the initial transition to remote work, Siddiqui worried whether researchers could securely access clinical data from home. The cloud enables granular access control, which made her ultimately feel more secure using the cloud. “We can develop network controls with superfine-grained security models that still allow for an at-home workforce, while maintaining data security and compliance,” she said.
Brian Pasquini, an enterprise architect at the University of Pittsburgh, said at the webinar that the cloud also increased visibility at his institution. “We had much better visibility in the cloud than we did on-premises. The cloud is extremely well logged,” Pasquini said. “There’s a huge amount of auditing that goes on the cloud. So, that was a huge benefit for us, to be able to get that kind of insight into what was going on in the cloud.”
However, Circe Tsui, associate director of solutions architecture at Emory University, warned that if researchers do not possess the technical expertise to protect their cloud resources, it could lead to huge security risks. At Emory, the university has reduced its attack surface by building a secure platform where researchers can collaborate.
The Challenges of the Modern Cloud
Despite the convenience and security benefits, cloud migration is not without its challenges. Pasquini said ensuring access to the cloud is still a hurdle.
The University of Pittsburgh is trying to shorten the period between when researchers have ideas and when they can start working on them in the cloud. “We want to compress that time frame as much as possible, so we’re really leaning on automation and having defined procedures,” Pasquini said. The university is also working toward improving account provisioning and the security and governance of resources.
Meanwhile, at Baylor, training is an ongoing challenge. “One of the greatest complaints I hear from researchers lies in the issue of training, specifically on cloud technologies,” Siddiqui said. Many cloud computing training materials are too abstract for certain industries, like genomics healthcare.
To ensure they have the right people using the right technologies, Baylor has turned to Amazon Web Services to develop a custom training program.
What Is Critical to Cloud Success?
Industry leaders are taking measures to ensure further cloud adoption success at their institutions. As Tsui explained, Emory’s most important factor for success is the university’s “very solid and secure platform for our researchers.”
Tsui also recommends adopting certain security best practices, such as using AWS service control policies and identity and access management policies and using the university’s own risk detection and remediation services. Ultimately, these measures can help uphold a secure cloud environment and support research innovation.
Pasquini noted that at the University of Pittsburgh, “developing a great partner relationship with AWS, our cloud service provider,” was crucial. He said he views their cloud service provider as a partner rather than a vendor, which allows the university to leverage all the resources that AWS brings.
Finally, Siddiqui said Baylor’s success comes down to the researchers themselves. “We work with one-of-a-kind, motivated, dynamic researchers who invite success,” she said.
Pasquini echoed this sentiment. “Success in the cloud isn’t a technical issue. It comes down to the people,” he said.