Originally published February 5, 2019 by AWS Admin in AWS Partner Network (APN) Blog


By Matt Ferrari, Co-Founder & Former CTO at ClearDATA
By Conor Colgan, Technical Product Manager at ClearDATA

Healthcare is, by its nature, a competitive industry. Every sector, from providers to payers, life sciences to healthcare software providers, leverage their data assets while lowering or optimizing costs to keep market share and remain viable.

If you’re building things from scratch every time you deploy or provision, you’re looking at a recipe for failure.

Historically, innovation and compliance have been seen as opposing forces, with the speed of innovation often at odds with the laborious process of achieving compliance.

At ClearDATA, an AWS Partner Network (APN) Premier Consulting Partner with AWS Competencies in DevOpsHealthcare, and Life Sciences, this was the known truth when we worked with legacy systems. We could either innovate or work to remain compliant.

In the last five years, we embraced the reliable, repeatable benefits of DevOps automation. DevOps is often known as the delivery of advanced services and capabilities though continuous processes. In healthcare IT, we use DevOps to reduce system development lifecycles and speed the time to market by allowing for rapid delivery and deployment of features, as well as for fixes.

Today, the most innovative healthcare cloud companies move fast and stay secure through DevOps automation and compliance safeguards.

As you manage more data faster, how do you ensure your environment is in compliance with increasingly complex frameworks and requirements such as HIPAA, GxP, and GDPR? Does compliance have to slow innovation? We don’t believe so. This is where DevOps is empowering the healthcare industry in the cloud.

In this post, we’ll explore the advantages of a true DevOps model for your healthcare organization’s environment on the Amazon Web Services (AWS) Cloud.

Why DevOps?

On AWS, DevOps isn’t just about automating and streamlining software development; it’s about uniting the developers and operations units.

A true DevOps model creates an environment where developers and operations work together, side-by-side, building scalable, repeatable, and predictable processes. This allows for smaller, more frequent updates and the growth of the Continuous Integration/Continuous Deployment (CI/CD) movement, making microservices efficient and fast.

ClearDATA’s customers leverage DevOps principles to deploy new application versions from development, through testing and user validation, all the way to production, leveraging automation to ensure the application is deployed in an approved and standardized manner. This allows not only for increased development velocity, but an approved change control and audit process.

A proper DevOps model ensures that only approved changes are deployed, and that every deployment is automated following the same processes.

There are many advantageous use cases for DevOps including:

  • DevOps can be used to quickly adopt new technologies. When AWS releases a new service, or adds a new service to their HIPAA Eligible Services list, ClearDATA’s customers are interested in quickly adopting those services. This can range from a machine learning platform like Amazon SageMaker or a Natural Language Processing service like Amazon Comprehend Medical.
    .
  • By adopting DevOps principles, it becomes much easier to integrate new services into the organization. ClearDATA customers who leverage DevOps often begin adopting new services almost as soon as they are released because their processes allow for easy integration points.
    .
  • Healthcare and Life Sciences organizations can adopt DevOps principles to ensure security and compliance in the cloud. Many organizations have workloads spread across multiple AWS accounts and on-premises data centers. DevOps allows organizations to create strong and repeatable security configurations that can be easily deployed to all environments. This means each new account or workload adheres to the proper policies and procedures, allowing for the development velocity to remain high while the compliance of those accounts is assured.

If you’re using ClearDATA’s HITRUST-certified platform, DevOps brings you automated safeguards and compliance checks to ensure compliance across your ever-changing environment.

ClearDATA’s Automated Safeguards

ClearDATA Automated Safeguards allow customers to consume AWS services like Amazon Simple Storage Service(Amazon S3) in a native manner, allowing direct access while creating guardrails that ensure compliance. Automated Safeguards use event-driven architecture and leverage AWS Config to detect both new and modified resources.

ClearDATA DevOps-1

Figure 1 – Automated Safeguards for Amazon S3 reference architecture.

As shown in Figure 1, the AWS Config service detects the newly-provisioned Amazon S3 bucket and notifies AWS Lambda. The Evaluation Lambda function evaluates the bucket and invokes the appropriate Remediation function to remediate any necessary compliance settings.

For example, if an Amazon S3 bucket is provisioned without Default encryption, a core requirement of storing healthcare data in AWS, the Automated Safeguard will enable the setting in the background moments after the bucket is created.

ClearDATA DevOps-2

Figure 2 – Amazon S3’s setting of Default encryption is disabled.

When the Automated Safeguard evaluates the Default encryption setting, the function will remediate it since encryption is disabled. The Automated Safeguard then applies a JSON-based policy to enable the encryption:

{ 'Bucket': self.name, 'ServerSideEncryptionConfiguration': { 'Rules': [ { 'ApplyServerSideEncryptionByDefault': { 'SSEAlgorithm': 'AES256' } } ] } }

The remediation policy is applied moments after the bucket is evaluated, and the bucket encryption is now enabled.

ClearDATA DevOps-3

Figure 3 – Amazon S3’s Default encryption is enabled.

Customer Success: How Relias Uses DevOps to Automate Compliance

ClearDATA customer Relias (formerly WhiteCloud Analytics) enhances training and outcomes for more than 10,000 clients across the continuum of care by creating personalized learning programs to improve performance.

Relias provisioned on the AWS Cloud and quickly realized they had concerns about their internal team’s expertise at security and compliance. Their expertise was in their analytics and insights platform and not in the security and compliance that is required to host sensitive PHI data in AWS. They knew these concerns could be addressed by DevOps with the right managed service provider’s expertise.

The team at Relias chose ClearDATA, and we helped them leverage a DevOps approach to automate compliance. Their application relies heavily on compute, and as a result, ClearDATA’s automation ensures the required security controls are in place when Amazon Elastic Compute Cloud (Amazon EC2) instances are provisioned and destroyed.

For example, their Amazon Machine Images (AMI) use an orchestration agent that automatically installs security agents such as anti-virus and intrusion detection. Through the use of a mature software and automation pipeline, Relias can ensure their cloud is secure while they take advantage of the utility-based economics of cloud solutions, including the ability to spin up or down frequently with great variance in capacity.

The AWS Cloud, along with the ClearDATA Automated Safeguard platform, allows Relias to innovate their analytics and core business applications at a much quicker rate. The use of DevOps services and principles allows them to do it not only quicker, but reliably and repeatably, which allows Relias to focus on their business and leave the security and compliance to the experts.

Read more about how Relias uses DevOps to automate compliance >>

Security on Amazon EC2 Instances

ClearDATA Automated Safeguards also enforce a strong security posture on all deployed Amazon EC2 instances, including managed anti-virus, automated backups, and audit log collection and archive.

No matter how the machine is provisioned, whether by a user or automation, Automated Safeguards ensure all the proper technical controls are implemented for the lifetime of the server, ensuring all servers can show a strong compliance and security posture.

When Relias is provisioning or destroying Amazon EC2 instances, they know security controls are automatically in place. Security agents such as anti-virus and intrusion detection are automatically installed, and with the automation pipeline and ongoing visual of their environment in our Compliance Dashboard, they can take advantage of native AWS APIs and services. The ClearDATA Compliance Dashboard (C2) is available on AWS Marketplace.

ClearDATA DevOps-4

Figure 4 – ClearDATA Compliance Dashboard (C2) report.

This allows Relias to use the cloud for what the cloud was intended—innovating to improve compliance. All of this while ClearDATA brings them DevOps to make sure they are doing it securely, and in a compliant manner that is both repeatable and reliable.

Summary

A true DevOps model creates an environment where developers and operations work together, side-by-side, building scalable, repeatable, and predictable processes. This increases development velocity, ensures only approved changes are deployed, and that deployments are automated.

With DevOps, organizations can quickly adopt and integrate new technologies while also creating strong and repeatable security configurations. In healthcare and life sciences, organizations can leverage DevOps practices to simultaneously achieve both innovation and compliance.

Learn more about Automated Safeguards available for AWS. To request a demo or discuss how ClearDATA can help with your compliance needs, please reach out or come by booth #649 at HIMSS 2019.

The content and opinions in this blog are those of the third party author and AWS is not responsible for the content or accuracy of this post.