Automated Safeguards provide automated guardrails and remediation around AWS that allow a healthcare customer to use native public cloud tooling to develop within their own environment, all while keeping them compliant against GDPR, HIPAA, SOC2, GxP, and other regulatory and compliance frameworks.  This lets our customers focus on code and innovation rather than worrying about security and compliance.  Learn more about the Automated Safeguards available for AWS below. We will continue to add Automated Safeguards for additional AWS services.

Amazon Application Load Balancer (ALB)

Automated Safeguards for ALB make sure all traffic is encrypted, including the appropriate TLS version inside of ALB, and all appropriate logs are collected.  Click here for details on Automated Safeguards for ALB.


Amazon API Gateway

Automated Safeguards for API Gateway ensures that any API Gateway stage that is deployed will have access logging enabled, and the logs are sent to the CloudWatch service.  In the event an API Gateway stage is deployed without access logging enabled, the Automated Safeguard will automatically enable logging.


Automated Safeguards for DynamoDB automatically configure all tables to meet the necessary technical requirements necessary to store sensitive data.  DynamoDB tables are interrogated upon creation to ensure that the table is encrypted with a KMS key and Point-in-time-recovery (PITR) backups are enabled.  If the table is encrypted using the centrally managed DEFAULT key, ClearDATA will delete the table immediately after creation.  Additionally, there are controls in place that enable Point-in-time recovery backups if that option is not enabled during creation.

Amazon Elastic Compute (EC2)

Automated Safeguards for EC2 allow you to deploy EC2 instances that meet ClearDATA HITRUST certified policies and procedures. ClearDATA provides you with an AMI that adheres to the following configurations:

  • Hardened to CIS Level 1 Benchmarks
  • Anti-Virus agent
  • Host-Based Intrusion Detection agent
  • CloudWatch Agent based Audit Log collection
  • Managed Backup
  • Compliance Dashboard compliance monitoring
  • Encryption at rest

Click here for details on the features included in Automated Safeguards for EC2.


Amazon Elastic Container Service (ECS)

Automated Safeguards for ECS is a ClearDATA managed ECS platform that is purpose built for healthcare.  The Automated Safeguards for ECS, also known as ClearDATA PHI Containers, includes storage with encryption at rest, optional enforcement of encryption in motion, and container vulnerability scanning.  Click here for details on Automated Safeguards for ECS.


Amazon Elastic File System (EFS)

Automated Safeguards for EFS allow you to provision EFS volumes and ensure the volume is encrypted at rest.  ClearDATA also provides guidance for you to follow to ensure that all connections to the EFS volumes are using encryption communication, complying with the encryption in motion requirement.  Click here for details on Automated Safeguards for EFS.


Amazon Identity and Access Management (IAM)

Automated Safeguards for IAM enables you to create and manage AWS users that can have specific access to AWS features.  You can designate an administrator, and that administrator can manage access to AWS services using a set of pre-approved IAM groups that can provide easy access to the necessary services.  Click here for details on Automated Safeguards for IAM.



ClearDATA's Automated Safeguards for Redshift ensure that each database cluster is properly configured to meet appropriate controls required to host and process PHI.  ClearDATA reviews newly created database clusters to ensure the cluster storage is encrypted, encrypted database connections are enforced, audit logging is enabled, backups are enabled with a minimum retention, and ensures the Redshift cluster from being publicly available.


Amazon Relational Database Service (RDS)

Automated Safeguards for RDS ensure that Amazon RDS database instances are deployed in accordance with ClearDATA policies for hosting PHI.  Those settings include encryption at rest, enforcement of encryption in motion where available, backups, and other checks.  Click here for details on Automated Safeguards for RDS.

Amazon Security Groups

Automated Safeguards for Security Groups allow you to create and attach Security Groups using white-listed ports.  This helps you quickly open secure ports at scale without the need to recreate Security Groups. You can also request ports to be white-listed through the ClearDATA Customer Portal.  Click here for details on Automated Safeguards for Security Groups.

Amazon Simple Storage Service (S3)

Automated Safeguards for S3 helps address many common misconfigurations of the AWS S3 service.  That includes making sure S3 encryption is turned on at the bucket level, making sure all traffic to and from the S3 bucket is encrypted, providing authenticated user access, ensuring versioning is enabled, and ensuring object level audit logs are enabled.  Click here for details on Automated Safeguards for S3.

Customers can see the current list of Automated Safeguard covered services, including details and a responsibility matrix for each service in our public facing documentation here.

Learn more about Automated Safeguards with a live demo.

Contact Us Today