Secure and Compliant App Platform

The cloud-related announcement from the Office of the Polish Financial Supervision Authority (PFSA) obliges the supervised entities to follow practices that ensure an adequate level of security for services implemented in cloud environments. These include separating the environments, guaranteeing that data are stored in a specific geographic region, and encrypting them with a dedicated key.

Secure and Compliant App Platform (SaCAP) prepared by OChK experts is a complete runtime platform for applications that are subject to PFSA’s regulations. It was created based on experience in projects carried out for financial sector entities, in both technological and legal areas. SaCAP contains many properly adapted and configured components of Google Cloud. It is managed in an automated and repeatable manner, with full separation of environments ensured. Collected data are stored in the indicated region (in Poland or the EU) and encrypted with a dedicated key.

Secure and Compliant App Platform allows central management of the entire Google Cloud organization, taking into consideration any security and access control policies based on groups and roles. Within the organization, it is possible to create relevant spaces and environments in any number and on any scale. Each includes a properly configured and secured Kubernetes cluster, an automated implementation process in the GitOps model, and a set of ready-to-use tools for managing and monitoring of services. We currently offer SaCAP on Google Cloud, but at the client’s request we can adapt the product for Microsoft Azure.