Cloud-Based Solution for Health System: Project Analysis and Report

Verified

Added on 2020/03/16

AI Summary

This report analyzes the adoption of a cloud-based solution for the National Youth Mental Health Foundation's 'My healthy record system'. It begins by outlining the non-functional requirements of the system, including usability, reliability, performance, and security. The report then reviews cloud-based solutions, detailing their advantages such as scalability, cost savings, and quick deployment, alongside disadvantages like downtime, security and privacy concerns, and limited control. Data protection measures, including password security, access control lists, and encryption, are discussed. The report compares the Predictive and Adaptive SDLC approaches, recommending an adaptive approach for its flexibility and ability to incorporate stakeholder feedback. The analysis highlights the critical need for robust security measures and careful consideration of the SDLC methodology to ensure successful cloud adoption in the healthcare sector.

Introduction
The National Youth Mental Health Foundation intends to adopt a cloud-based solution for
deploying their main health management system: “My healthy record system”. Cloud computing
refers to the delivery of computing resources ‘as-a-service’, instead of the convectional deliver –
as-a-product. Adoption of a cloud based solution may involve developing the system and
deploying it on the servers of a cloud services provider - instead of investing in the hardware
required to run the application. Alternatively, the company may adopt an already existing system
that is provided through cloud access. In both cases, issues of data security, data ownership,
system security and risks have to be investigated to ascertain the feasibility and viability of the
move. For this project, the company intends to adopt a cloud based solution, which is an off-the-
shelf solution that is cloud based.
This paper presents an analysis of cloud computing in relation to “My healthy record system”
project. The paper outlines the Non-Functional Requirements of the system, a review of cloud
based solutions such as the advantages, disadvantages and security risks associated with the
cloud, as well as legislative constraints that the project may encounter. The paper then presents
an analysis of the SDLC approach to be used, focusing on either using a Predictive or Adaptive
methodology.
Non-Functional Requirements
Non-functional requirements refer to measures that can be used in judging the operations of a
system. These can be thought of as software quality attributes and are summarized as FURPS
(Valacich, George and Hoffer, 2015). FURPS non-functional requirements include;
Usability, Reliability, Performance and Security.
The main usability aspect of the system is the user interface, since non-technical customers will
be accessing the system. The system therefore requires an easy to use user interface. The system
requires simple and straightforward user interfaces, so that even a novice computer user can
easily use the system.
Reliability is a measure of the systems ability to consistently perform functions as its designer
intended (Valacich, George and Hoffer, 2015). For this project, the realiability aspect will relate
to the ability to manage patients, schedule appointments, and other functions of the system.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

With regards to performance, the requirement is that the system should have optimal perfomance
and should have the ability to accomplish tasks efficiently and consistently (Valacich, George
and Hoffer, 2015). For a cloud based solution, end users must be able to access the system, and
perform tasks without any unnecessay delays and errors.
Finally, the security aspect of the system will require that the system be secured to prevent
possible data breaches through hacking. The solution should provide means of securing data in
transit, through the implemetation of security measures such as data encryption. A second aspect
of system security is the protection of stored credentials. The credentials need to be protected to
prevent malicious access resulting from unauthorized disclosure.
Comparison of functional and non-functional requirements
Whereas the functional requirements of the system require that the system handle user login, the
non-functional requirement requires that proper user authentication be done, to prevent malicious
access. This includes preventing access to the system by users who may not have changed their
passwords for a long time.
Secondly, the functional requirements require that the system provide functions to add patients
and update patient details. For this, the non-functional requirement is that the system provides
adequate security to the patient's details. This includes securing access to the information when it
is being transmitted over the internet, and when stored in a cloud database.
Review of cloud based.
With cloud computing, sensitive health record data will be stored on a third party system.
Although cloud computing brings numerous advantages such as access to superior computing
power, scalability, cost saving and accessibility, the technology introduces a myriad of privacy
and security risks that have to be analyzed and understood before adopting the technology (Krutz
and Vines, 2013)..
Advantages of cloud computing
 Scalability: the nature of cloud computing is that it allows one to scale computing
resources according to demand. For this case, an increase in data will demand for more

storage space which will automatically be provided on the cloud. This applies to other
computing resources such as bandwidth and processing power (Krutz and Vines, 2013).
 Cost saving: with cloud computing, the organization will not have to spend on the
hardware and software required in deploying the system. This results in significant saving
in upfront expenditure. With cloud computing, billing is only done for resources
consumed, meaning that the company will only pay for spent storage space and
consumed computing resources (Krutz and Vines, 2013).
 Backup and recovery: the cloud platform provides advanced backup and recovery
solutions which includes on offsite backup and provides means of automatically
switching to a different server should access to the primary server be interrupted, hence
ensuring maximum uptime (Krutz and Vines, 2013).
 Quick Deployment: with cloud computing, the company can adopt a system or deploy
one within a very short time as no delays are experienced in purchasing and setting up
the required server infrastructure (Krutz and Vines, 2013).
 Reliability: Cloud service providers invest heavily in hiring qualified experts and
resources to ensure maximum system availability.
Disadvantages
A number of disadvantages exist relating to cloud computing adoption. Cloud computing inherits
the traditional information systems risks. Additionally, cloud services are accessible through the
internet, and the multi-tenancy nature of the cloud makes it particularly susceptible to attacks
(Krutz and Vines, 2013). Some of the disadvantages include;
Downtime: outages can happen even on the most sophisticated platform. An outage of services
would be very detrimental to the organization as this would completely halt the operations of the
health services provider. For example in the year 2013, DropBox had a system outage that lasted
for almost two days (Talbot, 2013). The fact that access to cloud computing is through the
internet means that, if internet access to the facility is interrupted, then access to the services will
also be interrupted
Security and privacy: one of the major concern with cloud computing is the issue of
security and privacy of data. This is a major consideration for this project since the

organization’s data contains sensitive personal and health data. Adopting a cloud based
solution will mean outsourcing even the handling of this sensitive data. An attack on the
cloud platform would result in access to the sensitive information. This has happened
before on a cloud platform, the Code Space incidence resulted in a data breach and
deletion of the data when their Amazon web service AWS EC2 console was hacked (Krutz
and Vines, 2013). Such an incidence would be very damaging to the health services provider.
Limited control and flexibility: By adoption a cloud based solution, the organization will have
limited control over the infrastructure hosting the solution, such as the execution and computing
functions.
Securing data in the cloud
Data protection in the cloud is the main issue facing cloud adoption today. The capability of
cloud service providers to provide adequate data security is one of the key considerations when
selecting a cloud service provider. Whereas the convectional data protection models focuses on
network-centric and perimeter security, by use of network devices and technologies such as
intrusion detection system and firewalls, this approach is not sufficient to provide security
against today's sophisticated attacks such as use of APTs and privileged users.
Data Protection Measures
 Devising difficult-to-guess passwords
 Using Access control list which defines permission for every type of data
 Use of strong transport level encryption for data in transit as well as storage encryption
 The cloud service provider should harden their servers to protect the computing resources
against known and unknown vulnerabilities in the system and the underlying operating
system (Krutz and Vines, 2013).
 Providing limited access: user accounts should only have access to only the data related
to their roles (Krutz and Vines, 2013).
 Implementing backup and recovery: most cloud providers offer real time replication of
data, with data being backed up at an offsite location to prevent complete loss of data, in
case of an attack or a natural disaster (Krutz and Vines, 2013).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

SDLC Approach
This project can either be approached using the Predictive or Adaptive SDLC. The Predictive
SDLC Approach is best suited for a project where the requirements are well known and the steps
can be predicted. The phases of the methodology are sequentially planned and executed with
minimal overlaps. On the other hand, an Adaptive methodology is suited for a situation where
the requirements are likely to change and the development process cannot be adequately
predicted. Adaptive methodologies are highly flexible, iterative and interactive techniques of
establishing project requirements. The approach embraces unpredictable changes to a project.
Pros and Cons of using Predictive SDLC
Predictive approaches such as the Waterfall Model has the advantage of;
 The approach has clear objectives that are set from the onset of the project
 The system requirements are stable and do not change over the project’s life
 The approach has measurable progress
 Has strict sign-off requirements meaning a clear end to the project is identified
Disadvantages
 The approach is time consuming as it requires time in the planning phase
 Provides minimal room for iterating between the phases of the project
 Does not provide means of responding to changes in the system requirements.
Pros and Cons of using Adaptive SDLC
Adaptive SDLC methodologies are characterized by their adaptive nature. This approach
facilitates optimization of the design of the intended solution by encouraging changes throughout
the project (Moran, 2015).
 Facilitates quick development of fast moving products, as coding, testing and error
rectifications take place in a speedy way
 It is highly iterative, requiring continuous user feedbacks which help to refine the product
under development (Asghar, 2016).

 Enables time and cost saving by eliminating unproductive activities, thus helping software
developers focus on the coding aspect of the project (Rumpe & Schröder, 2014).
 Reduces project risk and failure while ensuring that the customer gets what he needs.
 The methodology’s principles of simplicity and constant feedback helps in developing
simple maintainable code and the feedbacks from sprints ensures developers keep on the
right track (Kniberg, 2015).
Disadvantages
 The approach has the disadvantage of putting more focus on coding rather than design,
which is equally important for software (Kniberg, 2015).
 The approach can easily lead to scope creeps unless there is a defined project end date
 May face challenges of time and cost estimation, where the tasks are not clearly defined.
Recommendation
For this project, although the requirements are known and the steps can to some extent be
predicted, the most viable approach would be the use of an adaptive SDLC. The approach will
bring all the stakeholders together and will allow for changes to the requirements over the life of
the project. This will help refine the system and improve the functionalities.

References
Asghar, A. R., Bhatti, S. N., Tabassum, A., Sultan, Z., & Abbas, R. 2016. Role of Requirements
Elicitation & Prioritization to Optimize Quality in Scrum Agile Development. work, 7(12).
Brodkin, J., 2008. Gartner: Seven cloud-computing security risks. Infoworld, 2008, pp.1-3.
Carlin, S. and Curran, K., 2011. Cloud computing security.
Highsmith, J., 2013. Adaptive software development: a collaborative approach to managing
complex systems. Addison-Wesley.
Kniberg, H. 2015. Scrum and XP from the Trenches. Lulu. com..
Moran, A. 2015. Agile project management. In Managing Agile(pp. 71-101). Springer
International Publishing.
Krutz, R.L. and Vines, R.D., 2013. Cloud security: A comprehensive guide to secure cloud
computing. Wiley Publishing.
Talbot, C., 2013. Dropbox Outage Represents First Major Cloud Outage of 2013. Talkin’Cloud.
Rumpe, B. and Schröder, A., 2014. Quantitative survey on extreme programming projects. arXiv
preprint arXiv:1409.6599.
Valacich, J.S., George, J.F. and Hoffer, J.A., 2015. Essentials of systems analysis and design.
Pearson Education.