This repository hosts key components and procedures from my Cloud Security projects, which include a HIPAA-compliant application deployed on Google Cloud Platform (GCP) and a PCI-DSS-compliant application deployed on Microsoft Azure. The repository serves as a reference for the work I have done and is intended for recruiters, colleagues, and anyone interested in understanding the technical implementation of these compliance-focused projects.

• Objective: Ensure compliance with HIPAA standards for protecting healthcare data.
• Architecture: Deployed using a 3-tier architecture.
• Key Components:
  • Frontend and Backend Subnets: Separated into different Virtual Private Clouds (VPCs) to enhance security.
  • Database: Managed MySQL instance with VPC peering to ensure secure data flow.
  • Security: Firewalls, secure access, and data encryption to protect sensitive information.

• Objective: Ensure compliance with PCI-DSS standards to secure payment information.
• Architecture: Multi-layered setup with stringent security measures.
• Key Components:
  • Networking: Virtual Networks (VNets) with subnet isolation for critical components.
  • Security: Network Security Groups (NSGs), encryption, and Identity and Access Management (IAM) policies to secure data and control access.

• Automated Infrastructure Deployment: Bash scripts for provisioning Virtual Machines (VMs) in both GCP and Azure environments.
• Compliance-Driven Configurations: Secure configurations tailored to meet compliance requirements, focusing on data protection, encryption, and secure access controls.

• 1. Physical safeguards for ePHI
• 2. Technical safeguards for ePHI
• 3. Administrative safeguards for ePHI

CapstoneProject
│
├── HIPAA-GCP
│   ├── provisioning-scripts
│   │   ├── hms_frontend_setup.sh      # Bootstrapping Script frontend application VM on GCP
│   │   └── hms_backend_setup.sh       # Bootstrapping Script backend application VM on GCP
│   ├── hms-frontend                   # Source code of the deployed healthcare application(frontend)
│   ├── hms-backend                    # Source code of the deployed healthcare application(backend)
│   └── HIPAA.png                      # Schematic diagram of the HIPAA project structure
│
├── PCI-DSS-Azure
│   ├── provisioning-scripts
│   │   ├── frontend_setup.sh          # Bootstrapping Script backend application VM on Azure
│   │   ├── backend_setup.sh           # Bootstrapping Script frontend application VM on Azure
│   │   └── database_setup.sh          # Bootstrapping Script database VM on Azure
│   ├── bank-frontend                  # Source code of the deployed payment application(frontend)
│   ├── bank-backend                   # Source code of the deployed payment application(backend)
│   ├── PCI-DSS-Azure.png              # Schematic diagram of the PCI-DSS project structure
│   ├── mysql_secure_installation.cnf
│   └── Subnet-specific-compute-security-admin.json
│
└── README.md                           # General documentation for the repository

1. Provisioning Scripts: Located in the provisioning-scripts folder under each project directory, these Bash scripts automate the setup of virtual machines and security configurations.
2. Application Source Code: Available under the app/src directories, providing the actual codebase of the deployed applications.

• Create VPCs
  • Add necessary subnets
• Provision virtual machines:
  • ssh into virtual machine instance
• Create deployment script file
  • nano script_name.sh
  • Copy and paste corresponding script from well named folders and save
  • Make script executable and run the script
• Edit configuration files
• Start the application

• Sensitive Information: Ensure to replace any sensitive data or keys in the scripts with appropriate placeholders before use.
• Compliance: Configurations are tailored to meet specific compliance requirements; review and adapt according to your specific needs.

Feel free to reach out if you have any questions or need further clarification about these projects.

• Name: Jeremiah Onwoh
• Email: [email protected], [email protected]
• LinkedIn: My LinkedIn Profile

Disclaimer: The configurations and scripts provided in this repository are meant for educational and reference purposes. Ensure you review and modify them to fit your specific compliance and security needs before deploying in a production environment.