A Systematic Review: Risk Management of Cloud Computing Projects in Healthcare DOI: https://doi.org/10.33093/ijomfa.2023.4.2.5

Main Article Content

Muhammad Afif Fathullah
Anusuyah Subbarao
Saravanan Muthaiyah

Abstract

Cloud computing has become a major driver for innovation in this technological age. All sectors around the world have increasingly moved towards cloud adoption including the healthcare sector. However, cloud computing projects with other IT projects come with their own set of risks that could be costly for organizations if they materialized. This study aims to provide an understanding of the risks of cloud computing projects in healthcare by using a systematic literature review augmented by the constant comparison method.63 articles from five major databases written from the year 2010 to 2022 were reviewed as they are related to cloud computing projects. More specifically, this study shows 198 unique indicators that were categorized into risks, threats, vulnerabilities, probabilities, consequences, and control procedure categories which then were classified into 13 distinct risk classes that can be found in such projects.

Article Details

Section
Management, Finance and Accounting

References

Abouzakhar, N. S., Jones, A., & Angelopoulou, O. (2018). Internet of Things Security: A Review of Risks and Threats to Healthcare Sector. Proceedings - 2017 IEEE International Conference on Internet of Things, IEEE Green Computing and Communications, IEEE Cyber, Physical and Social Computing, IEEE Smart Data, IThings-GreenCom-CPSCom-SmartData 2017, 2018-Janua, 373–378. https://doi.org/10.1109/iThings-GreenCom-CPSCom-SmartData.2017.62

Abrar, H., Hussain, S. J., Chaudhry, J., Saleem, K., Orgun, M. A., Al-Muhtadi, J., & Valli, C. (2018). Risk Analysis of Cloud Sourcing in Healthcare and Public Health Industry. IEEE Access, 6, 19140–19150. https://doi.org/10.1109/ACCESS.2018.2805919

AbuKhousa, E., Mohamed, N., & Al-Jaroodi, J. (2012). e-Health Cloud: Opportunities and Challenges. Future Internet, 4(3), 621–645. https://doi.org/10.3390/fi4030621

Akinsanya, O. O., Papadaki, M., & Sun, L. (2020). Towards a maturity model for health-care cloud security (M2HCS). Information and Computer Security, 28(3), 321–345. https://doi.org/10.1108/ICS-05-2019-0060

Akter, S., Michael, K., Uddin, M. R., McCarthy, G., & Rahman, M. (2020). Transforming business using digital innovations: the application of AI, blockchain, cloud and data analytics. Annals of Operations Research. https://doi.org/10.1007/s10479-020-03620-w

Alarcon, M. L., Nguyen, M., Debroy, S., Bhamidipati, N. R., Calyam, P., & Mosa, A. (2021). Trust Model for Efficient Honest Broker based Healthcare Data Access and Processing. 2021 IEEE International Conference on Pervasive Computing and Communications Workshops and Other Affiliated Events, PerCom Workshops 2021, 201–206. https://doi.org/10.1109/PerComWorkshops51409.2021.9430954

Aleem, A., & Ryan Sprott, C. (2012). Let me in the cloud: Analysis of the benefit and risk assessment of cloud platform. Journal of Financial Crime, 20(1), 6–24. https://doi.org/10.1108/13590791311287337

Alghamdi, B., Potter, L. E., & Drew, S. (2021). Validation of architectural requirements for tackling cloud computing barriers: Cloud provider perspective. Procedia Computer Science, 181, 477–486. https://doi.org/10.1016/j.procs.2021.01.193

Alharbi, F., Atkins, A., & Stanier, C. (2017). Cloud computing adoption readiness assessment in saudi healthcare organisations: A strategic view. ACM International Conference Proceeding Series. https://doi.org/10.1145/3018896.3025156

Al-Hujran, O., Al-Lozi, E. M., Al-Debei, M. M., & Maqableh, M. (2018). Challenges of cloud computing adoption from the TOE framework perspective. International Journal of E-Business Research, 14(3), 77–94. https://doi.org/10.4018/IJEBR.2018070105

Ali, O., Shrestha, A., Soar, J., & Wamba, S. F. (2018). Cloud computing-enabled healthcare opportunities, issues, and applications: A systematic review. International Journal of Information Management, 43(July), 146–158. https://doi.org/10.1016/j.ijinfomgt.2018.07.009

Ali., Warren, D., & Mathiassen, L. (2017). Cloud-based business services innovation: A risk management model. International Journal of Information Management, 37(6), 639–649. https://doi. org/10.1016/j.ijinfomgt.2017.05.008

Al-Issa, Y., Ottom, M. A., & Tamrawi, A. (2019). EHealth Cloud Security Challenges: A Survey. Journal of Healthcare Engineering, 2019. https://doi.org/10.1155/2019/7516035

Al-Ruithe, M., Benkhelifa, E., & Hameed, K. (2018). Key Issues for Embracing the Cloud Computing to Adopt a Digital Transformation: A study of Saudi Public Sector. Procedia Computer Science, 130, 1037–1043. https://doi.org/10.1016/j.procs.2018.04.145

Alzoubi, Y. I., Al-Ahmad, A., & Kahtan, H. (2022). Blockchain technology as a Fog computing security and privacy solution: An overview. Computer Communications, 182(April 2021), 129–152. https://doi.org/10.1016/j.comcom.2021.11.005

Aski, V. J., Dhaka, V. S., Kumar, S., Verma, S., & Rawat, D. B. (2021). Advances on Networked eHealth Information Access and Sharing: Status, Challenges and Prospects. Computer Networks, 204(April 2021), 108687. https://doi.org/10.1016/j.comnet.2021.108687

Belbergui, C., Elkamoun, N., & Hilal, R. (2019). Cloud computing: Overview and risk identification based on classification by type. Lecture Notes in Networks and Systems, 49, 19–34. https://doi.org/10.1007/978-3-319-97719-5_2

Bernsmed, K., Cruzes, D. S., Jaatun, M. G., Haugset, B., & Gjaere, E. A. (2014). Healthcare services in the cloud - Obstacles to adoption, and a way forward. Proceedings - 9th International Conference on Availability, Reliability and Security, ARES 2014, 158–165. https://doi.org/10.1109/ARES.2014.28

Cegielski, C. G., Allison Jones-Farmer, L., wu, Y., & Hazen, B. T. (2012). Adoption of cloud computing technologies in supply chains: An organizational information processing theory approach. The International Journal of Logistics Management, 23(2), 184–211. https://doi.org/10.1108/09574091211265350

Chan, W., Leung, E., & Pili, H. (2012). COSO Enterprise Risk Management for Cloud Computing.

Chang, C. C., Li, C. T., & Shi, Y. Q. (2018). Privacy-Aware Reversible Watermarking in Cloud Computing Environments. IEEE Access, 6, 70720–70733. https://doi.org/10.1109/ACCESS.2018.2880904

Coss, D. L., & Dhillon, G. (2019). Cloud privacy objectives a value based approach. Information and Computer Security, 27(2), 189–220. https://doi.org/10.1108/ICS-05-2017-0034

Delavari, V., Shaban, E., Janssen, M., & Hassanzadeh, A. (2020). Thematic mapping of cloud computing based on a systematic review: a tertiary study. Journal of Enterprise Information Management, 33(1), 161–190. https://doi.org/10.1108/JEIM-02-2019-0034

Doherty, E., Carcary, M., & Conway, G. (2015). Migrating to the cloud examining the drivers and barriers to adoption of cloud computing by smes in ireland: An exploratory study. Journal of Small Business and Enterprise Development, 22(3), 512–527. https://doi.org/10.1108/JSBED-05-2013-0069

Dwivedi, Y. K., & Mustafee, N. (2010). It’s unwritten in the Cloud: The technology enablers for realising the promise of Cloud Computing. Journal of Enterprise Information Management, 23(6), 673–679. https://doi.org/10.1108/17410391011088583

El-Gazzar, R. F. (2014). An overview of cloud computing adoption challenges in the norwegian context. Proceedings - 2014 IEEE/ACM 7th International Conference on Utility and Cloud Computing, UCC 2014, 412–418. https://doi.org/10.1109/UCC.2014.52

El-Gazzar, R., Hustad, E., & Olsen, D. H. (2016). Understanding cloud computing adoption issues: A Delphi study approach. Journal of Systems and Software, 118, 64–84. https://doi.org/10.1016/j.jss.2016.04.061

Eze, B., Kuziemsky, C., & Peyton, L. (2018). Operationalizing privacy compliance for cloud-hosted sharing of healthcare data: A case study. Proceedings - International Conference on Software Engineering, 18–25. https://doi.org/10.1145/3194696.3194701

Fatima, A., & Colomo-Palacios, R. (2018). Security aspects in healthcare information systems: A systematic mapping. Procedia Computer Science, 138, 12–19. https://doi.org/10.1016/j.procs.2018.10.003

Feng, B., Lin, Y., Xu, T., & Duan, J. (2021). A survey on privacy preservation in video big data. International Conference on Electrical, Computer, Communications and Mechatronics Engineering, ICECCME 2021, 55(1). https://doi.org/10.1109/ICECCME52200.2021.9591105

Ferri, L., Spanò, R., Maffei, M., & Fiondella, C. (2020). How risk perception influences CEOs’ technological decisions: extending the technology acceptance model to small and medium-sized enterprises’ technology decision makers. European Journal of Innovation Management, 24(3), 777–798. https://doi.org/10.1108/EJIM-09-2019-0253

Fu, C., Lv, Q., & Badrnejad, R. G. (2020). Fog computing in health management processing systems. Kybernetes, 49(12), 2893–2917. https://doi.org/10.1108/K-09-2019-0621

Gao, F., & Sunyaev, A. (2019). Context matters: A review of the determinant factors in the decision to adopt cloud computing in healthcare. International Journal of Information Management, 48(July 2018), 120–138. https://doi.org/10.1016/j.ijinfomgt.2019.02.002

Ghahramani, M. H., Zhou, M., & Hon, C. T. (2017). Toward cloud computing QoS architecture: Analysis of cloud systems and cloud services. IEEE/CAA Journal of Automatica Sinica, 4(1), 6–18. https://doi.org/10.1109/JAS.2017.7510313

Grob, M., Cheng, V., Burns, J. (2021). COSO Enterprise Risk Management for Cloud Computing, COSO, https://www.coso.org/Documents/COSO-ERM-for-Cloud-Computing.pdf

Grubisic, I. (2014). ERP in clouds or still below. Journal of Systems and Information Technology, 16(1), 62–76. https://doi.org/10.1108/JSIT-05-2013-0016

Hampton, J. (2009). Fundamentals of Enterprise Risk Management.

Han, S., Han, K., & Zhang, S. (2019). A Data Sharing Protocol to Minimize Security and Privacy Risks of Cloud Storage in Big Data Era. IEEE Access, 7, 60290–60298. https://doi.org/10.1109/ACCESS.2019.2914862

Hathaliya, J. J., & Tanwar, S. (2020). An exhaustive survey on security and privacy issues in Healthcare 4.0. Computer Communications, 153(January), 311–335. https://doi.org/10.1016/j.comcom.2020.02.018

Hopkin, P. (2017). Fundamentals of Enterprise Risk Management – Understanding, evaluating and implementing effective risk management.

Iqbal, A., & Colomo-Palacios, R. (2019). Key Opportunities and Challenges of Data Migration in Cloud: Results from a Multivocal Literature Review. Procedia Computer Science, 164, 48–55. https://doi.org/10.1016/j.procs.2019.12.153

Ismagilova, E., Hughes, L., Rana, N. P., & Dwivedi, Y. K. (2022). Security, Privacy and Risks Within Smart Cities: Literature Review and Development of a Smart City Interaction Framework. Information Systems Frontiers, 24(2), 393–414. https://doi.org/10.1007/s10796-020-10044-1

ISO31000. (2018). BS ISO 31000: 2018 BSI Standards Publication Risk management — Guidelines. BSI Standards Publication, 26.

Kajiyama, T., Jennex, M., & Addo, T. (2017). To cloud or not to cloud: How risks and threats are affecting cloud adoption decisions. Information and Computer Security, 25(5), 634–659. https://doi.org/10.1108/ICS-07-2016-0051

Kauffman, R. J., Ma, D., & Yu, M. (2018). A metrics suite of cloud computing adoption readiness. Electronic Markets, 28(1), 11–37. https://doi.org/10.1007/s12525-015-0213-y

Keshta, I., & Odeh, A. (2020). Security and privacy of electronic health records: Concerns and challenges. Egyptian Informatics Journal, 22(2), 177–183. https://doi.org/10.1016/j.eij.2020.07.003

Kitchenham, B.A, Budgen, D., Brereton, P., (2016). Evidence-Based Software Engineering and Systematic Reviews. CRC Press

Kshetri, N. (2013). Privacy and security issues in cloud computing: The role of institutions and institutional evolution. Telecommunications Policy, 37(4–5), 372–386. https://doi.org/10.1016/j.telpol.2012.04.011

Kuo, M. (2011) Opportunities and Challenges of Cloud Computing to Improve Health Care Services, J Med Internet Res 2011;13(3):e67, https://www.jmir.org/2011/3/e67

Kuzminykh, L., Ghita, B., Sokolov, V., Bakhshi, T. (2021). Information Security Risk Assessment. Encyclopedia 2021, 1, 602 – 617. https://doi.org/10.3390/encyclopedia1030050

Landoll, D, (2021). The Security Risk Assessment Handbook

Li, H., Liu, L., Lan, C., Wang, C., & Guo, H. (2020). Lattice-Based Privacy-Preserving and Forward-Secure Cloud Storage Public Auditing Scheme. IEEE Access, 8, 86797–86809. https://doi.org/10.1109/ACCESS.2020.2991579

Lian, J. W., Yen, D. C., & Wang, Y. T. (2014). An exploratory study to understand the critical factors affecting the decision to adopt cloud computing in Taiwan hospital. International Journal of Information Management, 34(1), 28–36. https://doi.org/10.1016/j.ijinfomgt.2013.09.004

Lu, Z., Qian, P., Bi, D., Ye, Z., He, X., Zhao, Y., Su, L., Li, S., & Zhu, Z. (2021). Application of AI and IoT in Clinical Medicine: Summary and Challenges. 41(6), 1134–1150.

Maeser, R. (2020). Analyzing CSP Trustworthiness and Predicting Cloud Service Performance. IEEE Computer Graphics and Applications, May, 73–85. https://doi.org/10.1109/OJCS.2020.2994095

Maniah, Soewito, B., Lumban Gaol, F., & Abdurachman, E. (2021). A systematic literature Review: Risk analysis in cloud migration. Journal of King Saud University - Computer and Information Sciences. https://doi.org/10.1016/j.jksuci.2021.01.008

Masuda, Y., Shirasaka, S., Yamamoto, S., & Hardjono, T. (2017). Risk Management for Digital Transformation in Architecture Board: A Case Study on Global Enterprise. Proceedings - 2017 6th IIAI International Congress on Advanced Applied Informatics, IIAI-AAI 2017, 255–262. https://doi.org/10.1109/IIAI-AAI.2017.79

Mbunge, E., Muchemwa, B., Jiyane, S., & Batani, J. (2021). Sensors and healthcare 5.0: transformative shift in virtual care through emerging digital health technologies. Global Health Journal, 5(4), 169–177. https://doi.org/10.1016/j.glohj.2021.11.008

Mekawie, N., & Yehia, K. (2021). Challenges of deploying cloud computing in eHealth. Procedia Computer Science, 181(2019), 1049–1057. https://doi.org/10.1016/j.procs.2021.01.300

Mitropoulos, S., & Veletsos, A. (2020). A Categorization of Cloud-Based Services and their Security Analysis in the Healthcare Sector. SEEDA-CECNSM 2020 - 5th South-East Europe Design Automation, Computer Engineering, Computer Networks and Social Media Conference. https://doi.org/10.1109/SEEDA-CECNSM49515.2020.9221808

Mohammad, O. K. J. (2018). Recent trends of cloud computing applications and services in medical, educational, financial, library and agricultural disciplines. ACM International Conference Proceeding Series, 132–141. https://doi.org/10.1145/3233347.3233388

Mourtzis, D., & Vlachou, E. (2016). Cloud-based cyber-physical systems and quality of services. TQM Journal, 28(5), 704–733. https://doi.org/10.1108/TQM-10-2015-0133

NHS Digital. Health and Social Care Cloud Risk Framework. NHS Digital; 2018.

Onwuegbuzie, A.J., Leech, N.L., Collins, K.M.T., (2012), Qualitative Analysis Techniques for the Review of the Literature. The Qualitative Report, 17, 56, 1-28. http://www.nova.edu/ssss/QR/QR17/onwuegbuzie.pdf

Piliouras, T., Yu, P. L. R., Su, Y., Siddaramaiah, V. K. A., Sultana, N., Meyer, E., & Harrington, R. (2011). Trust in a cloud-based healthcare environment. 2011 8th International Conference and Expo on Emerging Technologies for a Smarter World, CEWIT 2011. https://doi.org/10.1109/CEWIT.2011.6135890

Poorejbari, S., & Vahdat-Nejad, H. (2015). An Introduction to Cloud-Based Pervasive Healthcare Systems. PerCAM14 2014 https://doi.org/10.4108/icst.iccasa.2014.257442

Rahman, R., & Mahmud, T. (2021). Integrating Cloud Computing in E-healthcare: System Design, Implementation and Significance in Context of Developing Countries.

Ranaweera, P., Jurcut, A., & Liyanage, M. (2022). MEC-enabled 5G Use Cases: A Survey on Security Vulnerabilities and Countermeasures. ACM Computing Surveys, 54(9), 1–37. https://doi.org/10.1145/3474552

Rehman, U. U., Park, S. B., & Lee, S. (2021). Secure Health Fog: A Novel Framework for Personalized Recommendations Based on Adaptive Model Tuning. IEEE Access, 9, 108373–108391. https://doi.org/10.1109/ACCESS.2021.3101308

Savvides, S., Kumar, S., Stephen, J. J., & Eugster, P. (2021). C3PO: Cloud-based Confidentiality-preserving Continuous. ACM Transactions on Privacy and Security. 25(1).

Shanmugapriya, E., & Kavitha, R. (2019). Efficient and Secure Privacy Analysis for Medical Big Data Using TDES and MKSVM with Access Control in Cloud. Journal of Medical Systems, 43(8). https://doi.org/10.1007/s10916-019-1374-6

Sharma, M., & Sehrawat, R. (2020). Quantifying SWOT analysis for cloud adoption using FAHP-DEMATEL approach: evidence from the manufacturing sector. Journal of Enterprise Information Management, 33(5), 1111–1152. https://doi.org/10.1108/JEIM-09-2019-0276

Singh, P., Dwivedi, Y. K., Kahlon, K. S., Sawhney, R. S., Alalwan, A. A., & Rana, N. P. (2020). Smart Monitoring and Controlling of Government Policies Using Social Media and Cloud Computing. Information Systems Frontiers, 22(2), 315–337. https://doi.org/10.1007/s10796-019-09916-y

Sookhak, M., Jabbarpour, M. R., Safa, N. S., & Yu, F. R. (2021). Blockchain and smart contract for access control in healthcare: A survey, issues and challenges, and open issues. Journal of Network and Computer Applications, 178(July 2020), 102950. https://doi.org/10.1016/j.jnca.2020.102950

Suciu, G., Suciu, V., Martian, A., Craciunescu, R., Vulpe, A., Marcu, I., Halunga, S., & Fratu, O. (2015). Big Data, Internet of Things and Cloud Convergence – An Architecture for Secure E-Health Applications. Journal of Medical Systems, 39(11). https://doi.org/10.1007/s10916-015-0327-y

Sultan, N. (2014). Making use of cloud computing for healthcare provision: Opportunities and challenges. International Journal of Information Management, 34(2), 177–184. https://doi.org/10.1016/j.ijinfomgt.2013.12.011

Sun, P. J. (2020). Security and privacy protection in cloud computing: Discussions and challenges. Journal of Network and Computer Applications, 160(August 2019), 102642. https://doi.org/10.1016/j.jnca.2020.102642

Tebaa, M., & Hajji, S. el. (2014). From Single to Multi-clouds Computing Privacy and Fault Tolerance. IERI Procedia, 10, 112–118. https://doi.org/10.1016/j.ieri.2014.09.099

Wakunuma, K., & Masika, R. (2017). Cloud computing, capabilities and intercultural ethics: Implications for Africa. Telecommunications Policy, 41(7–8), 695–707. https://doi.org/10.1016/j.telpol.2017.07.006

Wu, Y., Lyu, Y., & Shi, Y. (2019). Cloud storage security assessment through equilibrium analysis. Tsinghua Science and Technology, 24(6), 738–749. https://doi.org/10.26599/TST.2018.9010127

Xu, J., Liang, C., Jain, H. K., & Gu, D. (2019). Openness and security in cloud computing services: Assessment methods and investment strategies analysis. IEEE Access, 7, 29038–29050. https://doi.org/10.1109/ACCESS.2019.2900889

Zou, J., He, D., Zeadally, S., Kumar, N., Wang, H., & Choo, K. R. (2022). Integrated Blockchain and Cloud Computing Systems: A Systematic Survey, Solutions, and Challenges. ACM Computing Surveys, 54(8). https://doi.org/10.1145/3456628