Presidiohealth Chooses StrataScale Private Cloud for Security, Reliability, Scalability

The Challenge

Presidiohealth faces strict HIPAA HL7 and PCI DSS compliance requirements, and promises its clients that they can "work smarter, knowing all your patients' data is vault safe. We are serious about security" by delivering "the most powerful security tools available today."

Further, for its IT infrastructure, Presidiohealth demands:

• full control and flexibility
• on-demand speed (to build, provision, manage)
• scalability, with improved efficiencies
• maximum reliability

The specific requirements for a hosting solution to meet Presidiohealth's needs included:

›  Build and maintain a secure network

›  Protect cardholder data

›  Maintain a vulnerability management program

›  Implement strong access control measures

›  Regularly monitor and test networks

 

Solution

To meet a) the strict security and compliance requirements and b) on-demand control and scalability demands, move production infrastructure from a prior public shared cloud environment with another hosting company to a private cloud hosting solution from StrataScale.

To achieve reliability and efficiencies, moved the development farm to the StrataScale colocation services.

The StrataScale solution features a web-accessed secure portal to view and manage - with full anywhere, anytime control - the colocation and private cloud hosting environments via the same UI.

Configuration - Stratascale private cloud hosting infrastructure, featuring:

• A Level 3 IronScale Enterprise Automated Server Hosting environment as the database server
• 2 VirtualScale Enterprise Private Cloud servers
• CentOS, Windows Server
• Cisco firewall
• site-to-site VPN
• 3rd party installed applications
• Custom Presidiohealth code

1. Build and maintain a secure network

Install and maintain Cisco firewall configuration to protect cardholder data.

Stratascale Security System checks for misconfiguration such as default passwords, unrestricted permissions, etc.

2. Protect cardholder data

Protect stored cardholder data, multiple levels of two factor authentication; Stratascale infrastructure uses industry standard encryption and authentication protocols.

Encrypted site-to-site VPN with additional software encryption like SecureFTP for HL7 and PCI data transfer of sensitive information across public networks.

3. Maintain a vulnerability management program

Use and regularly update anti-virus software featuring multiple levels of 2-factor authentication; Stratascale infrastructure uses industry standard encryption and authentication protocols.

4. Implement strong access control measures

Restrict access to data by business need-to-know; assign a unique ID to each person with computer access.

Presidio application restricts and controls client access via unique client ID; similar strict unique access requirements implemented in StrataScale infrastructure control application

StrataScale data center has restricted and logged physical access.

5. Regularly monitor and test networks

Track and monitor all access to network resources and cardholder data.

Regularly test security systems and processes (monthly vulnerability scans, continuous intrusion detection, regular process tests).

Results

Tom Gregory, CTO of Presidiohealth, Inc.

"Our hosting partner now is StrataScale.  We had been hosting our servers with another provider using the public cloud.  For security and compliance reasons, we needed to move a private cloud environment - and we were looking to save some money on IT resources and IT infrastructure.

"One of the reasons people hesitate to go into the cloud is because of security.  Being in the health care space, we have to conform to HIPAA security rules.  We also transact payments on the web for physicians and patients; therefore we have to meet PCI standards.  We've been able to meet those stringent standards in the StrataScale environment because of the way StrataScale segments the network, and because we have control of the firewalls and all of the data that flows in our environment - that's our #1 important thing.

"We now have the benefit of no production Cap Ex, and have been able to reduce our reliance on our own IT resources.

"One of the things that we were looking for, that StrataScale has delivered, is the capability to automatically provision additional disk space - we do store a lot of documents and images on disk.  As our business grows we need to be able to grow our environment, and we've been easily able to do this through the portal and working with StrataScale Solutions Engineers to architect solutions.  We find that being able to configure firewalls, provision VMs, add storage etc., has been very very easy through the web portal.

"An important thing to keep in mind is that we're a technology company.  StrataScale brings the IT resources and strengths that would cost a company like ours a lot of money.  We want to focus on our core competence - bringing performance management software to physicians and hospitals.  StrataScale relieves us of the headaches of managing a data center and worrying about our hardware; they take all of that off our plate so we can focus on our core business of developing software solutions."

http://youtu.be/6ZYkh1BFmcc