Introduction

Serverless architectures have transformed application design, development, and deployment by enabling developers to focus on code and functionality without managing servers or infrastructure. These architectures offer benefits like cost efficiency, scalability, simplified operations, flexibility, and responsiveness. Container-based architectures, such as Docker, share similar goals by packaging code and dependencies in lightweight, portable containers, streamlining the development process and improving resource utilization.

How MedStack Control Combines Serverless and Container-based Benefits

MedStack Control's managed clusters demonstrate how container-based architectures can incorporate serverless benefits. By managing cloud infrastructure provisioning, maintenance, and health, MedStack Control allows development teams to concentrate on their applications while only considering capacity planning for cluster infrastructure. This approach merges container-based architecture advantages with the serverless paradigm for a seamless development and deployment experience.

Implications of Running Serverless Workloads with MedStack Control

Digital health companies should consider two main implications when running serverless workloads alongside MedStack Control clusters:

1. Resources hosted outside MedStack Control: Resources outside MedStack Control's scope aren't protected by the platform's policies and guarantees. However, companies can use MedStack Control's policies as a guide to handle data outside the platform in compliance with inheritable policies. If serverless is used in parallel with MedStack Control clusters, it is recommended to contain all PHI in the MedStack Control cluster.

2. Vendor security assessments (VSAs) and serverless architectures: Hospitals and insurance providers often prefer single-tenant cloud environments during VSAs. Serverless architectures, which share virtual compute and memory resources among users, may conflict with these preferences, despite network separation, authentication, and encryption for data in transit. Although serverless can be configured for HIPAA compliance, it might face challenges during VSAs with hospitals and insurance companies.