Blog

Why the Regulated Cloud is More Secure Than You Think

Ask life sciences companies what questions they have about moving their content to the cloud and you will likely find at least one “security” related question. Indeed, this is an important topic, and it is vital that organizations address content management security at all levels, particularly when managing highly sensitive life sciences information, such as R&D or manufacturing information. Interestingly, there are still some who maintain that data is only safe if you store and maintain it in your own data center(s), not when it’s “floating around” in the cloud. This inaccurate – though entertaining – description of the cloud (we’ve never seen floating data), ignores the fact that data can be even more secure in the cloud, particularly when working in the regulated cloud. The regulated cloud is different from both public clouds and private clouds in that it offers additional security features (more than a typical public cloud like Amazon’s) that life sciences organizations in particular require, including:

cloud security with closed lock

  • SAS 70 Type II certification: A very strict set of controls stating that a service organization has been through an in-depth audit of their control objectives and control activities.
  • Precise location: Unlike the public clouds a la Amazon, where it’s often a mystery as to where your content is stored, in the regulated cloud, you know exactly where your data is and where the servers are.
  • Regular audits: Regulated cloud data centers are often audited by both large and small regulated companies like those in the life sciences industry.
  • Strict security measures: All communication is protected by features like SSL encryption (which prevents intrusion as information travels over the network), intrusion detection at the hardware and software levels, audit trail reports, and password protection.

 

The added security benefits of the regulated cloud make it well-suited for life sciences companies. Not only is the regulated cloud more secure than public clouds, it also has advantages over traditional, on-premise solutions. For example, a company dedicated to providing cloud-based services will have a skilled security taskforce prepared to monitor and protect your data. On-premise data centers, on the other hand, often the resources to spend on a dedicated, around-the-clock security task forces.

Another regulated cloud benefit is data concentration. Most companies forget that the most vulnerable access points for their data are often their own people. How many times have you or someone you know sent a vital document over email or via flash drive because it was too difficult to share within a controlled system? These work-arounds may help things move faster, but it also means your content is out there, somewhere, where you have little or no control. Furthermore, misplaced or stolen laptops are crippling to a traditional user whose information is stored locally on a machine. If you operate in the regulated cloud, a misplaced or stolen laptop won’t compromise your data.

But it’s not just companies with on-premise systems that can benefit from moving to the regulated cloud; companies that currently work in a private cloud will also see an advantage. One of the most notable security advantages of the regulated cloud over a private one is that the regulated cloud provides a steady stream vital security updates. One of the easiest ways for an outsider to access a company’s data is through known holes in previous versions of software. Think about how long an update process is for a traditional on-premise or private cloud solution. There are multiple machines, compatibility issues, and data migrations to consider and plan for. Anyone who’s been involved in that process knows that that all takes significant time and effort. Now contrast that to updating a solution in the regulated cloud, where security updates are pushed immediately and with little or no effort from your organization.

As with any vendor, companies need do their due diligence when selecting a provider. But strong regulated cloud and application services providers will empower life sciences organizations with better security, deeper collaborations, faster updates and greater capabilities than on-premise or private cloud systems. They days of dismissing cloud as ‘insecure’, ‘unregulated’ or ‘compliance challenged’ are over. The regulated cloud is here today. It is proven. And it is ready to take on the challenges of the next generation of content management needs.

Jen Goldsmith is the Vice President of Veeva Vault.

Interested in learning more about how Veeva can help?