Cloud Computing in Pharma

It’s never too late to reap the benefits

By Raju Singit, senior consultant and Sridhar Murthy, senior architect, Infosys

1 of 2 < 1 | 2 View on one page

Pharma is known for its late adoption of new technologies. The industry thoroughly studies risks, pros and cons, etc., before adopting any new technology. But now as companies are being compelled to streamline their process and reduce costs, they are finding new ways to optimize complex processes by adopting cloud computing. The benefits of the cloud “pay as you go” model, low capital investment and low run costs will drive innovation in products and bundled services quick to the market[1].

Over the last 10 years the technology industry has changed dramatically; there is advancement in technology, but the manufacturing industry is facing business challenges centered on improving performance of applications and infrastructure while controlling the cost of doing business. One ray of hope for controlling industry’s mounting challenges is Cloud computing. Pharma enterprises are trying cloud analytics, automation and marketing, and exploring the benefits of emerging technologies [2].

Cloud software solutions are taking on several different tasks in the pharmaceutical industry. Its implementation can mean improving the quality of data to support sales, or providing practical ways for clinical trial site managers to communicate across wide geographic divides. It’s also making it easier for companies to merge without the problems that invariably arise when data between disparate computer systems is aggregated [3]. But looking ahead, there are also some intriguing applications that involve combining the cloud with big data from public and private sources and applying analytics.

To make the best use of the existing systems, sales force need most up to date and accurate information about stocks of the product, physicians contact details, social media networks they favor and whether their practices are accepted and very importantly help in avoid duplications.

In addition sales force, shares databases that are helping drug developers and manufacturing identify principal investigators. Principal investigator contact details used to be considered proprietary information. Regardless, there are a number of risks and challenges Pharma faces when it comes to adopting cloud-based computing solutions:

  • Data/Information Security (VPN and Encryption) because the industry is highly regulated
  • The other risk need to be considered in service provider as they don’t understand Pharma security[4] and regulatory requirements
  • Data migration problems when changing the cloud provider (security validation, etc.), since the validation of the system involves rigorous process
  • Surveillance of the internet, due to spying on people private data, the regulatory agency will come under pressure to do more to protect' private data. The agency will tighten data protection laws. So they will come out with strong solution information technology industry can offer alternatives ideas to be explored, like secure cloud computing and better links between technologies.
  • Requirements on GxP -The service provider provides capabilities to facilitate the validation of Pharma specific solution using the cloud service. The validation remains accountability of Pharma and needs to be defined in a validation plan[5].
  • Risk Management - Vendor transparence and audits are “must.” Legal, compliance, and reputation risks. Cloud vendors leaking, breaching, losing, damaging, or impeding access to various types of sensitive or valuable information.
  • Operational risks - IT security, performance, or availability with strong encryption, access control, monitoring, and physical separation of resources.
  • Security incidents - Most logs and documentation is in the control of the cloud provider.  The cloud user will rarely have access to this data to determine security incidents.
  • In shared environments the irreversible erasure or anonymization of data is difficult and since the cloud user has not access to the computing environment, it cannot be verified.

Those in Pharma looking to adapt cloud technologies can avoid risks by setting clear Qualification and Validation goals can to help manage these risks and provide auditable evidence of how this has been done.

Best Practice for risk mitigation include:

  • Data protection and encryption
  • Segregate operations with respect to GxP, SoX, business confidential data
  • Regulatory compliance
  • Virtual Machine level security
  • The GAMP (Good Automated Manufacturing Practice) forum could provide guidance on Infrastructure Qualification, as well as validation of applications risks around security need to be identified, managed and documented
  • Differentiate the regulatory and security requirements to manage financial, legal and IP data from what the regulators require of GxP
  • To maximise effectiveness and minimise risk (and ultimately cost), security and privacy must be considered from the outset of any cloud implementation not after implementation and deployment
  • There should be careful evaluation of sensitivity of data being managed and its security (Like clinical trial data) with due consideration
  • The Service provider needs to be frequently audited, like any other contractor, to have quality of service & well maintained documentation with respect to GxP requirements. 


1 of 2 < 1 | 2 View on one page
Show Comments
Hide Comments

Join the discussion

We welcome your thoughtful comments.
All comments will display your user name.

Want to participate in the discussion?

Register for free

Log in for complete access.


  • Let us use a risk based approach to propagate this industry wide, establishing controls on the data


RSS feed for comments on this page | RSS feed for all comments