About Cloud Services


About CUIMC Cloud Services

Cloud services is a general term for using massive computing resources made available by companies with existing infrastructure, such as Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP). Cloud resources can include:

The main advantage of using a cloud provider is the ability to use only what you need without setting up and managing equipment and data center resources (power, space, etc.) upfront. There is no capital expenditure charge. You pay only for what you use.

CUIMC has a Business Associates Agreement (BAA) with both AWS and Google.

NOTE: Due to the complex nature of Cloud Services, as well as their varied use and add-on capabilities, the service provider’s instructions, documentation, and support are your best resource for help with using the service.  

Available Cloud Accounts

Currently, CUIMC-IT offers Amazon Web Services (AWS) accounts and Google GCP projects (BETA) which can be requested by submitting the Cloud Account provider form linked under Submit a Service Request on this page (top right). We will add more providers and update this page when they are available.

For assistance with HPC, statistical and data services, and any other cloud service questions, please contact the CUIMC-IT cloud team at cloud-services@cumc.columbia.edu for a consultation.

AWS/GCP Payment 

CUIMC has signed an agreement with AWS provider Four Points and GCP provider Burwood to act as a Consolidated Billing Organization. All new CUIMC AWS accounts and GCP projects will be created in their respective cloud organization. This allows CUIMC to take advantage of AWS and Google Volume Discounts, including NIH STRIDES.

The billing works as follows:

NOTE: We cannot accept Sponsored (SPONS) Chart Strings for IT services unless we receive prior approval from the Research Policy and Indirect Cost Group (askRPIC@columbia.edu)

CUIMC AWS Infrastructure

CUIMC has created an AWS infrastructure that has been built to run both HIPAA (CUIMC HIPAA) and Non-HIPAA workloads using the AWS Well-Architected Framework. The HIPAA section of the infrastructure will only allow HIPAA-compliant AWS services (AWS HIPAA Services) and has been built to HIPAA and CUIMC-aligned policies (see AWS HIPAA Guidelines).

Other CUIMC AWS Infrastructure highlights include:

Google GCP (BETA)

CUIMC is in the process of completing the rollout of the CUIMC GCP infrastructure using the Google Cloud Architecture Framework. We consider this infrastructure as being in Beta. Please contact cloud-services@cumc.columbia.edu if you would like to discuss utilizing GCP.

 GCP highlights include:

 

Future Components:

Responsibilities

Any resources or services from cloud providers that are used at CUIMC must comply with University policy for protecting data per its classifications. If the cloud service will have access to Protected Health Information (PHI), a Business Associate's Agreement (BAA) is required.

Cloud providers will generally outline what they are responsible for and what you must do. Even with a BAA, the full responsibility of protecting PHI is not on the provider. For example, using AWS/GCP to host a database that includes PHI often means the data will reside in an AWS location that meets HIPAA requirements; however, if a data breach happens because the database was not patched or credentials were phished, the provider will not be responsible.

It is the responsibility of the CUIMC cloud consumer to disclose the use of PHI/PII by selecting "yes" on the Cloud Account Service Now form for the selection "Will the account or project contain HIPAA/PHI data?"

CUIMC IT has documented guidelines for these shared responsibilities, including what we have implemented to comply with policies and actions required by cloud customers/operators:  CUIMC Cloud Account Responsibility Agreement (PDF).  Acceptance of the agreement is a requirement when submitting a Cloud Account Request.

Due to the variety of services and resources, their use, and needs at CUIMC, those ordering or operating them must have the technical knowledge and/or use any training, documentation, or help from the cloud provider.  General CUIMC IT support does not include assisting with setup, use, or troubleshooting other than what is outlined in the Cloud Account Responsibility Agreement.