Customer: Kansas University
Solution: HIPAA Compliance on AWS
Kansas University hosted the Kite suite of applications on an Amazon Web Services environment but required assurances and recommendations on their security status to meet their service level agreements and reassure their users that data was secure. KU reached out to their AWS industry partner DLT Solutions for advice and the required professional services.
Hidden Lake Technology was contracted to assess the environment, identify security gaps, and provide a report of recommendations for the customer to deploy. This assessment would result in a roadmap of task-by-task objectives for the customer to follow in order to remediate any security deficiencies, followed by an audit to confirm the fixes and certify the security of the environment.
While the detailed findings are confidential due to the obvious security concerns, multiple recommendations were made across the spectrum of AWS Security services to bring the customer into compliance with their SLAs. Specific security services reviewed included AWS WAF, Shield, Guard Duty, Inspector, IAM and Security Hub. Hidden Lake Technology security engineers also worked with Kansas University staff to identify new services for deployment, and best practices for remediation and future operation of the AWS environment. After giving KU an opportunity to address the identified issues, HLT staff certified the newly secure environment with a follow-up report.
Kansas University was able to receive expert advice on the security of their AWS-hosted Kite software suite and remediate multiple identified issues, resulting in a more secure environment for their sensitive data. The recommended AWS security services and reconfigurations were sufficient to meet the end user requirements and KU continues to utilize AWS as a major component of their IT plans.
For more information, contact us at [email protected]