Oak Creek Tech Innovations is the creator of CaseConnect, a software platform for medical case management in worker’s compensation claims. As a growing SaaS with a cloud-based development effort, Oak Creek Tech Innovations wanted to protect and monitor cloud resources for HIPAA-sensitive workloads.
Armor's private cloud provides Oak Creek Tech Innovations with the protection of a virtual private cloud configured to HITRUST CSF security standards.
By adding Armor Automated Security and Compliance, developers of CaseConnect receive alerts in the case of accidental misconfigurations or open vulnerabilities that could jeopardize compliance frameworks.
Quick Glance
Industry Cloud Provider Website Customer Problem- Need to maintain HIPAA compliance across the development lifecycle
- Armor was able to help with compliance and security needs
- Armor provides network, workload, and infrastructure protection for CaseConnect. Oak Creek reduces annual audit resources and maintains compliance even through rapid software iterations.
As we began to spin the platform out as a new company, we understood the importance of security and compliance in our controls and configuration. We knew we needed to step up our security posture.
OVERVIEW
When a private case management platform evolved into a software-as-a-service offering, this company needed a secure cloud-based solution that could help ensure HIPAA compliance.
ABOUT OAK CREEK TECH INNOVATIONS
Oak Creek Tech Innovations provides a SaaS platform for the worker’s compensation and patient advocacy markets. Initially created to serve a private case management company, its premiere product, CaseConnect, offers a cloud-based solution for organizations with multiple case managers in dispersed locations, allowing them to securely capture time, expenses, and documents related to their work. Based in the cloud, CaseConnect lets case managers run their businesses from a web-based API, providing real-time understanding of staff resources.
“We built the platform internally,” said Rich Pflederer, CEO. “As we began to spin the platform out as a new company, we understood the importance of security and compliance in our controls and configuration. We knew we needed to step up our security posture.”
While developing its software, Oak Creek Tech Innovations wanted a secure cloud platform for clients from a company that intimately understood HIPAA compliance challenges. They chose Armor Anywhere, hosted in Armor’s private cloud, and the Armor Automated Security and Compliance solution, establishing a virtual private cloud (VPC) with built-in security and compliance controls.
FINDING THE RIGHT SOLUTION
Armor’s private cloud offers infrastructure that sits in a software-defined private network—micro-segmented and isolated. Workloads connect to the public internet through a network monitored by a security operations center (SOC), which allows IP address netting and VPN termination for enhanced security in security and compliance controls.
Armor Automated Security and Compliance:
- Physical Security
- Application Security
- Physical Security
- Server Security
- Data Backup
- Security Audits
- Data Management
- Perimeter Security
- Network Security
- Administrative Security
- Secure Data Deletion
- Access Control
- Incident Response (IR)
SECURITY CHALLENGE
Once the company began building a software solution to take to market, Oak Creek Tech Innovations realized that not all developers began with security or compliance in mind.
“We were relying on our IT vendor and our developer outsource to understand HIPAA controls,” said Pflederer. “And we were relying on two outside organizations that didn’t specialize in security. In order to go to market, we needed to be confident our provider offered the best security for our applications, our company, and our clients.”
When building SaaS solutions, rarely do startups have the resources or expertise for every challenge. Developer resources must focus on building working solutions and are not always focused on security. What’s more, any misconfigurations or improper settings can lead to incursions by threat actors and jeopardize compliance.
As organizations increasingly embrace the cloud, they must address both “accidental” and “intentional” cyber risk as part of their shared responsibility for security.
We needed to step up our security posture. Armor’s experience securing cloud environments made it the best choice.
ON HITRUST CERTIFICATION AND HIPPA COMPLIANCE
Armor Automated Security and Compliance configuration monitoring helps Oak Creek Tech Innovations secure applications and data in the cloud while enabling continuous compliance with HIPAA/HITRUST. Reducing the burden on internal resources, it provides continuous scanning of public cloud environments to assess adherence to security and compliance policies and frameworks.
For instance, the solution scans the storage resources in the cloud to determine if any misconfigurations or improper settings exist that may expose sensitive patient and other data, alerting the customer to any areas of concern.
Armor Automated Security and Compliance minimizes “accidental” cyber risk. It provides industry-leading Cloud Security Posture Management (CSPM) capabilities to help the customer continuously discover, assess, and remediate security and compliance controls across their environment in the cloud. Armor Automated Security and Compliance helps healthcare organizations capitalize on the advantages of reduced cost and flexibility, while allowing them to implement a continuous compliance regimen focused on adherence to HIPAA/HITRUST.
“While we understood HIPAA environments, we didn’t see the value in having someone on staff with the skills to audit code for HIPAA controls,” Pflederer added. “The time and cost involved were prohibitive.”
FAST AND SEAMLESS IMPLEMENTATION
As CaseConnect was already in development, Oak Creek Tech Innovations required fast, seamless implementation of its new security and compliance solutions. Armor was able to install agents quickly to ensure little disruption.
“Implementation was outstanding, the entire process, start to finish was completed in two weeks,” said Pflederer.
WHY ARMOR
Armor Automated Security and Compliance actively reduces the security and compliance burden of organizations by providing the highest level of managed security for their customers’ data, along with an audit-friendly compliance assessment and monitoring solution.
Armor provides managed security solutions that give companies a clear picture of threats facing their organizations. Armor also provides the people and security resources to stop attacks before they happen and react quickly and effectively when they do, keeping your data safe and compliant.
Whether your organization is a healthcare SaaS, a clinic, a biosciences entity, or a hospital network, you can secure your sensitive applications and data in the cloud while automating and accelerating compliance with HIPAA/HITRUST.
We found security and compliance in one vendor. Armor exceeded our expectations.