Cloudticity Brings HIPAA Compliance to Amazon Cloud Native Workloads

The move to the cloud is one that started more than a decade ago for some companies and has yet to happen for some others. The reasons for the lag are varied, but for some governmental regulations, such as the Health Insurance Portability and Accountability Act (HIPAA), which regulates data privacy concerns for companies in the healthcare sector, are also to blame for the delay. With requirements around data retention and encryption, it can be easier to stay with what you know rather than make the move to the latest technology.
Cloudticity is an Amazon Web Services (AWS) managed service provider that has been working to help healthcare companies make the move to the public cloud. The company has added Cloudticity Managed Kubernetes to its managed cloud solution for those companies that may have already made the move to the public cloud, but now want to begin using Kubernetes to run distributed applications. Of course, deploying and running Kubernetes on its own can be challenging as it is, but adding HIPAA compliance on top of that can make it even more so.
In a blog post detailing the new service, Cloudticity director of technology and product Rob Williams summarizes the problem succinctly:
Even for a seasoned Kubernetes expert, setting up a basic Kubernetes cluster manually can take hours. If you factor in the need to implement proper security, alerting, health checks, and dashboards, Kubernetes management quickly becomes a full-time job,” writes Williams. “But for most companies, hiring someone to just do Kubernetes isn’t plausible.
In an interview with The New Stack, Williams explained that Cloudticity’s new managed Kubernetes service helps healthcare companies deploy Kubernetes on Amazon Elastic Kubernetes Service (EKS) or Elastic Container Service (ECS) using CloudFormation, which is Amazon’s infrastructure-as-code offering. The template takes the user through a series of configuration questions, such as virtual private clouds (VPCs), naming, subnets, and private and public API endpoints, before creating a Kubernetes cluster using a hardened image. At the same time, the template will launch Cloudticity’s logging and visualizations tools, which run alongside the code.
Williams further explained that, first and foremost, the template is made to ensure HIPAA compliance from an infrastructure perspective, but also in regard to logging, encryption, and the other basic regulatory requirements.
“Our template is built so that you’re deploying in infrastructure that is HIPAA compliant. That means that, with the combination of our other templates that we have for building out VPCs, we ensure that you’re going to deploy your Kubernetes cluster into private subnets with no public access,” said Williams. “We provide a hardened, encrypted Amazon Machine Image (AMI) to make sure per HIPAA that your data at rest is encrypted. We also make sure that you are pushing logs and you are persisting those logs in a place that you can get to and that they will not be lost.”
While HIPAA compliant enterprises may not be the first companies that come to mind when you think of moving fast and breaking things, Williams said that a lot of the companies that were asking Cloudticity for this functionality were smaller startups looking to take advantage of Kubernetes that didn’t have the capacity to hire that full Kubernetes team.
“We work with a lot of smaller startups, some medium-sized companies, who are disrupting that market. They’ve embraced the technology,” said Williams. “They’ve embraced the cloud and all the goodness that it brings.
Until now, Cloudticity has been solely and Amazon managed service provider, but Williams also mentioned that the company was moving into Microsoft Azure in the coming months, with a managed AKS offering of the same type expected at that time.
Amazon Web Services is a sponsor of The New Stack.
Feature image by Darko Stojanovic from Pixabay.