Regulatory Compliant Cloud Computing: Rethinking web application architectures for the cloud
Unless your organization is unique, not all your data is sensitive. This raises the question: should scarce security resources be used to protect 100% of your data? The logical approach should be to build your IT infrastructure in a manner that optimizes your investments: protecting what matters while managing non-sensitive data with minimal controls. This session presents an architecture for building the next generation of web-applications. This architecture allows you to leverage emerging technologies such as cloud-computing, cloud-storage and enterprise key-management Infrastructure (EKMI) to derive benefits such as lower costs, faster time-to-market and immense scalability with smaller investments – while proving compliance to PCI-DSS, HIPAA/HITECH and similar data-security regulations. We call this Regulatory Compliant Cloud Computing, or RC3.
- by Arshad Noor , CTO of StrongAuth, Inc.
Arshad is the CTO of StrongAuth, Inc. a Silicon Valley company focusing on encryption and key-management. He is the architect and lead-developer of StrongKey, the industry's first open-source symmetric key-management system, of the CryptoEngine - an open-source library to encrypt files for public/private clouds and other FOSS tools. He has spoken at many conferences around the world on the subject of enterprise key-management.