My answer to this is simple. The public cloud (defined as the rapid provisioning and de-provisioning of CPU cycles, software licenses, and storage) is good for many things, such as web hosting or non-critical applications that do not contain patient or confidential information. At Harvard Medical School and Beth Israel Deaconess Medical Center, we've embraced public cloud technology, but transformed it into something with a guaranteed service level and compliance with Federal/State security regulations - the private cloud.
Here's the approach we're using to create private clouds at HMS and BIDMC:
1. At HMS, we created Orchestra, a 6000 core blade-based supercomputer backed by a petabyte of distributed storage. Thousands of users run millions of jobs. It's housed in Harvard controlled space, protected by a multi-layered security strategy, and engineered to be highly available. We also use grid computing technologies to share CPU among multiple high performance computing facilities nationwide.
2. At BIDMC and its physician organization (BIDPO), we've created a virtualized environment for 150 clinician offices, hosting 20 instances of logically isolated electronic health record applications per physical CPU. It's backed with half a petabyte of storage in a fault tolerant networking configuration and is housed at a commercial high availability co-location center.
3. At BIDMC, our clinical systems are run on geographically separated clusters built with high availability blade-based Linux machines backed by thin-provisioned storage pools.
Each of our private clouds has very high bandwidth internet connections with significant throughput (terabytes per day at HMS). The bandwidth charges of public clouds would be cost prohibitive.
We are investigating the use of public cloud providers to host websites with low volume, low security requirements, and no mission criticality. Public solutions could be better/faster/cheaper than internal provisioning.
Thus, our cloud strategy is to create private clouds that are more reliable, more secure, and cheaper than public clouds for those applications which require higher levels of availability and privacy. For those use cases where the public cloud is good enough, we're considering external solutions.
Someday, it may make sense to move more into the public cloud, but for now, we have the best balance of service, security, and price with a largely private cloud approach.