SlideShare a Scribd company logo

Cloud Service Architecture - Overcoming HIPAA Challenges - Click Software

Israel AWS User Group
Israel AWS User Group

This document discusses ClickSoftware's cloud service architecture for securely storing and processing protected health information (PHI) in compliance with HIPAA regulations. It outlines the technical, administrative, and physical security controls used at each layer including authentication and authorization, network segmentation, encryption of data at rest and in transit, logging and monitoring, and an incident response plan. The architecture leverages Amazon Web Services (AWS) security features and ClickSoftware implements additional controls around access management, encryption, auditing and response procedures to securely host and process PHI in the cloud.

Technology
1 of 15
Download to read offline
Overcoming HIPAA Challenges Cloud Service Architecture Marius Aharonovich, Cloud Security Architect
Agenda  Cloud Service Overview  Architecture  PHI Security Controls – Approach  Security – Infrastructure  Administrative Controls  Technical Controls  Incidents Detection and Response 2
Cloud Services – Overview (1/2) 3  Mobile Workforce Management & Optimization  Dispatcher/Mobile/GIS  Number of Cloud Customer: 60+  Data stored and processed:  Personal and Protected Health Information (PHI)  Customer’s and Customer’s Clients’ Information
Cloud Services – Overview (2/2)  Software as a Service  Amazon Web Services (AWS) Based  Holding 3 Regions (US, EU, AUS)  HIPAA business associate  Operation team  Cloud Ops, NOC & Support 24x7, DevOps, Security  SLA – 99.9%  DR – Other Region / Availability Zone  Data Daily Backup – AWS S3 in encrypted format 4
Architecture 5 VPC – Virtual Private Cloud SaaS – Software as a Service DC – Domain Controller CSSO – Service Optimization WEB HTTPS Amazon Firewall / Internet GW Client A CSSO MSSQL Full Redundant (Mirroring) Client C CSSO Client B CSSO SiteMinder Authentication GIS (PTV) DC BDC ELB ELB ELB SaaS VPC ClickSoftware SaaS
 Covered Entity (Customers)  Business Associate (ClickSoftware Cloud Services)  Private Data / PHI must be Processed with:  Limited purposes  Not kept for longer than is necessary  Mitigation of unauthorized access  No transfer to third parties without adequate protection PHI Security Controls – Approach 6
• AWS assurance programs:  SOC2 & SOC3 & FIPS 140-2 (encryption) & NIST (media re-use)  ISO 27001- Information Security Management System (ISMS)  HIPAA (& BAA) – Health Insurance Portability and Accountability Act • AWS addresses common infrastructure security threats, such as:  Distributed Denial of Service (DDoS) attacks  Man In the Middle (MITM) attacks  IP spoofing  Port scanning  Packet sniffing by other tenants Security – Infrastructure 7
• Security Personnel – Security and Privacy Officer • ISO 27001 and HIPAA compliance (& BAA) • Information Security and Privacy Policy • Risk Assessments • Code Inspections • Penetration Tests Administrative Controls (1/3) 8
• Internal Security Audits:  Brute-forces & changes in groups, servers, applications and GPO  Changes in AWS Security Groups & ELB  AWS tools: Trusted Advisor, Credentials Report Administrative Controls (2/3) Credentials Report: Username (Console / API) user_creation_time password_enabled/disabled password_last_used mfa_active/inactive access_key_active/inactive Security Group changes: Email: Hello, AWS Auditing Alert - Please check the log lines below 2015-01-27 06:31:53 AM: Object: Security Group(sg-XX) ObjectId: tcp Decription: Security Group IpProtocol RANGE (YY) had been added 9
 Employees:  NDA, Employee Security Requirements  Security Awareness Training (OPS, NOC, Support, R&D)  Background Screening • Specific policies and Procedures  DRP  Backup & Restore  Data Sanitization (PHI disposal: database, logs, backup) Administrative Controls (3/3) 10
 AAA – Authentication, Password policy, Strict Permissions, Logs  Active Directory  Identity Manager  SSO - Federation and SAML2  URL filter and Reverse Proxy  IPS & WAF & DDoS Protection  Antimalware, Security Patches Technical Controls (1/3) 11
 Network Segmentation and Traffic Control  VPC - Private, isolated and controlled section of AWS  Dedicated Database Instance / Dedicated HIPAA Environment  AWS Security Groups (inbound & outbound)  Authorized IP Addresses  Remote Access:  AWS Management console: TLS with Two Factor Authentication (TFA)  AWS Environment: VPN/TLS with TFA Technical Controls (2/3) 12
 HTTPS access – TLS termination  AWS ELB / Security Gateway  Web Server  Data at-rest encryption:  Elastic Block Store (EBS) encryption  Mobile local database encryption  De-Identified Health Information - Static & dynamic data masking  Audit of actions in PHI Database Technical Controls (3/3) 13
 Detect and Notify  SIEM - Logs collection, aggregation, correlation  AWS Changes detection, CloudTrail / CloudWatch  On-going Audits  Contain – Isolation, blocking, prevention of further damage  Recover (snapshots)  After Action – Forensics (snapshots)  Breach notification  Timeline  Legal & Marketing cooperation Incidents Detection and Response 14
Thank you

Recommended

Cloud infrastructure and Cloud Services
Cloud infrastructure and Cloud ServicesCloud infrastructure and Cloud Services
Cloud infrastructure and Cloud Services
Intel Corporation
 
Chap 3 infrastructure as a service(iaas)
Chap 3 infrastructure as a service(iaas)Chap 3 infrastructure as a service(iaas)
Chap 3 infrastructure as a service(iaas)
Raj Sarode
 
Infrastructure-as-a-Service (IaaS)
Infrastructure-as-a-Service (IaaS)Infrastructure-as-a-Service (IaaS)
Infrastructure-as-a-Service (IaaS)
InTechnology Managed Services (part of Redcentric)
 
Overview of Cloud Computing
Overview of Cloud ComputingOverview of Cloud Computing
Overview of Cloud Computing
Prashanth Yennampelli
 
What are cloud service models
What are cloud service modelsWhat are cloud service models
What are cloud service models
Livin Jose
 
Presentation cloud management
Presentation cloud managementPresentation cloud management
Presentation cloud management
xKinAnx
 
Infrastructure as a Service ( IaaS)
Infrastructure as a Service ( IaaS)Infrastructure as a Service ( IaaS)
Infrastructure as a Service ( IaaS)
Ravindra Dastikop
 
Cloud discussion
Cloud discussionCloud discussion
Cloud discussion
David Giard
 

Recommended

Cloud infrastructure and Cloud Services
Cloud infrastructure and Cloud ServicesCloud infrastructure and Cloud Services
Cloud infrastructure and Cloud Services
Intel Corporation
 
Chap 3 infrastructure as a service(iaas)
Chap 3 infrastructure as a service(iaas)Chap 3 infrastructure as a service(iaas)
Chap 3 infrastructure as a service(iaas)
Raj Sarode
 
Infrastructure-as-a-Service (IaaS)
Infrastructure-as-a-Service (IaaS)Infrastructure-as-a-Service (IaaS)
Infrastructure-as-a-Service (IaaS)
InTechnology Managed Services (part of Redcentric)
 
Overview of Cloud Computing
Overview of Cloud ComputingOverview of Cloud Computing
Overview of Cloud Computing
Prashanth Yennampelli
 
What are cloud service models
What are cloud service modelsWhat are cloud service models
What are cloud service models
Livin Jose
 
Presentation cloud management
Presentation cloud managementPresentation cloud management
Presentation cloud management
xKinAnx
 
Infrastructure as a Service ( IaaS)
Infrastructure as a Service ( IaaS)Infrastructure as a Service ( IaaS)
Infrastructure as a Service ( IaaS)
Ravindra Dastikop
 
Cloud discussion
Cloud discussionCloud discussion
Cloud discussion
David Giard
 
Cloud Computing Architecture Primer
Cloud Computing Architecture PrimerCloud Computing Architecture Primer
Cloud Computing Architecture Primer
Ilham Ahmed
 
Microsoft Private Cloud Strategy
Microsoft Private Cloud StrategyMicrosoft Private Cloud Strategy
Microsoft Private Cloud StrategyAmit Gatenyo
 
Which Cloud Model Best Suits Your Business
Which Cloud Model Best Suits Your BusinessWhich Cloud Model Best Suits Your Business
Which Cloud Model Best Suits Your Business
Intelligentia IT Systems Pvt. Ltd.
 
3.cloud service delivery models
3.cloud service delivery models3.cloud service delivery models
3.cloud service delivery models
DrRajapraveen
 
Cloud Application Development – The Future is now
Cloud Application Development – The Future is nowCloud Application Development – The Future is now
Cloud Application Development – The Future is now
SPEC INDIA
 
Can You Trust Cloud Security In Public Cloud?
Can You Trust Cloud Security In Public Cloud?Can You Trust Cloud Security In Public Cloud?
Can You Trust Cloud Security In Public Cloud?
Intelligentia IT Systems Pvt. Ltd.
 
cloud computing Multi cloud
cloud computing Multi cloudcloud computing Multi cloud
cloud computing Multi cloud
Dr.Neeraj Kumar Pandey
 
Cloud Resource Management
Cloud Resource ManagementCloud Resource Management
Cloud Resource Management
NASIRSAYYED4
 
Government Applications of Cloud Computing
Government Applications of Cloud ComputingGovernment Applications of Cloud Computing
Government Applications of Cloud Computing
Roger Smith
 
Top challenges in cloud computing
Top challenges in cloud computingTop challenges in cloud computing
Top challenges in cloud computingTISEE
 
Introduction of cloud computing
Introduction of cloud computingIntroduction of cloud computing
Introduction of cloud computing
Suman Sharma
 
4.cloud Deployment models
4.cloud Deployment models4.cloud Deployment models
4.cloud Deployment models
DrRajapraveen
 
Lecture 2 introduction to cloud computing
Lecture 2 introduction to cloud computingLecture 2 introduction to cloud computing
Lecture 2 introduction to cloud computing
dralaa7
 
Get Informed About Cloud Computing for Enterprise IT by Opus Interactive
Get Informed About Cloud Computing for Enterprise IT by Opus InteractiveGet Informed About Cloud Computing for Enterprise IT by Opus Interactive
Get Informed About Cloud Computing for Enterprise IT by Opus Interactive
jerianasmith
 
Cloud service management
Cloud service managementCloud service management
Cloud service management
gaurav jain
 
5.cloudsecurity
5.cloudsecurity5.cloudsecurity
5.cloudsecurity
DrRajapraveen
 
Cloud computing by Bhavesh
Cloud computing by BhaveshCloud computing by Bhavesh
Cloud computing by Bhavesh
Bhavesh Khandelwal
 
Chap 5 software as a service (saass)
Chap 5 software as a service (saass)Chap 5 software as a service (saass)
Chap 5 software as a service (saass)
Raj Sarode
 
Microsoft Cloud Computing
Microsoft Cloud ComputingMicrosoft Cloud Computing
Microsoft Cloud Computing
David Chou
 
Introduction to Cloud computing
Introduction to Cloud computingIntroduction to Cloud computing
Introduction to Cloud computing
Rabiraj Khadka
 
Everything about Cloud Computing
Everything about Cloud ComputingEverything about Cloud Computing
Everything about Cloud Computing
IDS Infotech
 
ClickSoftware AWS Customer Case
ClickSoftware AWS Customer CaseClickSoftware AWS Customer Case
ClickSoftware AWS Customer Case
Newvewm
 

More Related Content

What's hot

Cloud Computing Architecture Primer
Cloud Computing Architecture PrimerCloud Computing Architecture Primer
Cloud Computing Architecture Primer
Ilham Ahmed
 
Microsoft Private Cloud Strategy
Microsoft Private Cloud StrategyMicrosoft Private Cloud Strategy
Microsoft Private Cloud StrategyAmit Gatenyo
 
Which Cloud Model Best Suits Your Business
Which Cloud Model Best Suits Your BusinessWhich Cloud Model Best Suits Your Business
Which Cloud Model Best Suits Your Business
Intelligentia IT Systems Pvt. Ltd.
 
3.cloud service delivery models
3.cloud service delivery models3.cloud service delivery models
3.cloud service delivery models
DrRajapraveen
 
Cloud Application Development – The Future is now
Cloud Application Development – The Future is nowCloud Application Development – The Future is now
Cloud Application Development – The Future is now
SPEC INDIA
 
Can You Trust Cloud Security In Public Cloud?
Can You Trust Cloud Security In Public Cloud?Can You Trust Cloud Security In Public Cloud?
Can You Trust Cloud Security In Public Cloud?
Intelligentia IT Systems Pvt. Ltd.
 
cloud computing Multi cloud
cloud computing Multi cloudcloud computing Multi cloud
cloud computing Multi cloud
Dr.Neeraj Kumar Pandey
 
Cloud Resource Management
Cloud Resource ManagementCloud Resource Management
Cloud Resource Management
NASIRSAYYED4
 
Government Applications of Cloud Computing
Government Applications of Cloud ComputingGovernment Applications of Cloud Computing
Government Applications of Cloud Computing
Roger Smith
 
Top challenges in cloud computing
Top challenges in cloud computingTop challenges in cloud computing
Top challenges in cloud computingTISEE
 
Introduction of cloud computing
Introduction of cloud computingIntroduction of cloud computing
Introduction of cloud computing
Suman Sharma
 
4.cloud Deployment models
4.cloud Deployment models4.cloud Deployment models
4.cloud Deployment models
DrRajapraveen
 
Lecture 2 introduction to cloud computing
Lecture 2 introduction to cloud computingLecture 2 introduction to cloud computing
Lecture 2 introduction to cloud computing
dralaa7
 
Get Informed About Cloud Computing for Enterprise IT by Opus Interactive
Get Informed About Cloud Computing for Enterprise IT by Opus InteractiveGet Informed About Cloud Computing for Enterprise IT by Opus Interactive
Get Informed About Cloud Computing for Enterprise IT by Opus Interactive
jerianasmith
 
Cloud service management
Cloud service managementCloud service management
Cloud service management
gaurav jain
 
5.cloudsecurity
5.cloudsecurity5.cloudsecurity
5.cloudsecurity
DrRajapraveen
 
Cloud computing by Bhavesh
Cloud computing by BhaveshCloud computing by Bhavesh
Cloud computing by Bhavesh
Bhavesh Khandelwal
 
Chap 5 software as a service (saass)
Chap 5 software as a service (saass)Chap 5 software as a service (saass)
Chap 5 software as a service (saass)
Raj Sarode
 
Microsoft Cloud Computing
Microsoft Cloud ComputingMicrosoft Cloud Computing
Microsoft Cloud Computing
David Chou
 
Introduction to Cloud computing
Introduction to Cloud computingIntroduction to Cloud computing
Introduction to Cloud computing
Rabiraj Khadka
 

What's hot (20)

Cloud Computing Architecture Primer
Cloud Computing Architecture PrimerCloud Computing Architecture Primer
Cloud Computing Architecture Primer
 
Microsoft Private Cloud Strategy
Microsoft Private Cloud StrategyMicrosoft Private Cloud Strategy
Microsoft Private Cloud Strategy
 
Which Cloud Model Best Suits Your Business
Which Cloud Model Best Suits Your BusinessWhich Cloud Model Best Suits Your Business
Which Cloud Model Best Suits Your Business
 
3.cloud service delivery models
3.cloud service delivery models3.cloud service delivery models
3.cloud service delivery models
 
Cloud Application Development – The Future is now
Cloud Application Development – The Future is nowCloud Application Development – The Future is now
Cloud Application Development – The Future is now
 
Can You Trust Cloud Security In Public Cloud?
Can You Trust Cloud Security In Public Cloud?Can You Trust Cloud Security In Public Cloud?
Can You Trust Cloud Security In Public Cloud?
 
cloud computing Multi cloud
cloud computing Multi cloudcloud computing Multi cloud
cloud computing Multi cloud
 
Cloud Resource Management
Cloud Resource ManagementCloud Resource Management
Cloud Resource Management
 
Government Applications of Cloud Computing
Government Applications of Cloud ComputingGovernment Applications of Cloud Computing
Government Applications of Cloud Computing
 
Top challenges in cloud computing
Top challenges in cloud computingTop challenges in cloud computing
Top challenges in cloud computing
 
Introduction of cloud computing
Introduction of cloud computingIntroduction of cloud computing
Introduction of cloud computing
 
4.cloud Deployment models
4.cloud Deployment models4.cloud Deployment models
4.cloud Deployment models
 
Lecture 2 introduction to cloud computing
Lecture 2 introduction to cloud computingLecture 2 introduction to cloud computing
Lecture 2 introduction to cloud computing
 
Get Informed About Cloud Computing for Enterprise IT by Opus Interactive
Get Informed About Cloud Computing for Enterprise IT by Opus InteractiveGet Informed About Cloud Computing for Enterprise IT by Opus Interactive
Get Informed About Cloud Computing for Enterprise IT by Opus Interactive
 
Cloud service management
Cloud service managementCloud service management
Cloud service management
 
5.cloudsecurity
5.cloudsecurity5.cloudsecurity
5.cloudsecurity
 
Cloud computing by Bhavesh
Cloud computing by BhaveshCloud computing by Bhavesh
Cloud computing by Bhavesh
 
Chap 5 software as a service (saass)
Chap 5 software as a service (saass)Chap 5 software as a service (saass)
Chap 5 software as a service (saass)
 
Microsoft Cloud Computing
Microsoft Cloud ComputingMicrosoft Cloud Computing
Microsoft Cloud Computing
 
Introduction to Cloud computing
Introduction to Cloud computingIntroduction to Cloud computing
Introduction to Cloud computing
 

Viewers also liked

Everything about Cloud Computing
Everything about Cloud ComputingEverything about Cloud Computing
Everything about Cloud Computing
IDS Infotech
 
ClickSoftware AWS Customer Case
ClickSoftware AWS Customer CaseClickSoftware AWS Customer Case
ClickSoftware AWS Customer Case
Newvewm
 
Increase Mobile Worker Productivity with Xora
Increase Mobile Worker Productivity with XoraIncrease Mobile Worker Productivity with Xora
Increase Mobile Worker Productivity with Xora
Xora, Inc.
 
Increase Field Productivity with Xora Mobile Apps
Increase Field Productivity with Xora Mobile AppsIncrease Field Productivity with Xora Mobile Apps
Increase Field Productivity with Xora Mobile AppsXora, Inc.
 
Increase Productivity for Mobile Healthcare Workers with Xora
Increase Productivity for Mobile Healthcare Workers with XoraIncrease Productivity for Mobile Healthcare Workers with Xora
Increase Productivity for Mobile Healthcare Workers with Xora
Xora, Inc.
 
Panduit IA UPS Benefits for Zone Networks
Panduit IA UPS Benefits for Zone NetworksPanduit IA UPS Benefits for Zone Networks
Panduit IA UPS Benefits for Zone Networks
Panduit
 
Click softwareazurepresentation
Click softwareazurepresentationClick softwareazurepresentation
Click softwareazurepresentationPriel Hermelin
 
Plant Wide Benefits of Ethernet IP
Plant Wide Benefits of Ethernet IPPlant Wide Benefits of Ethernet IP
Plant Wide Benefits of Ethernet IP
Panduit
 
ClickSoftware Case Study Portugal Telecom Communication Service Provider
ClickSoftware Case Study Portugal Telecom Communication Service ProviderClickSoftware Case Study Portugal Telecom Communication Service Provider
ClickSoftware Case Study Portugal Telecom Communication Service Provider
ClickSoftware
 
Panduit Stainless Steel Cable Tie & Marking Systems For Cable & Pipe Identifi...
Panduit Stainless Steel Cable Tie & Marking Systems For Cable & Pipe Identifi...Panduit Stainless Steel Cable Tie & Marking Systems For Cable & Pipe Identifi...
Panduit Stainless Steel Cable Tie & Marking Systems For Cable & Pipe Identifi...
Thorne & Derrick International
 
Panduit MEHT187 Cable Marking Hand Tools
Panduit MEHT187 Cable Marking Hand ToolsPanduit MEHT187 Cable Marking Hand Tools
Panduit MEHT187 Cable Marking Hand Tools
Thorne & Derrick International
 
Day In the Life of a Field Service Manager: Dashboards Are My Co-Pilot
Day In the Life of a Field Service Manager: Dashboards Are My Co-PilotDay In the Life of a Field Service Manager: Dashboards Are My Co-Pilot
Day In the Life of a Field Service Manager: Dashboards Are My Co-Pilot
ServiceMax
 
Modern Web Cloud Architecture based on Google Technologies
Modern Web Cloud Architecture based on Google TechnologiesModern Web Cloud Architecture based on Google Technologies
Modern Web Cloud Architecture based on Google Technologies
Michael Ludwig
 
UC For Business - Executive Desktop
UC For Business - Executive DesktopUC For Business - Executive Desktop
UC For Business - Executive Desktop
NECIndia
 

Viewers also liked (14)

Everything about Cloud Computing
Everything about Cloud ComputingEverything about Cloud Computing
Everything about Cloud Computing
 
ClickSoftware AWS Customer Case
ClickSoftware AWS Customer CaseClickSoftware AWS Customer Case
ClickSoftware AWS Customer Case
 
Increase Mobile Worker Productivity with Xora
Increase Mobile Worker Productivity with XoraIncrease Mobile Worker Productivity with Xora
Increase Mobile Worker Productivity with Xora
 
Increase Field Productivity with Xora Mobile Apps
Increase Field Productivity with Xora Mobile AppsIncrease Field Productivity with Xora Mobile Apps
Increase Field Productivity with Xora Mobile Apps
 
Increase Productivity for Mobile Healthcare Workers with Xora
Increase Productivity for Mobile Healthcare Workers with XoraIncrease Productivity for Mobile Healthcare Workers with Xora
Increase Productivity for Mobile Healthcare Workers with Xora
 
Panduit IA UPS Benefits for Zone Networks
Panduit IA UPS Benefits for Zone NetworksPanduit IA UPS Benefits for Zone Networks
Panduit IA UPS Benefits for Zone Networks
 
Click softwareazurepresentation
Click softwareazurepresentationClick softwareazurepresentation
Click softwareazurepresentation
 
Plant Wide Benefits of Ethernet IP
Plant Wide Benefits of Ethernet IPPlant Wide Benefits of Ethernet IP
Plant Wide Benefits of Ethernet IP
 
ClickSoftware Case Study Portugal Telecom Communication Service Provider
ClickSoftware Case Study Portugal Telecom Communication Service ProviderClickSoftware Case Study Portugal Telecom Communication Service Provider
ClickSoftware Case Study Portugal Telecom Communication Service Provider
 
Panduit Stainless Steel Cable Tie & Marking Systems For Cable & Pipe Identifi...
Panduit Stainless Steel Cable Tie & Marking Systems For Cable & Pipe Identifi...Panduit Stainless Steel Cable Tie & Marking Systems For Cable & Pipe Identifi...
Panduit Stainless Steel Cable Tie & Marking Systems For Cable & Pipe Identifi...
 
Panduit MEHT187 Cable Marking Hand Tools
Panduit MEHT187 Cable Marking Hand ToolsPanduit MEHT187 Cable Marking Hand Tools
Panduit MEHT187 Cable Marking Hand Tools
 
Day In the Life of a Field Service Manager: Dashboards Are My Co-Pilot
Day In the Life of a Field Service Manager: Dashboards Are My Co-PilotDay In the Life of a Field Service Manager: Dashboards Are My Co-Pilot
Day In the Life of a Field Service Manager: Dashboards Are My Co-Pilot
 
Modern Web Cloud Architecture based on Google Technologies
Modern Web Cloud Architecture based on Google TechnologiesModern Web Cloud Architecture based on Google Technologies
Modern Web Cloud Architecture based on Google Technologies
 
UC For Business - Executive Desktop
UC For Business - Executive DesktopUC For Business - Executive Desktop
UC For Business - Executive Desktop
 

Similar to Cloud Service Architecture - Overcoming HIPAA Challenges - Click Software

Implementing Private Clouds
Implementing Private CloudsImplementing Private Clouds
Implementing Private Clouds
John Pritchard
 
Cloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit PlanningCloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit Planning
Valdez Ladd MBA, CISSP, CISA,
 
HIPAA Compliance in the Cloud
HIPAA Compliance in the CloudHIPAA Compliance in the Cloud
HIPAA Compliance in the Cloud
DataWorks Summit/Hadoop Summit
 
Security: A Driving Force Behind Cloud Adoption
Security: A Driving Force Behind Cloud AdoptionSecurity: A Driving Force Behind Cloud Adoption
Security: A Driving Force Behind Cloud Adoption
Amazon Web Services
 
The AWS Shared Responsibility Model: Presented by Amazon Web Services
The AWS Shared Responsibility Model: Presented by Amazon Web ServicesThe AWS Shared Responsibility Model: Presented by Amazon Web Services
The AWS Shared Responsibility Model: Presented by Amazon Web Services
Alert Logic
 
SCOM 2007 & Audit Collection Services
SCOM 2007 & Audit Collection Services SCOM 2007 & Audit Collection Services
SCOM 2007 & Audit Collection Services OlivierMichot
 
Shared Responsibility and Setting Up Secure Account Structures
Shared Responsibility and Setting Up Secure Account StructuresShared Responsibility and Setting Up Secure Account Structures
Shared Responsibility and Setting Up Secure Account Structures
Amazon Web Services
 
Cloud Security 2014 AASNET
Cloud Security 2014 AASNETCloud Security 2014 AASNET
Cloud Security 2014 AASNET
Farrukh Shahzad
 
Cyberoam-Techsheet
Cyberoam-TechsheetCyberoam-Techsheet
Cyberoam-TechsheetBaqar Kazmi
 
Securing control systems v0.4
Securing control systems v0.4Securing control systems v0.4
Securing control systems v0.4
CrispnCrunch
 
Primend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisus
Primend
 
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014
Amazon Web Services
 
Unified Protection for Multi-Cloud Infrastructure
Unified Protection for Multi-Cloud InfrastructureUnified Protection for Multi-Cloud Infrastructure
Unified Protection for Multi-Cloud Infrastructure
MarketingArrowECS_CZ
 
Automating nist 800 171 compliance in AWS Govcloud (US)
Automating nist 800 171 compliance in AWS Govcloud (US)Automating nist 800 171 compliance in AWS Govcloud (US)
Automating nist 800 171 compliance in AWS Govcloud (US)
Amazon Web Services
 
RSA: CSA GRC Stack Update for the CSA Atlanta Chapter
RSA: CSA GRC Stack Update for the CSA Atlanta ChapterRSA: CSA GRC Stack Update for the CSA Atlanta Chapter
RSA: CSA GRC Stack Update for the CSA Atlanta Chapter
Phil Agcaoili
 
Quantum Architecture Overview
Quantum Architecture OverviewQuantum Architecture Overview
Quantum Architecture Overview
jinpeng
 
Quantum Architecture Overview
Quantum Architecture OverviewQuantum Architecture Overview
Quantum Architecture Overviewjinpeng
 
AWS Finland User Group Meetup 2017-05-23
AWS Finland User Group Meetup 2017-05-23AWS Finland User Group Meetup 2017-05-23
AWS Finland User Group Meetup 2017-05-23
Rolf Koski
 
Building Bulletproof Infrastructure on AWS
Building Bulletproof Infrastructure on AWSBuilding Bulletproof Infrastructure on AWS
Building Bulletproof Infrastructure on AWS
2nd Watch
 
Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)
Shahar Geiger Maor
 

Similar to Cloud Service Architecture - Overcoming HIPAA Challenges - Click Software (20)

Implementing Private Clouds
Implementing Private CloudsImplementing Private Clouds
Implementing Private Clouds
 
Cloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit PlanningCloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit Planning
 
HIPAA Compliance in the Cloud
HIPAA Compliance in the CloudHIPAA Compliance in the Cloud
HIPAA Compliance in the Cloud
 
Security: A Driving Force Behind Cloud Adoption
Security: A Driving Force Behind Cloud AdoptionSecurity: A Driving Force Behind Cloud Adoption
Security: A Driving Force Behind Cloud Adoption
 
The AWS Shared Responsibility Model: Presented by Amazon Web Services
The AWS Shared Responsibility Model: Presented by Amazon Web ServicesThe AWS Shared Responsibility Model: Presented by Amazon Web Services
The AWS Shared Responsibility Model: Presented by Amazon Web Services
 
SCOM 2007 & Audit Collection Services
SCOM 2007 & Audit Collection Services SCOM 2007 & Audit Collection Services
SCOM 2007 & Audit Collection Services
 
Shared Responsibility and Setting Up Secure Account Structures
Shared Responsibility and Setting Up Secure Account StructuresShared Responsibility and Setting Up Secure Account Structures
Shared Responsibility and Setting Up Secure Account Structures
 
Cloud Security 2014 AASNET
Cloud Security 2014 AASNETCloud Security 2014 AASNET
Cloud Security 2014 AASNET
 
Cyberoam-Techsheet
Cyberoam-TechsheetCyberoam-Techsheet
Cyberoam-Techsheet
 
Securing control systems v0.4
Securing control systems v0.4Securing control systems v0.4
Securing control systems v0.4
 
Primend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisus
 
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014
 
Unified Protection for Multi-Cloud Infrastructure
Unified Protection for Multi-Cloud InfrastructureUnified Protection for Multi-Cloud Infrastructure
Unified Protection for Multi-Cloud Infrastructure
 
Automating nist 800 171 compliance in AWS Govcloud (US)
Automating nist 800 171 compliance in AWS Govcloud (US)Automating nist 800 171 compliance in AWS Govcloud (US)
Automating nist 800 171 compliance in AWS Govcloud (US)
 
RSA: CSA GRC Stack Update for the CSA Atlanta Chapter
RSA: CSA GRC Stack Update for the CSA Atlanta ChapterRSA: CSA GRC Stack Update for the CSA Atlanta Chapter
RSA: CSA GRC Stack Update for the CSA Atlanta Chapter
 
Quantum Architecture Overview
Quantum Architecture OverviewQuantum Architecture Overview
Quantum Architecture Overview
 
Quantum Architecture Overview
Quantum Architecture OverviewQuantum Architecture Overview
Quantum Architecture Overview
 
AWS Finland User Group Meetup 2017-05-23
AWS Finland User Group Meetup 2017-05-23AWS Finland User Group Meetup 2017-05-23
AWS Finland User Group Meetup 2017-05-23
 
Building Bulletproof Infrastructure on AWS
Building Bulletproof Infrastructure on AWSBuilding Bulletproof Infrastructure on AWS
Building Bulletproof Infrastructure on AWS
 
Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)
 

Recently uploaded

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 

Recently uploaded (20)

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 

Cloud Service Architecture - Overcoming HIPAA Challenges - Click Software

  • 1. Overcoming HIPAA Challenges Cloud Service Architecture Marius Aharonovich, Cloud Security Architect
  • 2. Agenda  Cloud Service Overview  Architecture  PHI Security Controls – Approach  Security – Infrastructure  Administrative Controls  Technical Controls  Incidents Detection and Response 2
  • 3. Cloud Services – Overview (1/2) 3  Mobile Workforce Management & Optimization  Dispatcher/Mobile/GIS  Number of Cloud Customer: 60+  Data stored and processed:  Personal and Protected Health Information (PHI)  Customer’s and Customer’s Clients’ Information
  • 4. Cloud Services – Overview (2/2)  Software as a Service  Amazon Web Services (AWS) Based  Holding 3 Regions (US, EU, AUS)  HIPAA business associate  Operation team  Cloud Ops, NOC & Support 24x7, DevOps, Security  SLA – 99.9%  DR – Other Region / Availability Zone  Data Daily Backup – AWS S3 in encrypted format 4
  • 5. Architecture 5 VPC – Virtual Private Cloud SaaS – Software as a Service DC – Domain Controller CSSO – Service Optimization WEB HTTPS Amazon Firewall / Internet GW Client A CSSO MSSQL Full Redundant (Mirroring) Client C CSSO Client B CSSO SiteMinder Authentication GIS (PTV) DC BDC ELB ELB ELB SaaS VPC ClickSoftware SaaS
  • 6.  Covered Entity (Customers)  Business Associate (ClickSoftware Cloud Services)  Private Data / PHI must be Processed with:  Limited purposes  Not kept for longer than is necessary  Mitigation of unauthorized access  No transfer to third parties without adequate protection PHI Security Controls – Approach 6
  • 7. • AWS assurance programs:  SOC2 & SOC3 & FIPS 140-2 (encryption) & NIST (media re-use)  ISO 27001- Information Security Management System (ISMS)  HIPAA (& BAA) – Health Insurance Portability and Accountability Act • AWS addresses common infrastructure security threats, such as:  Distributed Denial of Service (DDoS) attacks  Man In the Middle (MITM) attacks  IP spoofing  Port scanning  Packet sniffing by other tenants Security – Infrastructure 7
  • 8. • Security Personnel – Security and Privacy Officer • ISO 27001 and HIPAA compliance (& BAA) • Information Security and Privacy Policy • Risk Assessments • Code Inspections • Penetration Tests Administrative Controls (1/3) 8
  • 9. • Internal Security Audits:  Brute-forces & changes in groups, servers, applications and GPO  Changes in AWS Security Groups & ELB  AWS tools: Trusted Advisor, Credentials Report Administrative Controls (2/3) Credentials Report: Username (Console / API) user_creation_time password_enabled/disabled password_last_used mfa_active/inactive access_key_active/inactive Security Group changes: Email: Hello, AWS Auditing Alert - Please check the log lines below 2015-01-27 06:31:53 AM: Object: Security Group(sg-XX) ObjectId: tcp Decription: Security Group IpProtocol RANGE (YY) had been added 9
  • 10.  Employees:  NDA, Employee Security Requirements  Security Awareness Training (OPS, NOC, Support, R&D)  Background Screening • Specific policies and Procedures  DRP  Backup & Restore  Data Sanitization (PHI disposal: database, logs, backup) Administrative Controls (3/3) 10
  • 11.  AAA – Authentication, Password policy, Strict Permissions, Logs  Active Directory  Identity Manager  SSO - Federation and SAML2  URL filter and Reverse Proxy  IPS & WAF & DDoS Protection  Antimalware, Security Patches Technical Controls (1/3) 11
  • 12.  Network Segmentation and Traffic Control  VPC - Private, isolated and controlled section of AWS  Dedicated Database Instance / Dedicated HIPAA Environment  AWS Security Groups (inbound & outbound)  Authorized IP Addresses  Remote Access:  AWS Management console: TLS with Two Factor Authentication (TFA)  AWS Environment: VPN/TLS with TFA Technical Controls (2/3) 12
  • 13.  HTTPS access – TLS termination  AWS ELB / Security Gateway  Web Server  Data at-rest encryption:  Elastic Block Store (EBS) encryption  Mobile local database encryption  De-Identified Health Information - Static & dynamic data masking  Audit of actions in PHI Database Technical Controls (3/3) 13
  • 14.  Detect and Notify  SIEM - Logs collection, aggregation, correlation  AWS Changes detection, CloudTrail / CloudWatch  On-going Audits  Contain – Isolation, blocking, prevention of further damage  Recover (snapshots)  After Action – Forensics (snapshots)  Breach notification  Timeline  Legal & Marketing cooperation Incidents Detection and Response 14