GCP – Secure, Scalable, Discoverable Research Environment with Simplified Chargeback
Healthcare data is being generated at an exponential rate, currently representing an estimated 30% of the world’s data1. The volume, speed, and variety of the data that is created can make it quite difficult for researchers and academic professionals to consume, analyze, and share insights at scale. At Google Cloud, we’re helping bring researchers scalable and secure healthcare research workspaces to share data and provision resources more efficiently.
Accelerate data sharing and cloud resources with Google Cloud
With Google Cloud, researchers can scale up and down from zero to thousands of concurrently running virtual machines while requesting a wide array of compute processing units, including GPUs and custom Google Cloud TPUs to accelerate machine-learning workloads.
Google Cloud can also handle diverse data, including unstructured, semi-structured, and structured data sets. The underlying storage can scale to petabytes, supporting varying data modalities that are directly accessible from within the Google Cloud research environment using tools such as Jupyter notebooks with both Python and R programming languages or R Studio IDE embedded within a secure environment.
To help researchers in Canada comply with the Government of Canada Cloud Operationalization Framework, we’ve created guardrails to implement a preliminary secure baselineset of controls within your cloud environment along with guardrails validation toolsto provide a faster validation process. Healthcare data specifically is protected by a number of privacy laws and regulations in Canada; we’ve published awhitepaper that explains data protection features and how they align to many security and privacy practices to be compliant with PHIPA.
Along with a secure foundation, healthcare researchers often require secure chargeback capabilities for invoicing cloud resource consumption. Google Cloud simplifies chargebacks, eliminating potential issues with invoicing or the handling of payment methods.
Building a secure, research environment for health informatics with simplified chargeback at its core
When the University of Toronto’sTemerty Centre for Artificial Intelligence Research and Education in Medicine (T-CAIREM) wanted to build a digital environment to facilitate collaboration using healthcare data, they had several strict requirements, including:
Implementation of embedded safeguards
Regionalization
Elimination of invoicing and chargebacks for end users
Repeatable deployments using Terraform.
At first glance, any cloud service provider could address these requirements. However, taking a closer look, Google Cloud offered several additional benefits:
Simplifying chargeback and tracking cloud consumption costs
A popular dataset may require invoicing external researchers through a chargeback mechanism for their cloud resource consumption. Chargeback can raise issues around secure payment methods including handling of payment methods or the need for invoicing. Google Cloud simplifies the chargeback process by making payment profiles external to the Google Cloud billing account. Payment profiles are managed by Google Cloud and aren’t dependent on a client’s cloud organization, allowing researchers to create a payment profile before logging into their research environment. In addition, end users can control who views cloud consumption costs and how they are tracked towards allocated grants without additional management from the research platform provider.
We have also created tutorials to help researchers automatically stop billing to avoid over-charging with advanced cost controls. With programmatic budget notifications, Google Cloud Billing can help users stay within budget with automated monitoring and controlling of costs, such as putting a cap on the project cost.
Embedded safeguards: Secure notebook blueprints
To enhance security, we build a secure service perimeter (as illustrated in the image below) using secure notebook blueprints and further detailed within Protecting confidential data in Vertex AI Workbench user-managed notebooks.
The service perimeter defines a higher trust boundary and associated security policies intended to mitigate data exfiltration. Service parameters are defined within VPC-Service controls as part of the secure cloud foundation and outline Google Cloud projects and services within the perimeter trust boundary. Detailed within this blog on securing confidential data; VPC-Service Controls prevent reading or copying data to resources outside the perimeter.
Additionally, context-aware access can be configured to grant access to workstations outside the trusted cloud perimeter boundary based on well-defined client attributes through Google Cloud’s zero-trust model, BeyondCorp. Individual researchers can also be associated with a single perimeter, and data sharing among researchers can be enabled through a perimeter bridge that allows for communication between Google Cloud resources.
A secure and scalable data environment: Health Data Nexus
T-CAIREM’s Health Data Nexus, built on Google Cloud, provides researchers with a more secure, scalable platform with a self-service interface. It allows them to load their desired data from anywhere in the world, analyze the data in Jupyter notebooks or R Studio, share their information, and collaborate with one another seamlessly. The projects that will be able to grow from this health data platform are limitless.
Google Cloud is already widely available to public sector organizations in Canada and is also the most favored platform for research globally, according to Ipsos.
Google Cloud is committed to supporting researchers on their journeys to create new breakthroughs. To learn more about how researchers can accelerate their work with Google Cloud training and resources, or to apply for free credits, visit the Google Cloud for Researchers page today.
1 Source: https://www.rbccm.com/en/gib/healthcare/episode/the_healthcare_data_explosion
Read More for the details.