Scott Ward (AWS), Frank Macreery (Aptible), Kent Safranski (TelePharm), and Caleb Boyd (TelePharm) discuss how to build compliant applications and architectures on top of AWS and Aptible.
Type II report published every six months SOC 2 Security and Availability report every six months ISO 27001 Certification ISO 9001 Certification + Many more Certified PCI DSS 3.0 Level 1 Service Provider FedRAMP Certification HIPAA BAAs DoD CSM Levels 1-2, 3-5 GxP ISO 13485 AS9100 ISO/TS 16949
privacy of Protected Health Information (PHI). PHI covers a wide set of personally identifiable health and health related data. HIPAA on AWS means that you are protecting all the PHI data and that you are only using AWS services which are covered by the BAA allowing you to protect PHI information.
responsible for their security configuration IN the Cloud Security is shared between AWS and customers AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Encryption Key Management Client and Server Encryption Network Traffic Protection Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customer content Customers
and at rest Customers must use EC2 Dedicated Instances for instances processing, storing, or transmitting ePHI Customers must record and retain activity related to use of and access to ePHI
controls at bucket and object level Restrict access and rights Versioning S3 Cryptographic Features HTTPS for in transit data S3 Server Side Encryption S3 Client Side Encryption MD5 Checksums to verify file integrity Amazon Elastic Block Store (EBS) Implement AWS managed encryption Implement your own encryption AWS Partner solutions to help with encryption management and implementation EBS
instance Your instance You choose and control your image AWS Catalog Your own Marketplace Community You determine network placement VPC Subnet Security Groups Public IP address You configure your instance Harden operating system Host based firewall Control admin/user access Logging Configure instance
On a growing set of services around the world… AWS CloudTrail is continuously recording API calls… And delivering log files to you Redshift AWS CloudFormation AWS Elastic Beanstalk
encryption on blob storage Managed encryption on (maybe) persistent cache storage • All solved with platform and infrastructure provided by AWS and Aptible.