AWS Public Sector Blog
Tag: Amazon VPC
How an open source EMR system has transformed patient healthcare in more than 50 countries
In countries where demand for healthcare outweighs available resources, and populations are spread out in remote locations, open source technologies using Amazon Web Services (AWS) can transform providers’ and patients’ experience. Bahmni, an open source electronic medical records (EMR) system is one that we have pioneered. It gives doctors rapid access to up-to-date health records and test results so that they have better information and more time for patient care. A system that started in a single hospital in a remote part of central India is now used by more than 500 hospitals in 50 countries.
Add network agility and security with AWS Direct Connect MACsec encryption and AWS Support
Customers with sensitive hybrid workloads can take advantage of an additional security feature available in Amazon Web Services (AWS) Direct Connect dedicated connections: MACsec encryption (IEEE 802.1AE). In this post, we explore how Direct Connect can handle architectural changes, such as adding or isolating different networks. We also cover adding an additional account boundary for security purposes, and how customers can move their Direct Connect connection to that new account.
The key components of CISA’s Malcolm on Amazon EKS
Malcolm is a powerful, open source network traffic analysis tool suite created by the Cybersecurity and Infrastructure Security Agency (CISA) to aid public and private sector customers in improving their network security monitoring and incident response. Malcolm is most commonly used for incident response, network monitoring, threat hunting, training, and research, but can be adapted for other use cases. In this post, we introduce you to the key components of Malcolm on Amazon Elastic Kubernetes Service (Amazon EKS).
Simplify firewall deployments using centralized inspection architecture with Gateway Load Balancer
As government organizations transition to Amazon Web Services (AWS), they often seek to maintain operational continuity by using their existing on-premises firewall solutions. Gateway Load Balancer (GWLB) enables seamless integration of these firewall appliances into the AWS architecture, ensuring consistent security policies and minimizing disruptions. This post explores best practices for implementing GWLB to facilitate centralized traffic inspection for both east-west and north-south traffic flows.
Mitigating inadvertent IPv6 prefix advertisement with AWS automation
As federal agencies migrate to the Trusted Internet Connections (TIC) 3.0 framework, they will use Amazon Web Services (AWS) to exit to the internet, bypassing the TIC network. This transition requires agencies to plan and coordinate migration activities to verify seamless IPv6 connectivity. Agencies need to coordinate advertising their IPv6 prefixes with AWS, using mechanisms like Bring your own IP addresses (BYOIP). The migration process could involve changes in routing policies, firewall rules, and security controls to accommodate the IPv6 prefix changes. Read this post to learn more.
University of British Columbia Cloud Innovation Centre: Governing an innovation hub using AWS management services
In January 2020, Amazon Web Services (AWS) inaugurated a Cloud Innovation Centre (CIC) at the University of British Columbia (UBC). The CIC uses emerging technologies to solve real-world problems and has produced more than 50 prototypes in sectors like healthcare, education, and research. The Centre’s work has involved 300-plus AWS accounts across various groups, including external collaborators, UBC staff, students, and researchers. This post discusses the management of AWS in higher education institutions, emphasizing governance to securely foster innovation without compromising security and detailing policies and responsibilities for managing AWS accounts across projects and research.
Streamlining digital transformation in German healthcare with AWS
Healthcare organizations worldwide are leveraging Amazon Web Services (AWS) and partner solutions to modernize, transform, and innovate their businesses. Ensuring the availability and security of critical applications is paramount. For example, two renowned German medical facilities, Fachklinikum Mainschleife and Max Grundig Klinik, needed to modernize their IT infrastructure to comply with stringent regulatory requirements outlined in the country’s Law for Accelerating the Digitalization of Healthcare (DigiG). Reliable and compliant service offerings from AWS enabled the medical facilities to provide reliable access to essential systems.
Web filtering for education using AWS Network Firewall
Managing access to websites and safeguarding users from harmful content is a critical component of a layered cybersecurity approach, especially in educational settings. Schools and institutions of higher learning have a responsibility to provide a secure online experience for their students and staff. Traditionally, this has been accomplished through on-site web filtering appliances. Amazon Web Services ( AWS) Network Firewall allows customers to filter their outbound web traffic from on-premises environments based on fully qualified domain names (FQDN) or Server Name Indication (SNI) for encrypted traffic. This post will use AWS Client VPN to demonstrate routing and filtering traffic from external resources through Network Firewall.
Building compliant healthcare solutions using Landing Zone Accelerator
In this post, we explore the complexities of data privacy and controls on Amazon Web Services (AWS), examine how creating a landing zone within which to contain such data is important, and highlight the differences between creating a landing zone from scratch compared with using the AWS Landing Zone Accelerator (LZA) for Healthcare. To aid explanation, we use a simple healthcare workload as an example. We also explain how LZA for Healthcare codifies HIPAA controls and AWS Security Best Practices to accelerate the creation of an environment to run protective health information workloads in AWS.
How to build an Aadhaar Data Vault on AWS
An Aadhaar number is a 12-digit unique identification number issued by the Unique Identification Authority of India (UIDAI) to every individual in India. Considering the sensitivity of the Aadhaar number and the potential implication of having one’s Aadhaar number compromised, UIDAI mandated the need for all Aadhaar and Aadhaar-related data to be encrypted and stored separately in a secure, access-controlled data repository known as an Aadhaar Data Vault. This blog post explains how government and private entities that collect, process, and store Aadhaar data for various use cases can use AWS CloudHSM from AWS to create an Aadhaar data storage solution that can meet guidelines provided by UIDAI.