Life Sciences

GxP in the AWS Cloud

Issue link:

Contents of this Issue


Page 3 of 4

SHARE: GxP in the AWS cloud: The compliance and efficiency benefits of rethinking regulated workloads 4 The historical oversight provided by Config is a major advance over what went before. Until now, compliance was a point-in-time activity. Companies could show compliance at discrete points in time but only assume compliance between these points. Config provides near-continuous compliance that is far more comprehensive than earlier systems. AUTOMATING CLOUD MONITORING Merck provided an onboarding document to help teams put apps into the cloud. Teams subsequently embraced the cloud. This validated the model but also created challenges. User growth outpaced capacity at the IT department. The manual checks implemented in the early days to ensure security became burdensome. A new, more automated way of working was needed. C ompanies seeking to automate aspects of the management and oversight of cloud systems can use readymade services. IT teams can connect these off-the-shelf services to their systems, or link multiple services together and make minor modifications to create processes tailored to their needs. The aforementioned CloudTrail traffic logger links to Amazon CloudWatch, a cloud monitoring service. IT teams can configure CloudWatch to send alerts via text or email when certain events happen. For example, the system could send an alert when someone tries to log in with superuser privileges. This allows IT to see whenever someone accesses—or tries to access—the system with powers that enable them to make major changes. AWS C onfig Rules enables similarly proactive, automated oversight. This service, an extension of the aforementioned AWS Config, automates the enforcement of policy. When something unusual happens or is detected in an automated periodic assessment, the service triggers an action. The IT team defines what is unusual and what action is triggered. For highly-undesirable events, the service can automatically roll back the system to its status before the change happened. Other ser vices ensure the integrity of data. One way to achieve this is through encryption. If data integrity is compromised, the system will detect the problem during decryption. This automates control of one of the most common GxP problems. Backup and recovery controls allow IT teams to return the system to its former, uncompromised state. Merck also used the building blocks provided by AWS services to create custom monitoring tools. One such creation automatically places restrictions on what new users can do and access. Another minor development checks each user against Merck's active director y when they tr y to access the cloud. If a user leaves Merck, they are automatically removed from the directory and therefore prohibited from accessing the cloud. ACHIEVING CONTINUOUS COMPLIANCE These automated services allowed Merck to support a fast-growing user base without expanding its IT team in lockstep. Merck and companies with similar setups control their systems and the users who interact

Articles in this issue

Links on this page

view archives of Life Sciences - GxP in the AWS Cloud