The PerspecSys PRS Solution and Cloud Computing

Transcription

1 THE PERSPECSYS KNOWLEDGE SERIES Solving Privacy, Residency and Security in the Cloud

2 Data Compliance and the Enterprise Cloud Computing is generating an incredible amount of excitement and interest from companies of every size, across every business category. It is the most transformative technology in decades and heralds an evolution in computing that has virtually every analyst group declaring that Cloud Computing is the new computing paradigm. In response to concerns about information access and usage, by both public and private corporations, Cloud Computing has spawned an entirely new body of law, generated new policies, created new standards, and raised new concerns. Whether government imposed regulations within a given jurisdiction like the Patriot Act, PIPEDA, or the EU Data Protection Directive, or industry-specific regulations such as Payment Card Industry (PCI) for retailers, HIPAA for healthcare information, or Sarbanes Oxley for enterprises, organizations must adhere to an ever-changing set of standards, laws, and guidelines in order to safeguard their company s private and business sensitive data and still comply with the law. So how can public and private sector companies leverage the enumerable and quantifiable benefits of the cloud, while maintaining total control over their corporation s private and business sensitive data? Enter the Cloud At the most basic level, the procurement of a cloud service is like any other purchase, firms must assess the operational risk and compliance implications as they do with any other application or service. Exposures that may be associated with a cloud service and which warrant particular attention include: Data privacy, restrictions on access to data (whether by the organization, industry, or government regulators) Data residency, where the data resides Compliance with privacy regulations across the geographies in which the service is being employed It is time to address the cloud s opportunities with respect to its challenges. More specifically, the challenges the cloud represents in terms of privacy, residency and security. The PerspecSys PRS solution is the only proven commercial solution that allows companies to run their business applications in the cloud and store their private and business-sensitive data behind their corporate firewall. The PerspecSys PRS solution is designed to assist those organizations that want to leverage cloud computing, but are constrained by compliance, regulatory, political, or policy requirements.

3 Cloud Adoption Challenges Organizations want to maintain control over their data for business, political, policy, legislative, competitive, and technical compliance reasons. While primarily driven by regulatory requirements with respect to data control, companies are also concerned about cloud application s ability to be mission critical. The PerspecSys PRS solution enables enterprise adoption by extending the cloud application s Privacy, Residency, and Security capabilities, providing support for disaster recovery planning, backup and recovery, access control, business continuity, and other characteristics that define an application as mission critical. The PRS solution can also address cloud adoption fears about vendor lock-in, meeting service-level agreements, losing control of underlying infrastructure, having the ability to selectively interoperate with multiple clouds, and integrate with current inhouse applications. Privacy In many cases, in order to comply with specific privacy requirements, business-sensitive information must be managed more stringently than non-sensitive data. As a result, some cloud adoption strategies involve keeping sensitive information within the enterprise (i.e. out of the cloud), and non-sensitive information can be stored in the cloud. Residency Where is the data? Who has access to it? Who controls it? Who manages it? What laws and jurisdiction govern it? In the current state of cloud computing law, keeping data behind the corporate firewall is the only strategy that can be said to guarantee which jurisdiction will govern it. Keeping private and sensitive data in the cloud exposes it to multiple jurisdictions for many years to come. Information Privacy and Security Most jurisdictions around the globe have adopted some form of information privacy regulations. Indeed, these regulations vary from location to location, making it very difficult to determine which location has jurisdiction over your data. High-end theft of corporate information for the purposes of identity theft have engendered regulatory compliance Security Since the organization is liable and culpable for any and all data breaches, which can result in very significant penalties, data security and risk analysis has been a part of any systems operations compliance policy for decades. Cloud computing requires an additional layer of security and engenders an additional layer of risk. Who can access your data? How can they access it? How do you maintain control over your business sensitive data?

4 requirements forcing organizations to manage private or personal information in a much more secure manner, or face the legal consequences. Most prevalent in the financial services, health care, and public sectors, organizations must adopt stringent business processes and procedures for the management of private and business sensitive information. Data Residency Going beyond information privacy and security, many jurisdictions have enacted specific legislation regarding the location and handling of specific pieces of information. For example: Many financial services institutions are required to have personal information (PI) always locally resident. Compliance requirements prohibit certain forms of information from leaving the jurisdiction altogether. Information cannot leave the enterprise or even the department, because information in transit is subject to the laws of multiple jurisdictions. Companies entrusted with healthcare, some public sector, and/or PI data are often required by law to store and manage data locally, and guarantee that no foreign national has access to the data. Laws governing data residency and privacy apply to all the operations on the data, including data backup, which often must be conducted within the enterprise, or at a minimum, within the governing jurisdiction or boundaries defined by the specific statute. In many instances, cloud vendors store data in one geography, but back up the data in another geography, breaking jurisdictional compliance requirements. With these data compliance requirements, Cloud adoption is often constrained, with some organizations opting to only use a limited subset of the functionality, while others forgo usage of cloudbased applications altogether. The PerspecSys PRS Solution The PerspecSys PRS solution is comprised of a series of software components that can be deployed with flexible configuration options to meet a wide range of requirements. PerspecSys PRS Server The core of any PerspecSys PRS solution is the PerspecSys PRS Server. The PerspecSys PRS Server provides the main privacy, residency, and security data management services. No programming is required the server is graphically installed and configured, designed to be run with very little management support. Cloud application-specific requirements are supported by installing and configuring application-specific adaptors.

5 PerspecSys PRS Reverse Proxy Server The PerspecSys PRS Reverse Proxy Server allows organizations with sophisticated internet access requirements to employ reverse proxy and proxy chain strategies for cloud application access. The PerspecSys PRS Reverse Proxy Server allows cloud application customers to further secure their cloud application access by mitigating risks normally associated with cloud security, including phishing attacks, unauthorized external access, and denial of service attacks. The PerspecSys PRS Reverse Proxy Server complements cloud application access and security configurations to ensure that only authorized users can access the cloud application from the enterprise. When coupled with the PerspecSys PRS Server, the PerspecSys PRS Reverse Proxy Server adds a powerful dimension to the security aspects of cloud data compliance. PerspecSys PRS MTA Server The PerspecSys PRS MTA Server is a Mail Transfer Agent that works in conjunction with a cloud application s services. Cloud applications may allow users to directly customers and contacts from within the application, using standard templates, marketing campaign services, and other related functionality. However, if the address and associated contact information is considered sensitive, this functionality typically cannot be used if the sensitive contact information is not in the cloud application. The PerspecSys PRS MTA Server allows the cloud application to leverage PRS services from the PerspecSys PRS Server, thereby restoring the real address and other sensitive information within the , and then forwarding the on to the corporate server for delivery, while not exposing the sensitive information to the cloud application. The PRS MTA Server has the added benefit of ensuring that from your organization is routed through your own mail servers, leveraging the existing investment in corporate security, handling polices, and support systems such as spam filtering and virus detection.

6 The PerspecSys PRS Solution at Work Privacy Sitting between the enterprise desktop browser and company s firewall, the PerspecSys PRS solution seamlessly intercepts the conversations between users and the cloud applications, replacing business sensitive data with replacement data in the cloud application. As defined by the organization, information that cannot, or should not, leave the enterprise or jurisdiction remains in a database behind the organization s firewall, while cloud application users experience virtually all of the functionality of the cloud application, regardless of where the data resides. The PerspecSys PRS solution is also capable of "encryption on the fly". Instead of storing and managing the information locally, information is encrypted before it is sent to the Cloud application, and decrypted on the return. The cloud application data itself, if accessed directly, would appear only as an encrypted list of values. In this way, if the PerspecSys PRS solution or the Cloud application is ever compromised, the attacker would not be able to piece together any usable information as it is not in any usable format. The key value of the PerspecSys PRS solution is the preservation of functionality, including searching, reporting, integration, customization, and other cloud application functionality required by the enterprise, even though the cloud application contains no sensitive data. Residency For Data Residency, the PerspecSys PRS solution is able to identify specific pieces of data, save them to a local database, and send randomly generated replacement values (tokens) to the Cloud application. The real data stays resident locally, governed by local statutes and operating under corporate policy. The

7 Cloud application operates with the replacement information. The key point is that there is no physical way that the real data can be derived from the token value. The PerspecSys PRS solution allows you to categorize cloud application data into four categories: 1. Tokens 2. Sortable Tokens 3. Encrypted Values 4. Clear Text Data, on a field-by-field basis, is protected by one of these obfuscation strategies. Users accessing the cloud application through the PerspecSys PRS solution can perform advanced searches (wildcards included) on the data, no matter how it was obfuscated. Security One optional component of the PerspecSys PRS solutions is the PerspecSys PRS Reverse Proxy Server. The PerspecSys PRS Reverse Proxy Server ensures that only authorized access to the cloud application occurs from the organization. When properly configured, the PerspecSys PRS Reverse Proxy Server creates a secure authentication link between your organization and the cloud. The PerspecSys PRS solution also extends the cloud application security model by making it finer grained. This includes, for example, restricting access to specific information based on the user s location. This ensures compliance with jurisdictional requirements, for example, Swiss bank laws where information should not leave a particular jurisdiction. The PerspecSys PRS solution can also extend access controls, such as Single Sign On (SSO), to be more flexible, especially in multijurisdictional implementations of the cloud application. Looking forward there is little doubt that cloud computing will play an increasingly important role for both public and private enterprises. Organizations that employ cloud platforms will benefit from the increased scalability, security, and portability of their cloud-based applications. Cloud applications will also help companies significantly reduce time-to-market, realize substantial cost-savings and react more quickly to changing market conditions. With these and other benefits, cloud computing is here to stay. If your organization really wants to leverage all the advantages that the cloud has to offer while addressing your privacy, residency, and security concerns, contact PerspecSys to find out how the PRS solution can work for you. Contact us today to learn more. P (905) E sales@perspecsys.com PerspecSys, the PerspecSys logo and the PerspecSys Information Server\PRS Server logo are trademarks or registered trademarks of PerspecSys Inc. in Canada, PerpecSys other countries Inc or both. All Other rights company reserved. images, product, and service names, may be trademarks or service marks of others. References in this publication to PerspecSys products or services do not imply that PerspecSys intends to make them available in all countries in which PerspecSys operates.