Ensuring the ability to meet HIPAA guidelines for PHI compliance and to be able to provide the service at a reasonable price point were also important in the decision to go with Wallarm.
Promise to customers: high usability and ePHI/HIPAA protection
When clients asked for increased protected health information (PHI) security, MedNet took the opportunity to go even further. They set their minds to finding a solution that would strengthen security for PHI and HIPAA compliance and streamline their overall security processes—all as they migrated to the cloud.
MedNet’s customers require absolute data privacy. For nearly 20 years, MedNet has been supporting clinical research initiatives for partners worldwide who work with highly sensitive information in biotech, pharmaceuticals, medical devices, and animal trials. MedNet’s electronic data capture (EDC) product, iMedNet, is the customer favorite of the e-clinical technology platforms MedNet offers. It helps science and healthcare professionals and clinical trial services securely utilize highly sensitive data from pre-clinical through phase IV studies. Among favorite features are high usability and configurability wherever customers are based.
The challenge for MedNet was to balance iron-clad confidentiality around PHI with a high level of usability for their EDC.
To increase the usability of their EDC, iMedNet would migrate to AWS. MedNet needed the ability to totally monitor and secure iMedNet in the cloud, even as it grew in users or varied in traffic. Risk-savvy clients requested a Web Application Firewall and API protection for protection and assurances about data privacy.
Several WAF competitors met the requirements but required the traffic to be routed through their proxy servers. The catch was routing through their proxy servers required the execution of a BAA agreement and incurred higher costs.
MedNet decided to test a WAF built for AWS by Wallarm. It wasn’t the most obvious or expensive solution at the start. But it met their criteria. The right security solution would:
MedNet initially deployed Wallarm as a proof of concept to ensure it would meet with internal requirements, including performance testing with iMedNet to be sure that the WAF did not introduce a bottleneck.
The MedNet team chose to first deploy the Wallarm as a docker container, then configure both it and the NGINX proxy. Next, the team put logging and monitoring in place to guarantee issues could be identified and fixed as quickly as possible.
Once operating, MedNet found the Wallarm easy to support. They collected the log files and shipped them to Sumo Logic.
In testing, Wallarm quickly identified a couple of key items to watch for. The operations team identified these as leading indicators of potential issues to come. The identified types of alerts were used to prompt a proactive restart of the containers.
The WAF’s proof of concept won Wallarm a place in the MedNet security stack. Performance testing had proven Wallarm for AWS a better solution, made easier.
In addition to compliance and security assurances for iMedNet in AWS, there were solid reasons MedNet listed as to why it chose Wallarm over some of its competitors. Here is what they said:
The ability to meet HIPAA guidelines for PHI compliance and to be able to provide the service at a reasonable price point were important in the decision to go with Wallarm. WAF and API security is very important to help manage and support a complex application such as iMedNet.
Gary Johnson, Infrastructure Architect
Wallarm helps you develop fast and stay secure.