Examples for Cloud Deployment Models in a Business Environment
70
online platform. Hence the first challenge was to ask whether a medical application
in the Internet makes sense and is accepted, or not. Regarding the technical
realization of QuinniWeb, Schweighofer adds, that the technical challenge was the
provision of QuinniWeb as a cloud application and in dealing with such technology,
because of its novelty.
Especially in the health industry, the European Union has strict regulations and
policies, regarding storage, processing and availability when dealing with sensitive
data (medical record, patient data, diseases, and so on). Thus it was necessary first
to deliver an expert opinion, according to Schweighofer (2013). Compliance with
regulations also involves data protection and data security. Schweighofer (2013)
says that questions regarding data protection in QuinniWeb were relevant on two
layers: the technical layer, and the process layer within the application. Technical
Layer: QuinniWeb can be accessed through the Internet only by a secure and
encrypted https:// URL. Furthermore all personal information (such as name,
address, and of course passwords) is stored encrypted in the database. Access to
the database is only possible by using the application; access by the cloud provider
for example is not possible. Process Layer: Data security is ensured by the fact, that
users (patients) always have discretionary power over their data. Patients actively
unlock their data for a specific amount of time. In other words, per default nobody
can access the data. This right of access can be withdrawn easily at any time.
Moreover patients can delete their QuinniWeb account (and all associated data) at
any time.
The topic of sovereignty of data lies in the hands of the end user (patients), while
the data residency issues and the key management are administered by the IVF
center itself. This practice helps to prevent the potential loss of autonomy and
reduces the dependency on the cloud service provider. This separation of rights
between the consumer and the provider, are necessary to ensure a secure cloud
environment (Cloud Security Alliance, 2011, pp. 80-81).