HealthChampion and Snyk partnered to make security a priority and build a program from the ground up

Highlights

  • Quick integration and scaling means Health Champion is now able to prioritize every new high severity vulnerability.  
  • Fast developer team buy-in thanks to increased visibility and Snyk’s remediation options.  
  • Advanced integration support providing multiple options for Microsoft Azure  
  • Ecosystem deep coverage and advanced support for .NET 
  • New found confidence in the face of compliance challenges and regular audits.  
  • Snyk’s agility, openness, and transparency helped build trust and forge a partnership with HealthChampion  

The Challenge: make security a priority  from the start for a healthcare company  with strict compliance regulations

In reality, companies in any industry can’t afford  to make mistakes but in the healthcare industry,  those stakes are even higher as companies deal  with highly sensitive personal information and  any errors could have severe consequences. As a  result, there are heavy regulations in place to  ensure consumer privacy and information is  always secure. 

“If you do healthcare, you have to follow the  rules on it. We’re dealing with healthcare data,  it’s almost the most personal data about any body. So it’s super important that we take good  care of it and are good stewards because if we  make one mistake we’re putting people at risk.

Even though HealthChampion only got its start in 2018, they knew security was going to be a priority right from the start. The last thing the small startup wanted was to have big headaches later on when it came time to
be HIPAA compliant. Now that these audits are beginning in 2020, HealthChampions needed a security partner they could trust to
build effective security mechanisms right from the start, and foster confidence in the face of security challenges.

One of the big things for us is making sure  that whatever tools we have are things we can  implement in our DevOps process and allow us  to deploy to production several times a week.  It’s important for us to have tools that are fast  and can be implemented in that process, pro viding quick identification of problems and  quick resolution. Problems are easiest solved  when they happen and not months later.

The Solution: Snyk’s developer first approach  and security depth led to a fast deployment and  deep support as HealthChampion scaled security

With a developer-heavy team of only about  20, HealthChampion needed a solution that  was easy to set up and easy to use in order to  get team buy-in from the start. When  evaluating solutions, their team found Snyk  to be far superior. From the extensive  integrations already available at the time of  partnership to Snyk’s willingness to work with  and build whatever the HealthChampion  team needed on its path to develop a security  strategy.  

I think the big thing for me is, you’re  already doing these build pipelines and  doing these checks with an automated  process. You do the same thing with securi ty and it’s part of our build process. And  because it’s so ingrained in our process,  there’s a lot of buy in from the rest of the  development team.

Deep support and extensive product offerings  helped build out a comprehensive security program

Snyk was also able to provide integrations and  plugins, such as Azure Repos and Azure  Pipelines, needed to support the team. Any  needed features that weren’t ready at the time  of HealthChampions onboarding, Snyk  developed and kept the team updated every  step of the way.  

Snyk enables security across the Microsoft  Azure ecosystem, including for Azure Pipelines,  automatically finding and helping to fix  application and container vulnerabilities. These  ready-to-use tasks can also be inserted into  pipelines quickly, allowing for customization  with no extra coding. This helps to automate  the identification of vulnerabilities and do so  faster with less manual checking. 

Code gets committed and built every single  day, so we’re running checks constantly. The  monitor product was the other big piece for us  that we liked. When we have something in  production, getting emails with an alert there  may be a vulnerability in that code helps us  address vulnerabilities that may have not been  known about when that code was built. There  were just a lot of features that checked a lot of  boxes for us. 

Additionally, Snyk’s deep support for  languages was a boon to HealthChampion considering their split use of language between JavaScript and .NET. Snyk allows customers to configure their CIs for different languages, offering the  broadest support available. 

Our front end is JavaScript, yet our back  end is .NET core and so having both the  JavaScript and the .NET core support was  another big one for us. The other thing I  want to mention is, you guys are continu ing to add features to the product.

One of the big things for us is making sure that  whatever tools we have are things we can implement in our DevOps process and allow us to deploy to production several times a week. It’s important for us to have tools that are fast and can be implemented in that process, providing  quick identification of problems and quick resolution. Problems are easiest solved when they happen and not months later. 

Even though HealthChampion only got its  start in 2018, they knew security was going  to be a priority right from the start. The last  thing the small startup wanted was to have big headaches later on when it came time to  be HIPAA compliant. Now that these audits are beginning in 2020, HealthChampions needed a security partner they could trust  to build effective security mechanisms right from the start, and foster confidence in the  face of security challenges.  

The Impact: quick integration and a transparent team led to a secure partnership 

Snyk was quickly integrated into the HealthCham pion pipeline and scrum process so within weeks they got to a point where each new high severity  vulnerability Snyk surfaces gets fixed as a top priority. The team is much more confident in the  face of audits and when onboarding new clients  now that they have a pressure-tested security model and a partner they can trust.  

In 2020 we’re hoping to start to sign some  clients and they will be in the position to audit us. I have a feeling that thanks to Snyk, being able to show our security posture as we build the software is going to go a long way to making those successful.

The agility, openness, and transparency exhibited  by the Snyk team helped HealthChampion feel that they have a real partner they can fully trust. In  addition to providing updates around the products  HealthChampion currently uses, the team was sure to give a holistic picture of the upcoming product  roadmap in case there were additional solutions that would fit into their security efforts.  

We were looking at Snyk and a couple other competitors. With Snyk there are open lines of communication and you’re quick to respond to questions and support requests when com pared to a couple of the other products we looked at.

At the end of the day, Snyk helps HealthChampions  tighten security so developers have time to focus on what’s important: their mission to reshape the  healthcare system, making it more patient centric and empowering individuals with greater control over their health data. By trusting a partner that helps eliminate vulnerabilities, there is one less  item on developers’ checklists.  

Knowing that we have Snyk keeping an eye out for us helps us sleep better at night.