Soluon: Turnkey Compliant HIPAA/HITRUST SaaS Deployment in Microsoﬅ Azure Why is this story interesng: UMT360’s deployment in Microsoﬅ Azure is an example of the larger trend of Independent Soﬅware Vendors (ISVs) providing mulple cloud opons to their customers. What Challenge did the customer have at the start of this project: UMT360 had their own IT infrastructure and support team. Leadership realized that this approach was not sufficient from specialized service development – incorporang specific access and security features that their customers were requesng. They decided to look for a Microsoﬅ managed service provider (MSP) partner who would take on the provisioning and 24x7 maintenance of one of their mul-tenant SaaS deployments, so that they could beer focus on their customers’ feature requests. It was crucial for UMT360 that the MSP (Project Hosts) would completely handle all aspects of hosng, scale up, security, compliance and connuous monitoring of the deployment. What soluon did Project Hosts devise: Project Hosts created a CSP subscripon dedicated to UMT360 and linked it through V-Net peering to Project Hosts’ HITRUST-cerfied Azure environment. As part of including UMT360 inside its HITRUST compliance boundary, Project Hosts employs mulple Azure tools and technologies to implement the following controls: About UMT360: UMT360 helps organizaons at every level of maturity gain the visibility, insight and enterprise context they need to align execuon with strategy across all project, program, product, IT asset and capability porolios. About Project Hosts: Project Hosts implements security and compliance on Microsoﬅ Azure for US Federal government, Enterprise, and healthcare organizaons. Their pre-audited environments give organizaons turnkey compliance for their applicaons, removing a key barrier to migraon from on-premises or AWS deployments into Azure. Project Hosts provides connuous monitoring to allow ISVs and customers to focus on their mission crical tasks. Their environments hold cerficaons and authorizaons from ISO 27001, HIPAA, HITRUST, FedRAMP, and the DoD, including the first DoD IL5 authorizaon to a company with under $1 billion in revenue. 1. Access Control 2. Idenficaon & Authencaon 3. Server Lockdown 4. Encrypon in transit, at rest 5. Vulnerability Scanning 6. Patching & Updang 7. Test environment 8. Change Management 9. An-Malware & IDS/IPS 10.Event Logging & Alerng 11.Incident Response 12.Backup & DR with tesng 13.Cybersecurity Training 14.Third Party Audit Healthcare Security Envelope in Customer’s own Azure Subscripon Azure MSP Case Study: Customer: UMT360 Project Hosts, Inc | 877-659-6055 | projecthosts.com | [email protected]

Azure MSP Case Study - Project Hosts: Security Compliant Clouds · 2021. 1. 15. · It was crucial for UMT360 that the MSP (Project Hosts) would completely handle all aspects of hosting,

Download PDF Report

Upload
others
View
5
Download
0

Embed Size (px)

Citation preview

Page 1: Azure MSP Case Study - Project Hosts: Security Compliant Clouds · 2021. 1. 15. · It was crucial for UMT360 that the MSP (Project Hosts) would completely handle all aspects of hosting,

Solution: Turnkey Compliant HIPAA/HITRUST SaaS Deployment in Microsoft Azure

Why is this story interesting: UMT360’s deployment in Microsoft Azure is an example of the larger trend of Independent Software Vendors (ISVs) providing multiple cloud options to their customers.

What Challenge did the customer have at the start of this project:UMT360 had their own IT infrastructure and support team. Leadership realized that this approach was not sufficient from specialized service development – incorporating specific access and security features that their customers were requesting. They decided to look for a Microsoft managed service provider (MSP) partner who would take on the provisioning and 24x7 maintenance of one of their multi-tenant SaaS deployments, so that they could better focus on their customers’ feature requests. It was crucial for UMT360 that the MSP (Project Hosts) would completely handle all aspects of hosting, scale up, security, compliance and continuous monitoring of the deployment.

What solution did Project Hosts devise: Project Hosts created a CSP subscription dedicated to UMT360 and linked it through V-Net peering to Project Hosts’ HITRUST-certified Azure environment. As part of including UMT360 inside its HITRUST compliance boundary, Project Hosts employs multiple Azure tools and technologies to implement the following controls:

About UMT360: UMT360 helps organizations at every level of maturity gain the visibility, insight and enterprise context they need to align execution with strategy across all project, program, product, IT asset and capability portfolios.

About Project Hosts: Project Hosts implements security and compliance on Microsoft Azure for US Federal government, Enterprise, and healthcare organizations. Their pre-audited environments give organizations turnkey compliance for their applications, removing a key barrier to migration from on-premises or AWS deployments into Azure. Project Hosts provides continuous monitoring to allow ISVs and customers to focus on their mission critical tasks. Their environments hold certifications and authorizations from ISO 27001, HIPAA, HITRUST, FedRAMP, and the DoD, including the first DoD IL5 authorization to a company with under $1 billion in revenue.

1. Access Control2. Identification & Authentication3. Server Lockdown4. Encryption in transit, at rest5. Vulnerability Scanning6. Patching & Updating7. Test environment

8. Change Management9. Anti-Malware & IDS/IPS10. Event Logging & Alerting11. Incident Response12. Backup & DR with testing13. Cybersecurity Training14. Third Party Audit

Healthcare Security Envelope inCustomer’s own Azure Subscription

Azure MSP Case Study:Customer: UMT360

Project Hosts, Inc | 877-659-6055 | projecthosts.com | [email protected]