AWS cloud security earns federal government approval

AWS cloud security gets a lift past skeptics with new federal government approval for some insurance issuers to collect healthcare data using EC2.

A federal government agency's recent blessing for insurance issuers to use Amazon Web Services is a sign of changing attitudes toward cloud security.

The Centers for Medicare & Medicaid Services (CMS) confirmed this month that it approved the use of AWS for processing and storing healthcare data as part of new risk adjustments mandated under the Affordable Care Act of 2010.

Under the law, funds are transferred between high-risk pools of patients and low-risk pools to protect insurance issuers financially. To identify which groups are higher-risk, patient data must be analyzed and the results submitted to CMS before funds are redistributed.

If AWS is good enough for the government, it's probably good enough for you.

Dave Bartoletti,
analyst, Forrester Research

This analysis can now be done using AWS' Elastic Compute Cloud. Issuers can create an Amazon account and download a particular application to do the data processing for CMS, where previously, only internally managed hardware was approved.

Tech experts say this has implications for a wider IT market that has harbored doubts about AWS cloud security.

"If AWS is good enough for the government, it's probably good enough for you," said Dave Bartoletti, analyst with Forrester Research based in Cambridge, Massachusetts. "Everyone considering AWS should take a fresh look at AWS' current certifications and security practices -- they might be better than what you've got in your own data center."

Some healthcare organizations that already store sensitive data in the Amazon cloud agree.

"Particularly for emerging firms that don't have the expertise or resources to build out a compliant data center, AWS-like environments become very attractive to allow firms like ours to focus on core competencies," said Brendan McKernan, president and co-founder of Courtagen Life Sciences Inc., a genetic testing company based in Boston.

However, some larger companies that are eligible to use AWS following the CMS decision are undecided.

Aetna Inc., a large insurance issuer based in Hartford, Connecticut, already has a relationship with AWS through its healthcare technology subsidiary Healthagen, but it also purchased hardware to perform the CMS data analysis under the original requirements.

"This is something that the industry has asked about since Day 1, for the past couple of years, whether or not cloud computing or virtual servers are allowed for this purpose," said John Caruso, a senior director at Aetna. "The timing of it could've been better if we'd known about it in advance."

Caruso said the company will evaluate the suitability of AWS services according to its performance and availability, rather than scrutinizing cloud security.

Meanwhile, it would also be preferable for CMS to approve the use of other cloud vendors.

"Ideally, they wouldn't lock us into one specific vendor from a cost perspective," Caruso said.

Beth Pariseau is senior news writer for SearchAWS. Write to her at bpariseau@techtarget.com or follow @PariseauTT on Twitter.

Dig deeper on AWS security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Related Discussions

Beth Pariseau, Senior News Writer asks:

Will you store or process sensitive data on Amazon Web Services? Why or why not?

2  Responses So Far

Join the Discussion

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudApplications

SearchSOA

TheServerSide

SearchSoftwareQuality

SearchCloudComputing

Close