It’s amazing how much of the world has changed in just under a year. With everyone pivoting to remote learning and remote working, it’s more important now than ever to ensure IT security and compliance are taken care of and treated as a priority.
For the medical industry, this means HIPAA compliance.
It’s safe to say that it takes a disaster to truly understand the need for disaster recovery and business continuity. 9/11 had an important impact on this realization.
Before 9/11, there were several businesses that didn’t have a secondary data center in place, in fact, all IT equipment up until that point was all on-site.
Any company that did have a secondary data center in place was often located within minutes of it’s primary. This can be extremely problematic especially during a crisis.
There are also data breaches to consider as well. The first data breach was said to have compromised more than 1 million records. The event occurred in 2005 resulting in over 1 million credit card numbers and names being stolen from a major shoe retailer.
The introduction of the Patriot Act coupled with the financial crisis of 2008 set the bar for businesses to take compliance more seriously.
HIPAA was first signed into law all the way back in 1996 with HITRUST and SOC2 following suit several years later.
The demand for compliance in AWS has never been greater. The positive is that AWS holds these requirements at the highest level of priority. They have comprehensive documentation that covers in-depth how each of their services match up to the major compliance standards.
At AboutXtreme, we are partnered with some of the best experts when it comes to setting up compliant environments in AWS cloud.
AWS offers several services to help you maintain your compliance at all levels of your company IT.
AWS Security Documentation
If you need help completing a questionnaire to document your security and compliances, you can utilize these most frequently used resources:
AWS Artifact – Considered the go-to for compliance-related information, AWS Artifact provides on-demand access to compliance and security reports as well as online agreements. It is very useful because it provides the most detailed description of the implementation and operation effectiveness of AWS security controls.
CSA Consensus Assessments Initiative Questionnaire – This questionnaire covers what the CSA anticipates a cloud consumer or auditor would ask their provider.
AWS Risk and Compliance whitepaper – This document covers information specific to AWS in regards to general cloud computing compliance questions.
AWS Data Center Controls web page – This document is actually a web page that provides clients with some insight into the physical and environmental controls.
AWS Directory Service
Through this service, you can use the MS Active Directory in a variety of ways. They store information about users and groups along with devices that allow administrators to utilize them to manage access to important information plus resources. It also offers the same services for developers and finally, it provides a choice to customers who want to take advantage of LDAP.
AWS Resources and Security
AWS Identity & Access Management (IAM) – This service provides you with secure access to AWS services and resources. You can use it to create and manage users and groups plus deny or allow access to these resources.
AWS Resource Access Manager – This service allows you to manage, rotate, and retrieve secretive and restricted information. It complements AWS Secrets Manager which is a cloud single-sign-on or SSO service.
AWS Security Hub – Helps you detect and manage threats to security.
AWS Key Management Service (KMS) and AWS Cloud HSM – Both of these services are hardware-based key storage for regulatory compliance.
AWS Web Application Firewall (WAF) and AWS Firewall Manager – The AWS Web Application Firewall acts as the central management for all firewall rules. The AWS Firewall Manager provides data protection and key storage management.
AWS Certificate Manager – This service is pretty self-explanatory. It provides provision, management, and deployment of both public and private SSL/TLS certificates.
The above are just a few of the many services that AWS offers to ensure your business is HIPAA Compliant. At AboutXtreme, we help customers ensure they are utilizing all that AWS has to offer but strategically through our complimentary needs assessment. If you’d like to book a call with one of our AWS Specialists you can contact us at +1 815 603 5521.