Acting on behalf of the Council of Australian Governments, Healthdirect Australia provides all Australians free access to health information and professional advice online and by phone. The company was established in 2006 to create nurse triage call centers and re-invented in 2011 to better meet the demands of a digital world. It receives a million calls a year on its nurse triage line and serves one million visits a month across web properties devoted to a variety of health concerns. To connect rural Australians to specialists in urban areas, Healthdirect offers video telehealth services. Healthdirect also builds and operates a National Health Services Directory that provides consumers with information on health services available to them in Australia and is increasingly being used by providers to underpin services such as e-health addressing.
For fast and cost-effective delivery of digital services, Healthdirect turned to Amazon Web Services (AWS). When AWS opened its data center hub in Australia in November 2012, Healthdirect became one of the first Australian customers. In January of 2013, it launched its first public service on AWS. “AWS increases our agility by allowing us to experiment,” said Bruce Haefele, Chief Architect and Head of Technology Development at Healthdirect. “We’ve completely overhauled our architecture three times, which would have been impossible with a traditional infrastructure.”
From the outset, all eyes were on Healthdirect’s ability to do security well in the cloud. The company had to meet stringent privacy regulations for healthcare and comply with about 1,000 highly prescriptive Information Security Manual (ISM) controls mandated by the Australian Signal Directorate (ASD). These included the ASD Top 35 Mitigations for security strategies such as applying critical and security patches within two days of release and implementing host based intrusion detection/prevention system.
“We’re constantly being targeted, because we’re government and because we’re healthcare.” said Brett Knuth, Healthdirect Security Manager. To address the situation, Healthdirect needed a security solution that provided better visibility into its cloud-based environment.
"AWS Marketplace is invaluable to us because we can handle patchy traffic and spikes without paying for licenses that sit dormant."
Security Manager, Healthdirect Australia
Garnering funding is an ongoing challenge that requires Healthdirect to deliver new services quickly, cost-effectively and with a high degree of quality. To innovate at a rapid pace, Healthdirect transitioned to a continuous delivery approach between the summers of 2013 and 2014. Healthdirect’s security solution needed to be compatible with this heightened level of automation and in line with the Center for Internet Security (CIS) standards utilized for hardening of the virtual instances as an authoritative baseline.
Following the January 2013 AWS launch, Healthdirect handled security with open source solutions—an initial approach the company used to get started with a low barrier to entry while assessing problems. However, the open source environment quickly became unmanageable as server incidents increased and the Healthdirect architecture grew to include access control environments and administrative networks.
"The beauty of Trend Micro is that it lends itself perfectly to the AWS elastic compute environment and to our continuous delivery approach."
Chief Architect, Healthdirect Australia
In August 2013, Healthdirect turned to Trend Micro for a proof of concept. “Trend Micro proved it could run security effectively in the AWS cloud. The company showed us the full capabilities of its product and ability to implement the ASD’s Top 35 security mitigation strategies. We haven’t looked back since making the decision to go with Trend Micro,” said Knuth.
Trend Micro Deep Security provides an ideal suite of security solutions for Healthdirect. It not only integrates with AWS, but also instantly secures new AWS instances to reduce risk and meet CIS standards. Healthdirect runs over 675 AWS instances at any given time across nine virtual private clouds (VPCs) in AWS. The company can spin those up or down and reprovision them with the latest versions and patch levels in 15 to 30 minutes. “The beauty of Trend Micro is that it lends itself perfectly to the AWS elastic compute environment and to our continuous delivery approach,” said Haefele.
When a malicious actor exploits a vulnerability for which a patch has just been released, Healthdirect can’t always keep up with the two-day pace ASD requires for patching. In those instances, Deep Security keeps Healthdirect protected with vulnerability alerts and subsequent virtual patching. “The ability of Deep Security to offer patch capability across our products is vital to us. It gives us the breathing space we need to test the patching and do an orderly promotion into the repositories for continuous delivery,” said Knuth.
Deep Security also gives Healthdirect a new level of visibility into attacks with an intrusion detection and prevention system (IDS/IPS) that meets ASD requirements. “If your security is not set up well, you don’t know you are being attacked. Cybercriminals can launch botnet attacks from a compromised server. That doesn’t happen with Deep Security intrusion prevention,” said Knuth.
With Deep Security, Healthdirect also centrally manages firewall policies, monitors applications in real time for unexpected changes, and inspects logs for suspicious behavior—all with a single product. Healthdirect also protects corporate endpoints with Trend Micro Smart Protection for Endpoints, which includes Trend Micro OfficeScan, to help the company bring consistent policies to a hybrid environment of Windows and Mac machines. The company has already purchased licenses for personal devices in anticipation of using OfficeScan endpoint protection for a bring-your-own-device (BYOD) program.
Since re-engineering its platform architecture to accommodate a continuous delivery approach to development, Healthdirect has decommissioned products that don’t work well within an automated environment. “It’s painful to rip out and replace products, but that’s what we have to do when something isn’t a good fit,” said Knuth. “Deep Security helps Healthdirect achieve rapid innovation. It’s one of the products that takes us the least amount of time to manage in our environment. We put it in and it just works. That’s a testament to a great product,” Knuth added.
With Deep Security, Healthdirect gains the visibility it needs to satisfy government regulations, keep citizen information safe, and prevent outages. In one seven day period, Deep Security IDS/ IPS identified and protected against over 5,000 attacks at Healthdirect.
Through the use of Trend Micro SSL, reports give Healthdirect advance warning on upcoming SSL certificate expirations, so it can manage renewals. “That level of visibility saves us time, money, and unnecessary outages,” said Knuth.
Healthdirect uses a mixed procurement model through the AWS Marketplace to lower costs without sacrificing the flexibility to expand and contract with business needs. Healthdirect uses the Deep Security bring your own license (BYOL) option on AWS Marketplace to support its footprint and save money by making an annual commitment. Additional hourly licenses of Deep Security are purchased from AWS Marketplace (and added to Healthdirect’s AWS bill) when it needs to scale out. “AWS Marketplace is invaluable to us, because we can handle patchy traffic and spikes in traffic without paying for licenses that sit dormant. The flexibility it offers us has helped us in our business,” said Knuth.
In the next six months, Healthdirect plans to implement a BYOD program for a workforce that has grown substantially in the past three and a half years. It will use OfficeScan to provide endpoint protection and mobile device management (MDM) for about 500 vendor and employee mobile devices.
Healthdirect is also planning a test deployment of Trend Micro Deep Discovery in its AWS environment. “With Deep Discovery, we’ll be able to see payloads that shouldn’t be in the traffic and where a malformed packet is coming from. We can lock down the firewall ports, put in rule sets, and be more proactive than reactive,” said Haefele.