Cloudticity leverages Trend Micro™
Deep Security to secure patient
data on Amazon Web Services

 

Overview

Cloudticity is focused on the development and management of HIPAA-compliant applications or Amazon Web Services (AWS). Today, the Seattle-based company manages about 500 AWS instances for a range of customers. Specialized business opportunities in healthcare opened up in recent years for Cloudticity due to abundant federal funding for health organizations combined with mandates from HIPAA and the HITECH Act for the electronic storage of medical information.

“We’re the only company that focuses exclusively on HIPAA-compliant solutions for AWS, which is financially viable and personally gratifying. We’re saving people’s lives and improving their health every day,” said Gerry Miller, founder and chief technologist at Cloudticity.

Cloudticity’s first-mover status is paying off big for its clients. “We were the first to install a health information exchange (HIE) on AWS and the first to target Meaningful Use Stage 2 with a patient portal on AWS,” said Miller. The company also helps health insurance companies identify patients at risk and proactively address their health concerns. For example, Cloudticity designed a platform to manage asthma and other chronic conditions that reduced emergency room visits 80% in its first year of operation.

Challenges

When Cloudticity first entered the cloud market, CIOs had big security concerns about the public cloud and were reluctant to move important client information beyond their data centers. According to new analyst reports, concerns about the public cloud are on the decline. “The big cloud providers have earned the marketplace’s trust,” said Miller. “For my clients, the regulations around protected health information (PHI) are complex because the healthcare industry requires the highest security–particularly in the public cloud where companies don’t have physical control of their data.”

The financial penalties for non-compliance can put companies out of business or damage their reputations to the point they cannot recover. When Cloudticity began doing big data analytics projects for health insurance companies, it encountered another layer of daunting regulations that go beyond HIPAA and HITECH.

While AWS provides a secure platform, it’s up to individual customers to secure their applications, operating systems, and data. Cloudticity’s clients need security that protects against known and zero-day attacks, examines incoming and outgoing traffic for protocol deviations, analyzes operating systems and application logs for suspicious behavior, monitors changes, blocks attacks at the perimeter, and improves response time in the event of an incident.

"The personal data of millions of people is now much safer because it's under the management of Deep Security."

Gerry Miller,
founder and chief technologist, Cloudticity

To ensure maximum security, Cloudticity needed a security solution that offered a consolidated view into all areas of a company’s security. Cloudticity also needed an efficient security solution, capable of automating repetitive tasks and policies, immediately securing new AWS instances, and producing timely reports for auditors. “The information we protect belongs to real people and we take that responsibility very seriously,” said Miller.

Solution

With Deep Security, Cloudticity found all the necessary security components their clients needed to protect patient information and comply with HIPAA and HITECH regulations in the AWS cloud. “Deep Security allows us to certify that the solutions we build for our clients are compliant and will effectively protect their business interests and sensitive patient information,” said Miller.

Before Deep Security, Cloudticity had to piece together disparate security products for its clients, incurring additional time, maintenance, and risk. “With Deep Security, we don’t spend a lot of time using various monitoring tools or trying to integrate data. It’s seamless to provision and monitor,” said Miller.

Cloudticity also takes advantage of Deep Security’s immediate protection upon launch of a new AWS instance and appreciates alerts that bring instant attention to potential problems. “Every piece of Deep Security is important to us – the powerful, stateful firewall, the automatic protection, the intrusion detection, the log monitoring, and the anti-malware protection with constant updates,” said Miller. “In several cases, Deep Security’s intrusion detection alarms helped us identify configuration mistakes that we wouldn’t have known about otherwise.”

Deep Security also helps Cloudticity reduce the preparation time and effort required to provide data to auditors. For example, Cloudticity used Deep Security modules to satisfy their customer–Great Lakes Health Connects’ (GLHC), a Michigan-based HIE. “We were able to prove the consistent state of the environment and that certain log entries were not made,” said Miller. “We’re now using Deep Security log monitoring to actively push data into the GLHC auditing system.”

"Before Trend Micro, we had to piece together security solutions and didn’t have a consolidated view of our overall security. Deep Security makes it easier to develop and deploy a provably secure solution."

Gerry Miller,
founder and chief technologist, Cloudticity

With Deep Security, Cloudticity customers pay only for what they use with no minimum fees and costs that reflect a percentage of their AWS spend. Cloudticity customers get one bill for their AWS usage that includes Deep Security use. “The Trend Micro pricing model allows us to pass on pay-as-you-go pricing that aligns with our customers’ expectations and with what they experience from AWS,” said Miller.


Why Trend Micro

After approaching Trend Micro, Miller realized he found a security company that was interested in his business and ready to support his business goals. A Trend Micro sales representative introduced Miller to Trend Micro Deep Security, a product that was ideal for satisfying his customers’ security needs.

Today, Cloudticity includes Deep Security in every proposal. “Deep Security is a quality product that aligns with our core mission. It is our favorite security product,” said Miller. “I like working with Trend Micro representatives and their solutions. I don’t feel a need to look at any other security vendor.”

Results

Deep Security drastically cuts down on the time and manpower Cloudticity needed to secure their client data. “The single-console access to security information and the alerts increase our efficiency and profitability,” said Miller. The comprehensive security solution also creates customer satisfaction. “Our customers feel more secure, and we know they are more secure,” he added.

Trend Micro believes in building strong and mutually beneficial relationships with its IT service providers. By introducing Cloudticity to its health team, Trend Micro has opened up opportunities for Cloudticity and provided valuable exposure to drive business growth. At the same time, Cloudticity is helping Trend Micro align more closely with AWS. “With Trend Micro, we see an opportunity to be a true partner,” said Miller. “Our relationship with Trend Micro is deeper than that of a traditional reseller.”

Being easy to deploy and operate, Deep Security frees up time for Cloudticity to focus on other business priorities. “It’s important for us to be able to make the next sale, have the next customer touch point, or focus on a new project for an existing customer. Deep Security gives us the freedom to do more,” said Miller.

Deep Security also helps Cloudticity create a safer cloud environment. “The personal data of millions of people is now safer because it is under the protection of Deep Security,” Miller added.


What's Next?

Miller hopes to deepen Cloudticity’s relationship with Trend Micro in the future. In addition to Trend Micro Deep Security solutions, customers have been also asking about security solutions for mobile devices, servers, and workstations on site–all of which Trend Micro offers solutions to address. “We intend to grow very big, very fast, and we want to do that while working in partnership with Trend Micro,” said Miller.