Why the Cloud Matters for Medtech

Brian Buntz

October 14, 2014

6 Min Read
MDDI logo in a gray background | MDDI

The medical device industry seems rather cautious about following other industries and jumping on the cloud computing bandwagon. But the medtech industry has no choice but to embrace the cloud eventually, says Olayinka James, chief information security officer (CISO) for Zimmer Holdings Inc. (Warsaw, IN). James says it is vital for the industry to make sure that appropriate security measures are in place to keep the data safe.

James will speak on the subject of cloud computing security in the medtech industry in a keynote address at MD&M Minneapolis on Wednesday, October 29. In his talk, he will draw stories from his experience working as a cloud security professional. James, who is presently working on a PhD dissertation on cloud computing security, will also discuss which types of cloud applications make sense for medical device firms, and which kinds of applications represent risky security threats.


MPMN: What are the main advantages for the cloud for the medical device industry?

James: I think productivity is number one. I think the cost savings are big, and are also important.

The orthopedic industry is seeing a decline in profit margins. In the past, we had a situation where gross margin was as high as nearly 70%. But that is coming down significantly because there is a lot of pressure on pricing.
 
A lot of medical device companies are getting push back on spending more money each year and are having to keep their spending levels essentially flat year over year.
 
You can't do that with IT spend because you have to keep up with increasing innovation and increasing security challenges every year, things are changing. You have to buy more tools and technology. In the security space, the hackers are always a step ahead and you essentially keep spending money to play catch-up.
 
When you stack all of that up, the next thing people will start looking for is reducing your total cost of operation and ownership. Cloud computing can make a huge difference, because for instance it can eliminate a lot of your traditional data center spend. So you don't have any need to buy the physical storage, you don't have to cool your data center and also cabling etc. It is a huge cost reduction.
 
Guess what? The huge cost differential can get swallowed up in the risk that is being introduced by going to the cloud if not handled properly. I think that is where you need to find the right balance--investing more in mitigating some of those risks. Sometimes people go to the cloud and take all of the money and spend it somewhere else, but the rule of thumb says it is essentially necessary to take at least 50% of your cost savings from going to the cloud and reinvest into making your environment more secure. This is especially true if you plan to outsource critical/sensitive data to the cloud.

MPMN: Why is the cloud still so trendy in the broader tech sector?

James: Cloud computing has caught fire, outshining several computing trends preceding it. It was an evolution from data center consolidation to virtualization and then outsourcing. Cloud computing has been around for a while now and is still catching fire and the trend will continue for some time to come.
 
Why is this? Well, it has a lot of benefits mainly cost reduction and improved operational efficiencies. Cloud computing can significantly lower the total cost of IT ownership of a business critical applications. It also provide the ability to easily scale up storage capacity, increase your mobility and flexibility.


MPMN: What are the main risks?

James: For organizations that are operating in the medical device sector, there are a few things they need to be aware of--especially security. Before you bring in a cloud vendor, you need to do your due diligence.
 
You should ask questions like: Who has liability if there is a breach? What kind of data should you put in the cloud? If you put sensitive data in the cloud, what should your IT and legal/compliance department be aware of? What are the regulatory or privacy implications for the data in the cloud?
 
The fact that your data is in the cloud, and you have no idea where it may be at any moment in time, also can give sleepless nights to the CIO as the data custodian. Those are some of the issues that you have to worry about.
 
This is an era of cyber war crime. We just heard about JP Morgan and their data breach affecting 76 million households and 7 million small businesses.

MPMN: I also heard that Apple is not going to put its health data in the cloud owing to the sensitive nature of the data

James: I read that and that makes sense.  
 
Frankly, even if you want to put your information as an organization in the cloud, you have to ask what do I want to put there and what do I not want to put there?
 
Maybe I don't want to put IP data in the cloud. But I can put information that can help spark collaboration between remote engineers. I could go to Salesforce.com in the cloud--that is going to enhance my CRM.
 
You don't want to go and just put everything up in the cloud. You have to evaluate what is the sensitivity and the criticality of the data and what is the risk exposure. When you know that, you can make an intelligent decision of whether you want to take the risk.
 

MPMN: How successful do you think the medical device industry is in using the cloud or is it too early to say?

James: I think it is too early to say. The medtech industry is one of the late adopters. I think they are a lot more cautious right now.
 
There is a lot of significant focus right now on just fighting the bad guys--including bad actors and people that do corporate espionage to steal med device data or protected health information (PHI) data.
 
China is really interested in medical device IP because they have a growing and aging population. The population need things like pacemakers, artificial knees, hips, and joint replacements. Because the Med Device companies don't have the money to spend on R&D, it is a lot more convenient to steal the IP and just mass manufacture them at a cheap cost.
 
Last year for instance, It was reported by the San Francisco gates that Chinese hackers broke into the networks of 3 big device companies makers.
 
All of this reports is making medical device companies be very wary as they put things in the cloud.
 
Still, cloud is a phenomena I think that is going to stay, so the medtech industry will likely adopt it more broadly eventually.

Brian Buntz is the editor-in-chief of MPMN and Qmed. Follow him on Twitter at @brian_buntz.

Like what you're reading? Subscribe to our daily e-newsletter.

Sign up for the QMED & MD+DI Daily newsletter.

You May Also Like