undefined | Better HN

0 pointsharryh9y ago0 comments

The biggest thing is that we can't run software with unencrypted PHI on physical hardware that is simultaneously running other people's code. In practical terms this means that we have to pay AWS some $ to get dedicated instances and also we can't use ELBs in the standard (easy) way. There are some other things as well.

0 comments

eropple9y ago

> In practical terms this means that we have to pay AWS some $ to get dedicated instances

This is a feature, not a bug. It also is neither HITECH nor HIPAA; it is instead AWS's requirement in order to sign your BAA.

> we can't use ELBs in the standard (easy) way

Also neither HITECH nor HIPAA. ELBs are used in a PHI-related scenario identically to any other scenario. Unless you are referring to using it as an SSL terminator, in which case I would say "the standard (easy) way is always wrong".

dragonwriter9y ago

> The biggest thing is that we can't run software with unencrypted PHI on physical hardware that is simultaneously running other people's code.

There is no, AFAICT, no regulation under HIPAA or related law that requires this. Certain service providers may have determined that they cannot provide guarantees of privacy/security without this technical restriction.

throwaway7299y ago

That seems like a fairly reasonable thing given you're talking about encrypted PHI... it's some extra $ for a considerable reduction to overall attack surface when processing the most sensitive type of personal data.

I don't think this meets OP's definition of "wrong".

harryhOP9y ago

In practical terms I don't agree that the threat of someone doing all of the following things is worth worrying about (in comparison to many other more likely failures):

1) determine what physical hardware in aws the target is running code on

2) somehow get the aws virtual machine manager to let the attacker run their malicious code on the same hardware

3) somehow pierce the protections of the virtual machine to read memory being used by the target application

4) figure out how the data is stored in memory in order to make sense of anything that was read

dragonwriter9y ago

> In practical terms I don't agree that the threat of someone doing all of the following things is worth worrying about

In AWS case, this is an AWS rule about when they will sign a HIPAA BAA, even though there is no HIPAA regulation that specifically prohibits the arrangement at issue. AWS clearly thinks it is worth worrying about.

When you run your own public cloud, you can determine what risks are worth accepting potential liability for.

1 more reply

Spooky239y ago

People said the same thing about cold boot attavks against encryption keys. Yet today the police and others are using that and other NAND attacks regularly.

HIPPA is a very easy compliance standard to meet. If it seems difficult to meet those requirements with your standard tool configurations, you should think about what that means with respect to the integrity of your data.

1 more reply

j / k navigate · click thread line to collapse

0 comments

eropple9y ago

> In practical terms this means that we have to pay AWS some $ to get dedicated instances

This is a feature, not a bug. It also is neither HITECH nor HIPAA; it is instead AWS's requirement in order to sign your BAA.

> we can't use ELBs in the standard (easy) way

dragonwriter9y ago

> The biggest thing is that we can't run software with unencrypted PHI on physical hardware that is simultaneously running other people's code.

throwaway7299y ago

I don't think this meets OP's definition of "wrong".

harryhOP9y ago

In practical terms I don't agree that the threat of someone doing all of the following things is worth worrying about (in comparison to many other more likely failures):

1) determine what physical hardware in aws the target is running code on

2) somehow get the aws virtual machine manager to let the attacker run their malicious code on the same hardware

3) somehow pierce the protections of the virtual machine to read memory being used by the target application

4) figure out how the data is stored in memory in order to make sense of anything that was read

dragonwriter9y ago

> In practical terms I don't agree that the threat of someone doing all of the following things is worth worrying about

When you run your own public cloud, you can determine what risks are worth accepting potential liability for.

1 more reply

Spooky239y ago

People said the same thing about cold boot attavks against encryption keys. Yet today the police and others are using that and other NAND attacks regularly.

1 more reply

j / k navigate · click thread line to collapse