RapidScale recognizes the need for compliance with the various laws and regulations across different industries. We have established our data encryption, protocols, and procedures to follow the top compliances and ensure that customer data remains secure and confidential.
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Compliance in the Cloud
1. Compliance in the Cloud
Meet the Next Generation Computer
#CloudConversation Compliance in the Cloud 1
2. Join the #CloudConversation
We will be live tweeting during today’s webinar, feel free
to ask questions or let us know what you think!
@rapid_scale
#CloudConversation Compliance in the Cloud 2
3. Compliance
RapidScale recognizes the need for
compliance with various laws and
regulations across different industries.
We have established our data
encryption, protocols, and procedures
to follow the top compliances and
ensure that our customer’s data is
secure and confidential.
#CloudConversation Compliance in the Cloud 3
4. Compliance
HIPAA
What it covers: Enacted in 1996, HIPAA is intended to improve the efficiency and
effectiveness of the health care system. As such, it requires the adoption of national
standards for electronic health care transactions and code sets, as well as unique
health identifiers for providers, health insurance plans and employers.
Recognizing that electronic technology could erode the privacy of health information,
the law also incorporates provisions for guarding the security and privacy of personal
health information. It does this by enforcing national standards to protect:
- Individually identifiable health information, known as the Privacy Rule.
- The confidentiality, integrity and availability of electronic protected health information, known as
the Security Rule.
Who is affected: Health care providers, health plans, health clearinghouses and "business associates,"
including people and organizations that perform claims processing, data analysis, quality assurance, billing,
benefits management, etc.
#CloudConversation Compliance in the Cloud 4
5. Compliance
HIPAA
HIPAA Technical policies that RapidScale uses?
1. Unique User Identification
2. Emergency Access Procedure
3. Automatic Logoff
4. Encryption and Decryption
RapidScale also uses top of the line SSL encryption at 2048-bit and our software applications are hosted
through Citrix XenApp using 256-bit AES encryption. This ensures that your secure data is never
compromised.
#CloudConversation Compliance in the Cloud 5
6. Compliance
HIPAA Security Risks
RapidScale gives admin access to remotely wipe any device that is lost or stolen to
eliminate the risk of data breech.
RapidScale implemented full credential-limited access to all data in the cloud. Plus, the
virtual environment will log off within a set amount of time of inactivity.
In the event of a device loss, a user doesn’t loose that critical data, it’s stored in the cloud
and is then accessible from their replacement device. As if nothing happened.
RapidScale has the best-of-breed infrastructure,
security, firewalls, and more to eliminate the risk of
information hacking.
#CloudConversation Compliance in the Cloud 6
7. Compliance
PCI
What it covers: The PCI DSS is a set of requirements for enhancing security of
payment customer account data. It was developed by the founders of the PCI
Security Standards Council, including American Express, Discover Financial
Services, JCB International, MasterCard Worldwide and Visa to help facilitate
global adoption of consistent data security measures. PCI DSS includes
requirements for security management, policies, procedures, network
architecture, software design and other critical protective measures.
Who is affected: Retailers, credit card companies, anyone handling credit card
data.
#CloudConversation Compliance in the Cloud 7
8. Compliance
SOX
What Sarbanes-Oxley covers: Enacted in 2002, the Sarbanes-Oxley Act is
designed to protect investors and the public by increasing the accuracy and
reliability of corporate disclosures. It was enacted after the high-profile Enron
and WorldCom financial scandals of the early 2000s. It is administered by the
Securities and Exchange Commission, which publishes SOX rules and
requirements defining audit requirements and the records businesses should
store and for how long.
Who is affected: U.S. public company boards, management and public
accounting firms.
#CloudConversation Compliance in the Cloud 8
9. Compliance
91%
said that their cloud
providers were making it
easier for them to meet
government compliance
requirements such as
PCI, HIPAA, and FISMA
75%
Said that network
availability had
improved
In a recent Microsoft survey:
94%
Of businesses reported
that they saw an
improvement in security
after switching to the
cloud
#CloudConversation Compliance in the Cloud 9
10. Compliance
RapidScale & SSAE
We have 3 data centers across the
United States
- Irvine, CA
- Sterling, VA
- Dallas, TX
All 3 are SSAE 16 compliant and are
certified annually
#CloudConversation Compliance in the Cloud 10
11. Compliance
SSAE
What it covers: Statement on Standards for Attestation Engagements (SSAE)
No. 16, Reporting on Controls at a Service Organization, was finalized by the
Auditing Standards Board of the American Institute of Certified Public
Accountants (AICPA) in January 2010. SSAE 16 effectively replaces SAS 70 as
the authoritative guidance for reporting on service organizations. SSAE 16 was
formally issued in April 2010 and became effective on June 15, 2011.
Who is affected: Payroll Processing, Loan Servicing, Data Center/Co-
Location/Network Monitoring Services, Software as a Service (SaaS), Medical
Claims Processors
#CloudConversation Compliance in the Cloud 11
12. Compliance
Data Center Security
Keycard protocols, biometric scanning protocols and round-the-clock interior and exterior surveillance
monitor access to every one of our data centers.
Only authorized data center personnel are granted access credentials to our data centers. No one else
can enter the production area of the data center without prior clearance and an appropriate escort.
On-premises security guards, exterior security system, biometric system, including palm scanners and
numerous security scanners with digital recorders. All cages secured and locked.
Colo hybrid customer only allowed with RapidScale employee.
Every data center employee undergoes multiple and thorough background security checks before they're
hired.
Our network leverages Savvis now CenturyLink's global network IT
infrastructure, which is one of the nation's largest carrier service
infrastructures. Our data centers feature full redundancy and best-of-breed
solutions from leading enterprise technology companies, including Cisco,
Citrix, HP, Microsoft, NetApp, and VMware.
#CloudConversation Compliance in the Cloud 12
13. Compliance
Data Center Security
Power Distribution
Should a total utility power outage ever occur, all of our data centers' power systems are designed to run
uninterrupted, with every server receiving conditioned UPS (Uninterruptible Power Supply) power.
Our UPS power subsystem is N+1 redundant, with instantaneous failover if the primary UPS fails.
If an extended utility power outage occurs, our routinely tested, on-site diesel generators can run
indefinitely.
Only fully redundant, enterprise-class routing equipment is used in RapidScale data centers.
Fiber carriers enter our data centers at disparate points to guard against service failure.
We require that the networking and security teams working in our data centers be certified. We also
require that they be thoroughly experienced in managing and monitoring enterprise-level networks.
Our Certified Network Experts are trained to the highest industry standards.
#CloudConversation Compliance in the Cloud 13
14. Compliance
Infrastructure Security
Transport/Access: Cisco Routers & Firewalls with encryption- 256k
Infrastructure: IaaS Enterprise Virtual Firewall or customer-owned device
Storage: NetApp Encryption- all data encrypted in flight and at rest. All SANS have SED's (Self Encrypting
Drives)
CloudOffice: End-user password strength/resets
#CloudConversation Compliance in the Cloud 14
15. CloudCompliance
A Full-Scale Auditable System for the Compliance Dependent Industries
RapidScale’s innovative Cloud Compliance tool is a user-friendly web based portal software solution
which offers its clients an easy, affordable way to prove they are in compliance with the standards
and regulations of the industry they service.
#CloudConversation Compliance in the Cloud 15
17. CloudCompliance
Fully Customizable
• Instead of being forced into our definition of what your business activities should be, we
give you the power to customize your processes in a manner that are appropriate for your
enterprise. You can start your activities on-demand, by a set schedule, or initiate them by
using an online survey form.
Enterprise Collaboration
• Everyone in your organization will be able to leverage the task management capabilities in
Boost – and therefore will be able to collaborate in real time on the activities you perform
on a daily basis.
Comprehensive Audit Trail
• Each component of a completed task will be logged and accounted for. These logs can be
provided in a report for your review. By setting up activities consisting of work flow-enabled
tasks to track completion and pass/fail with audit trails, RapidScale’s clients can provide
auditors with timely reports generated from within the tool which will eliminate numerous
man hours typically required for audit preparation.
#CloudConversation Compliance in the Cloud 17