DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily represent official policy or position of HIMSS.

The Cloud as a Platform for Better Health

Presented by: Jinesh Varia

02/23/2012

The Cloud

Each day, AWS adds the

equivalent server capacity to power Amazon when it was a global, $2.76B enterprise

(circa 2000)

Growth of our storage service

Q4 2006 Q4 2007 Q4 2008 Q4 2009 Q4 2010 Q4 2011

Peak Requests:500,000+

per second

Total Number of Objects Stored in Amazon S3

2.9 Billion 14 Billion 40 Billion102 Billion

762 Billion

262 Billion

Customers in 190 Countries

Why are people so excited about the cloud?

Helps you focus on your application

“IT spends 80% of its time and resources keeping the lights on”

Contract negotiation

Large Capital Expenditures

Patching SoftwareOut of Datacenter Space

Prices too high for IT products

Slow IT DeploymentsScaling down as needed

Underutilized IT Assets

Scaling up quickly

Managing physical growth

On-Premise Infrastructure is Costly & Complex

No Up-Front Capital Expense

Pay Only for What You Use

Self-Service Infrastructure

Easily Scale Up and Down

Improve Agility & Time-to-Market

Low Cost

Cloud Computing Benefits Are Real

Deploy

The AWS Cloud

ComputeAmazon EC2Auto Scaling

NetworkAmazon VPC

ELB, DirectConnectAmazon Route 53

AWS Global Physical Infrastructure (Geographical Regions, Availability Zones, Edge Locations)

StorageAmazon S3

Amazon EBS

Your Application

DatabaseAmazon RDS

Amazon DynamoDBAmazon ElastiCache

Libraries and SDKs.NET/Java etc.

Web InterfaceManagement Console

ToolsAWS Toolkit Eclipse, VS

Command Line Interface

Auth, Authorization, Federation

AWS IAM, MFA

MonitoringAmazon CloudWatch

Deployment and AutomationAWS Elastic BeanstalkAWS CloudFormation

Low-level building blocks

High-level building blocks

Tools to access services

Cross Service features

Content DeliveryAmazon

CloudFront

EmailAmazon SES

TransferImport/Export

Storage Gateway

Parallel Processing

Amazon Elastic MapReduce

MessagingAmazon SNSAmazon SQS

Global Infrastructure

US West(Northern California)

US East(Northern Virginia)

EU(Ireland)

Asia Pacific

(Singapore)

Asia Pacific(Tokyo)

AWS RegionsAWS Edge Locations

GovCloud(US ITAR Region)

US West(Oregon)

South America(Sao Paulo)

Cloud Benefits

Zero upfront investment

On-demand provisioning

Instant scalability

Auto scaling and elasticity

Pay as you go

Removes undifferentiated heavy lifting

Developer productivity

Automation

CloudStrategy

New applications

Build a Cloud-Ready

Design

Existing Applications

Planned Phased migration

Enterprise Cloud Strategy

Health 2.0 Startup or

SMB Firmor

Large Enterprise

Flexibility

Choice of location (Region) Choice of development and system management tools

Choice of programming language – Java, Ruby, Python, Perl, .NET..

Programmable Infrastructure

Choice of Operating SystemsLinux, Windows, Suse, RedHat….

Choice of Databases (Commercial)Oracle, SQL Server, MySQL, PostGres…

Purchasing Options On-Demand, Reserved, Spot, Invoice, Credit Card

Choice of as much or as littleAnd only pay only what you use

The Cloud as a Platform

The Cloud as a PlatformFor Collaboration – Data

Data Collaboration

• Storage Services• Amazon S3• Amazon EBS• Amazon DynamoDB

• Transfer Services• AWS Import/Export• AWS Storage Gateway

• Identity and Access Management

• Federation• Encryption features

• Amazon S3 Server Side Encryption

• Client side encryption• Key Management (Partners)

BioSense 2.0 protects the health of the American people by providing timely insight into the health of communities, regions, and the nation by offering a variety of features to improve data collection, standardization, storage, analysis, and collaboration.

Facts:1. Authorization to Operate (ATO) from CDC2. FISMA- Moderate3. CDC use NIST Standards for Certification &

Accreditation Process (NIST SP 800-18, NIST SP 800-37, NIST SP 800-53)

4. Launched on 15 Nov 20115. In AWS GovCloud Region (US-Persons only)

State Health Department

Hospital

HIE

Health System

State Health Dept. Cloud

HospitalHIE

Health System

State Lockers

DataWarehouse

BioSenseEssense

State/Local User/ Admin

Authorized Collaborator

CDC User

Data Exchange and Integration

The Cloud as a PlatformFor Collaboration – Data

The Cloud as a PlatformFor Collaboration – DataFor Clinical Research

Clinically Actionable / Evidenced Based

Information at the Point of Care

MomentPatientSpecific

InformationMolecular

Clinical

Disease Treatments

Disease

Molecular

GlobalClinically

ActionableInformation

They create a patient specific storydesigned to support treatment decision

Patient Specific PhysicianEducation

Patient Specific Education at Point Of Care Moment

25

• 8 Algorithms• 54K molecular data

points• Asynchronous

analysis

• Four content stores• 30M+ records• Textual search

engine

Personalized Medicine Service

OncInsights Report

• Interactive

• Explore Evidence

• Easy to Navigate

Clinical Knowledge SystemAlignment of molecularly identified therapeutic candidates …With clinically relevant knowledge in the disease context

• Scientific Literature

• Clinical Trials

• Compendium Support

The Cloud as a PlatformFor Collaboration – DataFor Clinical Research

The Cloud as a PlatformFor Collaboration – DataFor Clinical ResearchFor Data Protection

Data Protection and Disaster Recovery

Continuous Online Data Backup

Regions and Availability Zones

Customer Decides Where Applications and Data Reside

Dedicated Instances

On-demandInstances

• Pay as you go

• Starts from 0.02/Hour

ReservedInstances

• Onetime upfront + Pay as you go

• $56 for 1 year term and then $0.01/Hour

SpotInstances

• Requested Bid Price and Pay as you go

• $0.005 /Hour as of today at 9 AM

Dedicated Instances

• Standard and Reserved

• Single Tenant Instances

• $10/Region + 0.105/Hour

For Spiky Workloads

For Steady State

Workloads

For Time-insensitive workloads

For Regulatory and Compliant

Workloads

The Cloud as a PlatformFor Collaboration – DataFor Clinical ResearchFor Data Protection

The Cloud as a PlatformFor Collaboration – DataFor Clinical ResearchFor Data ProtectionFor Corporate Apps

DirectConnectLocationCorporate

Data Center

Amazon Virtual Private

Cloud

10G

Extend your existing datacenter

Amazon VPC

AWS Region

Public Subnet

Private Subnet

Corporate data center

Corporate Headquarters

Availability Zone 1

Availability Zone 2

Branch Offices

VPN GatewayCustomer Gateway

Internet Gateway

Router

DirectConnectLocation

Amazon S3 Amazon SimpleDB Amazon SES Amazon SQSNew Enterprise IT Network architecture

10G

Cloud-based NLP Service

A Strategy for Deploying Secure Cloud-Based Natural Language ProcessingSystems for Applied Research Involving Clinical TextDavid Carrell

Built on Security Standards

Certifications

SOC1 Type 2(SAS-70)

ISO 27001

PCI DSS 2.0 for EC2, S3, EBS, VPC, RDS, ELB, IAM

FISMA Moderate Compliant Controls

Enables HIPAA & ITAR Compliant Architecture

Physical Security

Datacenters in nondescript facilities

Physical access strictly controlled

Must pass two-factor authentication at least twice for floor access

Physical access logged and audited

HW, SW, Network

Systematic change management

Phased updates deployment

Safe storage decommission

Automated monitoring and self-audit

Advanced network protection

AWS Security and Compliance Center: http://aws.amazon.com/security

SOC1 Type 2 AuditISO 27001/2 CertificationPCI DSS 2.0 Level 1-5HIPAA/SOX ComplianceFISMA A&A ModerateFEDRamp/GSA ATO

Enforce IAM policiesUse MFA, VPC, Leverage S3

bucket policies, EC2 Security groups, EFS in EC2 Etc..

Encrypt data in transitEncrypt data at rest

Protect your AWS CredentialsRotate your keys

Secure your application

Security is a Shared Responsibility

Application Security

Services Security

Infrastructure Security

How we secure our infrastructure

What security options and features are available to you?

How can you secure your application and what is your responsibility?

Security and Compliance Assessment

You own the data, not AWS. You choose which geographic location to

store the data. It doesn’t move from AWS region unless you decide to move it.

You have the flexibility to decide when and how you will encrypt your data while it is in transit and while it is at rest based on sensitivity of your data

You can download or delete your data whenever you like.

You can set highly granular permissions to manage access of a user within your organization to specific service operations, data, and resources in the cloud for greater security control.

Involve your Security and Compliance Teams early in the process

The Cloud as a PlatformFor Collaboration – DataFor Clinical ResearchFor Data ProtectionFor Corporate Apps

The Cloud as a PlatformFor Collaboration – DataFor Clinical ResearchFor Data ProtectionFor Corporate Apps For Platforms

The Cloud as a PlatformFor Collaboration – DataFor Clinical ResearchFor Data ProtectionFor Corporate Apps For Platforms

The Cloud as a PlatformFor Better Health

Thank you!

Jinesh Variajvaria@amazon.com Twitt er:@jinman

htt p://linkedin.com/in/jinman