In the cloud computing environment, resources are provided and managed by the cloud service provider. The users have no direct control over these third-party resources. Due to this third-party control, the users are always concerned about the safety and security of the data. The user’s concerns towards data privacy and security further increases if the data need to comply with regulatory acts such as HIPAA, GLBA, SAS70 and PCI-DSS. Compliance with these regulatory standards is highly challenging due to the diverse geographical locations of cloud data centers. Any leakage of sensitive information may cause huge penalties or even imprisonment to the cloud provider or the user. In order to enforce the regulatory requirement, a Virtual Appliances (VAPs)-based solution is proposed in the present work. The specific VAP can be executed by the service provider for identification, categorization, routing and storage of the information. The four-layered architecture is suggested for the VAPs, which include: (a) identification; (b) classification; (c) routing; and (d) storage layers. The implementation structure is presented using a framework model along with the algorithm.

Cloud computing is offering new computing paradigm for developed and developing countries. It is transforming the way computing infrastructure and services are maintained and offered. In the traditional method, users purchase as well as maintain the infrastructure themselves or with the help of third party. However, with the emergence of cloud computing, the users do not need to own and maintain the infrastructure; instead they have to subscribe to the services. Emerging cloud computing follows utility-based model for providing user-centric services over the Internet (Buyya et al., 2009).

Cloud computing is defined by a number of experts, but the broadly accepted definition is provided by the National Institute of Standards and Technology (NIST). This defines three services (Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a service (IaaS)); four cloud deployment models (private, public, hybrid and community cloud); and five essential attributes (on demand self-service, elasticity, metered services, broader network access and resource pooling) (Mell and Grance, 2009). The key advantage to the user comes in terms of no upfront cost and the user pays for only what has been utilized. Users have the flexibility to increase or decrease the resources as per their requirement with minimal or no intervention from the service provider.

Cloud computing is very useful in scenarios where load increases suddenly and reaches to normalcy after some time. To provide the scalability and optimum utilization of resources, cloud computing uses virtualization technology. Virtualization allows sharing of resources and increases the resource utilization up to 60-80%. This technology follows the Virtual Machine (VM) concept, which was originally introduced by IBM in 1960 (Nanda and CkerChiueh, 2005). It remained in dormant stage for a long period and reemerged in the nineties because of the better processing speed, huge memory and high capacity of storage devices (Cafaro and Aloisio, 2010). A computing machine may have a number of virtual machines and each virtual machine is managed by an intermediate software known as Virtual Machine Manager (VMM). A number of VMM are existing that includes VMware (http:// www.vmware.com/), Denali (www.denali.com), Xen (http://xen.org/), Parallels and Plex86 (http://www.plex86.org).

Information Technology Journal, Regulatory compliance, Virtualization, Cloud standards, VAPs, Cloud security.