How do you build compliant architecture on the public cloud? And how do you maintain compliance as your cloud grows and changes? These are key questions for many companies — and their ability to confidently satisfy these questions can both reduce business risk and be a key differentiator to end customers.
That is why Logicworks offers a Compliance Assessment for AWS and Azure customers.
Companies that approach us have often already built out an environment on the cloud, and either have a new customer that demands a certain compliance framework, or want to ensure that they’re satisfying regulatory requirements before product launch. We help them ensure that they meet HIPAA, HITRUST, PCI-DSS, ISO 27001, SOC (1 and 2), NIST 800-53, FedRAMP, or GDPR standards.
Launching a Compliant App on AWS
Recently, Logicworks got a chance to work with a global commerce enterprise that was launching a new application on AWS. They had AWS experts in-house, and had already built out the necessary AWS environment to host the application.
The problem: their IT staff wasn’t familiar with HIPAA, and didn’t know the specific steps/controls/tools they needed to achieve HIPAA in AWS.
The company asked AWS for a referral to a partner that understands HIPAA on AWS, and AWS referred the company to Logicworks. Unlike other partners, Logicworks doesn’t just consult customers on compliance — we go through six annual audits each year, and our AWS practice is HITRUST CSF Certified. As a result, security and compliance is built into everything we do, and all our AWS engineers are trained in high-governance AWS management.
Within a few weeks, Logicworks had performed a non-invasive auto-discovery of the company’s AWS account, consulted with the company’s engineers, and produced a detailed list of remediation items. This included over 30 items that often trip up companies that are new to HIPAA on AWS: like logging, IDS, encryption at rest, and more. Where possible, we recommended specific open source or AWS-native tools to fill gaps without added cost. The company then hired Logicworks engineers to implement these recommendations.
By the end of the project, the company launched the app on time and on budget, confident that it met HIPAA standards.
What’s Different about the Logicworks Compliance Assessment?
If you need to comply with a specific compliance framework or regulation, you will often need to go through your own Risk Assessment, which will help identify gaps on the application, administrative, network level, etc..
What Logicworks does is help you translate a specific control into cloud native technologies in the most efficient way possible. We can be your outsourced infrastructure compliance experts; the ones to tell you how to architect your VPC or VN to meet PCI-DSS standards.
At the same time, we can also consult with your team about how to improve your cloud architecture overall — across areas of performance, scalability, high availability, cost efficiency, and more.
Interested in learning more? Schedule a free demo of the Compliance Assessment with a cloud expert.