February 16, 2017 | Sean Finnerty
DevOps tools and principles have revolutionized IT across many industries in recent years. But industries with compliance requirements tend to be more cautious when it comes to adopting cutting-edge solutions. There are specific industries— Healthcare and Financial Services are two—that are strictly regulated and more reluctant to change. However, by building software in an automated and traceable manner, you are able to more easily determine the “Who, What, Where, and When” of any activity performed in the environment. This determination is a cornerstone for any compliant (HIPAA, GxP, etc.) environment.
The consensus among DevOps experts is that DevOps does more to help compliance than hurt it. It isn’t so much a question of whether a regulated business should or shouldn’t adopt DevOps tools and principles—it’s more a question of how. Not only does DevOps introduce more consistency and reduced complexity of operations, it also allows for fast feedback loops when things are identified as out of compliance.
Every solution that REAN builds on top of the AWS Cloud has security and compliance as its top priority. Healthcare and Life Sciences are highly regulated industries and many of its workloads are subject to regulatory requirements such as HIPAA and GxP. There are several common themes that must be addressed in every regulated workload including:
- Logging, Monitoring, and Continuous Compliance: Tracking how your environment changes over time, and who accesses it, is central to meeting many different regulatory requirements. In order to paint the full picture of what is occurring in your environment, you store application logs, operating system logs and other environment specific logs and performance data. REAN Cloud addresses the challenge of managing all of this log information by leveraging a DevOps Accelerator that they have created called REAN Radar.
- Documentation and Non-Technical Controls: Documentation and Non-Technical Controls are an important part of the overall compliance story for a system. AWS provides a variety of compliance resources that our HCLS and Financial Services partners can use while addressing regulated workloads.
- Administrative Environment Access and Separation of Duties: A major piece of any compliance story is the ability to demonstrate control of an environment. Authentication and authorization are central to this process, allowing a user to access the specific data they need. An area of concern for auditors is administrative access in an environment due to the broad permissions generally associated with this role.
You can read more about REAN Cloud’s involvement in DevOps and HCLS in the AWS Blog here.
Rapid change can seem scary to IT and security admins. The pace of DevOps may seem to be in conflict with achieving and maintaining compliance, at least at face value. Done properly, though, DevOps enhances and automates compliance to make it as streamlined and simplified as possible. REAN Cloud can help you successfully adopt DevOps for your IT and Business Transformation. If you are interested in learning about how REAN Cloud can support your healthcare and life sciences and other regulated industry related workloads to meet your security and compliance requirements, please email us at firstname.lastname@example.org.