With each passing quarter, Amazon, Microsoft and Google have been setting new records, while cloud computing has become the invisible backbone supporting much of our daily lives.
Its potential to become an even bigger part of people’s daily existence is sky-high.
The rising popularity of the cloud has gone hand-in-hand with that of 4G broadband technology and of smartphones: The combined power of the network and of servers makes it possible for us to listen to music, to watch videos, to work remotely, to post on social media or to request a ride and watch it arrive, in real time, on a smartphone map.
Companies and individuals can buy not just cloud-based storage but also processing power, Internet services and software, all of it situated not in one’s computer or smartphone but in huge data centers.
There are now even cloud services for video games, which require enormous amounts of data and extremely rapid response times.
“Cloud gaming,” as with other uses, lets users dispense with expensive and fast-outdated equipment.
Most big companies and institutions now access the cloud either through their own private servers or as a client of a public cloud provided by a company such as Amazon, Microsoft or Google.
These big providers offer an array of options, from simple hosting to ultra-complete online services, with an a la carte menu of tools and software, and with programs ensuring maintenance and security.
In practice, many companies choose a hybrid approach, melding the lower cost, greater power and high adaptability of the public cloud with the comforting security of a private cloud.
“Companies on average use about three different public-cloud providers,” said Bob O’Donnell, president and chief analyst at TECHnalysis Research.
While some companies grew up in the data world, he added, “let’s not forget that lots of companies have been moving slowly and cautiously; plenty of companies are just getting started.”
In 2020, the market for the public cloud is expected to reach $266 billion, a 17 percent increase over 2019, according to Gartner Consulting.
And market research firm IDC (International Data Corporation) predicts a near-doubling of the market by 2023, to $500 billion.
The 2006 launch of Amazon Web Services (AWS) gave the online giant a huge lead over its competitors. Analysts put its current share of the global public-cloud market at 30 to 50 percent.
AWS had 2019 revenues of $35 billion and claims millions of users worldwide.
It did suffer one setback last year: In October, the Pentagon awarded a mega-contract worth $10 billion to Microsoft, the second largest player in the market.
Against a backdrop of hostility between US President Donald Trump and Amazon boss Jeff Bezos, the company is taking legal action in an attempt to block the Microsoft contract.
A federal court on Thursday ordered the Pentagon to temporarily halt its work with Microsoft while the matter is reviewed.
Microsoft, meanwhile, has not released precise figures on the success of Azure, its public cloud, making comparisons difficult.
But the company’s cloud division has turned in Microsoft’s best performances, quarter after quarter.
Azure controls approximately 15 percent of the market.
Trailing it are Google Cloud and China’s Alibaba, each with a five or six percent share.
For Google, the American leader in internet research, the cloud is a growing priority: It showcases the company’s capacity for very large-scale data analysis as well as the ability for users of the hybrid cloud or of multiple clouds to easily shift data from one provider to another.
Google Cloud took in $9 billion in 2019 (up 53 percent in a year).
All the providers strongly emphasize cybersecurity—their reputations for protecting sensitive data are essential to their survival—but also, and crucially, the capacity for automated machine learning to rapidly analyze and optimally use the mountains of data being produced at every moment.
The Pentagon’s mega-contract, for example, is aimed at modernizing the computer systems of the entire American military, to be managed with the help of artificial intelligence.
The contract also seeks to reduce environmental costs, since sprawling data centers consume enormous amounts of electricity to cool their servers.
Meantime, 5G wireless technology and self-driving vehicles will favor the development of so-called edge computing – locating computing and storage capacity relatively close to their end users, thereby improving response time.
AWS has joined with Verizon, and Microsoft with AT&T, in the race to make cloud technologies more directly available to users.
The goal is to process data collected by myriad connected sensors (located in homes, factories, vehicles, etc.) in real time, without having to pass through servers.
Analysts say such “zero latency” promises to open dazzling new possibilities.
Cloud computing is a relatively new technology that will have a great impact on our lives. Using this technology, it is possible to access computing resources and facilities anytime and anywhere.
Healthcare industry is continuously evolving, and the future healthcare model is anticipated to be information-centric.
The industry can benefit from the cloud technology to manage change and complexity. This promising technology can help facilitate communication, collaboration, and coordination among different healthcare providers.
The cloud can help the healthcare industry deliver more value for the dollar. It can offer fast, flexible, scalable, and cost-effective infrastructure and applications.
The cloud can help store, manage, protect, share, and archive electronic health records (EHRs), laboratory information system, pharmacy information system, and medical images. Overall, patients will obtain better care because of up-to-date health records and continuous interactions between different healthcare providers.
Beside the lack of standards, regulations, and interoperability problems, the main obstacles that are hindering the wide-scale adoption of the cloud by healthcare providers are the security, confidentiality, and trust issues .
Computer security is a growing field in computer science that focuses on protecting computer systems and electronic data against unauthorized access, hardware theft, data manipulation, and against common threats and exposures such as backdoors, denial-of-service (DoS) attacks, and phishing.
The objective of applying computer security measures is to attain protection of valuable data and system resources; securing system resources includes protection of a computer system hardware and software, whereas data security is more concerned with protecting data that are stored or transmitted between computer systems, as well as cloud systems.
Privacy on the other hand is considered as one of the main objectives of security; it enforces certain rules and principles that regulate to what extent data about individuals or groups can be accessed, gathered, or transmitted to a second or third party. Data ownership is more related to data privacy rather than data security.
Privacy could be claimed as a moral right for individuals and groups when using information systems, whereas computer security is not a moral right in itself. Differentiating between computer security and privacy could be more complex, and there are certainly areas of overlap between them [2, 3].
For example, when healthcare providers use secure systems to communicate with patients about their health, rather than transmitting health data via personal e-mail accounts, this type of data communication is an example of a secure implementation.
On the other hand, privacy will only attempt to limit the access to patient health records to authorized hospital staff members.
Cloud computing offers opportunities and challenges. Just like every other IT application, the cloud has various security issues and concerns.
Since it usually operates in an open and shared environment, it is vulnerable for data loss, theft, and malicious attacks. Weak cloud security is one of the important problems that are hindering the full diffusion of the cloud in healthcare industry.
Healthcare professionals have many reasons not to trust the cloud, for example, they cannot give away control over their medical records. Cloud providers usually store their data in different data centers located in different geographic locations.
This represents a clear advantage, since data storage on the cloud will be redundant, and in case of force majeure, different data centers will help recover from disasters. On the other hand, this same advantage can pose a security challenge because data stored in different locations will be more prone to theft and loss.
In general, there are many security risks associated with the use of the cloud like failure to separate virtual users, identity theft, privilege abuse, and poor encryption are among the security concerns .
The goal of this paper is to survey literature and review the state of the art to understand various cloud security challenges and available solutions. This paper tries to answer the following research questions:
- RQ1. What are the cloud computing schemes used in healthcare systems?
- RQ2. What are the security challenges hindering the wide-scale adoption of cloud computing by healthcare providers?
- RQ3. What are the state-of-the-art cloud computing solutions used by current healthcare providers and the security risks associated with those solutions?
The remainder of the paper is organized as follows: Section 2presents background information about cloud computing. Section 3discusses the security requirements needed by healthcare providers for adopting cloud computing. In Section 4, we survey recent work addressing security risks for eHealth systems using cloud computing. Available security solutions are discussed in Section 5. Finally, our findings and conclusions are summarized in Section 6.
There are multiple cloud definitions, different people, different research groups, and different papers that tend to define the cloud in different ways. Nowadays, cloud computing is more of a buzzword rather than a scientific term. According to the National Institute of Standards and Technology (NIST) special publication  “cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” Anyone who delivers technology over the Internet seems to think that he/she is using the cloud technology. Only few papers that use the cloud term exactly meet the NIST models and characteristics.
Cloud Computing Characteristics
According to the official definition, cloud computing has five main characteristics: resource pooling, broad network access, rapid elasticity, on-demand self-service, and measured service .
- Shared resources: clients can share resources like networks, servers, storage, software, memory, and processing simultaneously. Providers can dynamically allocate resources according to the fluctuations in demand, and the client is completely unaware of the physical locations of these services.
- Broad network access: the cloud allows a broad access to the network using the Internet from any device.
- Elasticity: the cloud is flexible and configurable. Clients feel that resources are unlimited.
- On-demand self-service: if needed, any customer can automatically configure the cloud without the interference of service technicians. Customers perform scheduling and decides the required storage and computing power.
- Measured service: different cloud services can be measured using different metrics. Detailed usage reports are generated to preserve the rights of customers and providers.
Cloud computing has four different service models:
- Software as a service (SaaS): it is the most popular cloud service, and the software resides on the provider platform. The consumer can access the software using a web browser or an application programming interface (API). It follows a pay-per-use business model. Consumers do not need to worry about the software upgrades and maintenance; some limited application configuration capability might be available to consumers. Salesforce and Office 365 are popular examples [5–10].
- Platform as a service (PaaS): it provides development and testing environments. The consumer develops his/her own application on a virtual server and has some control over the application hosting environment, particularly the application and data, making it faster to develop, test, and deploy applications. Cloud Foundry is a good example .
- Infrastructure as a service (IaaS): it provides the infrastructure, operating systems, and applications. It is the service of choice for companies that do not have the necessary capital to buy hardware. Customers pay according to consumption.
- Infrastructure is scalable depending on processing and storage needs. The consumer has control over applications, data, middleware, and operating systems but not over the underlying cloud infrastructure. Amazon EC2 is a good example .
- Anything as a service (XaaS): it offers a variety of services ranging from personal services to large resources over the Internet [13, 14].
Cloud computing has five different delivery models:
- Private cloud: it is located on premises, over the intranet, behind the firewall, and usually managed by the same organization that uses it. Their services are offered to the organization employees. Security issues are limited; a good example is VMware .
- Public cloud: it is located off premises, over the Internet, and usually managed by a cloud service provider. Their services are offered to the public. It is less secure than the private cloud, some popular public clouds are Dropbox , Amazon EC2 , and Microsoft Azure .
- Hybrid cloud: it combines private and public clouds, and it has trust and confidentiality issues because of the public part. A good example is Rackspace .
- Community cloud: it is a group of entities with a common goal, share the cloud; universities usually share a single cloud. A good example is NYSE Capital Markets Community Platform (Figure 1) .Figure 1Relationship between delivery and service models.
eHealth Cloud Benefits
The cloud has many benefits.
- Improved patient care because of the continuous interaction by the patient with different healthcare stakeholders. Patient data are available anytime and anywhere for doctors to analyze and diagnose.
- Cost savings: there is no need to buy expensive hardware and software. Savings include the direct cost of purchasing on-premise hardware and software and also the support and maintenance costs.
- Energy savings: the energy bill will be cut because there is no need for data centers on premises; as a result there, is no need for expensive cooling.
- Robust disaster recovery: in case of emergency, almost all cloud service providers offer a redundant system and services.
- Research: the cloud is a central data repository that can be used to support national medical research, disease control, and epidemics monitoring.
- Solving the scarcity of resources: doctors in remote areas can use telemedicine to perform consultations.
- Rapid deployment: software and hardware systems can be used almost immediately.
- Data availability: data are available for all healthcare stakeholders like physicians, clinics, hospitals, and insurance companies [20, 21].
eHealth Cloud Limitations
The cloud has many limitations:
- Availability and reliability: the service can be slow, interrupted, or down, depending on the strength of the Internet connection. This will largely affect user experiences .
- Interoperability: there is a need for standards to achieve proper communication, coordination, and collaboration between different healthcare providers’ platforms .
- Security and privacy: open and shared environment is prone to data loss and theft .
- Legislation and regulations: the wide adoption of cloud computing requires laws, regulations, and ethical and legal frameworks .
- Limited control and flexibility: it has limited control over data ownership because of centralization. The cloud applications are often generic, and custom software might be hard to rent .
- Vulnerability to attacks: the cloud is prone to different kinds of security attacks .