Perspec sys knowledge_series__solving_privacy_residency_and_security


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Perspec sys knowledge_series__solving_privacy_residency_and_security

  1. 1. THE PERSPECSYS KNOWLEDGE SERIES Solving Privacy, Residency and Security in the Cloud PerpecSys Inc. ©2012. All rights reserved.
  2. 2. Data Compliance and the EnterpriseCloud Computing is generating an incredible amount of excitement and interest from companies ofevery size, across every business category. It is the most transformative technology in decades andheralds an evolution in computing that has virtually every analyst group declaring that Cloud Computingis the new computing paradigm. In response to concerns about information access and usage, by bothpublic and private corporations, Cloud Computing has spawned an entirely new body of law, generatednew policies, created new standards, and raised new concerns.Whether government imposed regulations within a given jurisdiction like the Patriot Act, PIPEDA, or theEU Data Protection Directive, or industry-specific regulations such as Payment Card Industry (PCI) forretailers, HIPAA for healthcare information, or Sarbanes Oxley for enterprises, organizations mustadhere to an ever-changing set of standards, laws, and guidelines in order to safeguard their company’sprivate and business sensitive data and still comply with the law.So how can public and private sector companies leverage the enumerable and quantifiable benefits ofthe cloud, while maintaining total control over their corporation’s private and business sensitive data?Enter the CloudAt the most basic level, the procurement of a cloud service is like any other purchase, firms must assessthe operational risk and compliance implications as they do with any other application or service.Exposures that may be associated with a cloud service and which warrant particular attention include:  Data privacy, restrictions on access to data (whether by the organization, industry, or government regulators)  Data residency, where the data resides  Compliance with privacy regulations across the geographies in which the service is being employedIt is time to address the cloud’s opportunities with respect to its challenges. More specifically, thechallenges the cloud represents in terms of privacy, residency and security.The PerspecSys PRS solution is the only proven commercial solution that allows companies to run theirbusiness applications in the cloud and store their private and business-sensitive data behind theircorporate firewall. The PerspecSys PRS solution is designed to assist those organizations that want toleverage cloud computing, but are constrained by compliance, regulatory, political, or policyrequirements.PerpecSys Inc. ©2012. All rights reserved.
  3. 3. Cloud Adoption ChallengesOrganizations want to maintain controlover their data for business, political, Privacypolicy, legislative, competitive, andtechnical compliance reasons. In many cases, in order to comply with specific privacy requirements, business-sensitive information must beWhile primarily driven by regulatory managed more stringently than non-sensitive data. As arequirements with respect to data result, some cloud adoption strategies involve keepingcontrol, companies are also concerned sensitive information within the enterprise (i.e. out ofabout cloud application’s ability to be the cloud), and non-sensitive information can be storedmission critical. The PerspecSys PRS in the cloud.solution enables enterprise adoption byextending the cloud application’sPrivacy, Residency, and Securitycapabilities, providing support fordisaster recovery planning, backup and Residencyrecovery, access control, business Where is the data? Who has access to it? Who controlscontinuity, and other characteristics it? Who manages it? What laws and jurisdiction governthat define an application as mission it? In the current state of cloud computing law, keepingcritical. The PRS solution can also data behind the corporate firewall is the only strategyaddress cloud adoption fears about that can be said to guarantee which jurisdiction willvendor lock-in, meeting service-level govern it. Keeping private and sensitive data in theagreements, losing control of underlying cloud exposes it to multiple jurisdictions for many yearsinfrastructure, having the ability to to come.selectively interoperate with multipleclouds, and integrate with current in-house applications.Information Privacy andSecurity Security Since the organization is liable and culpable for anyMost jurisdictions around the globe and all data breaches, which can result in veryhave adopted some form of information significant penalties, data security and risk analysis hasprivacy regulations. Indeed, these been a part of any systems operations complianceregulations vary from location to policy for decades. Cloud computing requires anlocation, making it very difficult to additional layer of security and engenders andetermine which location has additional layer of risk. Who can access your data?jurisdiction over your data. High-end How can they access it? How do you maintain controltheft of corporate information for the over your business sensitive data?purposes of identity theft haveengendered regulatory compliancePerpecSys Inc. ©2012. All rights reserved.
  4. 4. requirements forcing organizations to manage ’private or personal’ information in a much more securemanner, or face the legal consequences. Most prevalent in the financial services, health care, and publicsectors, organizations must adopt stringent business processes and procedures for the management ofprivate and business sensitive information.Data ResidencyGoing beyond information privacy and security, many jurisdictions have enacted specific legislationregarding the location and handling of specific pieces of information. For example:  Many financial services institutions are required to have personal information (PI) always locally resident.  Compliance requirements prohibit certain forms of information from leaving the jurisdiction altogether.  Information cannot leave the enterprise or even the department, because information in transit is subject to the laws of multiple jurisdictions.  Companies entrusted with healthcare, some public sector, and/or PI data are often required by law to store and manage data locally, and guarantee that no foreign national has access to the data.  Laws governing data residency and privacy apply to all the operations on the data, including data backup, which often must be conducted within the enterprise, or at a minimum, within the governing jurisdiction or boundaries defined by the specific statute. In many instances, cloud vendors store data in one geography, but back up the data in another geography, breaking jurisdictional compliance requirements.With these data compliance requirements, Cloud adoption is often constrained, with someorganizations opting to only use a limited subset of the functionality, while others forgo usage of cloud-based applications altogether.The PerspecSys PRS SolutionThe PerspecSys PRS solution is comprised of a series of software components that can be deployed withflexible configuration options to meet a wide range of requirements.PerspecSys PRS ServerThe core of any PerspecSys PRS solution is the PerspecSys PRS Server. The PerspecSys PRS Serverprovides the main privacy, residency, and security data management services. No programming isrequired—the server is graphically installed and configured, designed to be run with very littlemanagement support. Cloud application-specific requirements are supported by installing andconfiguring application-specific adaptors.PerpecSys Inc. ©2012. All rights reserved.
  5. 5. PerspecSys PRS Reverse Proxy ServerThe PerspecSys PRS Reverse Proxy Server allows organizations with sophisticated internet accessrequirements to employ reverse proxy and proxy chain strategies for cloud application access.The PerspecSys PRS Reverse Proxy Server allows cloud application customers to further secure theircloud application access by mitigating risks normally associated with cloud security, including phishingattacks, unauthorized external access, and denial of service attacks.The PerspecSys PRS Reverse Proxy Server complements cloud application access and securityconfigurations to ensure that only authorized users can access the cloud application from the enterprise.When coupled with the PerspecSys PRS Server, the PerspecSys PRS Reverse Proxy Server adds apowerful dimension to the security aspects of cloud data compliance.PerspecSys PRS MTA ServerThe PerspecSys PRS MTA Server is a Mail Transfer Agent that works in conjunction with a cloudapplication’s email services. Cloud applications may allow users to directly email customers and contactsfrom within the application, using standard templates, marketing campaign services, and other email-related functionality. However, if the email address and associated contact information is consideredsensitive, this functionality typically cannot be used if the sensitive contact information is not in thecloud application.The PerspecSys PRS MTA Server allows the cloud application to leverage PRS services from thePerspecSys PRS Server, thereby restoring the real email address and other sensitive information withinthe email, and then forwarding the email on to the corporate email server for delivery, while notexposing the sensitive email information to the cloud application.The PRS MTA Server has the added benefit of ensuring that email from your organization is routedthrough your own mail servers, leveraging the existing investment in corporate email security, handlingpolices, and support systems such as spam filtering and virus detection.PerpecSys Inc. ©2012. All rights reserved.
  6. 6. The PerspecSys PRS Solution at WorkPrivacySitting between the enterprise desktop browser and company’s firewall, the PerspecSys PRS solutionseamlessly intercepts the conversations between users and the cloud applications, replacing businesssensitive data with replacement data in the cloud application. As defined by the organization,information that cannot, or should not, leave the enterprise or jurisdiction remains in a database behindthe organization’s firewall, while cloud application users experience virtually all of the functionality ofthe cloud application, regardless of where the data resides.The PerspecSys PRS solution is also capable of "encryption on the fly". Instead of storing and managingthe information locally, information is encrypted before it is sent to the Cloud application, anddecrypted on the return. The cloud application data itself, if accessed directly, would appear only as anencrypted list of values. In this way, if the PerspecSys PRS solution or the Cloud application is evercompromised, the attacker would not be able to piece together any usable information as it is not in anyusable format.The key value of the PerspecSys PRS solution is the preservation of functionality, including searching,reporting, integration, customization, and other cloud application functionality required by theenterprise, even though the cloud application contains no sensitive data.ResidencyFor Data Residency, the PerspecSys PRS solution is able to identify specific pieces of data, save them to alocal database, and send randomly generated replacement values (tokens) to the Cloud application. Thereal data stays resident locally, governed by local statutes and operating under corporate policy. ThePerpecSys Inc. ©2012. All rights reserved.
  7. 7. Cloud application operates with the replacement information. The key point is that there is no physical way that the real data can be derived from the token value. The PerspecSys PRS solution allows you to categorize cloud application data into four categories: 1. Tokens 2. Sortable Tokens 3. Encrypted Values 4. Clear Text Data, on a field-by-field basis, is protected by one of these obfuscation strategies. Users accessing the cloud application through the PerspecSys PRS solution can perform advanced searches (wildcards included) on the data, no matter how it was obfuscated. Security One optional component of the PerspecSys PRS solutions is the PerspecSys PRS Reverse Proxy Server. The PerspecSys PRS Reverse Proxy Server ensures that only authorized access to the cloud application occurs from the organization. When properly configured, the PerspecSys PRS Reverse Proxy Server creates a secure authentication link between your organization and the cloud. The PerspecSys PRS solution also extends the cloud application security model by making it finer grained. This includes, for example, restricting access to specific information based on the user’s Looking forward there is little doubt that cloud computing location. This ensures compliance with will play an increasingly important role for both public and jurisdictional requirements, for private enterprises. Organizations that employ cloud example, Swiss bank laws where platforms will benefit from the increased scalability, information should not leave a security, and portability of their cloud-based applications. particular jurisdiction. The PerspecSys Cloud applications will also help companies significantly PRS solution can also extend access reduce time-to-market, realize substantial cost-savings and controls, such as Single Sign On (SSO), react more quickly to changing market conditions. With to be more flexible, especially in multi- these and other benefits, cloud computing is here to stay. jurisdictional implementations of the If your organization really wants to leverage all the cloud application. advantages that the cloud has to offer while addressing your privacy, residency, and security concerns, contact PerspecSys to find out how the PRS solution can work for you. Contact us today to learn more. P (905) 857-0411 E sales@perspecsys.comPerspecSys, the PerspecSys logo and the PerspecSys Information ServerPRS Server™ logo are trademarks or registered trademarks of PerspecSys Canada, other countries or both. All rights reserved. product, and service names, may be trademarks or service marks of others. References in this PerpecSys Inc. ©2012. Other company images,publication to PerspecSys products or services do not imply that PerspecSys intends to make them available in all countries in which PerspecSysoperates.