IntelyCare

How One SAAS Healthcare Technology Innovator uses Tenable Cloud Security to automate risk remediation and least privilege

The Challenge

A cloud-native healthcare technology enterprise, IntelyCare develops and runs its business across multiple AWS accounts. Huge recent growth in its client and user base, and use of healthcare data, make its cloud platform vulnerable to bad actors.

Explained Larry Viviano, Director of Information Security, IntelyCare, “We are a prime target for identity thieves because our telecare employees upload sensitive data -- protected personal information like patients’ COVID tests, shots and medical records."

Viviano had a clear vision for protecting his cloud infrastructure, starting by aligning it with Center for Internet Security (CIS) benchmarks. “One of the first things CIS asks about is your software and hardware inventory.” To address this need, Viviano sought visibility into all the inventory components in his complex cloud environment. He also aimed to automate risk mitigation. “My big thing is automation. We're a small security team trying to do a lot -- I utilize tools to supplement people and increase productivity.”

And yet, noted Viviano, “Over the years I've been burned by many automation tools claiming to do what they can't and that break production. It gives security practitioners a bad rap with devops, who don't want security to break their systems.” To put his goals into play Viviano wanted his cloud security stakeholders on board -- he sought their trust.

The Solution

Recalled Viviano, “I started looking at [Tenable Cloud Security] at a previous company and saw it offered visibility into access and privileges typically seen by only devops, engineering or infrastructure. [Tenable] let me see deeply and show stakeholders how we could take work off their plates -- this was the first use case, and you guys knocked it out of the park.”

IntelyCare’s security team started deploying Tenable Cloud Security in one of its staging environments first, focusing on the highest risks, which the platform prioritizes by severity. “[Tenable] identifies risks and tells you what to do about it - this prescriptive approach is awesome in helping explain to a lot of different groups what needs to be done,” explained Vivano. “We built confidence in security to the point where we said, ‘Let's start remediating some of our AWS risk issues.’ Using [Tenable Cloud Security] we removed all over privileged configurations for IAM users and then for services; we did all the automatic remediation we could, and in two months. It didn’t break anything so we continued the momentum, working down the list, eliminating more risks.”

Viviano continued: “Since security personnel don’t use AWS at that level we’re using [Tenable] as a collaboration tool for passing a clear remediation playbook to relevant parties for their easy execution. We open a security ticket in [Tenable Cloud Security], assign it to our Jira workflow, and voila."

The platform is supporting IntelyCare’s security strategy. Noted Viviano, “We need to keep our CIS benchmarks green. This is where [Tenable] is helping by giving more than just a window into our cloud identities; it gives insight into misconfigurations that affect benchmarks so need remediating - and then lets us remediate.” As part of its CIS benchmark initiatives, IntelyCare also recently rolled out multi factor authentication -- one more of many risk factors that Tenable tracks.

IntelyCare is now expanding its Tenable Cloud Security deployment across all their AWS environments, including Kubernetes and production. Explained Viviano, “[Tenable Cloud Security] is key for letting us know how our AWS environments are being used. The alternative would be extremely manual, such as going to devops for lists of VMs, then trying to figure out the risk and how to secure it.” He continued: “What [Tenable] can show me and let me do in minutes would have taken two or three security people months to do. Candidly, that's where I think [Tenable] gives return on investment: by automating those things and giving snapshot visibility."

Viviano concluded: “We’ll next start using [Tenable Cloud Security] recommended policies. We’re a company that really wants to be least privilege -- and [Tenable] is helping get us there. [Tenable] is addressing a use case that none of our other cloud security solutions does: giving visibility, and letting security gain trust and build collaboration with devops and other teams to mitigate identity risk. That’s how I win at my security goals for the company."