Security, compliance, and agile deployment of personal identifiable information solutions on a public cloud

Abstract

A public cloud platform offers economy of scale, ease of management, and elasticity to solutions. In addition, regulatory compliance and security must be assured for solutions handling sensitive data, such as student and healthcare data. With the steep rise in data breaches at large enterprises, it is a requirement to emphasize the security, privacy, and compliance of cloud-delivered solutions that hold personally identifiable information (PII). An example of a solution in need of such assurances is an education and learning-related analytics service that handles confidential student data on a public cloud platform. In this paper, we propose an approach for managing the security and privacy of an education and learning-analytics solution on a public cloud platform while assuring compliance with the Family Educational Rights and Privacy Act (FERPA). We also propose a new agile deployment approach that is both rapid and automatic. A prototype of a learning-analytics solution was implemented on a SoftLayer public cloud, and the new deployment method was evaluated in comparison with existing methods.