A Systematic Review: Risk Management of Cloud Computing Projects in Healthcare DOI: https://doi.org/10.33093/ijomfa.2023.4.2.5
Main Article Content
Abstract
Cloud computing has become a major driver for innovation in this technological age. All sectors around the world have increasingly moved towards cloud adoption including the healthcare sector. However, cloud computing projects with other IT projects come with their own set of risks that could be costly for organizations if they materialized. This study aims to provide an understanding of the risks of cloud computing projects in healthcare by using a systematic literature review augmented by the constant comparison method.63 articles from five major databases written from the year 2010 to 2022 were reviewed as they are related to cloud computing projects. More specifically, this study shows 198 unique indicators that were categorized into risks, threats, vulnerabilities, probabilities, consequences, and control procedure categories which then were classified into 13 distinct risk classes that can be found in such projects.
Article Details
References
Abouzakhar, N. S., Jones, A., & Angelopoulou, O. (2018). Internet of Things Security: A Review of Risks and Threats to Healthcare Sector. Proceedings - 2017 IEEE International Conference on Internet of Things, IEEE Green Computing and Communications, IEEE Cyber, Physical and Social Computing, IEEE Smart Data, IThings-GreenCom-CPSCom-SmartData 2017, 2018-Janua, 373–378. https://doi.org/10.1109/iThings-GreenCom-CPSCom-SmartData.2017.62
Abrar, H., Hussain, S. J., Chaudhry, J., Saleem, K., Orgun, M. A., Al-Muhtadi, J., & Valli, C. (2018). Risk Analysis of Cloud Sourcing in Healthcare and Public Health Industry. IEEE Access, 6, 19140–19150. https://doi.org/10.1109/ACCESS.2018.2805919
AbuKhousa, E., Mohamed, N., & Al-Jaroodi, J. (2012). e-Health Cloud: Opportunities and Challenges. Future Internet, 4(3), 621–645. https://doi.org/10.3390/fi4030621
Akinsanya, O. O., Papadaki, M., & Sun, L. (2020). Towards a maturity model for health-care cloud security (M2HCS). Information and Computer Security, 28(3), 321–345. https://doi.org/10.1108/ICS-05-2019-0060
Akter, S., Michael, K., Uddin, M. R., McCarthy, G., & Rahman, M. (2020). Transforming business using digital innovations: the application of AI, blockchain, cloud and data analytics. Annals of Operations Research. https://doi.org/10.1007/s10479-020-03620-w
Alarcon, M. L., Nguyen, M., Debroy, S., Bhamidipati, N. R., Calyam, P., & Mosa, A. (2021). Trust Model for Efficient Honest Broker based Healthcare Data Access and Processing. 2021 IEEE International Conference on Pervasive Computing and Communications Workshops and Other Affiliated Events, PerCom Workshops 2021, 201–206. https://doi.org/10.1109/PerComWorkshops51409.2021.9430954
Aleem, A., & Ryan Sprott, C. (2012). Let me in the cloud: Analysis of the benefit and risk assessment of cloud platform. Journal of Financial Crime, 20(1), 6–24. https://doi.org/10.1108/13590791311287337
Alghamdi, B., Potter, L. E., & Drew, S. (2021). Validation of architectural requirements for tackling cloud computing barriers: Cloud provider perspective. Procedia Computer Science, 181, 477–486. https://doi.org/10.1016/j.procs.2021.01.193
Alharbi, F., Atkins, A., & Stanier, C. (2017). Cloud computing adoption readiness assessment in saudi healthcare organisations: A strategic view. ACM International Conference Proceeding Series. https://doi.org/10.1145/3018896.3025156
Al-Hujran, O., Al-Lozi, E. M., Al-Debei, M. M., & Maqableh, M. (2018). Challenges of cloud computing adoption from the TOE framework perspective. International Journal of E-Business Research, 14(3), 77–94. https://doi.org/10.4018/IJEBR.2018070105
Ali, O., Shrestha, A., Soar, J., & Wamba, S. F. (2018). Cloud computing-enabled healthcare opportunities, issues, and applications: A systematic review. International Journal of Information Management, 43(July), 146–158. https://doi.org/10.1016/j.ijinfomgt.2018.07.009
Ali., Warren, D., & Mathiassen, L. (2017). Cloud-based business services innovation: A risk management model. International Journal of Information Management, 37(6), 639–649. https://doi. org/10.1016/j.ijinfomgt.2017.05.008
Al-Issa, Y., Ottom, M. A., & Tamrawi, A. (2019). EHealth Cloud Security Challenges: A Survey. Journal of Healthcare Engineering, 2019. https://doi.org/10.1155/2019/7516035
Al-Ruithe, M., Benkhelifa, E., & Hameed, K. (2018). Key Issues for Embracing the Cloud Computing to Adopt a Digital Transformation: A study of Saudi Public Sector. Procedia Computer Science, 130, 1037–1043. https://doi.org/10.1016/j.procs.2018.04.145
Alzoubi, Y. I., Al-Ahmad, A., & Kahtan, H. (2022). Blockchain technology as a Fog computing security and privacy solution: An overview. Computer Communications, 182(April 2021), 129–152. https://doi.org/10.1016/j.comcom.2021.11.005
Aski, V. J., Dhaka, V. S., Kumar, S., Verma, S., & Rawat, D. B. (2021). Advances on Networked eHealth Information Access and Sharing: Status, Challenges and Prospects. Computer Networks, 204(April 2021), 108687. https://doi.org/10.1016/j.comnet.2021.108687
Belbergui, C., Elkamoun, N., & Hilal, R. (2019). Cloud computing: Overview and risk identification based on classification by type. Lecture Notes in Networks and Systems, 49, 19–34. https://doi.org/10.1007/978-3-319-97719-5_2
Bernsmed, K., Cruzes, D. S., Jaatun, M. G., Haugset, B., & Gjaere, E. A. (2014). Healthcare services in the cloud - Obstacles to adoption, and a way forward. Proceedings - 9th International Conference on Availability, Reliability and Security, ARES 2014, 158–165. https://doi.org/10.1109/ARES.2014.28
Cegielski, C. G., Allison Jones-Farmer, L., wu, Y., & Hazen, B. T. (2012). Adoption of cloud computing technologies in supply chains: An organizational information processing theory approach. The International Journal of Logistics Management, 23(2), 184–211. https://doi.org/10.1108/09574091211265350
Chan, W., Leung, E., & Pili, H. (2012). COSO Enterprise Risk Management for Cloud Computing.
Chang, C. C., Li, C. T., & Shi, Y. Q. (2018). Privacy-Aware Reversible Watermarking in Cloud Computing Environments. IEEE Access, 6, 70720–70733. https://doi.org/10.1109/ACCESS.2018.2880904
Coss, D. L., & Dhillon, G. (2019). Cloud privacy objectives a value based approach. Information and Computer Security, 27(2), 189–220. https://doi.org/10.1108/ICS-05-2017-0034
Delavari, V., Shaban, E., Janssen, M., & Hassanzadeh, A. (2020). Thematic mapping of cloud computing based on a systematic review: a tertiary study. Journal of Enterprise Information Management, 33(1), 161–190. https://doi.org/10.1108/JEIM-02-2019-0034
Doherty, E., Carcary, M., & Conway, G. (2015). Migrating to the cloud examining the drivers and barriers to adoption of cloud computing by smes in ireland: An exploratory study. Journal of Small Business and Enterprise Development, 22(3), 512–527. https://doi.org/10.1108/JSBED-05-2013-0069
Dwivedi, Y. K., & Mustafee, N. (2010). It’s unwritten in the Cloud: The technology enablers for realising the promise of Cloud Computing. Journal of Enterprise Information Management, 23(6), 673–679. https://doi.org/10.1108/17410391011088583
El-Gazzar, R. F. (2014). An overview of cloud computing adoption challenges in the norwegian context. Proceedings - 2014 IEEE/ACM 7th International Conference on Utility and Cloud Computing, UCC 2014, 412–418. https://doi.org/10.1109/UCC.2014.52
El-Gazzar, R., Hustad, E., & Olsen, D. H. (2016). Understanding cloud computing adoption issues: A Delphi study approach. Journal of Systems and Software, 118, 64–84. https://doi.org/10.1016/j.jss.2016.04.061
Eze, B., Kuziemsky, C., & Peyton, L. (2018). Operationalizing privacy compliance for cloud-hosted sharing of healthcare data: A case study. Proceedings - International Conference on Software Engineering, 18–25. https://doi.org/10.1145/3194696.3194701
Fatima, A., & Colomo-Palacios, R. (2018). Security aspects in healthcare information systems: A systematic mapping. Procedia Computer Science, 138, 12–19. https://doi.org/10.1016/j.procs.2018.10.003
Feng, B., Lin, Y., Xu, T., & Duan, J. (2021). A survey on privacy preservation in video big data. International Conference on Electrical, Computer, Communications and Mechatronics Engineering, ICECCME 2021, 55(1). https://doi.org/10.1109/ICECCME52200.2021.9591105
Ferri, L., Spanò, R., Maffei, M., & Fiondella, C. (2020). How risk perception influences CEOs’ technological decisions: extending the technology acceptance model to small and medium-sized enterprises’ technology decision makers. European Journal of Innovation Management, 24(3), 777–798. https://doi.org/10.1108/EJIM-09-2019-0253
Fu, C., Lv, Q., & Badrnejad, R. G. (2020). Fog computing in health management processing systems. Kybernetes, 49(12), 2893–2917. https://doi.org/10.1108/K-09-2019-0621
Gao, F., & Sunyaev, A. (2019). Context matters: A review of the determinant factors in the decision to adopt cloud computing in healthcare. International Journal of Information Management, 48(July 2018), 120–138. https://doi.org/10.1016/j.ijinfomgt.2019.02.002
Ghahramani, M. H., Zhou, M., & Hon, C. T. (2017). Toward cloud computing QoS architecture: Analysis of cloud systems and cloud services. IEEE/CAA Journal of Automatica Sinica, 4(1), 6–18. https://doi.org/10.1109/JAS.2017.7510313
Grob, M., Cheng, V., Burns, J. (2021). COSO Enterprise Risk Management for Cloud Computing, COSO, https://www.coso.org/Documents/COSO-ERM-for-Cloud-Computing.pdf
Grubisic, I. (2014). ERP in clouds or still below. Journal of Systems and Information Technology, 16(1), 62–76. https://doi.org/10.1108/JSIT-05-2013-0016
Hampton, J. (2009). Fundamentals of Enterprise Risk Management.
Han, S., Han, K., & Zhang, S. (2019). A Data Sharing Protocol to Minimize Security and Privacy Risks of Cloud Storage in Big Data Era. IEEE Access, 7, 60290–60298. https://doi.org/10.1109/ACCESS.2019.2914862
Hathaliya, J. J., & Tanwar, S. (2020). An exhaustive survey on security and privacy issues in Healthcare 4.0. Computer Communications, 153(January), 311–335. https://doi.org/10.1016/j.comcom.2020.02.018
Hopkin, P. (2017). Fundamentals of Enterprise Risk Management – Understanding, evaluating and implementing effective risk management.
Iqbal, A., & Colomo-Palacios, R. (2019). Key Opportunities and Challenges of Data Migration in Cloud: Results from a Multivocal Literature Review. Procedia Computer Science, 164, 48–55. https://doi.org/10.1016/j.procs.2019.12.153
Ismagilova, E., Hughes, L., Rana, N. P., & Dwivedi, Y. K. (2022). Security, Privacy and Risks Within Smart Cities: Literature Review and Development of a Smart City Interaction Framework. Information Systems Frontiers, 24(2), 393–414. https://doi.org/10.1007/s10796-020-10044-1
ISO31000. (2018). BS ISO 31000: 2018 BSI Standards Publication Risk management — Guidelines. BSI Standards Publication, 26.
Kajiyama, T., Jennex, M., & Addo, T. (2017). To cloud or not to cloud: How risks and threats are affecting cloud adoption decisions. Information and Computer Security, 25(5), 634–659. https://doi.org/10.1108/ICS-07-2016-0051
Kauffman, R. J., Ma, D., & Yu, M. (2018). A metrics suite of cloud computing adoption readiness. Electronic Markets, 28(1), 11–37. https://doi.org/10.1007/s12525-015-0213-y
Keshta, I., & Odeh, A. (2020). Security and privacy of electronic health records: Concerns and challenges. Egyptian Informatics Journal, 22(2), 177–183. https://doi.org/10.1016/j.eij.2020.07.003
Kitchenham, B.A, Budgen, D., Brereton, P., (2016). Evidence-Based Software Engineering and Systematic Reviews. CRC Press
Kshetri, N. (2013). Privacy and security issues in cloud computing: The role of institutions and institutional evolution. Telecommunications Policy, 37(4–5), 372–386. https://doi.org/10.1016/j.telpol.2012.04.011
Kuo, M. (2011) Opportunities and Challenges of Cloud Computing to Improve Health Care Services, J Med Internet Res 2011;13(3):e67, https://www.jmir.org/2011/3/e67
Kuzminykh, L., Ghita, B., Sokolov, V., Bakhshi, T. (2021). Information Security Risk Assessment. Encyclopedia 2021, 1, 602 – 617. https://doi.org/10.3390/encyclopedia1030050
Landoll, D, (2021). The Security Risk Assessment Handbook
Li, H., Liu, L., Lan, C., Wang, C., & Guo, H. (2020). Lattice-Based Privacy-Preserving and Forward-Secure Cloud Storage Public Auditing Scheme. IEEE Access, 8, 86797–86809. https://doi.org/10.1109/ACCESS.2020.2991579
Lian, J. W., Yen, D. C., & Wang, Y. T. (2014). An exploratory study to understand the critical factors affecting the decision to adopt cloud computing in Taiwan hospital. International Journal of Information Management, 34(1), 28–36. https://doi.org/10.1016/j.ijinfomgt.2013.09.004
Lu, Z., Qian, P., Bi, D., Ye, Z., He, X., Zhao, Y., Su, L., Li, S., & Zhu, Z. (2021). Application of AI and IoT in Clinical Medicine: Summary and Challenges. 41(6), 1134–1150.
Maeser, R. (2020). Analyzing CSP Trustworthiness and Predicting Cloud Service Performance. IEEE Computer Graphics and Applications, May, 73–85. https://doi.org/10.1109/OJCS.2020.2994095
Maniah, Soewito, B., Lumban Gaol, F., & Abdurachman, E. (2021). A systematic literature Review: Risk analysis in cloud migration. Journal of King Saud University - Computer and Information Sciences. https://doi.org/10.1016/j.jksuci.2021.01.008
Masuda, Y., Shirasaka, S., Yamamoto, S., & Hardjono, T. (2017). Risk Management for Digital Transformation in Architecture Board: A Case Study on Global Enterprise. Proceedings - 2017 6th IIAI International Congress on Advanced Applied Informatics, IIAI-AAI 2017, 255–262. https://doi.org/10.1109/IIAI-AAI.2017.79
Mbunge, E., Muchemwa, B., Jiyane, S., & Batani, J. (2021). Sensors and healthcare 5.0: transformative shift in virtual care through emerging digital health technologies. Global Health Journal, 5(4), 169–177. https://doi.org/10.1016/j.glohj.2021.11.008
Mekawie, N., & Yehia, K. (2021). Challenges of deploying cloud computing in eHealth. Procedia Computer Science, 181(2019), 1049–1057. https://doi.org/10.1016/j.procs.2021.01.300
Mitropoulos, S., & Veletsos, A. (2020). A Categorization of Cloud-Based Services and their Security Analysis in the Healthcare Sector. SEEDA-CECNSM 2020 - 5th South-East Europe Design Automation, Computer Engineering, Computer Networks and Social Media Conference. https://doi.org/10.1109/SEEDA-CECNSM49515.2020.9221808
Mohammad, O. K. J. (2018). Recent trends of cloud computing applications and services in medical, educational, financial, library and agricultural disciplines. ACM International Conference Proceeding Series, 132–141. https://doi.org/10.1145/3233347.3233388
Mourtzis, D., & Vlachou, E. (2016). Cloud-based cyber-physical systems and quality of services. TQM Journal, 28(5), 704–733. https://doi.org/10.1108/TQM-10-2015-0133
NHS Digital. Health and Social Care Cloud Risk Framework. NHS Digital; 2018.
Onwuegbuzie, A.J., Leech, N.L., Collins, K.M.T., (2012), Qualitative Analysis Techniques for the Review of the Literature. The Qualitative Report, 17, 56, 1-28. http://www.nova.edu/ssss/QR/QR17/onwuegbuzie.pdf
Piliouras, T., Yu, P. L. R., Su, Y., Siddaramaiah, V. K. A., Sultana, N., Meyer, E., & Harrington, R. (2011). Trust in a cloud-based healthcare environment. 2011 8th International Conference and Expo on Emerging Technologies for a Smarter World, CEWIT 2011. https://doi.org/10.1109/CEWIT.2011.6135890
Poorejbari, S., & Vahdat-Nejad, H. (2015). An Introduction to Cloud-Based Pervasive Healthcare Systems. PerCAM14 2014 https://doi.org/10.4108/icst.iccasa.2014.257442
Rahman, R., & Mahmud, T. (2021). Integrating Cloud Computing in E-healthcare: System Design, Implementation and Significance in Context of Developing Countries.
Ranaweera, P., Jurcut, A., & Liyanage, M. (2022). MEC-enabled 5G Use Cases: A Survey on Security Vulnerabilities and Countermeasures. ACM Computing Surveys, 54(9), 1–37. https://doi.org/10.1145/3474552
Rehman, U. U., Park, S. B., & Lee, S. (2021). Secure Health Fog: A Novel Framework for Personalized Recommendations Based on Adaptive Model Tuning. IEEE Access, 9, 108373–108391. https://doi.org/10.1109/ACCESS.2021.3101308
Savvides, S., Kumar, S., Stephen, J. J., & Eugster, P. (2021). C3PO: Cloud-based Confidentiality-preserving Continuous. ACM Transactions on Privacy and Security. 25(1).
Shanmugapriya, E., & Kavitha, R. (2019). Efficient and Secure Privacy Analysis for Medical Big Data Using TDES and MKSVM with Access Control in Cloud. Journal of Medical Systems, 43(8). https://doi.org/10.1007/s10916-019-1374-6
Sharma, M., & Sehrawat, R. (2020). Quantifying SWOT analysis for cloud adoption using FAHP-DEMATEL approach: evidence from the manufacturing sector. Journal of Enterprise Information Management, 33(5), 1111–1152. https://doi.org/10.1108/JEIM-09-2019-0276
Singh, P., Dwivedi, Y. K., Kahlon, K. S., Sawhney, R. S., Alalwan, A. A., & Rana, N. P. (2020). Smart Monitoring and Controlling of Government Policies Using Social Media and Cloud Computing. Information Systems Frontiers, 22(2), 315–337. https://doi.org/10.1007/s10796-019-09916-y
Sookhak, M., Jabbarpour, M. R., Safa, N. S., & Yu, F. R. (2021). Blockchain and smart contract for access control in healthcare: A survey, issues and challenges, and open issues. Journal of Network and Computer Applications, 178(July 2020), 102950. https://doi.org/10.1016/j.jnca.2020.102950
Suciu, G., Suciu, V., Martian, A., Craciunescu, R., Vulpe, A., Marcu, I., Halunga, S., & Fratu, O. (2015). Big Data, Internet of Things and Cloud Convergence – An Architecture for Secure E-Health Applications. Journal of Medical Systems, 39(11). https://doi.org/10.1007/s10916-015-0327-y
Sultan, N. (2014). Making use of cloud computing for healthcare provision: Opportunities and challenges. International Journal of Information Management, 34(2), 177–184. https://doi.org/10.1016/j.ijinfomgt.2013.12.011
Sun, P. J. (2020). Security and privacy protection in cloud computing: Discussions and challenges. Journal of Network and Computer Applications, 160(August 2019), 102642. https://doi.org/10.1016/j.jnca.2020.102642
Tebaa, M., & Hajji, S. el. (2014). From Single to Multi-clouds Computing Privacy and Fault Tolerance. IERI Procedia, 10, 112–118. https://doi.org/10.1016/j.ieri.2014.09.099
Wakunuma, K., & Masika, R. (2017). Cloud computing, capabilities and intercultural ethics: Implications for Africa. Telecommunications Policy, 41(7–8), 695–707. https://doi.org/10.1016/j.telpol.2017.07.006
Wu, Y., Lyu, Y., & Shi, Y. (2019). Cloud storage security assessment through equilibrium analysis. Tsinghua Science and Technology, 24(6), 738–749. https://doi.org/10.26599/TST.2018.9010127
Xu, J., Liang, C., Jain, H. K., & Gu, D. (2019). Openness and security in cloud computing services: Assessment methods and investment strategies analysis. IEEE Access, 7, 29038–29050. https://doi.org/10.1109/ACCESS.2019.2900889
Zou, J., He, D., Zeadally, S., Kumar, N., Wang, H., & Choo, K. R. (2022). Integrated Blockchain and Cloud Computing Systems: A Systematic Survey, Solutions, and Challenges. ACM Computing Surveys, 54(8). https://doi.org/10.1145/3456628