Evaluating major cloud services for suitability to store and process medical research data
Using a Cloud environment instead of working locally has many benefits for businesses, like scalability, cost-effectiveness, and flexibility. It can be a challenging task to find out which Cloud environment suits best for researchers working with sensitive medical data. Section 4 is about the regulations from the GDPR and HIPAA for cloud providers. From the HIPAA the following regulations have been found which a cloud provider has to be compliant to: Access controls, integrity controls, audit logs, transmission security and a backup-plan. For the GDPR are the following: Transit encryption, AES encryption, data backups, multi-factor authentication, access controls and monitoring and logging. The conclusion drawn from the analysis of section 5 is included in the checklist for the next sub question in Section 6. The solutions identified as critical for addressing the most significant challenges include encryption, authentication, data classification, ISO 27000-series compliance, access control, API, and firewall. The conclusions from section 4 and 5 have been made into a checklist per cloud service. The topics in this checklist are requirements to find the best cloud environment. The cloud services that have been rated as most fitting are; Tresorit, Amazon Webservice and Google Cloud.
Stefan WigtThe Hague University
Stefan is 27 years old and Ia student at the Hague University of Applied Sciences where he studies information security management. He did this research paper for school together with two other students to look for the best possible cloud environment for researchers.