Nov 30 2020

Infrastructure as Code: What Health IT Leaders Should Know

Expanded capacities for automation, speed and security help organizations manage remote teams and serve patients.

Infrastructure as Code (IaC), an automated way to provision, configure and operationally manage IT infrastructure with machine-readable templates, is emerging as a key approach to help healthcare organizations reduce IT costs and management burdens.

IaC is a way of working that stems from DevOps processes and best practices. It is being driven by software engineering practices that demand continuous, scalable delivery of compute resources for engineers. 

These capacities are essential as healthcare organizations increasingly depend on complex hybrid cloud setups and are tasked with managing larger and more granular workloads in their infrastructures.

They’re also critical for distributing resources during major crises — such as the COVID-19 pandemic — because of the ability to scale up when needed.  

READ MORE: Learn how Infrastructure as Code and Amazon Web Services work together.

In highly regulated verticals such as healthcare and life sciences, adopting IaC can have significant benefits for change control, environmental or workload drift detection, and separation of duties.

It also allows a development team to make a change request — including an appropriate IaC template — that can be reviewed, processed and executed by a separate operational team with minimal risk of a directive being lost or misunderstood.

“The IaC path provides real benefits to organizations that make the investments, not just in terms of a technical workflow but in terms of the organizational culture,” says Adam Greenfield, vice president of architecture at ClearDATA.

“Talking about, considering and deploying infrastructure changes the same way software engineers do for application code changes is a powerful experience.” 

Doing so, Greenfield notes, helps involve key stakeholders, performance reviews and consensus building earlier in the infrastructure planning. Organizations without this level of DevOps maturity in the next few years, he says, could be “well behind the curve.”

Why Healthcare Organizations Use Infrastructure as Code

There are many advantages to using IaC to automate infrastructure builds, notes CDW practice architect Drew Shanahan in the CDW Solutions Blog. Most applications and operating systems already run in virtual environments on-premises or in a cloud, so the strategy offers many advantages, including:

  • Fast and efficient builds of servers and applications
  • Consistent configuration of settings
  • Quick recovery of applications and dependent network components
  • Continuous delivery pipeline
  • Consistency in on-premises or cloud deployments

Using configuration management techniques and implementing environment and resource creation as code allows providers to automate configuration changes by making them repeatable and standardized while meeting compliance standards such as HIPAA. 

Meanwhile, increased regulatory demands and patient traffic due to the pandemic underscore the value of IaC to help improve database management.

A recent study from Redgate Software that examined adoption of DevOps in the healthcare sector revealed that increased speed and improved efficiency are among the top reasons healthcare organizations adopt DevOps practices.

How Infrastructure as Code Drives Efficiency and Security in Healthcare

IaC provides fast, fine-grained control of resources to spin up and down IT infrastructure, so it can help support demand and capacity management. And because requirements of resources are already codified, IaC can play a key role in incident response and disaster recovery.

Unlike traditional development infrastructure patterns, which can feature stale data sets and configurations that don’t match production, IaC allows healthcare organizations to develop applications and code more securely and operate more consistently across different environments, saving time and reducing risk.

“For healthcare, inconsistent deployment and human variability can have a huge impact on security and compliance of the application, and IaC helps provide consistency,” Greenfield says.

According to the Redgate study, risk reduction is one of the primary motivations to automate database delivery, while more than a quarter (27 percent) want to implement IaC practices to free up cost-intensive developer time, making it the top driver for the healthcare vertical.

“At its simplest, it’s a potentially rapid way of altering your infrastructure using automation to meet the needs of new ways of working for a healthcare organization,” says Dr. Saif Abed, a London-based cybersecurity expert.

By codifying and automating management of infrastructure, he adds, organizations can create audit trails of version control to inspect the underlying code, which is critical to security.

“They also have a set of instructions that can accelerate disaster recovery of infrastructure should the worst happen and your infrastructure is compromised due to a cyberattack,” Abed says.

Indeed, the Redgate study found more than half (58 percent) of respondents have version control measures for database code in place that enable automated builds and deployments.

“However, as with anything, it isn’t perfect, and IaC can have its own vulnerabilities that are exploitable by attackers,” Abed says. “It is not a security silver bullet.”

Supporting Remote Work Teams with IaC Solutions

Healthcare can use IaC as a mechanism to support needs caused by bursts of patients while keeping personal identifying information protected. 

IaC is also a highly effective way for teams to scale elastic environments consistently across a distributed workforce. 

READ MORE: What happens to stolen healthcare data?

Remote teams, then, may make a change to the source of an issue rather than each individual endpoint. That’s an advantage when an employee can’t simply walk down the hall to help a colleague fix an issue with his or her device.

Still, there can be challenges in how IaC is managed, Briana Frank, director of product management for IBM Cloud, tells BizTech magazine.

One example is configuration drift, which happens when changes are made to existing infrastructure without updating the code to match. This can create significant security issues and long-term compliance challenges; even a small divergence can create big problems down the line.

“In a perfect world, all infrastructure changes are done in the code, so this wouldn’t be a problem,” Frank says.

photo_Pawel/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.