Using AWS to Meet Requirements for HIPAA, FERPA, and CJIS | AWS Public Sector Summit 2016
•Download as PPTX, PDF•
2 likes•3,389 views
With rich controls, auditing, and broad security accreditations, AWS enables its customers to be in compliance with CJIS, FERPA, and HIPAA. Come hear customers and partners share their approaches to achieving compliance for those standards across many markets.
Recommended
Recommended
More Related Content
Viewers also liked
Viewers also liked (20)
Similar to Using AWS to Meet Requirements for HIPAA, FERPA, and CJIS | AWS Public Sector Summit 2016
Similar to Using AWS to Meet Requirements for HIPAA, FERPA, and CJIS | AWS Public Sector Summit 2016 (20)
More from Amazon Web Services
More from Amazon Web Services (20)
Recently uploaded
Recently uploaded (20)
Using AWS to Meet Requirements for HIPAA, FERPA, and CJIS | AWS Public Sector Summit 2016
- 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scotty Ellis, Baylor College of Medicine, CCIT Jason Fischl, Vice President of Engineering, Remind Bassam Amrou, Chief Information Officer, Sacramento County DA Using AWS to Meet Requirements for HIPAA, FERPA & CJIS Compliance Customer Perspectives
- 2. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scotty Ellis, Baylor College of Medicine, CCIT HIPAA Compliance & AWS A quick look followed by Q&A
- 3. HIPAA Compliance & AWS: Passport For Care
- 4. HIPAA Compliance & AWS Key points: • Must sign BAA with AWS • Must setup separate infrastructure from non-BAA covered infrastructure • Must use dedicated instances to meet requirements of the BAA • Must pay the per-region cost of $2/hr if you use EC2 • Recommended to work on FISMA doc concurrently (i.e. System Security Plan and related controls)
- 5. Thank You
- 6. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. FERPA Compliance & AWS
- 8. R E M I N D H A S A M I S S I O N T O C O N N E C T E V E R Y T E A C H E R , S T U D E N T A N D P A R E N T I N T H E W O R L D
- 9. O V E R 3 5 M I L L I O N T E AC H E R S , S T U D E N T S AN D P AR E N T S WITH ACTIVE TEACHERS IN 50% OF K-12 SCHOOLS
- 10. T E A C H E R - O B S E S S I O N S I M P L I C I T Y S A F E T Y A C C E S S O U R A P P R O A C H
- 11. 4 0 0 , 0 0 0 u s e r s p e r d a y F r o m 5 0 M t o 2 0 0 M m e s s a g e s p e r m o n t h S t e p - f u n c t i o n i n c r e a s e i n A u g u s t O U R C H A L L E N G E I S B A C K T O S C H O O L G R O W T H
- 12. R E D S H I F T S 3 C L O U D F R O N T W e M a n a g e B a c k - t o - s c h o o l w i t h A W S
- 13. E C S E C 2 C L O U D F O R M A T I O N C L O U D W A T C H D Y N A M O D B R O U T E 5 3 K I N E S I S R D S R E D S H I F T S 3 C L O U D F R O N T W e M a n a g e B a c k - t o - s c h o o l w i t h A W S
- 14. I N T E R N E T V I R T U A L P R I V A T E C L O U D ROUTER (NGINX) D A S H B O A R D A P I F I L E S X X C O N T A I N E R S C O N T A I N E R S C O N T A I N E R S C O N T A I N E R S R O U T E 5 3 M O N O L I T H I C T O M I C R O S E R V I C E S
- 15. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CJIS Compliance & AWS
- 17. What is CJIS? CJIS is a minimum set of security requirements to access the FBI Criminal Justice Information services (CJIS). It is a shared responsibility of the lawful use and appropriate protection of CJI This security requirement is associated with the: • Creation • Viewing • Modification • Transmission • Dissemination • Storage • Destruction
- 20. Thank You
Editor's Notes
- a. I want to talk to you about something super important that impacts all of us. Education. b. Every day, there are 8,300 students dropping out of school in this country. c. Remind exists to solve this problem by helping teachers engage students and involve parents through simple and safe communication.
- d. And its working. Today, Remind connects over 35 million teachers, students, and parents — with active teachers in 50% of US K-12 schools. e. (optional) Anecdote: audience using remind.
- a. When we started Remind four years ago we recognized that there was a big opportunity to improve education by helping teachers communicate better with students and parents because that was one of their biggest classroom challenges. b. Believe it or not many teachers are still using paper and email to communicate. c. We needed to make it really easy for teachers to build the network of parents and students without wasting their time and that’s why we support SMS. d. SMS makes it easy for students and parents who don’t have access to computers or smart phones to use it. e. And because this is a product that lets adults communicate with children - safety is super important. f. These principles have driven our growth every back-to-school season for the past 5 years
- a. Here’s something crazy — look at our growth over the history of the company. b. I saw fast growth and big numbers at Skype but I’ve never seen this type of growth seasonality before. c. At the beginning of every school year we grow out of our minds — at our peak this year, we added 400,000 users per day, delivering 200M messages per month — up from 50M messages per month 2 years ago at this time. d. We experience typical growth throughout the school year but then our traffic falls rapidly in the summer. e. Then predictably - one Monday in August - we’ll see more 2x the traffic from May. f. This turns out to be a cool application for AWS. Going down is not an option - especially in BTS.
- a. So how have we been using AWS at Remind? b. Two years ago, we were using Redshift, S3 and Cloudfront and the rest of our services were running on other providers.
- c. In order to meet the challenges of back to school, we’re now using those same services
- a. Part of our evolution as a company has been to move from being a monolithic rails application to a distributed set of micro services. b. One advantage of micro-services has been that it allows us to scale horizontally in an easier way. c. It also lets teams release functionality independently without taking dependencies on other teams. d. We started our move from monolithic architecture to micro-services about 3 years ago and we successfully ran all of this on other partners. e. After making it through Back-To-School last year, we decided that we needed to have more control over our infrastructure. This led to the development of a Platform that we subsequently open-sourced in June this year and call Empire. f. Empire has really taken off. It hit page 1 on hackernews and we’ve got over 1200 stars on github.
- Costs: Fire Safe Total: approx. $3100 QuickDME Software: $5000 plus $7200 for additional 6 licenses Keypads for 2 doors: approx. $3000 ($1500 ea.) QNAP server and drives (32 TB): approx. $2600 if we wanted to have redundancy and back-up we should get a second one for a total of $5200 Total without full DME plan: $18,300 Total with full DME ingest: $23,500 I would also need to set up the proper standard operating procedures and meet with the various people involved to explain the changes. Most of the stuff that we are changing should be mostly transparent to the office. It would only effect investigative staff with regard to how they submit and pick-up original evidence from TSS. If we chose to start ingesting all DME into the server, then we would need to sit down with both investigations and DDA’s and let them know what we are doing and how this will benefit them. This would also change the way TSS would process and handle requests.
- Costs: Fire Safe Total: approx. $3100 QuickDME Software: $5000 plus $7200 for additional 6 licenses Keypads for 2 doors: approx. $3000 ($1500 ea.) QNAP server and drives (32 TB): approx. $2600 if we wanted to have redundancy and back-up we should get a second one for a total of $5200 Total without full DME plan: $18,300 Total with full DME ingest: $23,500 I would also need to set up the proper standard operating procedures and meet with the various people involved to explain the changes. Most of the stuff that we are changing should be mostly transparent to the office. It would only effect investigative staff with regard to how they submit and pick-up original evidence from TSS. If we chose to start ingesting all DME into the server, then we would need to sit down with both investigations and DDA’s and let them know what we are doing and how this will benefit them. This would also change the way TSS would process and handle requests.