Beruflich Dokumente
Kultur Dokumente
EY technology newsletter
Issue 8 June 2011
Foreword
Dear colleagues, We are delighted to present to you the next edition of our technology newsletter, Techbytes. This edition discusses themes related to emerging opportunities in the health care space for IT/ITeS.
In this issue Opportunities for IT/ITeS in the Indian health care industry Cloud computing in health care 02 07
Technology is enabling healthcare to reach the remotest areas of the country, expediting new drug discoveries at low costs, accurate diagnosis and subsequent treatment and, above all, making the overall health care environment better as well as increasing the life expectancy of people. In this edition, we have highlighted the penetration of technology in the health care industry and some of the opportunities that are unfolding for the IT/ITeS. We have also shared our perspective on cloud adoption af `]Ydl`[Yj] Yf\ `go al oadd Z]f]l nYjagmk klYc]`gd\]jk af l`] af\mkljq& Our industry speak section features an interview with Col. TL Sharma, AVP Quality and Head Information Security for HCL Technologies where he shares his views on new third party reporting standards. In the event section, we have featured a recently held CFO conference to discuss various aspects of the new third-party reporting standards.
Industry speak: excerpts from an interview with Col. T L Sharma, AVP Quality and Head Information Security, HCL Technologies 14 Industry event: CFO roundtable on the new third-party reporting standards 15
We hope you enjoy reading this edition and look forward to your suggestions and feedback.
Gaurav Taneja Partner and National Director, Technology, Communications and Entertainment
simple to use, cost-effective, portable and power-independent. According to a report by Springboard Research, India has the fastest-growing health care IT market in Asia, with an expected _jgol` jYl] g^ *-$ ^gddgo]\ [dgk]dq Zq ;`afY Yf\ Na]lfYe& The Indian medical technology industry is forecast to grow from MK*&/ Zaddagf af *((0 lg MK), Zaddagf af *(*($ Yk eYfq Af\aYf and overseas medical technology companies are developing innovative products for the Indian market. The Indian health care IT market has seen the evolution of many models to cater to the needs of the local market. Apart from standard hospital information systems (HIS), the need for picture archiving and communication system (PACS), remote installation services (RIS), electronic medical records (EMR) and clinical systems is also on the incline. Further, trends such as IT outsourcing (ITO) in health care in India are emerging.
new markets. Further, the growing exposure of patients to the latest IT services available globally has triggered new demand in India for the increased use of such systems to make health care services more convenient. Proactive wellness: With the increasing health consciousness among Indians, preventive health care is gaining importance. To cater to this demand, a range of software, which enables access to the individuals health risk, the selection of optimum preventive measures and the egfalgjaf_ g^ hYla]fl hjgd]k$ ak YnYadYZd] af l`] eYjc]l&
There are several technologies that are triggering change in the Indian health care industry:
Description
Doctors and hospitals typically do not maintain patient records. Patients are responsible for their own historical data management.
Solution
Electronic medical records and patient health record management systems. Web-based solutions such as Google-Health are also a possibility.
The following trends and factors are driving the rapidly growing use of IT in the health care industry in India: Topography and travel/cost factors: With the majority of the population in India living in villages and most health [Yj] ^Y[adala]k dg[Yl]\ af e]ljghgdalYf [ala]k$ al ak \a^[mdl ^gj patients to seek advice from medical specialists. As such, the specialists based in urban areas can rarely make time lg ljYn]d lg ^Yj%mf_ dg[Ylagfk ^gj hYla]fl nakalk& L`]j]^gj]$ the use of IT in this sector will enable doctors to reach their rural clients with great ease, reduce travel and open access to extending the best possible treatment in real time via technology. Innovation and upgrade of existing technology: The availability of advanced and sophisticated medical technology with the appropriate use of IT has created
Electronic medical records (EMRs) EMRs allow individual patient records to be stored and managed electronically, thus considerably reducing the time, money and space that gets invested in maintaining patient records in the form of paper. The major advantage of data management through this method is that data can be easily transferred between locations on the same network. Therefore, if the patient is unable to visit a previously attended location for treatment, any other location nearby can instead be visited; as the patients medical history can be accessed there.
Personal health records (PHRs) PHRs are a part of the patient-centric trend, where patients participate more actively in the health care
process. However, PHRs, together with other digital health records that predate them EMRs that are used within a single medical provider and electronic health records (EHRs) that can be shared among multiple providers serve beyond the information repository function. They are also used as monitoring tools, which can trigger alerts to patients, families or providers. The data in these records is mined to evaluate the performance of medical practices. PHRs are ]ph][l]\ lg hdYq Y hanglYd jgd] af kaehda]\ Zaddaf_$ \][akagf support and comparative effectiveness research, which aims to determine the most effective treatments at a given cost for a given condition. PHR platforms such as Google Health and Microsoft HealthVault allow members to access and store personal health information online. e- Prescription Another emerging technology in health care is the concept of e-Prescription, wherein prescribers (doctors) can send their prescription through a computer network to a medical store. This eliminates the need for patients to carry their prescriptions to the medical store. This helps avoid errors that can occur due to various reasons such as ambiguity in the prescription due to illegible handwriting.
India, with its diverse landmass and sizeable population, offers an opportune environment for telemedicine with the country facing a shortage of both hospitals and medical specialists. According to the Planning Commission, India is short of 600,000 doctors, 1 million nurses and 200,000 dental surgeons. Moreover, the majority of the countrys population lives in villages, where health care facilities are relatively poor. The key applications of telemedicine include telementored procedures, or surgery-robotics, home care and ambulatory monitoring, disease management, disaster management, remote consultation and critical care monitoring, disease surveillance and program tracking, continuing medical education, and public
awareness. To strengthen the telemedicine network in India, l`] ?gA$ af alk =d]n]fl` >an] Q]Yj HdYf *((/*()*!$ Yddg[Yl]\ MK-( eaddagf lg klj]f_l`]f l`] [gmfljqk l]d]e]\a[af] k][lgj& Case study: Apollo Hospitals and Aravind Eye Care leading the way in telemedicine Apollo Telemedicine Network Foundation (ATNF): ATNF, part of Apollo Hospitals, offers customized telemedicine support for primary, secondary and l]jlaYjq `]Ydl` [Yj]& 9LF> k]l mh alk jkl l]d]e]\a[af] center in Aragonda, Andhra Pradesh, in 1999, and since its inception, it has established nearly 150 telemedicine centers in India and a few selected Asian countries. ATNF offers a broad range of telemedicine services such as tele-radiology, tele\]jeYlgdg_q$ l]d]%hYl`gdg_q$ j]egl] A;M egfalgjaf_$ ambulance monitoring and EHRs. Furthermore, ATNF has developed its own web-enabled telemedicine application called Medintegra WEB, which enables doctors, nursing homes and hospitals to collect vital health data of patients living in inaccessible areas and converts this data into a secure EMR. Aravinds tele-ophthalmology network: Aravind Eye Care Hospital has set up a tele-ophthalmology network that diagnoses ophthalmic diseases by viewing still images. Aravinds eye clinic provides basic tools for diagnosis as well as advanced satellite-linked telemedicine trucks that travel regularly to remote locations, perform eye exams, teach eye care and a\]fla^q h]ghd] o`g eYq j]imaj] kmj_]jq& Mkaf_ l`]k] telemedicine trucks, doctors at Aravinds hospitals participate in taking decisions and making diagnoses when required. At the tertiary level, medical specialists at Aravind provide medical consultations to patients examined at different hospitals.
Telemedicine
Telemedicine6
Telemedicine is the use of electronic information and communication technology to provide and support health care when distance separates participants. Telemedicine can range from remote specialists receiving test result transmissions to fullscale, integrated video presence health-monitoring systems. Af alk nYjagmk ^gjek$ l]d]e]\a[af] `Yk \]egfkljYl]\ ]^[Y[q by increasing quality, reducing costs and creating revenue opportunities for health care providers. The following are various applications of telemedicine.
Continuing Medical Education & Public Awareness Disaster Management
Disease Management
Narayana Hrudayalaya and the Mazumdar Shaw Cancer Centre collaborated with SANA, a research group at Harvard/MIT, for the smart phone-based detection of oral cancer and other diseases.
A good cloud computing provider can resolve such challenges as it can deliver reliable 24/7 data access at reasonable costs. This is the best solution for the Indian health care system, since it reduces upfront investments in software and hardware. However, the concept of cloud computing is yet to prove its worth in health care, with just a few early adopters of this technology with an established presence in this area. The most ka_fa[Yfl [`Ydd]f_] af Y\ghlaf_ l`ak l][`fgdg_q da]k af l`] uncertainty around whether hospitals and clinics will trust their data to be stored offsite. Af Af\aY$ kge] eYbgj hdYq]jk af l`] ]d\ Yj] dggcaf_ lg Zmad\ l`]aj own networks. Initially, the private cloud is more likely to be adopted, as opposed to the public cloud, where hospitals have to share data externally.
Patient centricity 8
Patient-centric IT systems provide information transparency. Health care IT today goes beyond traditional isolated computers and unfriendly applications. Patient care is exploiting new tools and information that systems can provide, while maintaining a patient-centric approach to their use. However, patient data k][mjalq Yf\ ]^[a]f[q af `]Ydl` [Yj] j]eYafk Y [`Ydd]f_]& Software that supports core medical processes, hardware that allows easy access to information at the point of care and standards that make the integration of different systems easier are the key features of new health care IT systems. Perhaps, the most disruptive technology-driven force in health care today is the proliferation of health blogs, social networks and open access to health care information (transparency), which is referred as Health 2.0.
Computer-based bio-surveillance projects used to generate data on diseases and create databases on health care in rural areas are becoming popular in India. Gauging the potential of such projects, there are several organizations entering this space: The Indian Institute of Chemical Technology (IICT) in Hyderabad has developed a model to forecast the possible epidemics of diseases such as malaria and encephalitis in rural Andhra Pradesh. A recent initiative by a global consortia comprising the Indian Institute of Technology, Madras, the National Centre ^gj :agdg_a[Yd K[a]f[]k$ ;Yjf]_a] E]ddgf Mfan]jkalqk 9mlgf DYZ$ DAJF=YkaY$ l`] Mfan]jkalq g^ 9dZ]jlY$ J]kh]j] DYfcY$ Lanka Jathika Sarvodhaya Society and the International Development Research Centre (IDRC) called the Real Time Biosurveillance Program (RTBP), has attempted to use the power of mobile phones to develop a health care model.
Cloud computing9
A high upfront cost has been the main deterrent to health care IT adoption, as India has traditionally always been a cost-sensitive market. However, this trend is gradually changing. The three key pain points for health care service providers are: High initial costs The need for human resources to maintain and service systems in-house Accessibility of data 24/7
Lack of standards Lack of in-house IT domain knowledge Reluctance of medical, nursing and other staff to adjust to change Apprehensions around technology failures (paper systems appear more reliable) Lack of proper vendor support
In order to avoid such problems, there should be certain common designing standards. These standards must satisfy the requirements of most health care organizations. While such klYf\Yj\k Yj] ]ehdgq]\ af l`] MK$ Af\aYf `]Ydl` [Yj] ak q]l lg oalf]kk l`] \]n]dghe]fl g^ km[` klYf\Yj\k& Af l`] MK$ afklalml]k Yj] \ana\]\ aflg nYjagmk \a^^]j]fl [Yl]_gja]k oal` kh][a[ standards. Such technological improvements in the Indian health care society could attract more customers from other countries, thus generating an incremental positive change in the domestic economy. It could also help resolve problems such as the availability of resources and the overall development of the sector.
Conclusion
Al ak ]klaeYl]\ l`Yl )- g^ Af\aYk hghmdYlagf kladd `Yk no access to health care services, either due to lack of YnYadYZadalq gj ][gfgea[ j]Ykgfk& Egj]gn]j$ /- g^ l`] imYda]\ \g[lgjk hjY[la[] af mjZYf Yj]Yk Yf\ *+ af lgofk$ o`ad] gfdq * hjY[la[] af jmjYd Yj]Yk& Oal` l`] af[j]Ykaf_ use of technology in the industry, this gap will get bridged and health care services would be provided to a larger set of people. Following advancements in telecommunications, the GoI and other private telecom service providers are undertaking several initiatives to increase access to include communities that lack access to information from a wider arena. Fiber optic cables, exponential increase in mobile telephony and l`] \]hdgqe]fl g^ +? oadd `]dh e@]Ydl` _Yaf ege]flme&
Standardization
Health care service providers have to face several problems while designing and implementing health care management systems. Different health care organizations have varying software requirements, depending on their size of working, management systems and infrastructure. This requires a high degree of [mklgearYlagf$ eYcaf_ al \a^[mdl ^gj `]Ydl` [Yj] k]jna[] providers to design different software programs customized for various health care organizations.
;gf\]flaYdalq
The use of IT is associated with issues revolving around the privacy of patient data, as health information is private and personal in nature and requires stricter regulation. Concerns regarding the ownership of medical information between patients, health care companies, government and IT companies continue to plague the industry.
Contributed by:
Satyakam Chakravarty, Senior Manager, Technology, Communications & Entertainment He can be reached at satyakam.chakravarty@in.ey.com.
Swati Goenka, Analyst, Strategic Market Intelligence - Technology She can be reached at swati.goenka@in.ey.com
References:
1
Impact of Information Technology on Indian Health Care Industry, Wordpress website, http://hsskbc.wordpress. com/2010/07/16/impact-of-information-technology-on-indian`]Ydl`%[Yj]%af\mkljq$ Y[[]kk]\ + EYj[` *())3 @]Ydl`[Yj] AL in India An Optimistic Outlook, Asian Hospital & Healthcare Management website, www.asianhhm.com/information_ l][`fgdg_q'`]Ydl`[Yj]alWaf\aY&`le$ Y[[]kk]\ + EYj[` *())3 L][`fgdg_q :ggkl Lg @]Ydl`[Yj]$ :mkaf]kk Daf]$ )0 Fgn]eZ]j 2010, via ISI Emerging Markets Medical technology industry in India riding the growth curve, CII and Deloitte, July 2010; Asian Healthcare Information Technology Industry, Health IT NEWS.Direct! website, www. healthitnewsdirect.com/?p=690, accessed 9 March 2011; Information Technology Revolution in Healthcare, Media India website, www.medindia.net/articles/article1.asp, accessed 9 March 2011 Medical technology industry in India Riding the growth curve, CII and Deloitte, July 2010; Health care informatics in the next five years, Healthcare Management Express o]Zkal]$ ooo&]phj]kk`]Ydl`[Yj]e_el&[ge'*((,(-+)' informationtechnology05.shtml, accessed 20 April 2011; Managing to keep well, The Hindu website, www.thehindujobs. [ge'l`]`af\m'eh'*((*'(.')+'klgja]k'*((*(.)+((+,(*((& htm, accessed 20 April 2011
Information Technology impact on the healthcare industry, 9E=af^g o]Zkal]$ ooo&Ye]af^g&[ge')--.0(%egj]*&`led$ accessed 4 March 2011; Health Technology Investments in India, Blood Test Guide website, http://www.bloodtestguide.com/healthtechnology-investments-in-india.html, accessed on 04 March 2011 Indian Healthcare and Information Technology, eHealhthonline website, www.ehealthonline.org/articles/article-details. Ykh7Lald]5Af\aYf*(@]Ydl`[Yj]*(Yf\*(Af^gjeYlagf*(L][` fgdg_q9jla[YdA<5*+)(Lqh]5H=JKH=;LAN=$ Y[[]kk]\ / EYj[` 2011; Turning point: How technology innovation is enabling the transformation of health care, Ernst & Young, 2009; Information Technology impact on the healthcare industry, AMEinfo website, ooo&Ye]af^g&[ge')--.0(%egj]*&`led$ Y[[]kk]\ , EYj[` *()) Turning point: How technology innovation is enabling the transformation of health care, Ernst & Young, 2009; Telemedicine in India: Initiatives and Perspective, B.S.Bedi Department of Information Technology Ministry of Communications & IT Government of India, Pg. 7; Healthcare a healthy dose for success, Ernst & Young, 2010; Apollo Telemedicine Network Foundation website, Aravind Eye Care website Turning point: How technology innovation is enabling the transformation of health care, Ernst & Young, 2009; m-Health for Development: Leveraging on Mobile technology for Healthcare
0
in India, Jamnalal Bajaj Institute of Management Studies o]Zkal]$ ooo&bZaek&]\m'kljYl]_qe'\g[k'KqfghkakWe@]Ydl`*( ^gj*(Af\aY&h\^$ Y[[]kk]\ + EYj[` *())3 @]Ydl`[Yj]$ Af\aYf Brand Equity Foundation website, www.ibef.org/artdispview. Ykhp7af5*1YjlWa\5*/+0-[YlWa\5))1hY_]5*$ Y[[]kk]\ , March 2011 Turning point: How technology innovation is enabling the transformation of health care, Ernst & Young, 2009 Cloud computing is unproven technology in Indian healthcare, Express Computer Online website, www.expresscomputeronline. [ge'*()((*(0']phj]kkafl]dda_]fl]fl]jhjak])/&k`led$ Y[[]kk]\ / March 2011 ]%D]Yjfaf_ ]%@]Ydl` Ghhgjlmfala]k Yf\ ;`Ydd]f_]k af Af\aY$ Armin Jamshedji Neogi, Senior Manager Monitoring & Evaluation FPA India; How is ERP received in each industry?, www.erpwire. [ge']jh%Yjla[d]k']jh%af\mkljq%YfYdqkak&`le$ Y[[]kk]\ 0 EYj[` 2011; Healthcare IT in India An Optimistic Outlook, Asian Hospital & Healthcare Management website, www.asianhhm. [ge'af^gjeYlagfWl][`fgdg_q'`]Ydl`[Yj]alWaf\aY&`le$ Y[[]kk]\ + March 2011
10 6
There are three main cloud service models: SaaS, PaaS and IaaS. IaaS provides the capability to execute rent processing and storage over the internet. It is, in many senses, the most commoditized version of cloud services.
CRM
Cloud computing infrastructure as a service (IaaS) brings utility computing closer to reality. It has the potential to change the way IT hardware is purchased, designed and used. With its promise of affal] k[YdYZadalq Yf\ Y hYq%Yk%qgm%_g hja[af_ eg\]d$ l`] hjaeYjq Z]f]l l`Yl [dgm\ AYYK ]pl]f\k lg l`] dYj_] ]fl]jhjak] ak _j]Yl]j business effectiveness at lower IT costs. The cloud computing infrastructure as a service (IaaS) market is at a nascent stage both globally and in India. Globally, the market has been maturing oal` ka_fa[Yfl [geeale]fl ^jge dYj_] Yf\ fa[`] hdYq]jk& Across industry segments, the Indian market has also expressed ka_fa[Yfl afl]j]kl af l`] hgl]flaYd g^ AYYK k]jna[]k&
functioning of their businesses. They use health care management and information systems (HMIS), picture archiving and communications systems (PACS), electronic medical/ health records (EMR/EHR) and point of care systems and _]f]jYl] ka_fa[Yfl [dafa[Yd \YlY$ af[dm\af_ aeY_]k& L`] c]q users of IT, apart from hospitals are also diagnostic centers, clinics or medical centers and R&D within drug companies. Correspondingly, these networks are complex and face constraints such as the availability of these services in remote locations, business continuity requirements, data security and integrity. The awareness and interest for cloud computing in the health care segment is at a nascent stage. Currently, hospitals spend a ka_fa[Yfl hgjlagf g^ l`]aj Zm\_]lk gf fgf%[gj] j]kgmj[] [gklk$ both manual and technical in a traditional healthcare ecosystem. Cloud services extend to health care provide the promise of reduced IT costs in the face of continued margin pressures and the critical need to generate and store large amounts of health data or information. For the small and medium business (SMB) health care providers, cloud IaaS services lower the barriers to market growth by minimizing technology costs and upfront investments. For hospitals, besides keeping costs low, cloud helps in meeting compliance requirements of maintaining EHRs. Health care providers can use private or public cloud to: Klgj] hYl`gdg_q Yf\ gl`]j j]hgjlk p%jYq$ ]l[&! EYaflYaf Yf\ klgj] hYla]fl j][gj\k'Zaddaf_'[dYaek @gkl l`aj\%hYjlq gj af `gmk] Yhhda[Ylagfk @EAK$ ]l[&! ;gff][l gf Y [geemfalq d]n]d Z]lo]]f \g[lgjk'`gkhalYdk$ diagnostics companies and patients
Software as a service
Platform as a service
Database
Queuing
Infrastructure as a service
Monitoring
Provisioning
Scheduling
Web management console vStorage vServer Virtualization Storage Server Hardware Power HVAC Facilities Land Network vNetwork
Principal characteristics Abstraction of infrastructure Service oriented architecture Pooled resource Scalable Utility based model of computing
Ernst & Young recently conducted interviews with CIOs of organizations across industries to analyze their expectations from, and perceptions of, the Indian IaaS market and draw relevant inferences for the entire IaaS ecosystem.
Exhibit 1: Which of the following appropriately describes your view on cloud computing infrastructure as a service?
20%
44%
24%
12% Cloud computing is an evolving concept and will mature in some years Cloud computing offerings will not suit my business Cloud computing will drive the next wave of IT innovation Not aware of these services in great detail
Source: EY Survey Cloud Adoption in India, 2009
The market is seeing a concerted effort in the related software as a service (SaaS) space. The SaaS market is increasingly gaining acceptance in the SMB segment, indicating a shift in the thought process of CIOs and IT decision makers. The IaaS market ak Ydkg dac]dq lg Z]f]l ^jge l`] af[j]Ykaf_ eYlmjalq g^ l`]k] related markets. Responses to the Ernst & Young survey on timeframe to adoption af\a[Yl]\ l`Yl egj] l`Yf /( g^ l`] j]khgf\]flk Yj] dggcaf_ lg adopt the technology in the next three years. The implied pattern of adoption is also indicative of an innovation diffusion curve, oal` Y ka_fa[Yfl eYafklj]Ye eYjc]l \]n]dghaf_ af l`] f]pl l`j]] lg n] q]Yjk&
10
Scalibility
Early majority Early adopters Innovators 8% 20% 44% 12% 16% Late majority Laggards
High uptime 4% Reduced risk of technology obsolence Improved hardware utilization Improved datacenter ]^[a]f[q Faster deployment 4% =plj]e]dq Ka_fa[Yfl Ka_fa[Yfl
EYafklj]Ye eYjc]l
High awareness levels and the positive perception of cloud indicate a market, which will see robust growth rates once the service is available and when enterprises begin adopting the technology.
11
Deep dive discussions with participants indicated a distinct \a^^]j]f[] af l`] h]j[]an]\ Z]f]lk g^ [dgm\ Zq l`] KE: Yf\ enterprise segments. The SMB segment considers cloud IaaS k]jna[]k ^gj ljm] [dgm\ Z]f]lk$ o`ad] l`] dYj_] ]fl]jhjak] h]j[]an]k Z]f]lk gf l`] gh]jYlagfYd ka\] l`Yl Yj] _]f]jYddq derived from an outsourcing model. The SMB segment has cited high uptime as the top gh]jYlagfYd Z]f]l$ o`ad] dYj_] ]fl]jhjak]k j]_Yj\ Y dgo]j risk of technology obsolescence as the most important gh]jYlagfYd Z]f]l& L`] KE: k]_e]fl j]_Yj\k mkY_]%ZYk]\ hYqe]flk Yf\ dgo [YhalYd afn]kle]flk Yk ]plj]e]dq ka_fa[Yfl Zmkaf]kk Z]f]lk$ o`ad] l`] dYj_] ]fl]jhjak] h]j[]an]k l`] YZadalq lg ^g[mk gf [gj] Y[lanala]k Yk l`] lgh Zmkaf]kk Z]f]l&
Barriers to implementation
Implementing cloud computing will not be without challenges. Ernst & Youngs market survey indicates that an overwhelming /* g^ l`] j]khgf\]flk [al] hgl]flaYd \YlY hjanY[q Yf\ k][mjalq akkm]k Yk ]plj]e]dq ka_fa[Yfl [gf[]jfk& L`] gl`]j Yj]Y g^ concern is around the maturity of vendors and their current capability to provide cloud services. Here are some of the challenges generally associated with a shift to cloud IaaS services: Data security and privacy Legal and regulatory compliance Control and responsiveness Lack of benchmarking or leading practice experience Ambiguity over how best to quantify, track and communicate l`] Z]f]lk g^ [dgm\ [gehmlaf_ Threat of potential over reliance on a single-source IT provider Lack of interoperability Resistance from datacenter IT personnel
Cost does not seem to be a factor driving the decision to adopt cloud IaaS services. Surprisingly, both the SMB and large enterprise segments have given lower priority to other lqha[Yd [dgm\ Z]f]lk km[` Yk l`] YZadalq lg affgnYl] Yf\ ^Ykl]j deployment. This may be indicative of an awareness gap of the \a^^]j]flaYl]\ Z]f]lk l`Yl [dgm\ AYYK k]jna[]k Yj] [YhYZd] g^ delivering.
Data security and privacy is a major concern for enterprises considering implementing cloud IaaS services. Cloud IaaS is a distributed computing model with inherent ambiguity around where the data resides. This distributed model leads to a perception of higher risk and security challenges. A cloud service provider can mitigate these risks by establishing an effective security and controls framework in the following areas:
Techbytes EY technology newsletter es technology
A\]flalq Yf\ jakc eYfY_]e]fl ;gehdaYf[] Yf\ Ym\al 9hhda[Ylagf d]n]d k][mjalq <YlY ZY[cmh Yf\ j][gn]jq D]_Yd
12
Conclusion
Vendor lock-in concerns (inability to switch vendors easily or bring operations back-in) 50% 33% 13% 4% 29% 29% 29% 13% 21% 25% 25% 29% 8% Loss of control over IT operations 33% 17% 38% =plj]e]dq Ka_fa[Yfl \jan]j Ka_fa[Yfl \jan]j >Yajdq ka_fa[Yfl \jan]j Not a driver
Enterprise IT decision makers need to continue monitoring the market in the short term for provider strategies around cloud IaaS services. Enterprises at the forefront of technology adoption should start interacting with service providers to understand current offerings. Although the ecosystem does not appear to be mature enough to extend support to a complete cloud IaaS services portfolio, the economic crisis could well serve as an impetus to both providers and enterprises to opt for the cloud. With providers beginning to invest in infrastructure, the economics and feasibility of cloud services are likely to evolve rapidly. Companies considering cloud computing need to consider the broad range of business factors and effects that may arise from such an initiative. Companies should consider some of the following cloud computing-related areas: Privacy Enterprise architecture Information security Application controls and security IT effectiveness/transformation Business continuity plans Scalability
The following questions are critical for business leaders to consider when health care providers/diagnostics companies, etc., are planning a transition to cloud computing: How can my data center be better equipped to function with part of its infrastructure on the cloud? O`Yl kh][a[ Yj]Yk Yj] egkl YhhjghjaYl] ^gj [dgm\ computing? What services are third-party vendors providing? O`Yl Yj] l`] egkl ka_fa[Yfl \YlY hjanY[q Yf\ k][mjalq issues that we will likely face? Is a private cloud better for the health care sector, given the sensitive nature of information involved? What are the cloud providers key risks and performance indicators, and how will this impact be monitored and measured from an enterprise perspective? How can I deploy IaaS in a way that makes it relatively easy to switch providers, if needed? What are we trying to achieve through cloud computing? What ROI can we expect?
13
What technology needs will be required with cloud computing? Can the provider offer reliable services in remote healthcare provider locations? How do I assess the actual infrastructure that will be needed to support my applications? How do I benchmark application performance in the provider environment? Does the IaaS provider offer scalability in case of additions to the hospitals/diagnostic centers and health centers? How does resource pooling and allocation occur within the cloud providers infrastructure set up? Based on the approach, application performance and expected usage patterns, what is the best pricing strategy? How can existing resources, both machines and people, be reallocated for maximum impact? What are the broader cultural and operational implications of this approach?
Contributed by:
T chbytes Techbyte EY technology newsle ter Techbytes ye technology newsletter ec n logy ewsle c o og wslet le
14 14
Industry speak
Excerpts from an interview with Col. T L Sharma, AVP Quality and Head Information Security, HCL Technologies
Q: A:
What are your thoughts on the new third-party reporting standard replacing SAS 70?
Q: A:
K9K /( `Yk hjaeYjadq MK Yhhda[YZadalq Yf\ `Yk Z]]f essentially an auditor communication. The new third-party reporting standard intends to bind the organization more jedq Zq Zjaf_af_ af gl`]j klYc]`gd\]jk km[` Yk j]_mdYlgjk$ ZgYj\ g^ \aj][lgjk Yf\ fYf[aYd klYl]e]fl mk]jk& L`]k] klYf\Yj\k oadd require organizations to adhere to a declared set of controls through self-assertion. How do you see this change affecting the IT industry?
What kind of changes do you expect in your organizational processes to meet the new reporting standard?
We do not need to change any processes as we already have an appropriate monitoring mechanism in place to enable the management to sign the required assertion under the new standards. How do you plan to communicate these changes to your clients?
Q: A:
Q: A:
Some of the requirements as a part of the new standards are management written assertions, accurate description of the system as well as control objectives of the system. While the changes are there, they will not have much of an impact on organizations with proper monitoring of compliance in place, except that they may lay more emphasis on the better monitoring of compliance. What is your organizations road-map to implement the new standard? As an organization, we are preparing for it, our plans are in place, our team is ready and our next audit scheduled in August 2011 will be under the new standards.
We have open communication with our clients, as is the case for any other communication; this change will also be communicated through our existing regular channels such as face-to-face meetings, emails and other communication media. How will your organization leverage changes to its advantage?
Q: A:
Q: A:
A few years ago when we went in for SAS 70, proactively without a requirement from any of our customers or hjgkh][lk$ al Z][Ye] gmj MKH& L`ak lae] lgg$ o] Yj] o]dd prepared for changes in the third-party reporting standards and will continue to be ahead of competition in adopting the global best practices.
15
16
Another reason is the need to respond to the requirements of mk]j ]flala]k Yf\ l`]aj Ym\algjk gmlka\] l`] MK& L`ak ak Z][Ymk] K9K /( ak ]kk]flaYddq Y MK klYf\Yj\ [gf^gjeaf_ lg 9A;H9 MK auditing standards, though used globally.
The other changes are : Prepare and present a complete and accurate description of the system Specify the control objectives of the system and state those control objectives in the description of the system Identify the risks that threaten the achievement of the control objectives, although the risks are not included in the service organization report Design, implement and maintain controls to provide reasonable assurance that control objectives will be achieved
Participants also discussed action steps to help service organizations implement the new standards:
Gf] g^ l`] jkl kl]hk oYk l`] \Yl] g^ Y\ghlagf& L`] f]o standards are effective for reports issued on or after 15 June 2011. Participants discussed a change management plan for dealing with service organizations clients and business personnel. There were queries on ways of communicating changes to user organizations to help them understand the nature of changes.
Participants also shared their views on the new third-party reporting standard. Baljinder Singh, Head of Global Technology, Information Security and Business Continuity at EXL shared his organizations journey on the SAS 70 maturity path, the governance framework and how they are planning to adapt to the new standard, while minimizing the impact on the business.
Chris Halterman, Leader, Service Organization Control Reporting, Ernst & Young, shares his views on the new standards
Ms. Shamini Ramalingam from Bharti, Nidhi Sodhani from Aegis, Sunil Putty from EXL, Alok Sharma from Headstrong and Kaushal Chaudhary from NIIT were among the other participants who expressed their concerns and opinions.
Participants shared that the event was very relevant as a forum to address all their queries and concerns. Clearly, these are exciting times for the industry as it gears to embrace new standards.
Gmj g^[]k
Ahmedabad 2nd Floor, Shivalik Ishaan Near CN Vidhyalaya Ambawadi 9`e]\YZY\ +0( ()L]d2 # 1) /1 ..(0 +0(( >Yp2 # 1) /1 ..(0 +1(( Bengaluru M: ;alq$ ;YfZ]jjY :dg[c )*l` )+l` ggj No.24, Vittal Mallya Road :]f_Ydmjm -.( (() L]d2 # 1) 0( ,(*/ -((( # 1) 0( ./*/ -((( >Yp2 # 1) 0( **)( .((( )*l` >dggj! # 1) 0( ***, (.1- )+l` >dggj! Chennai LHD @gmk]$ *f\ ggj Fg +$ ;]fglYh` JgY\ Teynampet ;`]ffYa .(( ()0 Tel: + 91 44 4219 4400 # 1) ,, ..+* 0,(( >Yp2 # 1) ,, *,+) ),-( Hyderabad *(-$ *f\ ggj Ashoka Bhoopal Chambers Sardar Patel Road K][mf\]jYZY\ -(( ((+ Tel: + 91 40 6627 4000 >Yp2 # 1) ,( */01 00-) GnYd G^[] )0$ aDYZk ;]flj] Hitech City, Madhapur @q\]jYZY\ -(( (0) L]d2 # 1) ,( ./+. *((( >Yp2 # 1) ,( ./+. **(( Kochi 9th Floor, Abad Nucleus NH-49, Maradu PO Cg[`a$ C]jYdY .0*+(,$ Af\aY L]d2 # 1) ,0, +(,,((( >Yp2 # 1) ,0, */(-+1+ Kolkata 22, Camac Street :dg[c ;$ +j\ ggj CgdcYlY /(( (). L]d2 # 1) ++ ..)- +,(( >Yp2 # 1) ++ **0) //-( Mumbai .l` ggj )0l` ggj Express Towers, Nariman Point EmeZYa ,(( (*) L]d2 # 1) ** ..-/ 1*(( .l` ggj! >Yp2 # 1) ** **0/ .,() L]d2 # 1) ** ...- -((( )0l` ggj! >Yp2 # 1) ** **0* .((( The Ruby 29 Senapati Bapat Marg, <Y\Yj O!$ EmeZYa ,(((*0 Tel: +91 22 61920000 Fax: +91 22 61921000 :dg[c :%*$ -l` ggj Nirlon Knowledge Park Off Western Express Highway, Goregaon (E) EmeZYa ,(( (.+ L]d2 # 1) ** ./,1 0((( >Yp2 # 1) ** ./,1 0*(( NCR ?gd^ Na]o ;gjhgjYl] Lgo]j : Near DLF Golf Course, Sector 42 ?mj_Ygf )** ((* Tel: + 91 124 464 4000 Fax: + 91 124 464 4050 .l` ggj$ @L @gmk] )0%*( CYklmjZY ?Yf\`a EYj_ F]o <]d`a ))( (() L]d2 # 1) )) ,+.+ +((( >Yp2 # 1) )) ,+.+ +*(( 4th & 5th Floor, Plot No 2B, Tower 2, K][lgj )*.$ FGA<9 % *() +(, ?YmlYe :m\` FY_Yj$ M&H& Af\aY Tel: + 91 120 671 7000 Fax: + 91 120 671 7171 Pune ;%,()$ ,l` ggj Panchshil Tech Park Yerwada (Near Don Bosco School) Hmf] ,)) ((. L]d2 # 1) *( ..(+ .((( Fax: + 91 20 6601 5900
About Ernst & Young Ernst & Young is a global leader in assurance, tax, transaction and advisory services. Worldwide, our 141,000 people are united by our shared values and an unwavering commitment to quality. We make a difference by helping our people, our clients and our wider communities achieve their potential. Ernst & Young refers to the global organization of member firms of Ernst & Young Global Limited, each of which is a k]hYjYl] d]_Yd ]flalq& =jfkl Qgmf_ ?dgZYd Daeal]\$ Y MC company limited by guarantee, does not provide services to clients. For more information about our organization, please visit www.ey.com
Ernst & Young Pvt. Ltd. is one of the Indian client serving member firms of EYGM Limited. For more information about our organization, please visit www.ey.com/india Ernst & Young Pvt. Ltd. is a company registered under the Companies Act, )1-. `Ynaf_ alk j]_akl]j]\ g^^a[] Yl ** ;YeY[ Klj]]l$ +j\ >dggj$ :dg[c ;$ Kolkata - 700016 2011 Ernst & Young Pvt. Ltd. Published in India. All Rights Reserved. This publication contains information in summary form and is therefore intended for general guidance only. It is not intended to be a substitute for detailed research or the exercise of professional judgment. Neither EYGM Limited nor any other member of the global Ernst & Young organization can accept any responsibility for loss occasioned to any person acting or refraining from action as a result of any material in this publication. On any specific matter, reference should be made to the appropriate advisor. EYIN1107-072 Artwork by JS
Feedback Please write to Satyakam Chakravarty (Technology, Communications & Entertainment) at Satyakam.Chakravarty@in.ey.com