Protecting patient data with cloud security

Challenge

Migrate to the cloud without sacrificing security

This medical technology company provides clinical diagnostic apps to hospitals – a crucial part of healthcare services.

Unfortunately, these apps rely on an on-premise model and physical devices. This means company engineers must upload various applications, infrastructure, and platforms to each device before shipping it to a hospital. Unsurprisingly, the entire process takes months.

Even when a device was up and running, the company struggled to provide timely aftersales support. App engineers had to travel to hospitals to fix issues, install patches and updates, or address security concerns.

The company knew that migrating apps to the cloud would cut build time and remove the need for on-site visits, but this brings with it new security challenges. Cybersecurity in healthcare is a hot topic because hospitals are common cyberattack targets. Worse still, companies are most vulnerable to cyberattacks during a cloud migration.

In short, the stakes were extremely high. Inaction would leave the business stuck in the past with frustrated engineers and clients. But failing to secure hospital data during the migration could ruin client trust and jeopardize the business. The company desperately needed a partner to oversee security during its cloud migration from beginning to end.

Solution

Security at its heart

The company explored several vendors, but none could deliver the right blend of industry, cloud, and security expertise it needed. Thankfully, the company found Genpact.

We worked with the company's technology teams to develop a secure platform to run the apps on Amazon Web Services (AWS). AWS uses microservices and container technology to speed up app development and automate updates.

Our cloud security experts followed security-by-design principles, which means they prioritized security every step of the way. Here's just some of the work they did:

• Led a cybersecurity maturity assessment to identify any existing security gaps compared to industry standards
• Fixed critical cybersecurity gaps identified during the assessment, making the platform more secure as quickly as possible
• Delivered governance recommendations so the company could improve its cybersecurity strategy and proactively monitor future risks
• Followed development, security, and operations best practices by applying security controls at each stage of the software development lifecycle
• Developed security policies and standards and built access management services to control who can modify the apps, why, and when
• Led security workshops with business and IT teams to make sure everyone understands the policies and best practices

Better still, the platform is cloud agnostic, which means it can run on any platform – without compromising performance or security – so the company isn't dependent on one cloud vendor.

Impact

A trusted, safe, and secure cloud platform

Now, the company offers its apps through a flexible software-as-a-service model. Hospital clients simply subscribe to the service to run their clinical apps – while complying with all global healthcare regulations.

App engineers are happier too. As the company no longer relies on physical hardware or infrastructure, it can support hospitals remotely if there are any issues. This frees its engineers to focus on critical cases instead of travel time.

The advanced cloud security measures also enable engineers to:

• Reduce the chances of a security breach or cyberattack
• Detect and respond to security issues 95% faster
• Recover quickly and efficiently from any cybersecurity incidents, protecting the company, the hospitals, and their patients

Today, not only are engineers more productive, but hospitals are thriving too. They can serve their patients faster without worrying about downtime or security concerns. Ultimately, the cloud has created a trusted foundation for the future of healthcare.