An enterprise providing a service to a client might have a computing system that stores and processes client-related data. The enterprise would typically implement well-known security measures such as authentication and authorization to prevent unauthorized parties from gaining access to the data. Some clients might require that their data receive a higher level of security than what the enterprise typically provides. Some government agencies, in particular, tend to demand that a stringent set of security policies be enforced on their data.
Among the security measures a government agency might require are encryption of data, computer-generated alphanumeric passwords that must be changed frequently, logging of all transactions that might impact the government agency data, and the isolation of government agency data from the data pertaining to other clients of the enterprise. One solution that has been employed to meet the data isolation requirement is the creation of a duplicate computing system that is completely separate, both physically and logically, from the computing system that is used to store and process other clients' data. Databases, applications, application servers, and other components of the enterprise's computing architecture are reproduced in a physically isolated computing system accessible only to the enterprise and the government agency. Physical separation such as this prevents another client from accessing government agency data via the enterprise's standard computing system. Isolation also allows the enforcement of the government agency's stricter security policies without the need for modifying the enterprise's standard security policies.
While the duplication of an existing computing system can provide the level of security a government agency might require, this is a highly inefficient and costly solution. The expense of purchasing and operating two systems to perform similar functions can negate the financial benefit that might be gained from providing services to the government agency.