Ermetic Case Study: IntelyCare
Find out how this healthcare innovator is using Ermetic to automate risk remediation & least privilege.
IntelyCare is a healthcare staffing and scheduling SaaS platform developed to give nursing professionals control over their schedules and healthcare facilities the power to find the experienced staff they need. One of the fastest-growing companies in the US, IntelyCare has filled over five million shift hours and partnered with over 20,000 nursing professionals and thousands of nursing facilities.
A cloud-native healthcare technology enterprise, IntelyCare develops and runs their business across multiple AWS accounts. Huge recent growth in their client and user base, and use of healthcare data, make their cloud platform vulnerable to bad actors.
Explained Larry Viviano, Director of Information Security, IntelyCare, “We are a prime target for identity thieves because our telecare employees upload sensitive data -- protected personal information like patients’ COVID tests, shots and medical records.”
Viviano had a clear vision for protecting his cloud infrastructure, starting by aligning it with Center for Internet Security (CIS) benchmarks. “One of the first things CIS asks about is your software and hardware inventory.” To address this need, Viviano sought visibility into all the inventory components in his complex cloud environment. He also aimed to automate risk mitigation. “My big thing is automation. We're a small security team trying to do a lot -- I utilize tools to supplement people and increase productivity.”
And yet, noted Viviano, “Over the years I've been burned by many automation tools claiming to do what they can't and that break production. It gives security practitioners a bad rap with devops, who don't want security to break their systems.” To put his goals into play Viviano wanted his cloud security stakeholders on board -- he sought their trust.
Recalled Viviano, “I started looking at Ermetic at a previous company and saw it offered visibility into access and privileges typically seen by only devops, engineering or infrastructure. Ermetic let me see deeply and show stakeholders how we could take work off their plates -- this was the first use case, and you guys knocked it out of the park.”
IntelyCare’s security team started deploying Ermetic in one of their staging environments first, focusing on the highest risks, which the platform prioritizes by severity. “Ermetic identifies risks and tells you what to do about it - this prescriptive approach is awesome in helping explain to a lot of different groups what needs to be done,” explained Vivano. “We built confidence in security to the point where we said, ‘Let's start remediating some of our AWS risk issues.’ Using Ermetic we removed all over privileged configurations for IAM users and then for services; we did all the automatic remediation we could, and in two months. It didn’t break anything so we continued the momentum, working down the list, eliminating more risks.”
Viviano continued: “Since security personnel don’t use AWS at that level we’re using Ermetic as a collaboration tool for passing a clear remediation playbook to relevant parties for their easy execution. We open a security ticket in Ermetic, assign it to our Jira workflow, and voila."
The platform is supporting IntelyCare’s security strategy. Noted Viviano, “We need to keep our CIS benchmarks green. This is where Ermetic is helping by giving more than just a window into our cloud identities; it gives insight into misconfigurations that affect benchmarks so need remediating - and then lets us remediate.” As part of their CIS benchmark initiatives, IntelyCare also recently rolled out multi factor authentication -- one more of many risk factors that Ermetic tracks.
IntelyCare is now expanding their Ermetic deployment across all their AWS environments, including Kubernetes and production. Explained Viviano, “Ermetic is key for letting us know how our AWS environments are being used. The alternative would be extremely manual, such as going to devops for lists of VMs, then trying to figure out the risk and how to secure it.” He continued: “What Ermetic can show me and let me do in minutes would have taken two or three security people months to do. Candidly, that's where I think Ermetic gives return on investment: by automating those things and giving snapshot visibility.
Viviano concluded: “We’ll next start using Ermetic recommended policies. We’re a company that really wants to be least privilege -- and Ermetic is helping get us there. Ermetic is addressing a use case that none of our other cloud security solutions does: giving visibility, and letting security gain trust and build collaboration with devops and other teams to mitigate identity risk. That’s how I win at my security goals for the company.”
Ermetic provides identity-first security and compliance for AWS, Azure, and GCP. In one easy-to-use SaaS platform, Ermetic combines cloud identity governance and security posture management - for comprehensive risk mitigation across multi-cloud identities, network, data, and workloads. Designed to improve productivity for overstretched security teams, Ermetic does the heavy lifting, combining sophisticated risk analysis with intuitive visualization, accurate prioritization and automated remediation. Even in the most complex environments, Ermetic makes it possible to reduce the cloud attack surface, enforce least privilege and protect sensitive data at scale. Follow us on LinkedIn, Twitter and Facebook.
IntelyCare offers a digital workforce augmentation platform that combines a gig-model application with advanced data science to optimize staff resources and close the widening gap between workforce supply and demand. IntelyCare is revolutionizing the antiquated healthcare staffing market, filling nursing shifts at three times the industry average and giving post-acute facilities the tools to predict and manage staffing needs. The company’s engaging mobile app empowers nursing professionals with access to flexible, on-demand work opportunities, reducing burnout and attrition while increasing productivity. Named No. 41 on the Inc. 5000 in 2020, IntelyCare is the top-ranked nurse workforce management solution in the country and the fastest-growing private company in Massachusetts.
For more information, visit www.intelycare.com.