At one university based in the western United States, research is so integral to its mission that many professors need dedicated cloud environments to store and process sensitive data. Consequently, the university’s IT department spent a lot of time deploying Amazon Web Services (AWS) environments with robust security specifications.
This manual process was time-consuming and inefficient, prompting the university to explore alternative approaches. IT management reached out to ClearScale after learning about a comparable project we completed for the University of California San Francisco (UCSF). Based on the success of that engagement, the university decided ClearScale was the right partner to help automate its AWS environment deployments.
The Challenge – Automating Cloud Deployments
After years of manually deploying and managing unique AWS environments, the university’s engineers wanted to automate cloud deployments and centralize security while ensuring compliance with HIPAA and FedRAMP mandates. By doing so, the IT team could minimize its administrative burden without creating security risks for the university’s research initiatives.
As part of the upgrade, the IT department wanted to incorporate isolated logging. It also wanted to use guardrails, policies, and configuration rules that could be applied automatically with deployments. Furthermore, new environments needed to have their own audit trails, which meant logs had to remain distinct from other workloads.
The ClearScale Solution – AWS Control Tower
After gathering the university’s project requirements, ClearScale decided to design the solution around AWS Control Tower, which allows users to set up secure, multi-account AWS environments. In just a few clicks, IT teams can provision new AWS accounts based on “blueprints” that leverage centralized security controls. Engineers can design blueprints according to their organization’s needs and use them for future deployments, accelerating the setup process.
With Control Tower, ClearScale developed account factory automation that included built-in policies, rules, and custom configurations for HIPAA and FedRAMP compliance. In addition, ClearScale implemented a password policy to specify complexity requirements and frequent updates per HIPAA compliance standards. And AWS Identity and Access Management (IAM) was leveraged to securely control user access to AWS resources.
Meanwhile, ClearScale used AWS Config to ensure that access control policies met regulatory compliance requirements. With Config, the university can continuously monitor and record its AWS resource configurations. In addition, ClearScale configured AWS Control Tower to send alerts whenever compute resources do not comply with guardrail settings and custom configuration rules. This added another layer of risk mitigation to the IT infrastructure.
In addition, ClearScale configured AWS Control Tower to send alerts whenever compute resources did not appear to comply with guardrail settings and custom configuration rules. This added another layer of risk mitigation to the IT infrastructure.
Next, ClearScale implemented AWS Security Hub to give the university’s IT department a comprehensive view of all security alerts that could pop up across its numerous AWS accounts. AWS Security Hub is valuable because it can quickly assess an organization’s security effectiveness using a single tool, rather than switching between multiple cloud services. For a research university, this type of functionality is crucial for ensuring all faculty efforts are secure from tampering.
ClearScale also implemented Amazon GuardDuty to automate threat detection across the university’s environments. Amazon GuardDuty continuously monitors AWS accounts and event log data for malicious activity. That frees up engineering teams from having to do this work manually and allows them to spend more time on other tasks.
As part of the engagement, ClearScale also built and automated deployments related to Windows and Linux workstations. ClearScale’s engineers created hardened Amazon Machine Images (AMIs) for these operating systems that are deployed from service catalogs.
Thanks to ClearScale’s help, the university’s IT department can now deploy AWS environments for its researchers using point-and-click functionality. All new AWS environments are spun up with correct instance sizes and resources using blueprints within AWS Control Tower. ClearScale also equipped the school’s IT team with visibility into potential threats across the university’s cloud infrastructure. And, to ensure regulatory compliance, new environments now include policy guardrails and security integrations that meet HIPAA and FedRAMP requirements.
By leveraging automation and sophisticated tools from AWS, the university can continue investing in research without worrying about whether or not faculty members are fulfilling their compliance obligations. Should any concerns arise, the IT team can act quickly to address the issues.
Cloud technology is transforming higher education. ClearScale and AWS are helping power these transformations with DevOps. Contact us today to learn how we can help you take advantage of modern cloud technology.