Database security management for healthcare SaaS in the Amazon AWS Cloud

Software as a Service (SaaS) applications fully-exploiting the potential of elastic Cloud computing infrastructures naturally are enabling new ubiquitous access scenarios for nomadic users, such as market salesmen and home healthcare medical assistants. SaaS applications typically require to transfer data and resources to the Cloud infrastructure site; that raises several challenging issues spanning from access control to resources to privacy protection, ownership, and security of the data of the final SaaS users. However, although encryption of personal and enterprise data is strongly recommended by existing Cloud infrastructures, such as Amazon Web Services (AWS), typically they do not provide yet adequate encryption and key management support. This paper presents a real use case of Vitaever, a home healthcare SaaS application deployed on Amazon AWS, and discusses the challenges and changes needed to add cryptography and key management capabilities to the standard AWS Web/database offer so to enable SaaS data protection. We also show experimental results that benchmark the new security functions over Amazon, demonstrating their applicability to SaaS production deployments.

[1]  Ulf T. Mattsson Transparent Encryption and Separation of Duties for Enterprise Databases - A Solution for Field Level Privacy in Databases , 2004 .

[2]  Zhongping Zhang,et al.  A Combined Grid Security Approach Based on Web Services Security Specifications , 2008, 2008 ISECS International Colloquium on Computing, Communication, Control, and Management.

[3]  Dennis Gannon,et al.  Performance comparison of security mechanisms for grid services , 2004, Fifth IEEE/ACM International Workshop on Grid Computing.

[4]  A. Meyer The Health Insurance Portability and Accountability Act. , 1997, Tennessee medicine : journal of the Tennessee Medical Association.

[5]  Zhou Yuping,et al.  Research and realization of multi-level encryption method for database , 2010, 2010 2nd International Conference on Advanced Computer Control.

[6]  Andreas Klein,et al.  A Benchmark of Transparent Data Encryption for Migration of Web Applications in the Cloud , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[7]  Azadeh Iranmehr,et al.  Message-Based Security Model for Grid Services , 2009, 2009 Second International Conference on Computer and Electrical Engineering.

[8]  B. Narasimhan,et al.  State of Cloud Applications and Platforms: The Cloud Adopters' View , 2011, Computer.

[9]  Clemens Heinrich,et al.  Transport Layer Security (TLS) , 2011, Encyclopedia of Cryptography and Security.