Cloud security model for e-Healthcare applications is a necessary factor for users in terms of privacy and for cloud service providers for legal purposes due to HIPAA.
Cloud Security (CS) is a very wide topic which has many shades. In this article I will discuss the often neglected part that is Forensic. By Definition “Forensic deals with Preservation, Acquisition and Provenance of digital evidences”.
If e-Healthcare wants to outsource their computing and data into cloud they have to consider all parts of HIPAA and this is tough . Why ? in tradional model of IT assets the data and computations are all centric in one location whereas in Cloud it is unknown and dynamic. for example in Traditional model when scientist store Brain image they know that it is stored in the datacenter down the hall but if they store in Amazon S3 they have no idea where physically it is located. But does the location matter ? Probably yes to maintain the physical security and to stop unauthorized access of data physically or by other VM or even by Sysadmin of that particular Cloud Service Provider.
Indeed Cloud for e-Science in general is a good area for Research now a days .
To help companies building applications in the AWS cloud meet HIPAA standards, we have released a whitepaper, Creating HIPAA-Compliant Medical Data Applications with AWS (PDF). In addition to the whitepaper