Discuss about the Cloud Based Solution For Health Management System.
The National Youth Mental Health Foundation intends to adopt a cloud-based solution for deploying their main health management system: “My healthy record system”. Cloud computing refers to the delivery of computing resources ‘as-a-service’, instead of the convectional deliver – as-a-product. Adoption of a cloud based solution may involve developing the system and deploying it on the servers of a cloud services provider - instead of investing in the hardware required to run the application. Alternatively, the company may adopt an already existing system that is provided through cloud access. In both cases, issues of data security, data ownership, system security and risks have to be investigated to ascertain the feasibility and viability of the move. For this project, the company intends to adopt a cloud based solution, which is an off-the-shelf solution that is cloud based.
This paper presents an analysis of cloud computing in relation to “My healthy record system” project. The paper outlines the Non-Functional Requirements of the system, a review of cloud based solutions such as the advantages, disadvantages and security risks associated with the cloud, as well as legislative constraints that the project may encounter. The paper then presents an analysis of the SDLC approach to be used, focusing on either using a Predictive or Adaptive methodology.
Non-functional requirements refer to measures that can be used in judging the operations of a system. These can be thought of as software quality attributes and are summarized as FURPS (Valacich, George and Hoffer, 2015). FURPS non-functional requirements include; Usability, Reliability, Performance and Security.
The main usability aspect of the system is the user interface, since non-technical customers will be accessing the system. The system therefore requires an easy to use user interface. The system requires simple and straightforward user interfaces, so that even a novice computer user can easily use the system.
Reliability is a measure of the systems ability to consistently perform functions as its designer intended (Valacich, George and Hoffer, 2015). For this project, the realiability aspect will relate to the ability to manage patients, schedule appointments, and other functions of the system.
With regards to performance, the requirement is that the system should have optimal perfomance and should have the ability to accomplish tasks efficiently and consistently (Valacich, George and Hoffer, 2015). For a cloud based solution, end users must be able to access the system, and perform tasks without any unnecessay delays and errors.
Finally, the security aspect of the system will require that the system be secured to prevent possible data breaches through hacking. The solution should provide means of securing data in transit, through the implemetation of security measures such as data encryption. A second aspect of system security is the protection of stored credentials. The credentials need to be protected to prevent malicious access resulting from unauthorized disclosure.
Comparison of functional and non-functional requirements
Whereas the functional requirements of the system require that the system handle user login, the non-functional requirement requires that proper user authentication be done, to prevent malicious access. This includes preventing access to the system by users who may not have changed their passwords for a long time.
Secondly, the functional requirements require that the system provide functions to add patients and update patient details. For this, the non-functional requirement is that the system provides adequate security to the patient's details. This includes securing access to the information when it is being transmitted over the internet, and when stored in a cloud database.
Review of cloud based.
With cloud computing, sensitive health record data will be stored on a third party system. Although cloud computing brings numerous advantages such as access to superior computing power, scalability, cost saving and accessibility, the technology introduces a myriad of privacy and security risks that have to be analyzed and understood before adopting the technology (Krutz and Vines, 2013)..
Advantages of cloud computing
- Scalability: the nature of cloud computing is that it allows one to scale computing resources according to demand. For this case, an increase in data will demand for more storage space which will automatically be provided on the cloud. This applies to other computing resources such as bandwidth and processing power (Krutz and Vines, 2013).
- Cost saving: with cloud computing, the organization will not have to spend on the hardware and software required in deploying the system. This results in significant saving in upfront expenditure. With cloud computing, billing is only done for resources consumed, meaning that the company will only pay for spent storage space and consumed computing resources (Krutz and Vines, 2013).
- Backup and recovery: the cloud platform provides advanced backup and recovery solutions which includes on offsite backup and provides means of automatically switching to a different server should access to the primary server be interrupted, hence ensuring maximum uptime (Krutz and Vines, 2013).
- Quick Deployment: with cloud computing, the company can adopt a system or deploy one within a very short time as no delays are experienced in purchasing and setting up the required server infrastructure (Krutz and Vines, 2013).
- Reliability: Cloud service providers invest heavily in hiring qualified experts and resources to ensure maximum system availability.
A number of disadvantages exist relating to cloud computing adoption. Cloud computing inherits the traditional information systems risks. Additionally, cloud services are accessible through the internet, and the multi-tenancy nature of the cloud makes it particularly susceptible to attacks (Krutz and Vines, 2013). Some of the disadvantages include;
Downtime: outages can happen even on the most sophisticated platform. An outage of services would be very detrimental to the organization as this would completely halt the operations of the health services provider. For example in the year 2013, DropBox had a system outage that lasted for almost two days (Talbot, 2013). The fact that access to cloud computing is through the internet means that, if internet access to the facility is interrupted, then access to the services will also be interrupted
Security and privacy: one of the major concern with cloud computing is the issue of security and privacy of data. This is a major consideration for this project since the organization’s data contains sensitive personal and health data. Adopting a cloud based solution will mean outsourcing even the handling of this sensitive data. An attack on the cloud platform would result in access to the sensitive information. This has happened before on a cloud platform, the Code Space incidence resulted in a data breach and deletion of the data when their Amazon web service AWS EC2 console was hacked (Krutz and Vines, 2013). Such an incidence would be very damaging to the health services provider.Limited control and flexibility: By adoption a cloud based solution, the organization will have limited control over the infrastructure hosting the solution, such as the execution and computing functions.
Securing data in the cloud
Data protection in the cloud is the main issue facing cloud adoption today. The capability of cloud service providers to provide adequate data security is one of the key considerations when selecting a cloud service provider. Whereas the convectional data protection models focuses on network-centric and perimeter security, by use of network devices and technologies such as intrusion detection system and firewalls, this approach is not sufficient to provide security against today's sophisticated attacks such as use of APTs and privileged users.
Data Protection Measures
- Devising difficult-to-guess passwords
- Using Access control list which defines permission for every type of data
- Use of strong transport level encryption for data in transit as well as storage encryption
- The cloud service provider should harden their servers to protect the computing resources against known and unknown vulnerabilities in the system and the underlying operating system (Krutz and Vines, 2013).
- Providing limited access: user accounts should only have access to only the data related to their roles (Krutz and Vines, 2013).
- Implementing backup and recovery: most cloud providers offer real time replication of data, with data being backed up at an offsite location to prevent complete loss of data, in case of an attack or a natural disaster (Krutz and Vines, 2013).
This project can either be approached using the Predictive or Adaptive SDLC. The Predictive SDLC Approach is best suited for a project where the requirements are well known and the steps can be predicted. The phases of the methodology are sequentially planned and executed with minimal overlaps. On the other hand, an Adaptive methodology is suited for a situation where the requirements are likely to change and the development process cannot be adequately predicted. Adaptive methodologies are highly flexible, iterative and interactive techniques of establishing project requirements. The approach embraces unpredictable changes to a project.
Pros and Cons of using Predictive SDLC
Predictive approaches such as the Waterfall Model has the advantage of;
- The approach has clear objectives that are set from the onset of the project
- The system requirements are stable and do not change over the project’s life
- The approach has measurable progress
- Has strict sign-off requirements meaning a clear end to the project is identified
- The approach is time consuming as it requires time in the planning phase
- Provides minimal room for iterating between the phases of the project
- Does not provide means of responding to changes in the system requirements.
Pros and Cons of using Adaptive SDLC
Adaptive SDLC methodologies are characterized by their adaptive nature. This approach facilitates optimization of the design of the intended solution by encouraging changes throughout the project (Moran, 2015).
- Facilitates quick development of fast moving products, as coding, testing and error rectifications take place in a speedy way
- It is highly iterative, requiring continuous user feedbacks which help to refine the product under development (Asghar, 2016).
- Enables time and cost saving by eliminating unproductive activities, thus helping software developers focus on the coding aspect of the project (Rumpe & Schröder, 2014).
- Reduces project risk and failure while ensuring that the customer gets what he needs.
- The methodology’s principles of simplicity and constant feedback helps in developing simple maintainable code and the feedbacks from sprints ensures developers keep on the right track (Kniberg, 2015).
- The approach has the disadvantage of putting more focus on coding rather than design, which is equally important for software (Kniberg, 2015).
- The approach can easily lead to scope creeps unless there is a defined project end date
- May face challenges of time and cost estimation, where the tasks are not clearly defined.
For this project, although the requirements are known and the steps can to some extent be predicted, the most viable approach would be the use of an adaptive SDLC. The approach will bring all the stakeholders together and will allow for changes to the requirements over the life of the project. This will help refine the system and improve the functionalities.
Asghar, A. R., Bhatti, S. N., Tabassum, A., Sultan, Z., & Abbas, R. 2016. Role of Requirements Elicitation & Prioritization to Optimize Quality in Scrum Agile Development. work, 7(12).
Brodkin, J., 2008. Gartner: Seven cloud-computing security risks. Infoworld, 2008, pp.1-3.
Carlin, S. and Curran, K., 2011. Cloud computing security.
Highsmith, J., 2013. Adaptive software development: a collaborative approach to managing complex systems. Addison-Wesley.
Kniberg, H. 2015. Scrum and XP from the Trenches. Lulu. com..
Moran, A. 2015. Agile project management. In Managing Agile(pp. 71-101). Springer International Publishing.
Krutz, R.L. and Vines, R.D., 2013. Cloud security: A comprehensive guide to secure cloud computing. Wiley Publishing.
Talbot, C., 2013. Dropbox Outage Represents First Major Cloud Outage of 2013. Talkin’Cloud.
Rumpe, B. and Schröder, A., 2014. Quantitative survey on extreme programming projects. arXiv preprint arXiv:1409.6599.
Valacich, J.S., George, J.F. and Hoffer, J.A., 2015. Essentials of systems analysis and design. Pearson Education.