Beruflich Dokumente
Kultur Dokumente
Research cloud computing in relation to health care. What are the major security and
privacy challenges? Please choose three and describe them in detail.
The National Institute of Standards and Technology defines cloud computing as a model for
resources (e.g., networks, servers, storage, applications, and services) that can be rapidly
provisioned and released with minimal management effort or service provider interaction.1
According to MarketsandMarkets, the global adoption for cloud services in healthcare will grow
form $3.73 billion in 2015 to nearly $9.5 billion by 2020.2 This is hardly surprising as there are
numerous advantages for adopting cloud integrations such as faster deployment of EHR
technology with the capability of enhanced data sharing and collaboration. Other advantages
However, cloud computing integration does have security and privacy challenges. Some of the
challenges include system complexity issues where many components comprise a cloud
components and resources are shared with users that may be unknown; Loss of Control where
there is a potential for mismanagement of organizational assets over the cloud; the ability to meet
established regulations and laws in a cloud computing environment; under the cloud computing
paradigm an organization relinquishes direct control and hence confers an unprecedented level of
trust onto the cloud provider; the security of data in the cloud may be an issue as it may be stored
in a shared environment and the location of where the data is stored is also an issue; Availability
The three concerns I am going to focus on are availability, data location and trust.
February 17th 2017 2
Availability – this is the extent to which an organizations full set of computational resources are
accessible and usable. Availability can be temporary or permanent and a loss can be partial or
equipment outages, denial of Service (DoS) attacks and natural disasters. It is hence important
should not rely on employing cloud services without sufficient recourse. A denial of service
attack involves saturating the target with bogus request to prevent it from responding to
legitimate requests in a timely manner. These kings of attacks are becoming more common. If
the data is stored in a location that experiences a natural disaster this may result in a more
consider where the data will be stored. A characteristic of many cloud computing services is that
data is stored redundantly in multiple physical locations and detailed information about the
location is often not disclosed. This makes it difficult to confirm whether sufficient safeguards
are in place or whether legal and regulatory requirements are being met. For example, National
Archives and Records Administration (NARA) regulation 36 CFR 1234 includes facility
requirements for the storage of records and stipulate a minimum height above and distance away
from a flood plain. When information crosses border it may be more difficult to regulate to
certain standards.
Trust – under the cloud computing paradigm an organization relinquishes direct control over
many aspects of security and privacy and in doing so confers a high level of trust onto the cloud
provider. Insider security threats can stem from current and former employees and can included
contractors, organizational affiliates and other parties that have received access to the
February 17th 2017 3
organizations network. Incidents can involve types of fraud and sabotage. There can also be a
lack of transparency of the cloud provider’s security and privacy measures and status as this
information is often proprietary and might be used to devise an avenue of attack. Another aspect
that encompasses trust is data ownership. The organization’s ownership rights over the data must
be firmly established in the service contract to enable a basis for trust and privacy of data.
1 http://csrc.nist.gov/publications/drafts/800-145/Draft-SP-800-145_cloud-definition.pdf
2 http://www.healthcareitnews.com/blog/cloud-today-and-tomorrow-why-hospitals-are-tripling-
use-cloud-services
3 http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-144.pdf
4 http://s3.amazonaws.com/rdcms-
himss/files/production/public/CS0405_Cloud_Security_Top10_Questions.pdf