Evaluating major cloud services for suitability to store and process medical research data

Using a Cloud environment instead of working locally has many benefits for businesses, like scalability, cost-effectiveness, and flexibility. It can be a challenging task to find out which Cloud environment suits best for researchers working with sensitive medical data. Section 4 is about the regulations from the GDPR and HIPAA for cloud providers. From the HIPAA the following regulations have been found which a cloud provider has to be compliant to: Access controls, integrity controls, audit logs, transmission security and a backup-plan. For the GDPR are the following: Transit encryption, AES encryption, data backups, multi-factor authentication, access controls and monitoring and logging. The conclusion drawn from the analysis of section 5 is included in the checklist for the next sub question in Section 6. The solutions identified as critical for addressing the most significant challenges include encryption, authentication, data classification, ISO 27000-series compliance, access control, API, and firewall. The conclusions from section 4 and 5 have been made into a checklist per cloud service. The topics in this checklist are requirements to find the best cloud environment. The cloud services that have been rated as most fitting are; Tresorit, Amazon Webservice and Google Cloud.