Secure and Compliant App Platform
The cloud-related announcement from the Office of the Polish Financial Supervision Authority (PFSA) obliges the supervised entities to follow practices that ensure an adequate level of security for services implemented in cloud environments. These include separating the environments, guaranteeing that data are stored in a specific geographic region, and encrypting them with a dedicated key.
Secure and Compliant App Platform (SaCAP) prepared by OChK experts is a complete runtime platform for applications that are subject to PFSA’s regulations. It was created based on experience in projects carried out for financial sector entities, in both technological and legal areas. SaCAP contains many properly adapted and configured components of Google Cloud. It is managed in an automated and repeatable manner, with full separation of environments ensured. Collected data are stored in the indicated region (in Poland or the EU) and encrypted with a dedicated key.
Secure and Compliant App Platform allows central management of the entire Google Cloud organization, taking into consideration any security and access control policies based on groups and roles. Within the organization, it is possible to create relevant spaces and environments in any number and on any scale. Each includes a properly configured and secured Kubernetes cluster, an automated implementation process in the GitOps model, and a set of ready-to-use tools for managing and monitoring of services. We currently offer SaCAP on Google Cloud, but at the client’s request we can adapt the product for Microsoft Azure.
Benefits
The cloud environment architecture takes into account all guidelines from the regulating authority
Ease of implementation – an environment ready to launch
High level of security of transmitted, processed, and stored data
Data residency in the territory of Poland or the EU
Support from experts experienced in building secure cloud environments
Speed of setting up new environments – just a few minutes
Billing model
Fee for implementation (depending on its scale) and 20% of the cost of predicted consumption of public cloud resources.