Cloud computing has revolutionized the world of technology over the years; however, it has also brought with it certain shortcomings that are a threat to the security of users data and privacy. If cloud computing is used in a medical clinic to store patient’s data, a series of advantages may be experienced, including, the access of a large data center to store patients records efficiently. Nonetheless, its safety may not be guaranteed. Public cloud service providers are prone to problems such as data leakage; this occurs due to the multi-environment scenario that exists. Malicious hackers could access these records and use them for personality theft or other online illegal activities (Behl, 2011). Besides that, the providers of this service may not handle the data correctly, considering that human is to error, and they may not understand the sensitive nature of the data stored.
Moreover, the hospital will lose total control of the data since it is not within their IT reach. The storage of this data in online facilities takes away their privileges of setting up personal privacy settings. In this case, a weak privacy setting may expose the data to other unauthorized people. In addition, since data is transmitted online, there can occur a breach in security, with hackers trying to snoop the data; however, files can be encrypted before transmission, but this brings about another security issue. The service providers also handle the management of encryption keys; hence if they are hacked, a massive data breach can occur.
Delegate your assignment to our experts and they will do the rest.
Cloud computing employs the use of hypervisor technology in its functionality. Cloud storage, as stated above, is a multi-user environment; hypervisor technology is used to ensure that every user has access to similar resources in terms of processing power, memory and Ram storage (Hill, 2013). The virtualization technique allows several users to access a single system, known as a host, with guest operating systems. The guest operating systems run independently; this is beneficial since a breakdown in one guest operating system does not affect the others. Practically, this technology is considered safe and recommended, but theoretically, if a bug is ever discovered in its programming, it can enable hackers to install malware that can run similarly to hypervisors and hidden below the operating system. The security implications that come as a result of this are the ability of hackers to interfere with processes such as entering passwords. Ultimately, it would remain undetectable by anti-malware as it works under the operating system. Such a breach leaves data susceptible to access by anyone.
There are two options when an enterprise decides to make use of cloud technology for the storage of their data, either public or private. Public clouds have a number of features including the ability to self-manage the server as desired. They usually do not rely on contracts; hence, there is much more flexibility in the use of the server, meaning one can quit the application at any time before the set deadline. However, they provide the same hardware resources to all users, and that may be a weak point for a security breach. Since any hacking into the hypervisor technology could lead to mass leakage of data. Private cloud providers, on the other hand, have taken much consideration into the protection of user's data. Hence it is nearly impossible for a company's data to be accessed by unauthorized users. On top of this, they provide the owners of the cloud with the ability to customize their features in terms of storage, network, and hardware performance.
There are specific measures that could be taken to safeguard user's data in cloud data storages. Data breaches such as illegal access by cracking a company's credentials can be solved by employing the use of multifactor authentication system, using other unique features of the owner for security purposes. Also, to prevent the breach of the network, a more sophisticated encryption method can be used and other software that tracks log of data being sent to detect any malicious attack. The users can also employ the use of a password management system since it may be easy for hackers to access their accounts by only learning their behaviors and personal interests and end up cracking their accounts. There are also acts that should be made aware to users such as ensuring that they know the limitations of law enforcers in accessing their data in case of any legal reason (Zissis & Lekkas, 2012).
A medical clinic in the process of acquiring a cloud storage account for maintaining their patient's records should seek to employ the following strategies in order to preserve their patient's privacy. They should understand the provider's encryption offers; if they only offer in transit encryption, they should be aware that once the data reaches the servers, it will be accessible to anyone with access to the network. If they offer at-rest encryption, encryption of the data will be possible during the transmission of the data and its storage, but if the company is hacked, then all their data will be susceptible to leakage. The best encryption would be the end to end encryption to ensure that the data is encrypted from their own devices first; hence, both have the key to decrypting the data. Another viable solution would be to incorporate the use of the hybrid cloud to enable the clinic to have full access to their patient's records before transferring to 3rd party storage (Krutz & Vines, 2010).
References
Behl, A., (2011, December). Emerging security challenges in cloud computing: An insight to cloud security challenges and their mitigation. In 2011 World Congress on Information and Communication Technologies (pp. 217-222). IEEE.
Hill, D. C., (2013). U.S. Patent No. 8,514,868. Washington, DC: U.S. Patent and Trademark Office.
Krutz, R. L., & Vines, R. D. (2010). Cloud security: A comprehensive guide to secure cloud computing. Wiley Publishing.
Zissis, D., & Lekkas, D., (2012). Addressing cloud computing security issues. Future Generation computer systems, 28(3), 583-592.
