Oak Creek Tech Innovations: Security and Compliance for a Case Management SaaS – Case Study

When a private case management platform evolved into a software-as-a-service offering, this company needed a secure cloud-based solution that could help ensure HIPAA compliance.

Oak Creek Tech Innovations provides a SaaS platform for the worker’s compensation and patient advocacy markets. Initially created to serve a private case management company, its premiere product, CaseConnect, offers a cloud-based solution for organizations with multiple case managers in dispersed locations, allowing them to securely capture time, expenses, and documents related to their work. Based in the cloud, CaseConnect lets case managers run their businesses from a web-based API, providing real-time understanding of staff resources.

“We built the platform internally,” said Rich Pflederer, CEO. “As we began to spin the platform out as a new company, we understood the importance of security and compliance in our controls and configuration. We knew we needed to step up our security posture.”

While developing its software, Oak Creek Tech Innovations wanted a secure cloud platform for clients from a company that intimately understood HIPAA compliance challenges. They chose Armor Anywhere, hosted in Armor’s private cloud, and the Armor Automated Security and Compliance solution, establishing a virtual private cloud (VPC) with built-in security and compliance controls.

Once the company began building a software solution to take to market, Oak Creek Tech Innovations realized that not all developers began with security or compliance in mind.

“We were relying on our IT vendor and our developer outsource to understand HIPAA controls,” said Pflederer. “And we were relying on two outside organizations that didn’t specialize in security. In order to go to market, we needed to be confident our provider offered the best security for our applications, our company, and our clients.”

When building SaaS solutions, rarely do startups have the resources or expertise for every challenge. Developer resources must focus on building working solutions and are not always focused on security. What’s more, any misconfigurations or improper settings can lead to incursions by threat actors and jeopardize compliance.

As organizations increasingly embrace the cloud, they must address both “accidental” and “intentional” cyber risk as part of their shared responsibility for security.

Armor Automated Security and Compliance configuration monitoring helps Oak Creek Tech Innovations secure applications and data in the cloud while enabling continuous compliance with HIPAA/HITRUST. Reducing the burden on internal resources, it provides continuous scanning of public cloud environments to assess adherence to security and compliance policies and frameworks.

For instance, the solution scans the storage resources in the cloud to determine if any misconfigurations or improper settings exist that may expose sensitive patient and other data, alerting the customer to any areas of concern.

Armor Automated Security and Compliance minimizes “accidental” cyber risk. It provides industry-leading Cloud Security Posture Management (CSPM) capabilities to help the customer continuously discover, assess, and remediate security and compliance controls across their environment in the cloud. Armor Automated Security and Compliance helps healthcare organizations capitalize on the advantages of reduced cost and flexibility, while allowing them to implement a continuous compliance regimen focused on adherence to HIPAA/HITRUST.

“While we understood HIPAA environments, we didn’t see the value in having someone on staff with the skills to audit code for HIPAA controls,” Pflederer added. “The time and cost involved were prohibitive.”

As CaseConnect was already in development, Oak Creek Tech Innovations required fast, seamless implementation of its new security and compliance solutions. Armor was able to install agents quickly to ensure little disruption.

“Implementation was outstanding, the entire process, start to finish was completed in two weeks,” said Pflederer.

Armor Automated Security and Compliance actively reduces the security and compliance burden of organizations by providing the highest level of managed security for their customers’ data, along with an audit-friendly compliance assessment and monitoring solution.

Armor provides managed security solutions that give companies a clear picture of threats facing their organizations. Armor also provides the people and security resources to stop attacks before they happen and react quickly and effectively when they do, keeping your data safe and compliant.

Whether your organization is a healthcare SaaS, a clinic, a biosciences entity, or a hospital network, you can secure your sensitive applications and data in the cloud while automating and accelerating compliance with HIPAA/HITRUST.