social share alt icon

AS A GLOBAL HEALTHCARE INFORMATION SYSTEMS COMPANY BUILDS A HIGH-TRUST SECURITY GUARDRAIL FACTORY ON AWS FOR STRESS-FREE OPERATIONS

Know More

CLIENT

 

Our client is a global health information systems player who helps providers, payers, and government agencies anticipate and navigate the changing healthcare landscape through strategic services and solutions for healthcare performance measurement, management, and analysis. More than 5,000 of their customers have reduced costs, improved performance, and raised the quality of care through their value-based healthcare model.

 

BUSINESS CHALLENGE

 

Our client needed to transform their application-lifecycle management from the traditional waterfall approach to an agile methodology, to enable continuous integration and continuous delivery (CI/CD). Ensuring that applications were securely developed and deployed was a bottleneck. Their manual configuration was not the ideal one to keep the company strictly adherent to governance and control requirements.

SOLUTION

 

  • We extended CI/CD pipelines with Continuous Security - including preventive, detective, and reactive controls.
  • We deployed cfn_nag to build and process preventive controls. We then built CI/CD automation to analyse and enforce those controls.
  • We used AWS Config, CloudWatch, and Lambda to build and execute detective and reactive controls. We built an event-based system to automatically tag non-compliant resources and trigger corrective or remediation actions.

ARCHITECTURE

 

BUSINESS BENEFITS

 

Our solution, which extended CI/CD with Continuous Security automation, enabled the client to

Rapidly and securely deploy applications

Define and codify controls for their security teams to manage security without becoming a bottleneck

Adhere to all governance and control requirements

 

The client is thus able to deploy applications at high velocity, with dozens of releases per day, with high confidence in their security posture.