Your SlideShare is downloading. ×
0
Implementing Bulletproof HIPAA Solutions on AWS
Gerry Miller, CTO - Cloudticity
Keith Brophy, CEO – Ideomed
Mark Welscott,...
Convergence of technology, storage,
connectivity, medical advances
Mark Welscott, Director – Spectrum Health
Keith Brophy, CEO - Ideomed
Gerry Miller, CTO - Cloudticity
The Three Big Problems We Solved
The Three Big Problems We Solved
The Three Big Problems We Solved
Architecture Overview
VPC Security Layers
Internet

Corporate
VPN
Firewall

Amazon
Routing
Rules

Corporate
Internal
Firewall

Windows
Firewall
...
Solution Specifics
CloudHSM Configuration
Encryption of Data at Rest
Securing Database via TDE

Amazon CloudHSM
SQL
...
sp_configure ‘show advanced options’, 1 ;
GO
RECONFIGURE ;
GO
sp_configure ‘EKM provider enabled’, 1 ;
GO
RECONFIG...
Securing Sensitive Info from Devs
Custom Protected Config Provider
...
public override XmlNode Encrypt(XmlNode node)
{
var encryptedData = "";
var stringToE...
Unencrypted Configuration
<secureAppSettings xmlns:xdt="http://schemas.microsoft.com/XML-DocumentTransform" xdt:Transform=...
Encrypted Configuration
<secureAppSettings xmlns:xdt="http://schemas.microsoft.com/XML-Document”
configProtectionProvider=...
Process Automation & Governance
Automated Build & Deployments
AWS CloudFormation Manages Environments
Things We Learned
Please give us your feedback on this
presentation

SEC306
As a thank you, we will select prize
winners daily for completed...
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013
Upcoming SlideShare
Loading in...5
×

Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013

1,319

Published on

Implementing a HIPAA solution presents challenges from day one. Not only are you saddled with seemingly insurmountable regulatory challenges, you also take on the stewardship of people's most deeply personal information. The AWS platform simplifies deployment of HIPAA applications by offering a rich set of dynamic scalability, developer services, high availability options, and strong security. Hosting a HIPAA application on the public cloud may seem pretty scary, but Ideomed solved some of this architecture's most vexing challenges by building a major health portal and deploying it on AWS. Come hear Ideomed CEO Keith Brophy and solution architect Gerry Miller talk first-hand about the challenges and solutions, including CloudHSM encryption, multi-AZ failover, dynamic scaling, and more!

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,319
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
41
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013"

  1. 1. Implementing Bulletproof HIPAA Solutions on AWS Gerry Miller, CTO - Cloudticity Keith Brophy, CEO – Ideomed Mark Welscott, Director – Spectrum Health November 15, 2013 © 2013 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon.com, Inc.
  2. 2. Convergence of technology, storage, connectivity, medical advances
  3. 3. Mark Welscott, Director – Spectrum Health
  4. 4. Keith Brophy, CEO - Ideomed
  5. 5. Gerry Miller, CTO - Cloudticity
  6. 6. The Three Big Problems We Solved
  7. 7. The Three Big Problems We Solved
  8. 8. The Three Big Problems We Solved
  9. 9. Architecture Overview
  10. 10. VPC Security Layers Internet Corporate VPN Firewall Amazon Routing Rules Corporate Internal Firewall Windows Firewall Corp server auth and ACLs across all internal datacenters
  11. 11. Solution Specifics
  12. 12. CloudHSM Configuration
  13. 13. Encryption of Data at Rest
  14. 14. Securing Database via TDE Amazon CloudHSM
  15. 15. SQL ... sp_configure ‘show advanced options’, 1 ; GO RECONFIGURE ; GO sp_configure ‘EKM provider enabled’, 1 ; GO RECONFIGURE ; GO CREATE CRYPTOGRAPHIC PROVIDER EKM_Prov FROM FILE = “C:PROGRAM FILESLunaSAEKMLunaEKM.DLL” ; GO ...
  16. 16. Securing Sensitive Info from Devs
  17. 17. Custom Protected Config Provider ... public override XmlNode Encrypt(XmlNode node) { var encryptedData = ""; var stringToEncrypt = node.OuterXml; for (var i = 1; stringToEncrypt.Length > 0; i++) { var encryptTheseBytes = stringToEncrypt.Substring(0, Math.Min(MaxBlockSize, stringToEncrypt.Length)); var encryptedBytes = EncryptString(encryptTheseBytes); encryptedData += "<Block" + i + ">" + encryptedBytes + "</Block" + i + ">"; stringToEncrypt = (stringToEncrypt.Length > MaxBlockSize) ? ...
  18. 18. Unencrypted Configuration <secureAppSettings xmlns:xdt="http://schemas.microsoft.com/XML-DocumentTransform" xdt:Transform="Replace"> <add key=”ClientSecret" value=”xgR2%%f" /> <add key="MessageAttachmentsKey" value=”D7sdlj0GGjhadjkj77sd8jlaj9aihaf0993j=" /> <add key="MessageAttachmentsIV" value=”hhGJfl87JJhhsl+8sj==" /> </secureAppSettings>
  19. 19. Encrypted Configuration <secureAppSettings xmlns:xdt="http://schemas.microsoft.com/XML-Document” configProtectionProvider="LunaSAProtectedConfigurationProvider" xdt:Transform="Replace"> <EncryptedData> <Block1>Gsk2WVr8b9R6gN49c11RTzlHtOSL2QsGX3vGXVIqGYCuBKQh=</Block1> <Block2>Hhhj9Ljjd90jJjhf99shjoljjlJUIUYRJjj87fHHgdkri77a=</Block2> <Block3>HHDG99jsjJJDLKL99LKJhoijsdfiOIH847jJHYETQKmfkgiU=</Block3> <Block4>88HHJjfhk9773HhfyUirKIOPjustUhf886djNNjfoe9Hjdfk=</Block4> </EncryptedData> </secureAppSettings>
  20. 20. Process Automation & Governance
  21. 21. Automated Build & Deployments
  22. 22. AWS CloudFormation Manages Environments
  23. 23. Things We Learned
  24. 24. Please give us your feedback on this presentation SEC306 As a thank you, we will select prize winners daily for completed surveys!
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×