The Challenge: make security a priority from the start for a healthcare company with strict compliance regulations
In reality, companies in any industry can’t afford to make mistakes but in the healthcare industry, those stakes are even higher as companies deal with highly sensitive personal information and any errors could have severe consequences. As a result, there are heavy regulations in place to ensure consumer privacy and information is always secure.
“If you do healthcare, you have to follow the rules on it. We're dealing with healthcare data, it's almost the most personal data about any body. So it's super important that we take good care of it and are good stewards because if we make one mistake we're putting people at risk."
Even though HealthChampion only got its start in 2018, they knew security was going to be a priority right from the start. The last thing the small startup wanted was to have big headaches later on when it came time to be HIPAA compliant. Now that these audits are beginning in 2020, HealthChampions needed a security partner they could trust to build effective security mechanisms right from the start, and foster confidence in the face of security challenges.
"One of the big things for us is making sure that whatever tools we have are things we can implement in our DevOps process and allow us to deploy to production several times a week. It's important for us to have tools that are fast and can be implemented in that process, providing quick identification of problems and quick resolution. Problems are easiest solved when they happen and not months later."
The Solution: Snyk’s developer first approach and security depth led to a fast deployment and deep support as HealthChampion scaled security
With a developer-heavy team of only about 20, HealthChampion needed a solution that was easy to set up and easy to use in order to get team buy-in from the start. When evaluating solutions, their team found Snyk to be far superior. From the extensive integrations already available at the time of partnership to Snyk’s willingness to work with and build whatever the HealthChampion team needed on its path to develop a security strategy.
"I think the big thing for me is, you're already doing these build pipelines and doing these checks with an automated process. You do the same thing with security and it's part of our build process. And because it's so ingrained in our process, there's a lot of buy in from the rest of the development team."
Deep support and extensive product offerings helped build out a comprehensive security program
Snyk was also able to provide integrations and plugins, such as Azure Repos and Azure Pipelines, needed to support the team. Any needed features that weren’t ready at the time of HealthChampions onboarding, Snyk developed and kept the team updated every step of the way.
Snyk enables security across the Microsoft Azure ecosystem, including for Azure Pipelines, automatically finding and helping to fix application and container vulnerabilities. These ready-to-use tasks can also be inserted into pipelines quickly, allowing for customization with no extra coding. This helps to automate the identification of vulnerabilities and do so faster with less manual checking.
"Code gets committed and built every single day, so we're running checks constantly. The monitor product was the other big piece for us that we liked. When we have something in production, getting emails with an alert there may be a vulnerability in that code helps us address vulnerabilities that may have not been known about when that code was built. There were just a lot of features that checked a lot of boxes for us."
Additionally, Snyk’s deep support for languages was a boon to HealthChampion considering their split use of language between JavaScript and .NET. Snyk allows customers to configure their CIs for different languages, offering the broadest support available.
"Our front end is JavaScript, yet our back end is .NET core and so having both the JavaScript and the .NET core support was another big one for us. The other thing I want to mention is, you guys are continu ing to add features to the product."
The Impact: quick integration and a transparent team led to a secure partnership
Snyk was quickly integrated into the HealthChampion pipeline and scrum process so within weeks they got to a point where each new high severity vulnerability Snyk surfaces gets fixed as a top priority. The team is much more confident in the face of audits and when onboarding new clients now that they have a pressure-tested security model and a partner they can trust.
"In 2020 we're hoping to start to sign some clients and they will be in the position to audit us. I have a feeling that thanks to Snyk, being able to show our security posture as we build the software is going to go a long way to making those successful."
The agility, openness, and transparency exhibited by the Snyk team helped HealthChampion feel that they have a real partner they can fully trust. In addition to providing updates around the products HealthChampion currently uses, the team was sure to give a holistic picture of the upcoming product roadmap in case there were additional solutions that would fit into their security efforts.
"We were looking at Snyk and a couple other competitors. With Snyk there are open lines of communication and you’re quick to respond to questions and support requests when com pared to a couple of the other products we looked at."
At the end of the day, Snyk helps HealthChampions tighten security so developers have time to focus on what’s important: their mission to reshape the healthcare system, making it more patient centric and empowering individuals with greater control over their health data. By trusting a partner that helps eliminate vulnerabilities, there is one less item on developers’ checklists.
"Knowing that we have Snyk keeping an eye out for us helps us sleep better at night."
