Following the recent release of complete cloud compliance management for Amazon Relational Database Service (RDS) and Amazon ElastiCache, Datica is proud to announce support for Amazon Simple Storage Service (Amazon S3) and Amazon Elastic Compute Cloud (Amazon EC2) in the latest release of its Datica Monitor product.
As explored in our previous blog post, most modern cloud environments are a constellation of managed services, enabling developers to deploy, manage, and scale cloud infrastructure at will. Amazon S3 and EC2 are two of the most well-established and widely deployed managed services today.
EC2 provides secure, resizable compute capacity. It is the preeminent general compute service and is commonly deployed in combination with other managed services, as it essentially acts as an engine to power them. For example, developers commonly use Amazon EC2 to get an application or web server online very quickly. EC2 enables users to obtain and configure capacity with minimal effort, as well as to rapidly scale capacity up or down as computing requirements vary, making web-scale cloud computing easier for developers.
Amazon S3 provides a secure, scalable object storage infrastructure. It enables any amount of data to be protected, stored, and retrieved from anywhere, for a wide range of use cases including big data analytics, enterprise applications, mobile applications, backup and recovery, archival, and more.
As the healthcare industry continues to increasingly adopt the cloud, patient data—specifically protected health information (PHI)—is more important than ever to help power the new wave of applications that will enable healthcare organizations to refine care delivery, improve health outcomes, realize new solutions for treatment, and much more. Along with this influx of new and critical data comes a substantial obligation to safeguard that information, while planning for improved accessibility, scalability, and performance within already tight budgets.
This is an example of where a managed service such as Amazon S3 is a natural fit. As the industry standard for object storage, Amazon S3 is commonly used in healthcare applications to store extremely sensitive PHI object files such as telemedicine videos, radiology images and MRIs, doctor’s audio files, and much more. When any digital health product stores, processes, or transmits PHI, regulations such as HIPAA dictate how it should handle security, privacy, and policy procedures. A digital health product becomes compliant when it can successfully demonstrate that all those controls have been met. However, understanding where liabilities exist, and who is responsible for ensuring the protection of PHI at what point in time, is complex. It is increasingly the developer’s responsibility—completely changing how compliance is implemented, measured, monitored, and managed.
Managing compliance requires a continuous understanding of the precise configuration state of cloud environments. Datica Monitor can help. The Datica Monitor cloud compliance management system evaluates the implementation of managed services against critical compliance controls, checking configuration states on a continual basis and tracking those states in a historical data model across the most widely-used HIPAA-eligible cloud services—including Amazon RDS, Amazon Elasticache, Amazon S3, and Amazon EC2. Until now, the only option for solving this was services—throwing IT teams at it, which is difficult to scale.
With Datica Monitor, developers can now plug in popular managed services and get real-time compliance configuration data, providing unparalleled visibility into the compliance state. Datica Monitor provides continuous monitoring, attestation tools, risk and incident details, remediation guidance, and historical reporting. For example, the tool runs eight checks for Amazon S3 that span 41 different compliance requirements. For Amazon EC2, it runs nine checks that span 29 different compliance requirements.
A unique new feature included in the latest release of Datica Monitor is inline remediation documentation. When an issue or check failure is present, e.g. Amazon S3 encryption is not on, the remediation documentation that is external in competitive solutions is included directly inline within the Monitor console. This prescriptive approach ensures that failures/issues are reported as well as the information needed to remedy the error.
As a result, Datica Monitor will remove many of the existing barriers for healthcare developers and gives them the freedom and flexibility to use popular managed services—reshaping the way organizations operate in the cloud.
Datica Monitor is live and available now - click here to learn more. Keep an eye on Datica’s blog to learn about more new releases coming soon!