This customer in the pharmaceuticals space provides a GxP compliant SaaS platform on the AWS cloud, collecting adverse reaction data for a number of household names in the drugs industry. We’ve worked with them since 2012, initially building an on-premises platform before migrating this workload to AWS
The Challenge
In 2012, the customer was developing a new tool for pharmaceutical companies to collect data from doctors and patients on adverse reactions to their drugs. Having worked in the industry, the founding team knew that showing compliance was far more than just ticking boxes. The industry’s GxP best practice guidelines were open to interpretation, and everything needed to be thoroughly documented, secured and controlled. It was complex.
At that same time, the startup wanted an infrastructure that could scale and give their developers the flexibility they needed to develop their product efficiently. At this time, the use of public cloud resources wasn’t viable because of the compliance position, and so we deployed the platform on a VMWare platform hosted by a GxP specialist hosting business.
In 2016, after running for a few years, it was clear that this hosting vendor was expensive and slow-moving - new VMs cost thousands of pounds a year, and could take weeks to provision. The platform ran in only a single data centre, and so disaster recovery options were limited. Something needed to change.
Why AWS?
The customer knew they wanted to reduce their operating costs, and were willing to reconsider public cloud options to get there. There was still the question of regulatory compliance - however in 2016, US pharma company Merck was talking openly about their successful use of AWS.
Through our AWS partnership, we were able to arrange discussions between the customer’s executive team and individuals from AWS who could reassure us about their ability to offer the level of security and compliance required for this workload.
Why The Scale Factory?
Having worked with us on the original platform implementation, it was obvious that the customer would choose to work with us again on their migration. We had domain knowledge about this client in particular, and experience with the AWS platform.
The Solution
We made use of Terraform and Puppet scripts for provisioning AWS resources according to good security and operational practices.
The platform consists of multiple environments, each with a number of tenants deployed into them. For each tenant we run a number of services on traditional autoscaled and load balanced EC2 instances, as well as some SQS queues. Per-tenant IAM policies isolate tenants from each other.
In addition we run some pooled resources that are shared by multiple tenants, including RDS for PostgreSQL, and EFS file storage, which backs a highly available SFTP service. We isolate tenants’ data from each other using access control features provided by those services.
The Results
Traditionally, life science companies have covered off the GxP best practice guidelines with hefty paperwork. We’ve been able to replace most of that red tape with automated processes to ensure compliance and security.
Provisioning new infrastructure now takes minutes, rather than weeks, and unlike the previous supplier, AWS don’t charge huge setup fees for new components.
The whole platform runs in multiple Availability Zones, ensuring that the customer is more able to withstand a disaster scenario than before.
Next Steps
As the customer’s company has evolved, we’ve provided continuity of knowledge and engineering as and when needed. Once the application was launched we advised on hiring a permanent team, and we continue to maintain their infrastructure.
In future we intend to leverage containerisation and serverless to further reduce cost. Being able to run a new tenant at a lower cost will open up new sales opportunities for the customer’s business.