Podcast

Managing Your Own Cloud Environment with the C2 Compliance Platform


Matt Ferrari

by Matt Ferrari
Chief Technology Officer
ClearDATA


In Q1 of 2018 ClearDATA™ announced the launch of a new Software as a Service (SaaS) product – C2 –  that we are bringing to market via the AWS Marketplace. The folks around the office know I’m fired up about this release, so I’m going to take a few minutes and share why we’re bringing this to market. You can also learn more about C2 by listening to my CTO Talk podcast with Saundra Monroe, our senior product manager leading the C2 strategy. It’s aired on HealthcareNOW Radio and is available now to stream on demand here:

C2 is a compliance platform that provides Amazon Web Services (AWS) cloud users with the opportunity to prove a culture of compliance while they monitor the assets in their own environment, helping them ensure they are adhering to necessary regulatory frameworks. The C2 dashboard helps organizations who want to manage their own environments stay in compliance, simplify audits, and achieve replicable, successful results.

It’s an oversimplification on my part here, but, think of it in a similar way to what tax preparation software did for taxpayers who needed some help, but didn’t need the full suite of services a certified public accountant could offer. For the folks who want to control their own tax filing, but needed assistance understanding complex regulations, they provide SaaS-driven tax preparation software with information, and the tooling helps them get to their desired results with a far greater level of confidence and compliance than they could have achieved on their own.

We know there are people out there who manage their own cloud environment and want to continue to do so, but they struggle with interpreting complex government frameworks and ensuring compliance. We’re bringing our healthcare compliance expertise via the C2 dashboard so users can confidently monitor their compliance.

Customers can simply go to the Amazon Marketplace, search for C2, and subscribe. Once they have provisioned C2, ClearDATA gains access to a limited amount of data, and provides users with continuous at-a-glance transparency into their HIPAA and GDPR compliance.

For those of you who also work in healthcare IT and want more technical details, we focused on three primary areas that our interviews with AWS customers showed us had the greatest need. Here are just a few examples. You can learn more here.

AWS EC2 – We are working around storage volume encryption and instance security management.

AWS S3 – We are looking at encryption from many angles including server side and static websites. We want to be sure that our customers don’t open their S3 buckets to the public, and that there is no PHI stored on the S3 bucket. We also look at public policy and permissions to be sure access and control of S3 is properly configured. We’ve added checks for logging-enabled and version-enabled, so if something fails, they can roll back to determine what happened.

AWS RDS – We’re checking the backup snapshot to make sure no one has public access to our customers’ snap shots and storage volume encryption.

Our early adopters have each found unique and useful ways to employ C2 in their own environments. They’re also discovering ways to bolster their security and compliance. Here are a few examples:

  • One is using C2 to test their best practices, to ensure that they are compliant at the level they believe they are. They’re taking everything they consider a best practice in their environment and testing its compliance in C2.
  • Another customer wanted to create a security-by-design framework and is using C2 to monitor their staging server as they move from development to staging and then on to production, making sure each step of the way that their environment is in compliance.
  • A third has wrapped their whole environment in C2 to better understand security risks across their organization.

It’s great to see the way these early adopters have taken C2’s functionality and run with it.

Head on over to the AWS Marketplace and check it out.