Many of our enterprise customers use Turbot guardrails to ensure continuous compliance of their cloud infrastructure with specific industry standards such as NIST 800-53 and CIS.

Similarly, our life sciences customers have discovered that Turbot reduces the effort required to comply with HIPAA regulations and enforces policies to protect Protected Health Information (PHI). The enterprise can ensure that DevOps teams use only HIPAA-eligible AWS services, and that they securely process, transmit and store PHI data by utilizing the following guardrails:

1. Whitelist only HIPAA-eligible Services

Using Turbot, customers can whitelist only HIPAA-eligible AWS Services (including the recently-added API gateway and Direct Connect), AMIs, RDS Engine Types, etc. All other services can be disabled to ensure no non-HIPAA compliant services are used.

2. Enforce Encryption Standards

Turbot offers Encryption at Rest and Encryption in Transit guardrails that can be enforced across various HIPAA-eligible AWS services.


3. Enforce Dedicated Instances

To support tenancy compliance of HIPAA Privacy and Security Rules for protecting PHI, Turbot can ensure that only dedicated hardware is used for any applicable VPC services (e.g. EC2, RDS, etc.) when provisioned in a HIPAA applicable account / VPC.

4. Complete Audit Trail

Turbot provides full transparency to all AWS and Turbot configurations and events. Turbot’s Central Log Management capabilities aggregate AWS and Turbot activity logs to regional logging buckets per account. Users can view log details through raw logs located in S3. Using the Turbot console, they can also view current and prior event history per various levels of the resource hierarchy.


5. Backup / Snapshot Automation

Turbot provides operational guardrails to ensure appropriate backups / snapshots occur, and that those backups are retained for appropriate time periods.

Contact us for more information about compliance guardrails and a full demo of how Turbot can enhance and support your cloud team.