- This line was added.
- This line was removed.
- Formatting was changed.
Our ClearDATA Solution for AWS allows healthcare and life science organizations to innovate safely in the cloud by leveraging our Automated Safeguards and additional guidance covering commonly used AWS products.
At a high level, ClearDATA allows for our automation to run securely on your AWS account using Automated Safeguards.
Controls we implement per service and provides service-specific guidance on staying complaint on your end.
Get started with the ClearDATA AWS platform, including configuring how to receive alerts for Automated Safeguard evaluations.
Perform specific tasks for our platform features, such as our Custom AMI feature.
Our safeguards ensure Healthcare and Life Sciences organizations can use native AWS cloud services in a safe and compliant manner, as introduced in our CTO Matt Ferrari's blog post. Click on the Automated Safeguard Name for more information.
|Automated Safeguard Name||Quick Description||Key Controls||Remediation Action|
|Identity and Access Management - Group & User Self Service||Allows a customer to create and manage AWS users that can have specific access to AWS features|
|Security Groups||Allows a customer to manage the rules that make use of their Security Groups||Security Group rules are removed|
|API Gateway||Allows a customer to deploy APIs||Access logs are configured to log to CloudWatch at each API Stage|
|Application Load Balancer (ALB)||Allows a customer create Application Load Balancers front of EC2 instances|
ALB listener is deleted immediately after creation.
Access logging is enabled transparently after ALB is provisioned.
|Athena||Allows a customer to query S3 buckets||Automatically configured|
|DynamoDB||Allows a customer to create DynamoDB tables|
Tables encrypted with the DEFAULT key are deleted.
Backups are enabled if not enabled
|Elastic Compute Service (EC2)||(a.k.a. DPHI) Allows a customer to manage the lifecycle of EC2 instances||EC2 instances are not allowed to be created|
|EC2 Container Service (ECS)||(a.k.a. PHI Containers) Allows a customer to manage the lifecycle of containerized applications||ECS clusters are not allowed to be created by customers. Please contact ClearDATA Support for more information.|
|EKS (Elastic Container Service for Kubernetes)||Allows the customer to create a managed Kubernetes platform||EKS Worker Nodes are terminated if they are not compliant|
|ElastiCache - Redis||Allows a customer to create ElastiCache clusters||ElastiCache clusters are deleted immediately after creation|
|Elasticsearch||Allows a customer to create Elasticsearch domains||Elasticsearch clusters are deleted immediately after creation|
|Elastic File System (EFS)||Allow customers to create encrypted EFS file systems||EFS volumes are deleted immediately after creation|
|Kinesis Data & Video Streams||Allows customers to create Kinesis Data & Video streams||Encryption is automatically enabled after the stream is created|
|Kinesis Firehose||Allows customers to create Firehose streams||Encryption is enabled transparently on all Firehose streams. If Splunk is selected as a destination, the Firehose will be removed.|
|Redshift||Allow a customer to deploy and manage Redshift clusters||All configurations are modified after the cluster is deployed. Many items, such as encryption at rest, can take a significant amount of time to remediate.|
|Relational Database Service (RDS)||Allows a customer to create RDS database instances||RDS instances are immediately deleted after creation|
|Sagemaker||Allows customers to create Sagemaker notebooks||If the VPC and encryption in motion is not selected in the job settings, the job will be stopped.|
|Simple Queuing Service (SQS)||Allows customers to create queues||Encryption is automatically enabled after the queue is created|
|Simple Storage Service (S3)||Allows a customer to create S3 buckets||S3 settings, bucket policies, and ACL policies are updated to ensure compliance|
|Transfer for SFTP||Allow a customer to create SFTP servers||Access logs are configured to log to CloudWatch for all SFTP Servers|
Automated Safeguards Alerting
ClearDATA Automated Safeguards both alert and remediate when a compliance violation is detected. Customers can subscribe to the alerts by following the article Automated Safeguards - Subscribe to Compliance Alerts.
Automated Safeguards Remediation
ClearDATA Automated Safeguards perform an automated remediation to either fix a violation, or remove the offending service to ensure there is no compliance concerns. The remediation actions are unique to each Automated Safeguard and documented within each Automated Safeguard detailed page. Customers can exclude both individual services, and entire AWS accounts (such as dev and test) from automated remediation by following the appropriate article:
ClearDATA Solution for AWS also includes features for customers to take advantage of that are focused on helping our customers effectively consume the AWS platform. Click on the Feature Name for more information.
|Feature Name||AWS Technology||Quick Description||Blog Post|
|Custom AMI||Amazon Machine Images||Supplements our EC2 Safeguards by allowing customers to create their own images|
Additional AWS products can also be used by our customers using appropriate guidance that can be provided when requested from our Customer Success Managers. See ClearDATA Supported Services for a full list of those services.
Access to additional Amazon products can also be reviewed on case by case basis to ensure compliance is always achieved.
|Table of Contents|