Category: Security

AWS’s infrastructure is HIPAA compliant, but this does not mean the solutions you’ve deployed are. AWS’s shared responsiblity model means their infrastructure is secured, but you can easily build and deploy non-compliant solutions. If you are storing PII data in the health care field, your AWS deployments must be reviewed and secured to ensure compliance.  

As part of securing your AWS account, make sure you have strict controls over who can create custom encryption keys for AWS resources. A bad actor with access to your account can create their own encryption keys, encrypt your AWS resources and later hold them for ransom. This protection should be part of a larger security policy that limits access to resources using IAM and …