Amazon Web Services Architecting for HIPAA Security and Compliance Page 8

Amazon web services architecting for hipaa security

This preview shows page 12 - 14 out of 18 pages.

Amazon Web Services – Architecting for HIPAA Security and Compliance Page 8 Customers can also leverage Oracle Transparent Data Encryption (TDE), and customers should evaluate the configuration for consistency with the Guidance. Oracle TDE is a feature of the Oracle Advanced Security option available in Oracle Enterprise Edition. This feature automatically encrypts data before it is written to storage and automatically decrypts data when the data is read from storage. Customers can also use AWS CloudHSM to store Amazon RDS Oracle TDE keys. For more information, see the following: Amazon RDS for Oracle Transparent Data Encryption: . Oracle.Options.AdvSecurity.html . Using AWS CloudHSM to store Amazon RDS Oracle TDE keys: . OracleCloudHSM.html . Connections to Amazon RDS for Oracle containing PHI must use transport encryption and evaluate the configuration for consistency with the Guidance. This is accomplished using Oracle Native Network Encryption and enabled in Amazon RDS for Oracle option groups. For detailed information, see . Options.NetworkEncryption.html . Amazon RDS for PostgreSQL Amazon RDS for PostgreSQL allows customers to encrypt PostgreSQL databases using keys that customers manage through AWS KMS. On a database instance running with Amazon RDS encryption, data stored at rest in the underlying storage is encrypted consistent with the Guidance in effect at the time of publication of this whitepaper, as are automated backups, read replicas, and snapshots. Because the Guidance might be updated, customers should continue to evaluate and determine whether Amazon RDS for PostgreSQL encryption satisfies their compliance and regulatory requirements. For more information on encryption at rest using Amazon RDS, see tion.html . Connections to RDS for PostgreSQL containing PHI must use transport encryption. For more information on enabling encrypted connections, see
Image of page 12
Amazon Web Services – Architecting for HIPAA Security and Compliance Page 9 SL.html . Amazon Aurora Amazon Aurora allows customers to encrypt Aurora databases using keys that customers manage through AWS KMS. On a database instance running with Amazon Aurora encryption, data stored at rest in the underlying storage is encrypted consistent with the Guidance in effect at the time of publication of this whitepaper, as are automated backups, read replicas, and snapshots. Because the Guidance might be updated, customers should continue to evaluate and determine whether Amazon Aurora encryption satisfies their compliance and regulatory requirements. For more information on encryption at rest using Amazon RDS, see tion.html .
Image of page 13
Image of page 14

You've reached the end of your free preview.

Want to read all 18 pages?

  • Spring '16
  • Amazon Web Services, Amazon Elastic Compute Cloud

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture