Citra Health Solutions

Project Summary

Citra Health Solutions divested a portion of their portfolio and required the migration of 15 VMware servers and a pre-existing managed VPC, composed of 12 additional VM’s, to a New AWS account and VPC. They were already leveraging AWS, but the performance, reliability, and scalability of the platform contained areas of opportunity and their environment were not in alignment with AWS Best Practices.

Given the divestiture, the most significant challenge was time and the requirement to migrate off the existing environment in 30 days. Citra Health Solutions required additional reliability and scalability while adhering to the legal and regulatory requirements of the healthcare industry.

The Strategy

HIPAA Compliant Controls Along with a Next-Generation Firewall

To ensure all stated objectives were met, eCloud Managed Solutions organized a migration plan and then implemented that plan over the course of 4 weeks. Starting with AWS Provided best practice Quickstart, for HIPAA, eCloud was to automate the initial security setup.

Next came the implementation and configuration of the customer chosen Fortigate Next-Gen Firewall and establishment of an IPsec VPN connection from the customer’s on-premise data center to the newly created AWS environment. From there, the focus shifted to right-sizing the target VM’s and setting up a River Meadow migration server to perform the actual block copy.

To ensure compliance with HIPAA security guidelines, controls were required to ensure all data was encrypted in transit and at rest, along with a Next-Generation Firewall (NGFW). Amazon EBS (Elastic Block Storage) with encryption enabled was utilized to meet the encryption at rest requirements. IPsec and IPsec VPN leveraging the Forti-client were implemented for the individual users and forced SSL encryption for all communications between internal applications and databases were implemented, satisfying the encryption in transit requirement.

To monitor uptime, security, and prevent attacks and intrusions, a combination of Fortinet Fortigate Firewall, Amazon Guard Duty, and CloudWatch were utilized. CloudWatch allowed for the monitoring and collection of operational data within the environment. The Fortigate Next Generation Firewall was chosen by the customer to provide control over web application traffic and remote user connectivity. Amazon GuardDuty was implemented to automate threat detection analysis and CloudWatch logging was implemented to capture and alert on security-related events.

Proven Results

Citra Health Solutions was able to migrate its 15 on-premise VMs, transition their existing unencrypted EBS Volumes in AWS to their new environment, and use KMS to encrypt the volumes in the new environment. This was completed in the 30-day timeframe while achieving the desired application uptime and availability without sacrificing security, or audit control requirements. Since launch, Citra has seen all the cost savings they expected as well as the environment modernization they hoped for.

Thanks to our dedicated Architecture team, which follows the AWS Well-Architected Framework, and the flexibility of the AWS Platform, eCloud Managed Solutions was able to quickly and efficiently build a safe, highly available environment within a HIPAA-compliant framework.