“As a publicly funded educational institution and a teaching hospital, we have no shortage of challenges,” – Principal Architect for HIPAA Compliance at Accredited Medical School in California, “ESP helped alleviate both budgetary and compliance headaches as we move more of our workloads to the cloud.”
Innovative and agile vision leads the way to secure cloud adoption
ESP’s flexible custom control checks and one-click compliance reports enable Internationally recognized Medical School to reduce risk, simplify audits, and achieve HIPAA and NIST compliance validation.
This School of Medicine has grown to become an internationally recognized leader in medical education, research, patient care and public service and is affiliated with other top-ranked teaching hospitals. Their mission is to improve health and healthcare by creating world leaders in health and science to heal humankind one patient at a time.
State and local education institutions are under pressure to modernize their IT infrastructure by migrating to the cloud. While the cloud offers freedom from capital-intensive technology investments and flexibility enabling them to focus on their core research, education and treatment objectives, security can often be a major roadblock in their journey to the cloud.
At the same time, as a teaching hospital, they are required to meet HIPAA and NIST compliance standards in order to minimize risk and exposure to customer data stored in the cloud. Keeping users data private is something the school takes very seriously.
The Medical School implemented Evident.io’s Cloud Infrastructure Security and Compliance Platform, Evident Security Platform (ESP). They quickly set up their accounts and worked with Evident.io to generate custom control checks, alerts, enable user attribution and develop Lambda workflows to eliminate human error and optimize security automation.
With ESP they were able to reduce the manual effort required to achieve insights into their security vulnerabilities and achieve compliance with HIPAA and NIST. ESP’s one-button compliance reports that indicate pass/fail status for all of the testable infrastructure controls, save the organization time and money in validating compliance and providing evidence for auditors and prospect customers alike.
ESP provided the Medical School with complete transparency into the security posture of all of their AWS accounts at all times. With the ESP’s agentless non-invasive approach, the information security team now has consolidated multi-account visibility of all vulnerabilities and misconfigurations that exist in their cloud infrastructure through a single pane of glass dashboard. The value that ESP brought was to alert them of configuration changes and policy violation and provide a path to remediation.
ESP helped the Medical School be compliant with regard to the AWS shared services model and CIS AWS Foundations Benchmark, HIPAA and NIST, by automating the exposure and remediation of vulnerabilities in AWS. ESP’s flexible custom control checks enable them to reduce risk, audit, and compliance validation specific to the Medical School’s compliance and risk requirements.
To find out more about how our technology can empower you to solve this problem visit our website. ESP provides a single pane of glass view of all of your AWS accounts, regions and services in one easy to customize dashboard. By consuming all of Amazon’s APIs, ESP can detect and uncover vulnerabilities in your environment and alert security teams of configuration changes and policy violation and provide a path to remediation.
You can try ESP free for 14 days and start securing your cloud infrastructure within minutes. You can use the tool on your own, just signup and get started — or we can help you along the way. It’s your choice.
About this ESP @ Work Blog Series
ESP @ Work provides insight into real customer implementations. These snapshots describe how Evident Security Platform (ESP) helps our customers maintain and benefit from continuous security and compliance in the cloud. All ESP @ Work posts are anonymous because we respect that our customers are not always able to publicly share their success.