AWS Fargate and HIPAA Compliant Containers

As Randall Hunt put it in a company blog post announcing the new service:

AWS Fargate is an easy way to deploy your containers on AWS. To put it simply, Fargate is like EC2 but instead of giving you a virtual machine you get a container. It’s a technology that allows you to use containers as a fundamental compute primitive without having to manage the underlying instances.”

We’ve seen an incredible increase in container adoption over the last couple of years. Datica has been a huge proponent of containerization technology since our founding. We use Docker in production on a daily basis to deliver HIPAA compliant environments to thousands of users. We even built our own orchestration layer in 2014, one year before Kubernetes 1.0 was released. To say we’re bought into the concept of containers would be a massive understatement.

No longer any need to manage servers and clusters for your containers - AWS Fargate - Run ECS and EKS without managing servers #reInvent https://t.co/oPsXdvrSAL pic.twitter.com/lZnS558CXV

— AWS re:Invent (@AWSreInvent) November 29, 2017

It’s because of our long history of containerization support that we’re excited about AWS Fargate. However, that excitement isn’t without reservation. As is the case with most new technology, compliance and security pose great barriers to adoption. We’re deeply aware of these barriers at Datica. The Datica Platform was designed to address the complexities of compliance and security specific to the healthcare industry. The fact is, understanding compliance is difficult enough. That difficulty is exasperated exponentially when it comes time to not only implement that understanding through policy, but prove compliance beyond a reasonable doubt to auditors.

Our primary reservation with Fargate is that it currently is not eligible for HIPAA compliance. Because we sign a BAA with both AWS and our customers, we cannot guarantee full-stack compliance against a service that is not scoped within the BAA that we sign with AWS. This means our customers in the healthcare industry cannot take advantage of such a service.

Luckily, we’ve been working on a Docker-based deployment feature for the better part of the last quarter. By working directly with our customers on improving our deployment process, we’re approaching a limited release of Datica BYOD (bring your own docker). BYOD will give users the ability to deploy docker containers directly on the platform. No longer will deployments be restricted to the git push model. In the future—once it becomes HIPAA eligible—we plan to take complete advantage of AWS Fargate. Until then, we’re confident BYOD will provide an excellent deployment experience for our customers.

BYOD will be released into limited availability in December, 2017. We’re selectively working with existing customers to test these new features. If you’re interested in participating, please reach out to me at ryan@datica.com, and if you’re at AWS re:Invent stop by booth #519 to chat with us about Fargate and containerization!