Globally, the health-care industry has recognized the importance of cloud computing. As a result, firms in this industry have devised strategies and measures to ensure that they adopt cloud computing. The information processed is sensitive, indicating the importance of healthcare organizations focusing on the assessment and mitigation of cloud computing hazards. The study presents a research proposal that focuses on the investigation of health care cloud computing security management.
Cloud computing is understood by several people as a means of outsourcing for the computing services in the area of information (Takabi, Joshi & Ahn, 2010). As such, the sector has evolved from the hype of marketing to information computing utility. Organizations consider cloud services as essential in strategic decision making. The main elements that are involved are the delivery of the scalable services in computing through the combination of software and hardware within the virtual environment under the usage-bound payment (Antonopoulos, 2010).
In information computing, cloud computing is a popular subject. As such, cloud computing offers a chance for the healthcare organizations to ensure that they have a chance to have effective and simple forms of the provision of their services. Over the decades, healthcare has undergone changes in the privacy of the information (Antonopoulos, 2008). Thus, the protection and security of the information in this sector is a continuous process. As such, each healthcare organization has the mandate and the role to ensure that there is security of the health information.
Aim and objectives
The study aims on understanding the approaches, which are adopted in the security management of the cloud computing in health care sector.
A. The objectives include:
B. Identifying the potential measures and methods for security management in cloud computing
C. Indentifying the security issues that do not have any mitigation strategies in cloud computing
D. Evaluating possible solutions to the security issues in cloud computing
Problem statement
Security and privacy issues in cloud computing determine the success of healthcare organizations to adopt the system as a means of improving the provision of services to customers. In spite of the different gains, which cloud computing offers to the health care organizations, there is no promise of the security for the information (Niccolai, 2009). There are numerous management measures and standards adopted for ensuring that the cloud is secure. However, these do not achieve the intended success and purpose because of the emergence of the innovative techniques for hacking. Thus, in spite of having the established standards, it is impossible to promise that there will be cloud security. The situation occurs because of the weak security routines that are developed by the healthcare organizations.
Subproblems
The research paper focuses on comprehending the aspect of cloud security in three aspects. The first one is the mechanism and structure of the measures adopted for cloud security, which include private cloud, firewalls, decryption and encryption, digital signatures, and algorithms. The investigation will reveal the deficiencies in these measures (Mather, 2009). The second approach is the assessment of the unlawful techniques, which could be present in the cloud security. These include the investigation of the application of the innovative knowledge. The final is the identification of the flaws that are present within the security procedures (Airline & Travel News - Air Safety & Security News: Some Risks Remain Unaddressed with Cloud Computing, 2014). The three aspects are vital since they depict what happens in the adoption of the different security mechanisms for the organization.
Research questions
The study will be guided by the following research questions:
1. What is the security issues present in cloud computing?
2. How does the healthcare sector implement cloud computing and address security related challenges?
3. How are the security issues, which do not have any mitigation handled in the healthcare sector?
4. What solutions can be used to address the security issues in healthcare sector?
Delimitations
The phenomenon of cloud security is multifaceted and has several social, technical, legislative, and governmental influences, which function parallel to one another. Thus, the current research is not able to consider all the aspects of the cloud security issues since some parts are beyond the scope of the project (Unlocking the Cloud, 2013). Further, the research project is not able to develop a tool or model, which will address the security issues in cloud computing at 100 percent.
Definition of terms
Cloud computing is considered as a model, which enables convenient, ubiquitous, and on-demand access to a network that is shared in a pool of configured resources of computing, which can be released and provisioned with minimum interaction of the service provider and management effort (Greene, 2010). Thus, the organization gets a chance to have its expenditure minimized significantly on the area of resources management. Further, the entity enjoys a reduction of the burden for hardware and software management for the user. Hence, the organization gets the opportunity to undertake other creative works, which contributes to the generation of the desired profits and revenues (Ross, 2011). The performance output of the firm also increases significantly.
Assumptions
The study makes the assumption that the security issues in the cloud computing of healthcare organizations are related to other management problems in other companies. Therefore, the solutions to be developed as the means of countering the problem can be applied in other sectors, which do not necessary, belong to healthcare centers.
Importance of the study
Cloud computing provides a new and efficient means of accessing applications and ensuring that work is simple and efficient in the healthcare industry. However, there are factors that include security issues, which should be investigated to understand the impact of the new functionality of the service. For example, cloud computing is compounded with the automatic updates feature, which depicts that changes, which are done by an administrator have a significant impact on the users (Chalkidou & Bradley, 2013). Further, any faults in the functionality of the software affect all the users of the cloud computing services, which is a significant risk for the organization. The security policies of a firm helps in ensuring that it is secured from unwanted future security breaches. Thus, the study will provide insightful information on the security issues and solutions for the same in the healthcare industry. This will ascertain that the users of the service benefit effectively.
Literature review
Introduction
This section focuses on reviewing literature, which is related to security issues in cloud computing. As such, past studies are considered to look at what has been done and what has been established. Further, the chapter helps in identifying the common themes, which are present in those past studies.
Bender (2012) conducted research, which indicated cloud computing has taken root in society, but it has significant problem in the treatment and management of personal information of the customers. The researcher conducted an exploratory research that reviewed literature on security issues and privacy of cloud computing. Ponemon Institute conducted a survey in 2011, which indicated that executives in the IT rated the issue of cloud security as fair to poor (Ponemon, 2011). Further, the survey also found that some of the executives do not even understand the risk of security in cloud computing.
A study by Dlodlo (2011) on legal, privacy and security issues in cloud computing indicated that the security systems are very weak. As such, the intruders find it very easy to break in. The situation is worse since the applications and the data of the company is pooled in one location. Chow, Golle, Jakobsson, Masuoka and Molina (2009) indicated that security concerns are categorized as availability, traditional security, and third party data control. These categories have to be taken into consideration when focusing on the issue of security (Chow et al., 2009).
Offutt (2012) indicated that in the current decade, it is impossible for individuals to look at any information technology publication and find that cloud computing is missing. Such is because consumers have an access to cloud computing through the different applications extended to them by the companies (Kontzer, 2008). Thus, the issue of security of cloud computing is become a major concern in society that needs to be addressed immediately.
The reviewed literature has not focused on healthcare security issues of cloud computing. The researchers were concerned with general aspect of security and there was no concentration on specifics of security concerns. Further, these studies have used literature review and survey questionnaire as the method to collect data. The current research focuses on using the same approach to gather data from the participants.
Conclusion
In conclusion, past studies have been conducted in security issues, but they have not being specific. Further, there is no study, which has been directed to the issue of cloud computing in healthcare. Therefore, this research will be of great knowledge and information in this field.
Methodology
Instruments
This study seeks to use the instrument of in-depth interviews and questionnaire. As such, the researcher will formulate both closed-ended and open-ended questions, which will be used for the interviews and the questionnaire (Worthington, 2012). The aim is to ensure that these questions focus on the research question and have the potential to elicit a positive response from the study participants. These instruments will ensure that primary data is gathered. The reliability and validity level will be ensured by having consistency in the formulation of these questions. Thus, the instrument will measure what is expected to measure from the study population and such a measurement process can be repeated again to gather similar results.
The research will also gather secondary data by conducting scholarly such on information from books, online articles, and journals, which relate to security issues of cloud computing as applied in the field of healthcare. The obtained data from the secondary process will then be compared with that of the primary process to generate accurate inferences regarding the study that is conducted in this research.
Sampling
A random sampling technique will be used to identify 20 participants for the interview questions and 100 participants for the questionnaire. Thus, the entire study population will be 120 participants. These will be individuals working in the healthcare sector, especially those who are attached to the technical department. Further, the demographic variables that include age, gender, and level of income among the participants will be taken into consideration to eliminate any form of bias, which could make the study not achieve the anticipated output from the research process.
The study seeks to use both qualitative and quantitative experimental designs. Thus, a mixed methodology will be adopted in this research. This is because the study seeks to have detailed data, which is gathered from the sample population in relation to the research question. The data will also help in answering essential questions of the research process (Pipeline - BI, CRM, CRS, Guestroom, Mobile, Payment, POS, RMS, Security, 2017). Further, the combination of qualitative and quantitative methodology will assist in data comparison to identify any form of flaws.
The first set of data will be gathered through the administration of the questionnaires and conduct of the interview sessions. Thus, the selected participants will be given consent letters, which they will sign as a clear indication of their willingness and desire to engage in the study without any form of coercion (Coleman, 2011). The second set of data will be gathered from intensive and extensive literary search of information, which is related to the issues of cloud computing and security problems.
The admissibility of the participants in the research will entail ensuring that these individuals are of 18 years and above. Thus, the target group is between 18 and 50 years. These are individuals perceived to be highly motivated and aware of the technological advancements in the current century. Further, participants will have to sign the consent forms so that they can be considered as part of the respondents in the research.
Analysis and statistical techniques
The analysis will involve the use of discrete statistics. As such, the first set of data will be subjected to statistical tools, which will ensure that there is a clear depiction of the relationships of the data patterns. SPSS software will be used in data analysis and ANOVA and Variance tests conducted so that the results can be interpreted clearly to make inferences from the data gathered from the study.
The second set of data will undergo a thematic analysis, which will assist in identifying the common themes, which are related to the type of information or arguments that are presented in relation to the security issues in cloud computing. Such will involve coding of the information to ensure that a clear output is depicted for the collected data.
Scope
The study is tied to conducting research on issues of security as they pertain to the cloud computing in healthcare organizations. Thus, the research will not cover other companies or organizations, but the healthcare institutions (Zhang & Liu 2010). Further, the research will not focus on creation of cloud computing or types of model, but only the aspect of security in cloud computing.
The researcher is undertaking a course in information technology, which creates a chance to have openness and necessary skills and experience in the area of security issues. Such is because cloud computing is a recent development in information technology and security problems should be addressed amicably.
Study outline
Steps to be taken
The first step in this study will be the development of the proposal. This will be followed by the review of the document with the supervisor who will give a go ahead with the project. The next step will be the review of the relevant literature on the research question. Such will be followed by the formulation of the methodology chapter, which includes the design of the questions for the questionnaire and the interview. The next stage will be the collection of data from the field and analysis. Finally, inferences from the study results will be made and report written on the research that is conducted.
Timeline
The project is expected to last for 8 months. The time includes the development of the proposal, the formulation of methodology, literature review, data gathering, analysis of the results and report writing.
Budget
The study is cost-effective since the design does not focus on instruments, which will be bought from the shops and other retail outlets. Thus, the research involves the work of the researcher and interacting with the study participants. Therefore, the estimated cost for this study is $500, which will allow for travelling expenses and other expenditure to be incurred while running the project.
References
Airline & Travel News - Air Safety & Security News: Some Risks Remain Unaddressed With
Cloud Computing. (2014). AirGuide Online.com, 1.
Antonopoulos, A. (2008, September 22). Privacy, security issues darken cloud computing.
Network World. p. 25.
Antonopoulos, A. (2010). All cloud all the time at RSA security. Network World, 27(5), and 19.
Bender, D. (2012). Privacy and Security Issues in Cloud Computing. Computer & Internet
Lawyer, 29(10), 1-15.
Chalkidou, T., & Bradley, M. J. (2013). Saving to the Cloud. Parks & Recreation, 48(10), 44-45.
Coleman, N. (2011). Cloud control. Lawyer, 25(42), 35.
Chow, R., Golle, P., Jakobsson, M., Masuoka, R., & Molina, J. (2009). Controlling data in the
cloud: outsourcing computation without outsourcing control. CCSW’09, Novembr 13, Chicago, Illi nois, USA, pp. 85-90.
Dlodlo, N. (2011). Legal, Privacy, Security, Access and Regulatory Issues in Cloud Computing.
Proceedings Of The European Conference On Information Management & Evaluation, 161-168.
Greene, T. (2010). Cloud security, cyberwar dominate RSA Conference. (cover story). Network
World, 27(5), 1-18.
Kontzer, T. (2008). Send in The Cloud. (cover story). CIO Insight, (99), 32-38.
Mather, T. (2009). Clouds on the horizon. SC Magazine: For IT Security Professionals (UK
Edition), 62. Niccolai, J. (2009). Cloud security fears are overblown. Network World, 26(8), 32.
Offutt, B. (2012). Cloud Computing: A Mandate for Travel Companies. Phocuswright
Innovation Edition, 1-6.
Pipeline - BI, CRM, CRS, Guestroom, Mobile, Payment, POS, RMS, Security. (2017).
Hospitality Upgrade, 84-122.
Ponemon, L. (2011). Cloud security: Managing firewall risks. Phonemon Institute.
Ross, S. K. (2011). Exporters On Cloud 9?. Journal Of Commerce (1542-3867), 12(8), 31.
Takabi, H, Joshi, D, & Ahn, G. (2010). “Security and privacy challenges in cloud computing
environments,” IEEE Security and Privacy, vol. 8, no. 6, pp. 24–31.
Unlocking the Cloud. (2013). Food Logistics, (150), 46-49.
Worthington, L. (2012). Clouded Vision. Club Management, 61.
Zhang, R, & Liu, L. (2010). “Security models and requirements for healthcare application
clouds,” in Proceedings of the 3rd IEEE International Conference on Cloud Computing (CLOUD '10), pp. 268–275.
