This white paper presents an architecture for building the next generation of web applications. This architecture allows you to leverage emerging technologies such as cloud computing, cloud storage and enterprise key management infrastructure (EKMI) to derive benefits such as lower costs, faster time-to-market and immense scalability with smaller investments – while proving compliance to PCI-DSS, HIPAA/HITECH and similar data security regulations. This is our approach to a hybrid cloud security architecture, also known as “Regulatory Compliant Cloud Computing,” or RC3.
The emergence of cloud computing as an alternative deployment strategy for IT systems presents many opportunities yet challenges traditional notions of data security. The fact that data security regulations are developing teeth, leaves information technology professionals perplexed on how to take advantage of cloud computing while proving compliance to regulations for protecting sensitive information.
There are many approaches to the problem, with the pole positions being: i) not using the cloud at all; or ii) embracing it completely. We believe, the optimal solution is in the middle: with sensitive data secured and managed within controlled zones, while non-sensitive data lives in clouds. This allows companies to prove compliance to data security regulations, while leveraging clouds – private or public – to the maximum extent possible.
This paper describes how a specific web application architecture optimizes IT investments by using cloud computing while complying with data security regulations.