Comprehensive Cloud Security Enhancement for Siemens Healthcare System
Aug 2017 - Mar 2019
Business Need
Siemens Healthcare requires a comprehensive solution for securing its integrated healthcare system, which is closely connected to the Secure Cloud HUB across 8 data centres spanning 5 regions. The existing multi-cloud deployment on AWS and Azure faced operational challenges due to security constraints. In order to meet regulatory standards, protect patient data, and enhance overall security, Siemens seeks a vendor to deliver 24x7 monitoring, improve the security posture of both Azure and AWS environments, and provide vulnerability management services. The solution should incorporate a combination of native and third-party security services on both cloud platforms to address internal and external security threats, including malware attacks.
Key Challenges Identified During Assessment:
No visibility, compliance and governance, data security for AWS & Azure cloud application and container services workloads.
No mechanism presents to conduct runtime monitoring of incidents, compliance violations and vulnerabilities in public cloud.
No security assurance and central governance in the client’s environment.
Existing core functioning was not intact with additional global landing zone connection.
Unable to secure connectivity over the internet for AWS cloud.
Lack of security/vulnerability visibility in the cloud environment.
Limited utilization of native cloud security controls.
Lack of expertise to implement security controls on public cloud AWS and Azure.
Solution Implemented:
- Conducted a comprehensive HIPAA compliance assessment like assessing the security controls related to protected health information (PHI) using tools like Qualys to identify vulnerabilities and compliance gaps in AWS and Azure environments.
- Used Splunk to analyze logs and assess the current security posture, ensuring alignment with HIPAA requirements.
- Designed a plan the integration of Check Point, reverse proxy, Splunk, and Qualys.
- Implemented a robust firewall policy to control traffic, considering healthcare-specific regulations and
- Implemented robust IAM controls, incorporating the principle of least privilege and ensuring secure user access to health information.
- Enabled encryption at rest using AWS KMS and Azure Key Vault, ensuring that protected health information is safeguarded & implemented secure communication channels through TLS/SSL encryption for data in transit.
- Deployed AWS Config and Azure Policy for configuration management and policy enforcement with Splunk for log analysis and real-time monitoring, along with Qualys for vulnerability management, you create a robust security ecosystem. This approach helps in proactively addressing security risks, ensuring compliance, and responding effectively to incidents in your multi-cloud environment.
- Deployed endpoint protection solutions with a focus on protecting devices that access or process health information and utilized Qualys and Splunk for continuous monitoring and response to endpoint security events.
- Implemented DLP policies to prevent unauthorized access and transmission of PHI and Monitored and respond to incidents related to potential data leaks.
- Configured Check Point, IAM, and other logs to be ingested into Splunk for centralized monitoring and created dashboards for real-time visibility into security events.
- Configured Splunk for Centralized data aggregation, Real time Monitoring, data visualization, custom dashboards, user activity monitoring, capacity planning and notification alerts.
- Integrated Qualys vulnerability and compliance data into Splunk for comprehensive analysis.
- Regularly reviewed configurations, policies, and security controls based on insights from Splunk, Qualys, and compliance monitoring for tight Security Posture Management.
- Documented security policies, configurations, and compliance reports for auditing purposes.
- Continuously Engaged with 24×7 Security Operations Centre (SOC) for Siemens healthcare system for continuous monitoring, incident detection, and response capabilities.