Cloudticity is focused on the development and management of HIPAA-compliant applications or Amazon Web Services (AWS). Today, the Seattle-based company manages about 500 AWS instances for a range of customers. Specialized business opportunities in healthcare opened up in recent years for Cloudticity due to abundant federal funding for health organizations combined with mandates from HIPAA and the HITECH Act for the electronic storage of medical information.
“We’re the only company that focuses exclusively on HIPAA-compliant solutions for AWS, which is financially viable and personally gratifying. We’re saving people’s lives and improving their health every day,” said Gerry Miller, founder and chief technologist at Cloudticity.
Cloudticity’s first-mover status is paying off big for its clients. “We were the first to install a health information exchange (HIE) on AWS and the first to target Meaningful Use Stage 2 with a patient portal on AWS,” said Miller. The company also helps health insurance companies identify patients at risk and proactively address their health concerns. For example, Cloudticity designed a platform to manage asthma and other chronic conditions that reduced emergency room visits 80% in its first year of operation.
When Cloudticity first entered the cloud market, CIOs had big security concerns about the public cloud and were reluctant to move important client information beyond their data centres. According to new analyst reports, concerns about the public cloud are on the decline. “The big cloud providers have earned the marketplace’s trust,” said Miller. “For my clients, the regulations around protected health information (PHI) are complex because the healthcare industry requires the highest security–particularly in the public cloud where companies don’t have physical control of their data.”
The financial penalties for non-compliance can put companies out of business or damage their reputations to the point they cannot recover. When Cloudticity began doing big data analytics projects for health insurance companies, it encountered another layer of daunting regulations that go beyond HIPAA and HITECH.
While AWS provides a secure platform, it’s up to individual customers to secure their applications, operating systems, and data. Cloudticity’s clients need security that protects against known and zero-day attacks, examines incoming and outgoing traffic for protocol deviations, analyses operating systems and application logs for suspicious behaviour, monitors changes, blocks attacks at the perimeter, and improves response time in the event of an incident.
"The personal data of millions of people is now much safer because it's under the management of Deep Security."
founder and chief technologist, Cloudticity
To ensure maximum security, Cloudticity needed a security solution that offered a consolidated view into all areas of a company’s security. Cloudticity also needed an efficient security solution, capable of automating repetitive tasks and policies, immediately securing new AWS instances, and producing timely reports for auditors. “The information we protect belongs to real people and we take that responsibility very seriously,” said Miller.
With Deep Security, Cloudticity found all the necessary security components their clients needed to protect patient information and comply with HIPAA and HITECH regulations in the AWS cloud. “Deep Security allows us to certify that the solutions we build for our clients are compliant and will effectively protect their business interests and sensitive patient information,” said Miller.
Before Deep Security, Cloudticity had to piece together disparate security products for its clients, incurring additional time, maintenance, and risk. “With Deep Security, we don’t spend a lot of time using various monitoring tools or trying to integrate data. It’s seamless to provision and monitor,” said Miller.
Cloudticity also takes advantage of Deep Security’s immediate protection upon launch of a new AWS instance and appreciates alerts that bring instant attention to potential problems. “Every piece of Deep Security is important to us – the powerful, stateful firewall, the automatic protection, the intrusion detection, the log monitoring, and the anti-malware protection with constant updates,” said Miller. “In several cases, Deep Security’s intrusion detection alarms helped us identify configuration mistakes that we wouldn’t have known about otherwise.”
Deep Security also helps Cloudticity reduce the preparation time and effort required to provide data to auditors. For example, Cloudticity used Deep Security modules to satisfy their customer–Great Lakes Health Connects’ (GLHC), a Michigan-based HIE. “We were able to prove the consistent state of the environment and that certain log entries were not made,” said Miller. “We’re now using Deep Security log monitoring to actively push data into the GLHC auditing system.”
"Before Trend Micro, we had to piece together security solutions and didn’t have a consolidated view of our overall security. Deep Security makes it easier to develop and deploy a provably secure solution."
founder and chief technologist, Cloudticity
With Deep Security, Cloudticity customers pay only for what they use with no minimum fees and costs that reflect a percentage of their AWS spend. Cloudticity customers get one bill for their AWS usage that includes Deep Security use. “The Trend Micro pricing model allows us to pass on pay-as-you-go pricing that aligns with our customers’ expectations and with what they experience from AWS,” said Miller.
Why Trend Micro
After approaching Trend Micro, Miller realized he found a security company that was interested in his business and ready to support his business goals. A Trend Micro sales representative introduced Miller to Trend Micro Deep Security, a product that was ideal for satisfying his customers’ security needs.
Today, Cloudticity includes Deep Security in every proposal. “Deep Security is a quality product that aligns with our core mission. It is our favourite security product,” said Miller. “I like working with Trend Micro representatives and their solutions. I don’t feel a need to look at any other security vendor.”