Canada
EU / EFTA
United Kingdom
France
Customer can keep acquiring with confidence - and compliance - with SHI’s help.
Customer profile
A pharmaceutical solutions company.
Solution
A multi-tiered approach with a security and application audit to review newly acquired company’s AWS account and services.
Outcomes
Insight
The audit uncovered details the customer needed to ensure a smooth acquisition.
Crisis averted
Misconfigurations were caught with time to put plans in place for mitigation.
Compliant
Customer could ensure everything remained within the strict standards of laws and regulations.
A pharmaceuticals solution company – with more than 30 million patients – was broadening their portfolio and needed support as each acquisition came with a long list of unknowns.
Challenge:
With each additional acquisition, the company needed to ensure their new cloud services were compliant with healthcare and PCI regulatory requirements, specifically security and compliance.
The parent company’s main concerns centered around security, risk resilience and preparedness regarding critical business functions, and assurance that all services, accounts, and resources met strict security and compliance requirements.
Solution:
SHI conducted a security and application audit to determine the risks associated within the newly acquired company’s AWS account and services. SHI initiated a multi-tiered approach involving:
- In-house automation and security audit tools. This allowed automatic information collection for the assessment and creation of a secure data storage repository.
- Multi-point assessments. Using the information gathered from the discovery phase, SHI conducted a deep analysis of accounts, applications, network configurations, data storage and configurations, security deployments, and overall AWS services. We used native tools, such as Trusted Advisor, as well as proprietary tools to research each domain in accordance with compliance regulations.
- Creation of security documentation. We built comprehensive documentation around the following security domains:
- Executive briefing of the current state of security within the AWS account
- Summarized list of risks, along with a weighted score of security findings
- Detailed report with complete findings of the security risks within the entire AWS environment
- Security mitigation framework and next steps documentation
Outcome:
Ultimately, the customer received the details and insight needed to take action on the findings within the newly acquired accounts.
They were able to quickly identify misconfigurations and put plans in place for mitigation before fully incorporating the new assets and resources into the organization’s main AWS account.
This helped the company assure stakeholders that their processes and integration were compliant with the strict standards required by the pharmaceutical and healthcare laws and regulations.
“With each additional acquisition, the company needed to ensure their new cloud services were compliant with healthcare and PCI regulatory requirements, specifically security and compliance.”- SHI Account Executive
Partners
You might also be interested in:
