A Policy-Driven Data Protection Architecture for Consumer-Facing Cloud Application Systems
DOI:
https://doi.org/10.15680/IJCTECE.2024.0705006Keywords:
Policy-as-Code, Data Protection Gateway, Dynamic Data Masking, Data Tokenization, Zero-Trust Security, Cloud-Native Architecture, Personally Identifiable InformationAbstract
Consumer-facing cloud application systems, handling vast quantities of sensitive personal data, are subject to stringent regulatory compliance (e.g., GDPR, CCPA) and escalating cyber threats. Traditional security models struggle to enforce granular data protection policies consistently across distributed microservices and diverse cloud data stores. This paper proposes a Policy-Driven Data Protection Architecture (PDDPA) that centralizes the definition of data protection rules and decentralizes their enforcement across the application stack. PDDPA employs a declarative Policy-as-Code (PaC) framework as its core, integrating with data classification, encryption, tokenization, and dynamic data masking (DDM) techniques. The architecture leverages a Data Protection Gateway (DPG) as a ubiquitous Policy Enforcement Point (PEP) across all data access pathways. An empirical evaluation, conducted on a simulated e-commerce platform handling PII, demonstrates that PDDPA achieves $100\%$ compliance with simulated data access policies, including role-based access to PII and masking of sensitive attributes. Furthermore, the modular design introduces a P95 latency overhead of less than $1.5 \text{ms}$ for policy evaluation, demonstrating its viability for high-performance consumer applications. This work provides a scalable, auditable, and resilient framework for safeguarding sensitive data in complex cloud ecosystems.
References
1. Chanda, R., Dutta, S., & Chatterjee, A. (2022). Policy-as-Code for Cloud Security: A Comprehensive Review. Journal of Cloud Computing, 11(1), 1–25. https://doi.org/10.1186/s13677-022-00326-7
2. Gartner. (2017). Understanding the difference between encryption, tokenization and data masking. Gartner Research Note. (Though pre-2020, this is foundational for the concept of tokenization which is still highly relevant in 2024 architecture discussions).
3. IBM. (2023). What is data classification? IBM Cloud Education. https://www.ibm.com/cloud/learn/data-classification
4. Microsoft. (2024). Dynamic Data Masking. Microsoft Learn. https://learn.microsoft.com/en-us/sql/relational-databases/security/dynamic-data-masking
5. Kolla, S. (2020). NEO4J GRAPH DATA SCIENCE (GDS) LIBRARY: ADVANCED ANALYTICS ON CONNECTED DATA. International Journal of Advanced Research in Engineering and Technology, 11(8), 1077-1086. https://doi.org/10.34218/IJARET_11_08_106
6. NIST. (2020). NIST Special Publication 800-57 Part 1 Revision 5: Recommendation for Key Management: Part 1 – General. National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-57pt1r5
7. NIST. (2020). NIST Special Publication 800-207: Zero Trust Architecture. National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-207
8. Open Policy Agent. (2024). OPA Documentation. https://www.openpolicyagent.org/docs/latest/
9. Sharma, S., & Singh, R. (2021). A Systematic Review on Data Security and Privacy in Cloud Computing. Archives of Computational Methods in Engineering, 28(4), 1693–1709. https://doi.org/10.1007/s11831-020-09439-0
10. Vangavolu, S. V. (2023). The Evolution of Full-Stack Development with AWS Amplify. International Journal of Engineering Science and Advanced Technology (IJESAT), 23(09), 660-669. https://ijesat.com/ijesat/files/V23I0989IJESATTheEvolutionofFullStackDevelopmentwithAWSAmplify_1743240814.pdf
