Securing Sensitive Data

Capacity Private Cloud software is used in a wide variety of applications, including those that process patient information, banking data, and other sensitive personal data. The platform includes a number of security features to help protect this information.

Compliance Frameworks

Several widely adopted specifications provide guidance on data security:

These frameworks, along with close cooperation with customers, continue to be the main drivers when implementing security features in the platform.

Developer Responsibility

When developing any application — not just those using Capacity Private Cloud — it is important to be aware of potentially sensitive data such as credit card information. This is particularly important when working toward PCI or HIPAA compliance.

The platform is used in applications ranging from simple demonstrations to integrated banking systems, and sensitive data may pass through the software during processing. The software cannot determine whether any given data should be considered sensitive, so application developers have a responsibility to understand the risks, assess whether data being processed could be sensitive, and take measures to limit its exposure.

Developers can use built-in platform features to help control this exposure when needed.

PCI/HIPAA Best Practice Recommendations

The PCI/HIPAA Best Practice Recommendations guide is aimed at helping application developers and IT managers protect and secure sensitive data. It identifies areas of the platform that might be exposed to sensitive data and describes which features can be used to mitigate the risks. The guide also covers PCI DSS, GDPR, and HIPAA compliance as it relates to the platform.

Download PCI-HIPAA-Recommendations.pdf (0.6 MB) — Best practice recommendations for on-premises and client-hosted installations.

Was this article helpful?