Cloud Services Blog

Check out articles on enterprise cloud services at UCSF and updates to the core platforms provided to the UCSF community.

June 17, 2020

We have rolled out quite a few security enhancements for the Secure Enterprise Cloud environment.  There are probably too many to cover in an email, but the big-ticket items that are already GA are as follows.  The whole goal of the platform was to ensure we're P3/P4/HIPAA compliant, so security is our main focus:

Core Secure Enterprise Cloud Platform Features:

SSM Fully-Automated Patching (managed) - IT deploys and manages a scalable, multi-OS solution for fully-automated patching and maintenance, supporting Ubuntu, CentOS, and Windows. Client also benefits from IT-managed, centralized storage and auditing of instance access logs, patch logs, and software inventory databases.  Client immediately realizes dramatically reduced administrative overhead via automated OS patching and agent installation.

SSO Integration (ADFS) + DUO MFA for AWS Console and CLI (managed): Clients benefit from IT-managed deployment of SAML IDP, IAM resources, and DUO MFA integration required to make seamless access to AWS from both the console (GUI) and/or CLI.  Client AD accounts are managed via existing IT Identity and Access processes. Users can sign-in with existing UCSF domain credentials, using role-based access only - legacy (long-lived access/secret key) access is prohibited, and no client credentials live longer than 12 hours.

Bastionless, SSO-based Access to EC2 with MFA (managed) - Client directly benefits from the elimination of administrator overhead for patching / management tasks, ease-of-use, and enhanced security via SSO-integrated access to EC2 resources with DUO multi-factor authentication (MFA) and endpoint profiling.  Client realizes direct...

Read more »