The Health Insurance Portability and Accountability Act (HIPAA) & Health Information Technology for Economic and Clinical Health Act (HITECH) compliances are the two most important security policies for every company that handles customer information.HIPAA which was later extended and accompanied by HITECH, together set a standard to be maintained. Some of the standards that HIPAA & HITECH maintain include: encryption, data protection, control process and security policies. Amazon being a cloud service provider made sure that all the features listed were met without a doubt.
Data Encryption:
Amazon uses AES 256 encryption method to encrypt user data which ensures high level security for users. Amazon also encrypts data that are ‘in-flight’ and ‘in rest’ with EC2 instances and S3 storage services. The encryption method includes 2048-bit RSA key pair with private and public key for secure file access. Also SSH keys are used by administrators for accessing the storage areas. To access S3 storage the endpoints must be SSL certified and they can be accessed within EC2.
Data protection:
Data that gets stored or retrieved will be secured by encryption methods. Limitations for data going into storage has a certain set of conditions that need to be met, these conditions are:
Amazon web services security policies:
These policies make sure that Amazon employees are restricted from accessing customer data. Employees who work on EC2 instances do not have access to storage areas of customer data and when it comes to S3 storage, no employee from support or maintenance have access to the storage area.
Access control:
System administrators maintain the access control management that controls customer information and data. They are responsible for security level allowance to groups and also manages the read, Access Control List(ACL) of each object. ACL manages the read, write and delete permissions of files. The files are accessed by customers via HTTPS for secure protocol access.
Auditing:
Activity logs should be deeply audited by security analysts and should be provided to customers to make sure third party intervention does not occur.
Backups:
Multiple backup copies of customer information are made into EBS snapshots and replicated to data centers from different locations to assure security for data recovery.
Disaster Recovery:
With Amazon’s replication storage technique where Amazon’s EC2 instances are located in multiple locations geographically. The data recovery during times of a disaster are 99.9% assured which avoids chances of failure.
With all these measures listed, Amazon assures its customers a one stop solution for cloud storage. A detailed report of AWS HIPAA compliance can be read here:
http://d0.awsstatic.com/whitepapers/compliance/AWS_HIPAA_Compliance_Whitepaper.pdf.
Vembu OnlineBackup promises its customers data security and is using Amazon cloud as its source of storage. To learn more about Vembu OnlineBackup, please email us at vembu-sales@vembu.com