Improving The Public Ranking In Health Companies Security Report

Improving The Public Ranking In Health Companies Security Report

THE SITUATION

A health care company was embarking on a company wide digital transformation program to achieve service delivery efficiencies and to rebrand in as tech lead. Performing this securely was not negotiable, but to build it into a brand dimension that could be externally communicated, they embraced a range of national audit reports that ranked healthcare providers and suppliers in order of application security hygiene.

In reviewing the current placements the healthcare company was placed mid range for healthcare providers and slightly higher in comparison to all health related companies. Of these reported the healthcare company chose to focus on the Risk Recon report and target deficiencies highlighted. The idea was that if this could be optimised then the other would follow.

The first review displayed a range of issues across a number of apps. Given the relatively small size of the application and IT security team a number of external parties were engaged to cost out solutions.

One of those engaged was RedShield.

 

OUR SOLUTION

On receiving the reports RedShield immediately established a trial, where RedShield’s own audit tools tested the application.

A shielding plan was then created for the super set of detected issues. All issues from both audits could be resolved using RedShield’s express service. The required shields were then deployed as part of the trial and testing information supplied to the healthcare company to pass on the riskrecon.

The results came back clear, and riskrecon commented that this was the first time that they had issued a 10.

The RedShield express service was then proposed for applications across the entire perimeter with the RedShield enterprise service addon (on the wire code manipulation in lieu of software development) as an option that could be applied on demand.

In the RedShield express service, RedShield provides all the equipment plus the RedShield expert team performs all operational tasks from platform management to tuning, reporting and 24/7 end user help desk management.

 

New teams develop new code & APIs at speed like never before, whilst regulation and brand dictate that we have zero tolerance for security flaws. With code scanning, pen-testing and bug bounties continually reporting flaws that distract developers and slow our progress, we required something that can wrap and protect both our new and legacy apps just as fast. Now we don’t release anything without shielding it first

 

THE RESULT

The RedShield solution was selected and progressively deployed.

All the healthcare company had to provide was the hostname, SSL cert and any vulnerability data. Then once RedShield had completed the setup, run compatible tests and submit then execute a change request to change DNS and lock down the perimeter firewall. All the security related tasks in both setup and ongoing operations were performed by RedShield. As a result migration could occur quickly.

Post deployment the audit results started coming for the secured sites, in all cases results improved and riskreconn moved the healthcare provider to the top of their rankings.

The rapid addressing of reported security issues by RedShield has delivered the following benefits:

  • Brand improvement as a responsible and innovative provider that leads the industry in security
  • Ability to wrap applications and move them to lower cost cloud platforms safely
  • CI/CD pipelines can maintain cadence without distracting developers on urgent security requirements
  • Applications that have completed functional development can have development cycles safely extended
May 21, 2020