Automated Safeguards on the Google Cloud Platform

by Matt Ferrari
Co-founder and Former CTO

We recently announced our new partnership with Google Cloud Platform  and just as we have for our other public clouds, we are providing Automated Safeguards.  In this case, we’re starting with Google Compute Engine and will expand into other areas of Google over the next two quarters. Here are the Automated Safeguards we’re offering now as it relates to Google Cloud Platform (GCP) features:

1. ClearDATA Hardened Images

For images, we are offing an Automated Safeguard called ClearDATA Hardened Images. Our hardened images are the foundation upon which our customers’ applications are built. Because these are secured to CIS standards, customers deploying their applications on these images on GCP can be sure that they are building their application in an environment well-suited for handling sensitive data and PHI.

Your benefits as a ClearDATA GCP customer:

  • Access to CIS-hardened images from common Windows and Linux systems
  • Images are regularly updated with the most recent security updates for quick deployment
  • Images are refreshed after major CIS updates

2. Data Backups

For the GCP feature Persistent Disk Backups, we offer the Automated Safeguard called Data Backups. You’ll find this as the same name in view of the ClearDATA Compliance Dashboard (pictured) where you can continually monitor your compliance posture. All GCP Persistent Disks are automatically enrolled into a backup schedule when deployed via the GCP console or API. Persistent Disks are backed up daily using snapshots and retained for 30 days by default, but can be extended. Customers needing to restore data from a snapshot may do so themselves via the GCP console or may contact their ClearDATA entourage support team for assistance. This helps comply with §164.308(a)(7)(ii)(A) and §164.312(c)(1).

Your benefits as a ClearDATA GCP customer:

  • Your virtual machines are backed up daily
  • Meets HIPAA and HiTRUST requirements for data protection
  • You can view success and failure trends in the Compliance Dashboard
  • Protects your environment from data loss

3. Automated Log Archiving

You can see your status for Log Backup in the Compliance Dashboard, which covers the GCP feature called Stackdriver Logging. The Log Archiving Safeguard is an automated log management system that ensures that critical system logs are archived in a ClearDATA-controlled storage location daily and retained for the important six-year period required in any investigation, helping to comply with164.308(a)(1)9II)(D) and 164.312(b).

Your benefits as a ClearDATA GCP customer:

  • Your critical audit trail is preserved to support any future investigations

4. Automated Deployment of Host-Based Security Services

This Safeguard can be seen in the Compliance Dashboard as Virus Scan and Intrusion Prevention checks covering the GCP feature Compute Instances. ClearDATA employs additional layers of protection here with TrendMicro solutions. We automatically deploy host-based security services on all Compute Engine instances including intrusion prevention, anti-virus/malware, and log inspection. This helps comply with 164.308(a)(8) and 164.308(a)(6)(ii).

Your benefits as a ClearDATA GCP customer:

  • Meets HIPAA requirements to use electronic measures to secure PHI
  • Automated deployment ensures consistent coverage
  • Current and historic visibility in the Compliance Dashboard

5. Persistent Disk Encryption

The Automated Safeguard and Compliance Dashboard Persistent Disk Encryption check maps to the GCP feature Disk Encryption. GCP provides persistent disk encryption by default, and the status of that encryption can be viewed in ClearDATA’s Compliance Dashboard. This helps comply with 164.312(a)(2)(iv).

Your benefits as a ClearDATA GCP customer:

  • You will have the peace of mind of knowing that all data is encrypted at rest

6. Cloud Storage Encryption at Rest

GCP provides Cloud Storage encryption by default and the status of that encryption can be viewed in ClearDATA’s Compliance Dashboard as Storage Encryption at Rest. More information about how GCP provides Persistent Disk Encryption can be found here:

Your benefits as a ClearDATA GCP customer:

  • Again, you’ll know that all data is encrypted at rest

These are the Automated Safeguards for Google Compute Engine working behind the scenes to provide you at-a-glance views into the Compliance Dashboard as we continue to work to keep you compliant for the lifecycle of your application on Google Cloud.

Interested in this topic? Read more here.

Thank you for subscribing!