American data center operator OnRamp has launched a virtual private cloud service built on open source technologies and fully certified with the HITRUST framework.

HITRUST is a cyber security framework developed by the Health Information Trust Alliance primarily for the needs of the healthcare industry. It includes a prescriptive set of 13 categories of controls that ensure that a service provider is able to protect confidential data and critical assets.

OnRamp is one of the first cloud vendors to achieve HITRUST compliance for an environment based on OpenStack.

“The need to show our customers and prospective customers that we are serious about compliance and security intersected with the need we are hearing from the customer base, and the market in general, that they really want something that looks like public cloud in terms of ease of use, self-provisioning, APIs, and utility-based billing,” OnRamp’s VP of product, Toby Owen, told DCD.

“Our market is definitely not public cloud, though, we really specialize in private cloud. So we were looking for something that could emulate those characteristics of a public cloud but really address the needs of industries with sensitive data.”

Building trust

OnRamp VPC
– OnRamp

OnRamp is a cloud, hosting and colocation provider headquartered in Austin, Texas, that originally started as an ISP. The company operates two data centers in Austin and one in Raleigh, North Carolina.

OnRamp built its business around data security and compliance: its facilities meet a wide variety of compliance standards like HIPAA, PCI, SOX, FISMA and FERPA. According to Owen, around two thirds of the company’s new customers come from highly regulated industries like healthcare, finance or education.

OpenStack is the world’s most widely deployed open source infrastructure software, but it is still a rare sight in regulated industries. OnRamp’s HITRUST-certified virtual private cloud could be seen as a sign that the platform is maturing in line with expectations.

The company says the service enables customers to escape vendor lock-in through open-source APIs, while using volume encryption and maintaining security settings for the entire environment with a dynamic policy engine.

“In a landscape of growing threats and increasing fines for non-compliance, it’s exciting to see OnRamp extend OpenStack’s use to meet healthcare security and compliance needs,” said Mark Collier, COO of the OpenStack Foundation.

“One of our themes at the 2017 OpenStack Summit in Boston was the triad of cost, compliance, and capability. OnRamp’s VPC is a great example of how the community is moving OpenStack software into use cases that highlight those three Cs.”