This document discusses Healthdirect Australia's journey to moving their infrastructure to Amazon Web Services (AWS) in order to improve security, scalability, availability, and reduce costs. It outlines the risks of their traditional on-premises environment and drivers for moving to AWS. It then describes the security challenges they faced and how Trend Micro's Deep Security product helped solve them by providing host-based firewalling, intrusion prevention, antivirus, log inspection and other capabilities in a single management console, while fitting with their continuous delivery practices. Deep Security's usage-based licensing also aligned well with their autoscaling use of AWS. Overall, Deep Security helped Healthdirect achieve security compliance and improved security when moving to AWS.
45. Shapeshift for Amazon Web Services
• Security inside each workload
• Protect instance-to-instance
traffic
• Make it context sensitive (fast and
low false-positive)
• No bottleneck
• No single point of failure
= CLOUD FRIENDLY
IPS
60. Make Security Invisible for Amazon Web Services
• Build it in, not bolt on
• Fully automate security
• Automate record keeping for
auditors
= SECURITY
DESIGNED FOR AWS
68. Use X-ray vision on Amazon Web Services
• Use Integrity Monitoring and Log
monitoring to see inside
instances
• Detect suspicious changes that
are indicators of compromise
and unintended changes
= Total visibility
69. AWS is continuously independently audited
GxP
ISO 13485
AS9100
ISO/TS 16949
AWS Foundation Services
Compute Storage Database Networking
AWS Global Infrastructure
Regions
Availability Zones
Edge Locations
AWS is
responsible for the
security OF
the Cloud
70. AWS Foundation Services
Compute Storage Database Networking
AWS Global Infrastructure
Regions
Availability Zones
Edge Locations
Client-side Data
Encryption
Server-side Data
Encryption
Network Traffic
Protection
Platform, Applications, Identity
& Access Management
Operating System, Network, & Firewall Configuration
Customer applications & content
Customers have
their choice of
security
configurations IN
the Cloud
AWS is
responsible for the
security OF
the Cloud
Security is shared between AWS and customers
Customers
Partner solutions – including
Trend Micro
71. SANS/CIS TOP 20 CRITICAL SECURITY CONTROLS
1. Inventory of Authorized & Unauthorized Devices 11. Secure Configurations for Network Devices
2. Inventory of Authorized & Unauthorized Software 12. Boundary Defense
3. Secure Configurations for Hardware & Software on
Mobile Devices, Laptops, Workstations, & Servers
13. Data Protection
4. Continuous Vulnerability Assessment & Remediation 14. Controlled Access Base on the Need to Know
5. Controlled Use of Administrative Privileges 15. Wireless Access Control
6. Maintenance, Monitoring, & Analysis of Audit Logs 16. Account Monitoring & Control
7. Email and Web Browser Protections
17. Security Skills Assessment & Appropriate Training to
Fill Gaps
8. Malware Defenses 18. Application Software Security
9. Limitation and Control of Network Ports, Protocols,
and Services
19. Incident Response Management
10. Data Recovery Capability 20. Penetration Tests & Red Team Exercises
80. Now to Introduce a Real World Superhero!
Chris Harwood
Healthdirect Australia
81. A little bit about Healthdirect
No matter where people live, or what time of the day or night it is, they can talk to a professional, find trusted advice online about how to
manage their issue, and locate the closest appropriate and open service that meets their needs.
82. A little bit about Healthdirect
No matter where people live, or what time of the day or night it is, they can talk to a professional, find trusted advice online about how to
manage their issue, and locate the closest appropriate and open service that meets their needs.
mindhealthconnect
after hours GP helpline
My Aged Care
Carer Gateway
healthdirect
Pregnancy, Birth and Baby
National Health
Services Directory
84. Healthdirect Australia Timeline
mindhealthconnect
(mental health
website)
2012
after hours
GP helpline
2011
Pregnancy,
Birth and Baby
service
2010healthdirect
24/7 nurse triage
helpline
2008
Established as
the National
Health Call
Centre Network
2006/
2007
Carer
Gateway
2015
My Aged Care Gateway
2013/
2014
National Health
Services Directory
2012
85. Risks of Healthdirect’s Traditional Environment
Risk Description Rating
Insufficient capacity Scalability is limited by physical hardware High
Limited environments Sufficient environments too expensive High
Ageing servers Existing servers will need replacement within two
years
Moderate
Lack of agility New work is continually changing what is required of
our infrastructure
Moderate
Difficult to manage No consistency of management and service quality in
the previously fragmented solution
Moderate
Inability to respond
timeously
Procurement lead times too long and inability to try
new things
Extreme
Cost inefficiency Over investment is required in order to manage peak
loads
Moderate
88. Drivers for Amazon Web Services
Improved
security
Pay only for
what you use
89. Drivers for Amazon Web Services
Improved
security
Pay only for
what you use
Ability to optimise
Performance
90. Drivers for Amazon Web Services
Improved
security
Pay only for
what you use
Ability to optimise
Performance
Reduced skills
requirements
91. Drivers for Amazon Web Services
Improved
security
The world is
software
Pay only for
what you use
Ability to optimise
Performance
Reduced skills
requirements
92. Drivers for Amazon Web Services
Improved
security
The world is
software
Pay only for
what you use
Ability to optimise
Performance
Increased
Availability
Reduced skills
requirements
93. Drivers for Amazon Web Services
Improved
security
The world is
software
Easily Scale Up
and Down
Pay only for
what you use
Ability to optimise
Performance
Increased
Availability
Reduced skills
requirements
94. Drivers for Amazon Web Services
Improved
security
The world is
software
Easily Scale Up
and Down
Improve Agility &
Time to Market
Pay only for
what you use
Ability to optimise
Performance
Increased
Availability
Reduced skills
requirements
95. Security is critical for Healthdirect Australia
Together Government and Healthcare made up over 40% of
all data breaches in 2015
Trend Micro Follow The Data Report
96. Security Challenges
• Information Security Manual Compliance
• HIDS/HIPS mandatory
• Patching controls
• Small security staff complement for large
diverse platform
• Privacy Act and sensitive data protection
• Perimeter is NOT good enough any more
97. Security Challenges
• Understanding the shared responsibility
model
• Moving security staff from gatekeepers to
participants
• Effective management of log and
monitoring data
98. Trend Micro Deep Security to the Rescue
• DISA certified
• Host based firewalling and intrusion prevention
• Antivirus and anti-malware
• File integrity monitoring
• Log inspection
99. Trend Micro Deep Security to the Rescue (cont…)
• Server and desktop/laptop protection
• Single management ‘pane of glass’
• Trusted SSL certificate issuing
100. Why Deep Security Works for Us
• Healthdirect ISM accredited on AWS in 2015
• Virtual patching provides a compensating control
• Agent based fits with continuous delivery practices and
secures AMIs above the hypervisor
101. Why Deep Security Works for Us (cont…)
• Usage based licensing fits with AWS autoscaling and
instance scheduling
• Minimised security impact on each node
• Great support and easy to configure
102. For an opportunity to:
• Learn more about Trend Micro;
• Q&A with the experts, and;
• Get started with a Deep Security trial
Come and speak to us at the Trend Micro booth.
Booth# P1