Scaling and enhancing data protection for web application data in accordance with PCI DSS, HIPAA/HITECH, FEDRAMP standards

Authors

  • Михайло Олексійович Колпаков National Aviation University
  • Андрій Борисович Петренко National Aviation University

DOI:

https://doi.org/10.18372/2410-7840.20.13423

Keywords:

cloud storage, data scaling, encryption, Amazon S3, PCI DSS, HIPAA/HITECH, FEDRAMP

Abstract

The increase in the number of information web resources is due to the development of technologies for interaction with information, accessibility and ease of use for the consumer, opportunities for automating business processes, saving resources and time for providing services for entrepreneurs. In this paper, an integrated approach is considered regarding the implementation of the mechanisms for solving the above problems in accordance with the requirements of the standards of PCI DSS, HIPAA / HITECH, FEDRAMP. An effective approach for integrating the Amazon S3 cloud storage into web applications written in the Java programming language is proposed. The step-by-step guide to web services implementation will not only effectively scale and protect product data, but also significantly extend the functionality of the web application, use internal analytical tools to monitor user activity, generate reports based on aggregated statistics. The step-by-step guide for integration of web services will not only allow effectively to scale and protect product data, but also significantly expand the functionality of the web application, to use internal analytical tools for monitoring user activity, to generate reports based on collected statistics. The mathematical model of the AES encryption algorithm, implemented in the Amazon cloud environment, is considered to explain the feasibility and relevance of its use. A graph of comparing the speed of the most current encryption algorithms based on the data obtained by conducting research on measuring the amount of time spent on encryption at different data volumes was constructed. This approach will allow software products to meet the requirements of the EU and FISMA data protection directives, improve data scaling by accessibility zones and regions, and enhance data protection through internal Amazon mechanisms such as access control, auditing, network firewall, server-side encryption and the encryption key management infrastructure.

Author Biographies

Михайло Олексійович Колпаков, National Aviation University

student of computer information protection systems Training and Research Institute of Computer Information Technologies of the National Aviation University

Андрій Борисович Петренко, National Aviation University

Ph.D., associate professor, assistant professor of computer information protection systems Training and Research Institute of Computer Information Technologies of the National Aviation University

References

Інформаційно-навчальний портал програмування ЕASYСODE. [Електронний ресурс]. Режим доступу: http:// easy-code. com. ua/ 2011/ 01/ masshtabovanist- sistem-biznes-analitiki.

Payment Card Industry Security Standards глобальний форум для визначення стандартів безпеки в сфері електронних платежів. [Електронний ресурс]. Режим доступу: https://www.pcisecuritystandards.org.

K. Brian, Fox, Daniel M. Atchinson, The Politics Of The Health Insurance Portability And Accountability Act, Health Affairs, pp. 146-150.

Державний сайт з визначення стандартів безпеки для хмарних продуктів та сервісів FedRAMP. [Електронний ресурс]. Режим доступу: https://www.fedramp.gov.

Науковий журнал «Хакер». [Електронний ресурс]. Режим доступу: https://xakep.ru/2010/08/12/52949.

Статті компанії з розробки програмного забезпечення Oril. [Електронний ресурс]. Режим доступу: https://medium.com/oril.

Блог компанії Payonline. [Електронний ресурс]. Режим доступу: https://habr.com/company/payonline/ blog/130652.

Кібербезпека в охороні здоров’я [Електронний ресурс]. Режим доступу: https://www.trendmicro.com/ ru_ru/business/capabilities/solutions-for/healthcare. html.

Інформаційний портал в сфері масштабування та оптимізації інформаційних ресурсів [Електронний ресурс]. Режим доступу: https://ruhighload.com.

Комп’ютерна інженерія і кібербезпека: досягнення та інновації: матеріали Всеукр. наук.-практ. конф. здобувачів вищої освіти й молодих учених (м. Кропивницький, 27-29 листоп. 2018 р.), М-во освіти і науки України, Держ. наук. установа “Інститут модернізації змісту освіти”, Центральноукр. нац. техн. ун-т. Кропивницький: ЦНТУ, 2018, 448 с

Downloads

Published

2018-12-21

Issue

Vol. 20 No. 4 (2018)

Section

Articles

License

Authors who publish with this journal agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).