02

Organization:   Horizon BCBH of NJ
Industry:   Healthcare Insurance (Nonprofit)
Size:   5,000+ employees
Environment:   VMware, Docker, and Hybrid Public Cloud (AWS and Azure)
Summary:

The client migrated quickly into public IaaS cloud platforms.  Their ePHI environment housed a publicly accessible portal and multiple other customer-facing apps providing services for 500+k users consistently.  Environment contained 15+ VPCs, 7 S3 buckets, 300 + EC2 resources.  The client wanted a non-partial third party review and assessment of the environment’s security posture by a Sr. Cloud Security SME and not an auditor. 

 

Multiple recommendations for improvements were discovered; as a result, the client wanted findings remedied.  However, security solutions and styles needed to mirror their on-prem capabilities to keep overhead low.  Additionally, the public cloud environment needed to be 100% independent from DCs.

  • Segregation of various environments needed improvement.  Mirroring of on-prem was a challenge due to a loss of capabilities from the virtualization of security solutions in AWS or Azure.
  • The company had little administrative controls specifically for the public cloud.  Process for monitoring SSH keys and access was needed.
Actions:
We implement a new cloud security strategy and saved the client over $5M in expenses via modern security designs.  As a result, the client was able to exceed audits of NIST, CSA, PCI, and HIPAA compliance because of our 12 months of effort.

The key impact was leading the development of new segregation methodology and implementing services and solutions to meet the goals of the strategy.
  • Designed new hybrid physical gateway on IaaS backbone which allowed for mirroring of security capabilities while allowing for independence from on-prem.
  • 150% improvement in security posture.  Designed new processes (e.g., cloud engineering, access monitoring review process via CASB, etc.).
  • Implemented Skyhigh security monitoring solution and developed a configuration management process.
  • Integrated CASB into multiple other SaaS (e.g., SalesForce and ServiceNow) via secure API to monitor for compliance.
  • 25% improvement in Administrative Controls.  Design various processes, policies, standards, and guidance.
  • The developed new cloud change management process via CASB config. monitoring.
  • Designed a security architecture review process for an improved cloud application, platform, and environmental risk capture.
  • Wrote cloud security corporate policy and related standards.
SOCIAL MEDIA
  • LinkedIn
  • Twitter
Copyrights  2020 by CyberSEC Geek, Inc. All Rights reserved