By using AWS re:Post, you agree to the Terms of Use

What NHS security standards can be applied to data in transit?


We are required to send an email containing PII and we wish to adhere to NHS data in transit standards of encryption. What would be the set up to enable this and are there 3rd party integrations that can be used.

1 Answers

Hi there,

From your query, I understand that you are looking to send an email containing PII and you wish to adhere to the NHS data standards while data is in transit still maintaining encryption standards and also looking to confirm the set up necessary, if both AWS architecture and any 3rd party integrations could be used.

Please do correct me if I misunderstood your query.

This is very feasible with the AWS architecture and 3rd party with Microsoft Outlook, with Amazon Work Mail you can managed business email securely. Amazon Work Mail can also be integrated with Microsoft Outlook and also support native iOS and Android email applications. You can use S/MIME (Secure/Multipurpose Internet Mail Extensions) to enable users to send signed or encrypted email both inside and outside of your organization, controlling both the keys that encrypt your data and the location in which your data is stored.[1]

That been said, you can also increase your posture while adhere to NHS standards with the use of an IPsec VPN and a Direct Connect link to a VPC. The IPsec is a protocol suite for securing IP communications by authenticating and encrypting each IP packet of a data stream between the sender and receiver, with the use of an Amazon VPC you can configure an IPsec VPN connection to your own VPC. Establishing an internet key exchange (IKE) security association between your Amazon VPC,VPN gateway, and another network gateway using a pre-shared key as the authenticator.[3]

Lastly, you can also configure an AWS Direct Connect (DX) which is a direct logical connection between the customer’s environment to the end users system. This create an entirely private link eliminating the risk of data in transit being intercepted by threat actors.[4]

I hope you found the above information helpful

References: [1]Amazon WorkMail - Enabling signed or encrypted email

[2] Configure Certificate Autoenrollment

[3] AWS Site-to-Site VPN

[4] How do I establish an AWS VPN over an AWS Direct Connect connection

answered 14 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions