AWS HealthTech Event notes
https://aws.amazon.com/events/hcls-new-york-event/
Medidata
Mike Capone
clinical trials via mobile
1/2 bil$ in hardware at ADP
“there is no way today to test a drug w/o human trials”
clinical trials are not fun – half the people aren’t even getting the real treatment
constant measurements for people in studies – inconvenient
use mobile for instrument/diaries for patients
good for admins and patients
lots of ways to game measurements, harder data via fitbit etc – things you used to need at the clinic
clinical trial ex: behavior modification via diabetes app
example trials going on now: pro-biotic milk
“apple is taking over this space” – ‘they’re not – regulation too much of a barrier’
need audit trail, analytics, etc
devices are not a threat. they make apps that use the data either from the device itself or via third party eg vitalconnect
secondary measures to treatment efficacy – “this drug makes you too sick to work with side effects” – can be measured via this tool set. payers(insurance) interested in ‘high quality of life’ treatments.
data quality via datascience
valid data range
how does data compare with ‘clinical standard’ measurements
‘is the subject wearing the device?’
keep all the data with IaaS, useful at a later time
Kinesis queue
MAudit (?)
storm
S3
1 datapoint per second for a large trial = big data
how many people on infra team? less than 10
data repatrieted back to US or is it around the world? now: all in US, later: might have to be worldwide
mobile device is ID for user, no PII
demographics on ID
‘unblinding’ is a bad thing – sponsors will get mad
====
Enterprise cloud adoption through devops
J&J
Keith Blizard
large, decentralized company
integrating lots of acquisitions, different impls
on premise cloud + AWS VPC cloud
- find your early adoptors: use self selction
- financially incentivize reduction in workloads/cost
enable agility
- self service
- visiblity
ensure policy
- AD / authn/authz
- logging
- valid AMIs (eg package control)
- backup / retention
- netsec
accelerate best practice
- monitoring
- key rotation
- encryption
does this require the clients be trained/smarter?
solve via training/accountability
EG: alert about disk space, but it’s their problem
make sure that people know it is the future
match cloud patterns to their usecases
machine learning: on and off instances
for HPC, CDN: unpredicatble burst
For us: elastic scale celery workers
***centralized control without bottlenecking
preventative controls vs detective controls
PCs: (causes bottlenecks)
networking
backups/monitoring
AD
IAM policies
DCs: (could let things drift)
Segregation of duties
encryption when applicable (?)
logging enforced
provision within VPC
approved amis & DB engines
currently lean towards DCs
600 controls verified every 10 minutes across all infra (woah)
moving from DC to PC via new AWS capabilities
reduce their code footprint
PCs slow adoption?
don’t use a cloud adaptor because it slows adoption of AWS cutting edge (have to wait for tool to be updated)
structure: master AWS account with child account per app
hard to automate this
see photo
have their own web portal with SSO/authN, intermediary to AWS console/etc
“autosynced IAM security role”
turn IaaS into PaaS with docker/tooling
flowing charges back to groups:
“if you make it free people do stupid things”
looking forward to new tools from AWS to help with this
====
Rahul Pathak
AWS Data and analysis services
EMR – all hadoop ecosystem not just mapr
“machine learning” – new service 2015
S3: 11 9s of durability
kinesis backs aws billing, multiple consumers eg realtime vs batch
EMR also provides spark/etc, hdfs, can use S3 FS
EMR now hipaa – talk to Jose about this
pushing S3 as FS pretty hard.
DynamoDB now hipaa
Redshift (already hipaa)
has SSL/ encryption at rest built in, audit logging is available
Machine Learning
has tools for “data hygine”
auto ML tools
Kinesis not hipaa – just use kafka?
====
Oscar slide in GDrive
root volume read only via LVM, encrypted EBS
watch out for kernal dump to unencrypted root
IPSec everywhere
throw away servers often, 85% of things 1EB
netflix use S3 for hadoop storage layer
discounts at multi PB range
new-ish features
S3 import/export for EBS
lambda event notifications for S3 – program a reaction to data landing in S3
cost allocation tagging in S3
nasdaq backups to S3, archive after 90 days to glacier, delete after 7 years
Content distribution – S3+Cloudfront (PBS vid network)
100 bucket limit is softer than previously thought
possible to request 1000 limit
roadmap: s3 logs to cloudtrail – first policy change then actual events
S3 VPC endpoints (let’s do this)
me: KMS ecosystem (in person follow up)
====
Bill Shinn
Security HIPAA on AWS
do launch services as MVPs, HIPAA/PCI/Etc are later steps – it’s a real PITA. they are ready for battle if audited.
customers may use all services in a “HIPAA Account”
4/9: ELBs can be non-TCP passthrough – can term SSL as long as you set up encryption to your EC2 instances
BAA for EMR, DynamoDB, RDS for MySQL and Oracle
hard to search encrypted values of course (for Dynamo/etc)
update guidance doc from 2012, this is in progress
Q: VPC encrypted network (this is in the marketplace)
thinking about it
Alex Lo Engineering Blog 
Reply