Ben Baumann from Akaza and Open Clinica fame, recently blogged about clinical trials in the cloud. Ben is pitching the relatively new offering from Akaza called Open Clinica Optimized hosting that offers quick startup using validated Open Clinica instances and resources on-demand on a SAS-70 compliant platform.
As Ben noted that in the clinical research field, putting together such an offering is not trivial. Open Clinica is the worlds fastest growing clinical trials software with an interesting Open Source business model of community-supported Open Source and revenue from enterprise licensing, cloud services and training.
Software Associates specializes in helping medical device vendors achieve HIPAA compliance and improve the data and software security of their products in hospital and mobile environments. We have been working with a regulatory affairs consulting client for over 3 years now, using the Open Clinica application for managing large multi-center, international clinical trials using Rackspace hosting and more recently using Rackspace Cloud.
I can attest that running multi-center clinical trails in the cloud is neither for the faint of heart nor weak of stomach. Past the security, compliance and regulatory issues – there is also the issue of performance.
Although resources are instantly scalable on-demand in the cloud, resources are not a substitute for secure software that runs fast.
As I noted in a previous essay “The connection between application performance and security in the cloud“, slow applications require more hardware, more database replication, more load-balancing and more firewalls. More is not always better, and more layers of infrastructure increase the threat surface of the application with more attack points on the interfaces and more things that can go wrong during software updates and system maintenance.
If there is a design or implementation flaw in a cloud application for clinical trials management that results in the front-end Web server making 10,000 round trips to the back-end database server to render a matrix of 100 subjects, then throwing more hardware at the application will be a fruitless exercise.
If we do a threat analysis on the system, we can see that our No. 1 attacker is the software itself.
In that case, the application software designers have to go back to the drawing board and redesign the software and get that number down to 1 or 2 round trips.
The effort will be well worth it in your next bill from your cloud service provider.