Case Study:

Pharmaceutical Solutions Company Ensures Compliance with AWS Security and Application Audit

SHI examines newly acquired accounts with proven approach to meet strict standards.

Highlights:

Customer Profile

A pharmaceutical solutions company.

Challenge

The customer completed several acquisitions and needed to ensure their new cloud services were compliant with strict health care and PCI regulatory requirements.

Solution

ITAM and Licensing

SHI created a multi-tiered approach, conducting a security and application audit to determine the risks associated within the newly acquired company’s AWS account and services.

Partners

AWS

Benefits/Results

  • Provide clear insight and actionable findings on the newly acquired companies’ environments.
  • Quickly identify misconfigurations, and put plans in place for mitigation.
  • Ensure compliance with strict security requirements under pharmaceutical and health care laws and regulations.

A pharmaceutical solutions company – with more than 30 million patients – provides patient affordability, medication access and adherence, and patient support services on behalf of pharmaceutical manufacturers. Over the last two decades, the company has helped patients with $12 billion in branded drug savings to date.

Challenge:

The company acquired several new companies which broadened their portfolio of brands and services. With each additional acquisition, the company needed to ensure their new cloud services were compliant with health care and PCI regulatory requirements, specifically security and compliance.

The main challenges with each acquisition were lack of visibility within the new accounts, including application deployment, network configuration, security posture, services integration, and overall security posture of each new organization.

The main concerns were security, resilience and preparedness to prioritize risks and impacts involved with critical business functions, and assurance that all services, accounts and resources met strict security and compliance requirements.

Solution:

SHI conducted a security and application audit to determine the risks associated within the newly acquired company’s AWS account and services. SHI initiated a multi-tiered approach involving:

  • In-house automation and security audit tools, which allowed automatic gathering of relevant information for the assessment and creation of a secure repository to store information.
  • Using the information gathered from the discovery phase to conduct a deep analysis of accounts, applications, network configurations, data storage and configurations, security deployments, and overall AWS services. SHI used native tools, such as trusted advisor, as well as in-house developed tools to complete a multi-point assessment covering each domain that was required to meet compliance.
  • The creation of documentation around the following security domains, including:
    • Executive briefing of the current state of security within the AWS account
    • Summarized list of risks, along with a weighted score of security findings
    • Detailed report with complete findings of the security risks within the entire AWS environment
    • Security mitigation framework and next steps documentation

Benefits:

  • The customer received details and insight needed to take action on the findings within the newly acquired accounts.
  • The customer was able to quickly identify misconfigurations, and put plans in place for mitigation before fully incorporating the new assets and resources into the organization’s main AWS account.
  • This helped the company ensure stakeholders that their processes and integration were compliant, and within the rules of the strict standards required by the pharmaceutical and health care laws and regulations.