Thoughts & Ideas
You need a security-focused platform
Nick Anderegg
Product & Engineering
If you are considering Platform as a Service (PaaS) alternatives to Heroku and have regulatory or compliance requirements—or you are just generally concerned with the security of your infrastructure and the privacy of your users’ data—Aptible should be at the top of your list.
While you focus on building out your app, Aptible accelerates your dev workflow by handling the hard parts of deploying secure, compliant infrastructure. Here’s why you should consider using a security-focused PaaS for your next deployment.
We help you deploy safe-by-default infrastructure
Aptible handles the hardest parts of implementing rigorous infrastructure security controls and lets you focus on building applications.
In the context of regulation-compliant deployments, the bulk of Aptible’s division of responsibility is operating the infrastructure security controls required to comply with those regulatory frameworks.
Of course, the controls we implement are not unique to securing healthcare data under HIPAA regulations! While protected health information (PHI) has rigorous minimum standards for security controls, a dedicated stack that enforces rigorous security controls helps keep all private user data private.
Some of the most important infrastructure security controls are also the most difficult to implement. We take care of those hard things:
Centralized audit logging is a standard feature.
Your infrastructure on Aptible is isolated from others on the network—and creating further network isolation within your own infrastructure is simple.
Database volumes are encrypted at rest with Aptible-managed keys.
All traffic in transit between your endpoints, app, and database is encrypted.
All of these security controls, critical for maintaining secure infrastructure, are provided by default with Dedicated Stacks on Aptible.
We help you understand how your infrastructure is secured
It’s difficult to understand the many pieces you need to have in place to have secure, compliant infrastructure. As a developer advocate, I believe it’s important to understand the challenges developers face. At Aptible, developing that understanding has meant spending significant time broadening my knowledge of HIPAA and other compliance requirements.
It’s not fun. But understanding how to deploy applications that satisfy the requirements of the HIPAA Security Rule is, however, the exact area where Aptible excels.
When your resources are deployed to a Dedicated Stack on Aptible, you’ll have access to Compliance Readiness Scores , which surface the necessary security controls in a single dashboard.
Every 24 hours, Aptible automatically performs hundreds of checks to ensure that critical security and availability requirements have been configured correctly.
When you deploy with Aptible, you’ll have peace of mind that your application’s infrastructure is free of misconfigurations that put your users’ data at risk.
We provide a more secure platform with less friction
Our fully Docker-based app deployments can integrate into your existing workflow as the destination for CI/CD processes. Likewise, our managed open-source database offerings expose the database to your application with end-to-end encryption in transit, with no proprietary wrappers needed to connect.
Aptible is built on open-source tools and well-adopted workflows, so you don't need to learn a new paradigm to deploy secure infrastructure.
Conclusion
It can be hard to determine which risks you may even face when using a PaaS, because a PaaS, by definition, is an abstraction of more generalized infrastructure. In fact, this abstraction can increase the attack surface for a given vulnerability, because it naturally increases the underlying complexity of a system.
That's why it's critical for security to be a fundamental part of any PaaS product, rather than an add-on service or enterprise offering. We're building a security-focused platform that makes security more convenient for everyone—because secure infrastructure and a developer-friendly workflow aren't mutually exclusive!