Embed Size (px)
DESCRIPTION
RapidScale recognizes the need for compliance with the various laws and regulations across different industries. We have established our data encryption, protocols, and procedures to follow the top compliances and ensure that customer data remains secure and confidential.
Citation preview
Compliance in the Cloud
Meet the Next Generation Computer
#CloudConversation 1Compliance in the Cloud
#CloudConversation Compliance in the Cloud 2
Join the #CloudConversation
We will be live tweeting during today’s webinar, feel free to ask questions or let us know what you think!
@rapid_scale
#CloudConversation Compliance in the Cloud 3
RapidScale recognizes the need for compliance with various laws and regulations across different industries. We have established our data encryption, protocols, and procedures to follow the top compliances and ensure that our customer’s data is secure and confidential.
Compliance
Compliance
#CloudConversation Compliance in the Cloud 4
HIPAA
What it covers: Enacted in 1996, HIPAA is intended to improve the efficiency and effectiveness of the health care system. As such, it requires the adoption of national standards for electronic health care transactions and code sets, as well as unique health identifiers for providers, health insurance plans and employers.
Recognizing that electronic technology could erode the privacy of health information, the law also incorporates provisions for guarding the security and privacy of personal health information. It does this by enforcing national standards to protect:
- Individually identifiable health information, known as the Privacy Rule.- The confidentiality, integrity and availability of electronic protected health information, known as
the Security Rule.
Who is affected: Health care providers, health plans, health clearinghouses and "business associates," including people and organizations that perform claims processing, data analysis, quality assurance, billing, benefits management, etc.
Compliance
#CloudConversation Compliance in the Cloud 5
HIPAA
HIPAA Technical policies that RapidScale uses?
1. Unique User Identification 2. Emergency Access Procedure 3. Automatic Logoff 4. Encryption and Decryption
RapidScale also uses top of the line SSL encryption at 2048-bit and our software applications are hosted through Citrix XenApp using 256-bit AES encryption. This ensures that your secure data is never compromised.
Compliance
#CloudConversation Compliance in the Cloud 6
HIPAA Security Risks
RapidScale gives admin access to remotely wipe any device that is lost or stolen to eliminate the risk of data breech.
RapidScale implemented full credential-limited access to all data in the cloud. Plus, the virtual environment will log off within a set amount of time of inactivity.
In the event of a device loss, a user doesn’t loose that critical data, it’s stored in the cloud and is then accessible from their replacement device. As if nothing happened.
RapidScale has the best-of-breed infrastructure, security, firewalls, and more to eliminate the risk of information hacking.
Compliance
#CloudConversation Compliance in the Cloud 7
PCI
What it covers: The PCI DSS is a set of requirements for enhancing security of payment customer account data. It was developed by the founders of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa to help facilitate global adoption of consistent data security measures. PCI DSS includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.
Who is affected: Retailers, credit card companies, anyone handling credit card data.
Compliance
#CloudConversation Compliance in the Cloud 8
SOX
What Sarbanes-Oxley covers: Enacted in 2002, the Sarbanes-Oxley Act is designed to protect investors and the public by increasing the accuracy and reliability of corporate disclosures. It was enacted after the high-profile Enron and WorldCom financial scandals of the early 2000s. It is administered by the Securities and Exchange Commission, which publishes SOX rules and requirements defining audit requirements and the records businesses should store and for how long.
Who is affected: U.S. public company boards, management and public accounting firms.
#CloudConversation Compliance in the Cloud 9
91% said that their cloud
providers were making it easier for them to meet government compliance
requirements such as PCI, HIPAA, and FISMA
Compliance
75% Said that network
availability had improved
94% Of businesses reported
that they saw an improvement in security
after switching to the cloud
In a recent Microsoft survey:
Compliance
#CloudConversation Compliance in the Cloud 10
RapidScale & SSAE
We have 3 data centers across the United States
- Irvine, CA- Sterling, VA- Dallas, TX
All 3 are SSAE 16 compliant and are certified annually
Compliance
#CloudConversation Compliance in the Cloud 11
SSAE
What it covers: Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization, was finalized by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) in January 2010. SSAE 16 effectively replaces SAS 70 as the authoritative guidance for reporting on service organizations. SSAE 16 was formally issued in April 2010 and became effective on June 15, 2011.
Who is affected: Payroll Processing, Loan Servicing, Data Center/Co-Location/Network Monitoring Services, Software as a Service (SaaS), Medical Claims Processors
Compliance
#CloudConversation Compliance in the Cloud 12
Data Center Security
Keycard protocols, biometric scanning protocols and round-the-clock interior and exterior surveillance monitor access to every one of our data centers.
Only authorized data center personnel are granted access credentials to our data centers. No one else can enter the production area of the data center without prior clearance and an appropriate escort.
On-premises security guards, exterior security system, biometric system, including palm scanners and numerous security scanners with digital recorders. All cages secured and locked.
Colo hybrid customer only allowed with RapidScale employee.
Every data center employee undergoes multiple and thorough background security checks before they're hired.
Our network leverages Savvis now CenturyLink's global network IT infrastructure, which is one of the nation's largest carrier service infrastructures. Our data centers feature full redundancy and best-of-breed solutions from leading enterprise technology companies, including Cisco, Citrix, HP, Microsoft, NetApp, and VMware.
Compliance
#CloudConversation Compliance in the Cloud 13
Data Center Security
Power Distribution
Should a total utility power outage ever occur, all of our data centers' power systems are designed to run uninterrupted, with every server receiving conditioned UPS (Uninterruptible Power Supply) power.Our UPS power subsystem is N+1 redundant, with instantaneous failover if the primary UPS fails.If an extended utility power outage occurs, our routinely tested, on-site diesel generators can run indefinitely.
Only fully redundant, enterprise-class routing equipment is used in RapidScale data centers.Fiber carriers enter our data centers at disparate points to guard against service failure.We require that the networking and security teams working in our data centers be certified. We also require that they be thoroughly experienced in managing and monitoring enterprise-level networks.Our Certified Network Experts are trained to the highest industry standards.
Compliance
#CloudConversation Compliance in the Cloud 14
Infrastructure Security
Transport/Access: Cisco Routers & Firewalls with encryption- 256k
Infrastructure: IaaS Enterprise Virtual Firewall or customer-owned device
Storage: NetApp Encryption- all data encrypted in flight and at rest. All SANS have SED's (Self Encrypting
Drives)
CloudOffice: End-user password strength/resets
#CloudConversation Compliance in the Cloud 15
CloudCompliance
A Full-Scale Auditable System for the Compliance Dependent IndustriesRapidScale’s innovative Cloud Compliance tool is a user-friendly web based portal software solution which offers its clients an easy, affordable way to prove they are in compliance with the standards
and regulations of the industry they service.
#CloudConversation Compliance in the Cloud 16
CloudCompliance
#CloudConversation Compliance in the Cloud 17
CloudCompliance
Fully Customizable• Instead of being forced into our definition of what your business activities should be, we
give you the power to customize your processes in a manner that are appropriate for your enterprise. You can start your activities on-demand, by a set schedule, or initiate them by using an online survey form.
Enterprise Collaboration• Everyone in your organization will be able to leverage the task management capabilities in
Boost – and therefore will be able to collaborate in real time on the activities you perform on a daily basis.
Comprehensive Audit Trail• Each component of a completed task will be logged and accounted for. These logs can be
provided in a report for your review. By setting up activities consisting of work flow-enabled tasks to track completion and pass/fail with audit trails, RapidScale’s clients can provide auditors with timely reports generated from within the tool which will eliminate numerous
man hours typically required for audit preparation.
#CloudConversation Compliance in the Cloud 18
CloudCompliance – The Audit Trail
Contact Information
RapidScale100 Pacifica Suite 100
Irvine, CA 92618(949) 236-7007rapidscale.net
#CloudConversation Compliance in the Cloud 19
