Open in app

Sign in

Write

Sign in

CloudSploit Compliance Scanning Scans AWS Infrastructure for Compliance with Privacy Standards

CloudSploit
CloudSploit
Published in
4 min readApr 8, 2018

One of the most common business requirements data handlers face is the numerous data privacy standards present as industry standards. Each industry has their own variation, each with their own specific requirements — but regardless of the standard or the applied dataset, compliance is extremely important. Until now, CloudSploit has offered amazing tools for configuration monitoring to ensure security — now, that same amazing toolset is being expanded to ensure compliance.

CloudSploit will now produce detailed reports demonstrating exactly how well your AWS Infrastructure stands up to some of the most intense and important data security standards in the modern security landscape. During this first development stage, Compliance Scanning will focus on HIPAA.

CloudSploit HIPAA Report Dashboard

HIPAA

HIPAA, or the Health Insurance Portability and Accountability Act, is a medical data security and privacy standard that is applied to any data handling system that handles medical data derived from United States citizens. HIPAA covers what it terms “e-PHI”, or electronic personal health information, and governs the systems that transfer, transform, utilize, or otherwise handle this data.

Under HIPAA, all data security systems handling e-PHI must ensure confidentiality, integrity, and availability of all e-PHI the system generates, utilizes, transfers, transmits, or maintains. Additionally, providers must comply with HIPAA standards to ensure security threats are identified and mitigated, that possible illicit data uses and external attacks are protected against, and that the internal “workforce” utilizing the data complies with all laws and standards applied.

Accordingly, ensuring HIPAA compliance is extremely important, and failure to adhere to these standards can result in massive fines and, in some cases, legal action.

Compliance vs. Security

It should be noted that “compliance” is not the same as security. While many offerings exist to ensure HIPAA compliance, they stop there — they do not ensure that the underlying system provides for total security outside of the medical data and its specific functional systems. Because of this, “compliance” is only part the picture.

CloudSploit is the perfect companion guide for both compliance and security. With the new Compliance Scanning offering, CloudSploit not only offers compliance scanning for HIPAA, it also offers further security configuration scanning to ensure the holistic health of the system itself.

Open Source

The Compliance Scanning feature for CloudSploit is available as an open source solution — in fact, CloudSploit offers the first open source security tool for AWS compliance checks in this space. Open source means a great many things, but perhaps most importantly, it means the solution is auditable — the source code can be reviewed, double checked, and iterated upon, meaning that you can trust your compliance checks and the system which generated them.

Compliance in CloudSploit

You can get started with CloudSploit Compliance Scanning today. Our open source tool can be downloaded and run against your accounts. If you are a user of CloudSploit’s hosted service, HIPAA scans are now available to all Premium Plan users. All of your existing scan reports, backdated to the opening of your account, can be analyzed for HIPAA compliance. Additionally, if you wish to opt into future, more stringent, checks, you can mark your connected AWS account as “HIPAA-Compliant.” To do this:

  1. Log into the CloudSploit Dashboard
  2. Click the “AWS Accounts” page and click “Edit” next to the account you wish to enroll.
  3. Check “Enable HIPAA Scans”
Enrolling your connected AWS account in HIPAA scans will tell CloudSploit to run more stringent, HIPAA-specific plugins during its scans.

The Future of Compliance Scanning

While HIPAA is extremely important, it’s not the only compliance standard that industry professionals might face. To this end, CloudSploit wants to make it clear that HIPAA is only the start of the compliance standards toolset under development — CloudSploit intends on developing tools for compliance scanning for data governed under PCI-DSS and other standards.

Simply put, CloudSploit Compliance Scanning is an extremely powerful, open source, fully-featured solution for any HIPAA-compliant organization to ensure both the security of their medical data and the underlying configurations and systems that drive it. We’re extremely excited to deliver the benefits of these secure compliance systems to all CloudSploit users, and look forward to ensuring the future of the internet and the digital data it utilizes!

Request for Assistance

CloudSploit is looking for contributions to our open source project. If you have any expertise in a compliance standard or framework, especially if it’s in the list below, we welcome any and all contributions; technical and non-technical.
Please email us at support@cloudsploit.com to get involved.

Compliance Standards and Frameworks wanted include:

  • AT-101
  • FedRAMP
  • HIPAA/HITECH
  • ISO (International Organization for Standardization)
  • NIST
  • PCI DSS
  • Privacy Shield
  • Sarbanes-Oxley (SOX)
  • SSAE-16
CloudSploit has added HIPAA compliance to its open source cloud security engine. Other standards are coming soon. (Image by GOV and is public domain via Wikimedia Commons.)
Hipaa
Compliance
Cloud Security
AWS
Releases

--

--

CloudSploit
CloudSploit

Written by CloudSploit

460 Followers
Editor for

Cloud Security as a Service - https://cloudsploit.com

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams