Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

Amazon Kinesis Streams, both Data Streams & Video Streams, makes it easy to collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new information.  You can use Amazon Kinesis for real-time applications such as application monitoring, fraud detection, and live leader-boards. You can ingest streaming data using Kinesis Data Streams, process it using Kinesis Data Analytics, and emit the results to any data store or application using Kinesis Data Streams with millisecond end-to-end latency.  In healthcare, you could stream a patients vitals and other telemetry data from many different sources and feed that data into an analytics engine to help detect at risk patients.

Pricing Guidelines

Kinesis Data Streams are priced based on throughput as measured by a baseline called a shard.  Please see the Amazon Kinesis Data Stream Pricing page for details.

Kinesis Video Streams are priced based on the volume of data you ingest, store, and consume through the service.  Please see the Amazon Kinesis Video Streams Pricing page for details.

Architecture

Amazon Kinesis Data Streams is a massively scalable, highly durable data ingestion and processing service optimized for streaming data. You can configure hundreds of thousands of data producers to continuously put data into a Kinesis data stream. Data will be available within milliseconds to your Amazon Kinesis applications, and those applications will receive data records in the order they were generated.

For example, consider Kinesis being the entry point for data that is part of a big data solution.  Data from various sources is put into an Amazon Kinesis stream and then the data from the stream is consumed by different Amazon Kinesis applications. In this example, one application is running a real-time dashboard against the streaming data. Another application performs simple aggregation and emits processed data into Amazon S3. The data in S3 is further processed and stored in Amazon Redshift for complex analytics. The third application emits raw data into Amazon S3, which is then archived to Amazon Glacier for lower cost long-term storage. All three of these data processing pipelines are happening simultaneously and in parallel.

Amazon Kinesis Video Streams enables you to securely ingest, process, and store video and time-encoded data from devices at any scale for real-time and batch-oriented machine-vision based applications that power smart homes, smart cities, industrial automation, security monitoring, and more.  Kinesis Video Streams also provides a library to integrate machine learning frameworks such as Apache MxNet, TensorFlow, and OpenCV with video streams to build custom applications. Kinesis Video Streams automatically provisions and elastically scales all the infrastructure needed to ingest video streams from millions of devices.

Automated Safeguards

In order for Kinesis Streams to process PHI or other sensitive healthcare data, the streams must encrypt the data at rest as it is processed through the service.  ClearDATA's Automated Safeguards ensure all streams have server side encryption enabled. 

Compliance Guidance

Encryption in Transit

Kinesis Data Streams use server-side encryption to encrypt data that automatically encrypts and decrypts data as you put and get it from a data stream.  The Automated Safeguards enable server-side encryption immediately after a new stream is detected.  Enabling   

Remediation

ClearDATA automatically, and transparently, enables server-side encryption is transparent and done without interruption of the stream.

Customer Managed Keys

If customers wish to use a Customer Master Key instead of the default key, that can be done via the console or SDK.  See https://docs.aws.amazon.com/streams/latest/dev/server-side-encryption.html for details.

Shared Responsibility

Customers should ensure that no PHI or other sensitive data enters the stream until the Automated Safeguards have enabled server-side encryption on the stream.  This typically occurs within a minute of the stream being created.

Please contact your ClearDATA team for a copy of the Responsibilities Matrix.

Exclusion

Exclusions can be set on a per stream basis.  Please contact ClearDATA Support if you require a Safeguard exclusion.

Reference Architecture Diagram

Kinesis Data Streams

Kinesis Video Streams

ClearDATA IAM Group

Users can be added to the Safeguard-Kinesis IAM group in order to access the Amazon Sagemaker service.

RACI


Item

ClearDATA

Customer

Enforcement of Automated Safeguards

RAIC
Creation, configuration, and management of Kinesis Data & Video Streams and all associated connectionsCRA
Ensure any service excluded from automated remediation does not contain any PHI/PIIICRA

Table of Contents