Essential Healthcare Services and Cloud Computing

Abstract: Like many organizations, critical infrastructures and essential services are adopting cloud computing. The many benefits are however clouded with security concerns. These types of organizations and services are associated with severe societal and individual consequences from failures or incidents. They are naturally subject to strict regulations and requirements. Even if critical and essential services are adopting and utilizing cloud computing, organizations hesitate due to unsolved challenges with cloud computing for critical and essential services. To mitigate such unnecessary impediments and to enhance secure Health-CC, there is a need for an exploration of existing solutions for Health-CC, as well as investigating gaps, to provide improving considerations. To address this problem, the thesis investigated existing challenges and solutions for cloud computing security, regarding cloud computing within essential healthcare. Here, called “Health-CC”, and encompasses settings and processes where cloud computing is highly involved and where system, assets, and data protection are intensively actualized. The research question required the author to identify cloud computing challenges, thematize related solutions, patterns, gaps, and laying a basis for a well-based discussion on possible improving considerations – from a pertinent critical infrastructure protection perspective, for essential healthcare services. The chosen research question necessitated a problem-driven mixed methods approach, where a systematic literature review was utilized for the overall research guidance and selection procedures. Selection criteria were formulated to capture the mentioned Health-CC security settings. An integrated traditional literature review was added for the purpose of the scientific base. At the analysis level, the mixed methods approach facilitated a thematic synthesis analysis – to identify themes, patterns, and gaps or shortcomings, as well as lay the basis for following discussion of improving security considerations. Three solution groups were identified: specific techniques, software architecture, and assessment models. Further analysis of their solution types from a pertinent critical infrastructure protection perspective, identified multiple patterns: from recurring techniques or administrative components, targeted security issues, Health-CC environment focus, framework coverage, to the type of aspects and perspectives involved. This resulted in general patterns of solution components and perspectives, although revealing several shortcomings and possible improving considerations for enhanced Health-CC security: explicit critical infrastructure protection perspective; focus on continuity aspects; multi-party and multi-actor nature of Health-CC arrangement deserves more focus; system protection emphasis; availability concept and deterring properties highly considered; cloud environment specified when possible; data protection concerns only crucial and sensitive data required by law. Its conclusions on the exploration of solutions as well as improving considerations contribute to the HealthCC security field, to a satisfying degree.