VMworld 2011: Regulators do not understand the cloud, says pharmaceuticals CTO


VMworld 2011: Regulators do not understand the cloud, says pharmaceuticals CTO

Cliff Saran

Cliff Saran Cliff Saran

Cliff Saran is the managing editor (technology) on Computer Weekly magazine responsible for commissioning, writing and overseeing  the magazine strategy concerning all matters relating to technology from up-and-coming research and development to systems management challenges and legacy support and maintenance.

Cliff has been writing about these subjects since the early 1990s. In his current role, he writes a regular blog called Cliff Saran’s IT FUD blog which aims to unravel the hype, weed out the fear uncertainty and doubt spun by the massive marketing machinery in the IT industry.

You can contact Cliff by emailing cliff.saran@rbi.co.uk.

View all articles by Cliff Saran >>

How to find Cliff Saran online

Follow Cliff on Twitter

Linked-In profile for Cliff Saran

Cliff's photography website and Flickr photostream.


cliff.saran@rbi.co.uk 020 8652 8460 Active Cliff Saran False True

Regulators are years away from understanding the cloud, according to Stephen Speirs, chief technology officer at Charles River Labs, a contract researcher for major pharmaceutical and biotechnology companies.


Speaking during a panel session at VMworld in Copenhagen, Speirs, who has been using VMware for three years, said he wanted to be in a position where the default position of the company would be to put IT in the cloud. But the pharmaceutical business is heavily regulated. In particular, the US Food and Drink Administration (FDA) requires companies to provide serial numbers of servers for computer system validation.

He said the regulators did not really understand the cloud. "We need to educate regulators that we can still maintain control, even if the server is in the cloud. It could take a while before they really understand it."

According to Speirs, regulators and regulated companies need to move to a risk-based approach to compliance. "We need to build a level of trust in how the provider [of cloud services] controls its environment."

One approach that may satisfy regulators in the future, according to Speirs, is for the CIO to visit the supplier's datacentre to witness how it is run and incorporate this information into a system validation plan for the purposes of regulatory compliance.

In the meantime, Charles River Labs is being careful which systems it puts into the cloud to avoid infringing FDA regulations. "We have run a pilot with our IT helpdesk application to see how we could work with an external cloud provider, looking at how we would manage a supplier and service levels," he said.

Since the application is the IT helpdesk, there are no privacy concerns that could affect regulatory compliance. Another benefit of using the helpdesk is that it is an IT function, so IT has full control of the project.



Read more from VMworld:


MetaKeywords MetaDescription Sensitive Landingpage False

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy