Many cloud environments today are a constellation of managed services, enabling developers to deploy, manage and scale cloud infrastructure at will. While tremendously beneficial, securing this infrastructure has also now become the developer’s responsibility—completely changing how compliance is implemented, measured, monitored, and managed.
Developers often must reinvent the wheel of mapping compliance controls in totality to a new managed service. For example, when a digital health product stores, processes, or transmits protected health information (PHI), HIPAA how it should handle a multitude of security, privacy, and policy procedures, called “rules.” Demonstrating that a digital health product meets all those controls is how it becomes compliant. However, understanding where liabilities exist between the data center and a cloud service provider customer, and who is responsible for ensuring the protection of PHI at what point in time, is increasingly complex.
Cloud Compliance Management Can Help
The missing piece for managing compliance in the cloud is a continuous understanding of the precise configuration state of cloud environments. A cloud compliance management system (CCMS) can evaluate the implementation of managed services against critical compliance controls, check configuration states on a continual basis, and track those states in a historical data model across popular HIPAA-eligible cloud services.
Datica is introducing support for two of the most widely used managed services, Amazon Relational Database Service (RDS) and Amazon ElastiCache, in the latest release of its new product, Datica Monitor. With Datica Monitor, developers can plug in managed services and get real-time compliance configuration data, providing unparalleled visibility into the compliance state.
Databases are the basic architecture of any application—and simultaneously one of the most complicated to manage. Amazon RDS makes it simple to set up, operate, and scale a relational database in the cloud, while automating many time-consuming tasks such as hardware provisioning, database setup, backups, and more. This enables developers to focus on their application.
Amazon ElastiCache is the premier in-memory data store managed service offered by Amazon Web Services (AWS). It enables users to seamlessly deploy, run, and scale popular open source, such as Redis-compatible in-memory data stores, helping developers to build or improve the performance of data-intensive applications by retrieving data from high throughput and low latency in-memory data stores.
Once the decision has been made to use either Amazon RDS or Amazon ElastiCache in a healthcare application, the challenge of ensuring HIPAA compliance emerges. AWS provides security and monitoring tools that can be configured to comply with HIPAA; but these tools are not pre-configured for HIPAA. Datica Monitor will alert the user to exactly what they need to do to configure the service for HIPAA compliance, and continuously monitor it.
A simplified scenario is that a database containing PHI cannot be publicly available. If there are hundreds of instances of Amazon RDS running in an environment and even one is misconfigured to be publicly available, there are serious potential consequences such as a breach—along with all the associated cost implications, brand damage and more. However, with Datica Monitor continuously monitoring the environment, if that situation was to occur, an alert would be generated along with the prescriptive steps needed to remediate the issue.
We believe that Datica Monitor has the potential to reshape the way that organizations operate in the cloud. The secure implementation is up to the user so they can pick the tools they want to use. The system will then check to ensure it is compliant on a continual basis, giving them the peace of mind that everything is configured properly. As a result, Datica Monitor removes many existing barriers for healthcare developers and gives them the freedom and flexibility to adopt popular managed services, bringing consumer rate adoption to healthcare cloud environments.
Datica Monitor is live and available now. You can sign up here, or if you have questions you can reach out to us here. Keep an eye on Datica’s blog to learn about new and existing releases coming soon!