MANAGING HYBRID CLOUD SECURITY AT SCALE

XSOLIS helps healthcare payers and providers navigate the complexities of utilization management and review, using the power of technology to drive more meaningful and agreeable working relationships and improve healthcare for all. Historically, the ability to identify medical necessity or the level of care that should be provided has been a manual process, fraught with administrative hurdles that tied up resources and revenue for both payers and providers. XSOLIS’ CORTEX platform acts as a technology bridge between payer and provider, using the power of artificial intelligence and machine learning algorithms to bring a neutral, data-driven approach to determining the appropriate level of patient care.

XSOLIS has long relied on AWS as its cloud computing platform. When the company began exploring ways to better centrally monitor and manage its cloud infrastructure as it scaled, Trend Micro Cloud One™ – Conformity was an easy choice. With more than 30 years of experience in enterprise cybersecurity, Trend Micro is an AWS Security Partner, and its Conformity solution is designed to meet the cloud security needs of companies like XSOLIS. Conformity provides XSOLIS with comprehensive visibility and real time monitoring of its cloud service configurations using a single, multi-cloud dashboard and scanning against the AWS Well Architected Framework. In addition, XSOLIS uses Conformity to monitor Amazon Elastic Compute Cloud (Amazon EC2), Amazon Simple Storage Service (Amazon S3), and AWS Transit Gateway to continuously improve its security and compliance posture.

With proof of concept in a matter of days, XSOLIS was able to implement Conformity in only four weeks. The Trend Micro team supported the process through weekly meetings in which they provided training, feedback, and information about best practices. Trend Micro also showed XSOLIS how to set up Conformity for multiple accounts. “We have a complicated multiple account set-up across AWS, and the ability of Conformity to jump across multiple accounts to a single dashboard was really important to us,” said Zach Evans, Chief Technology Officer at XSOLIS.

DELIVERING INSIGHTS AND IMPROVEMENTS

Since implementing Conformity, XSOLIS has seen several business improvements. “As we grow and scale, it’s vital for us to be much more proactive, especially when it comes to the way we manage our AWS infrastructure,” said Evans. “The near real-time alerts we get, both through individual alerts and more generalized reporting, allow us to proactively identify areas of opportunity.” Further, since Conformity maps to the AWS Well-Architected Framework, it provides insight into how well XSOLIS rates on each of the framework’s five pillars (operational excellence, security, reliability, performance efficiency, and cost optimization). XSOLIS has seen anywhere from a five to fifteen percent increase in most of those areas, including a reduction in costs. There have been internal benefits as well. For example, when the XSOLIS team wants to conduct a risk assessment, they can now easily pull inventory from all their environments and print it out as a CSV file instead of having to go into each account and gather it manually, saving time and money. Conformity is also helping XSOLIS improve its infrastructure as it moves some legacy architecture into more modern frameworks.

While compliance and audits are a large part of every company’s journey, they’re particularly important for XSOLIS now as the company pursues HITRUST certification, which validates an organization’s compliance with HIPAA privacy and security standards. To achieve HITRUST certification, XSOLIS must comply with 462 controls, demonstrating on a regular basis, through documentation and processes, that it is actively monitoring and managing compliance. Conformity is an important component in achieving HITRUST certification, supporting documentation discovery, and monitoring and alerting enforcement of certain controls. XSOLIS also plans to add the Conformity Template Scanner, enabling the company to run Conformity Rules on its AWS CloudFormation templates, Conformity profiles, and accounts as an additional means of assessing risks, keeping risk levels low, and improving overall security posture.

DRIVING NEXT-GENERATION INNOVATION

Going forward, XSOLIS is in the process of making significant investments in its AWS infrastructure, moving away from Amazon EC2 instances into more serverless architecture. “We’re beginning a digital transformation project that will be doubling down on AWS services, everything from Docker containers to Amazon ElastiCache to some of the data pipeline tools,” said Evans. “We’re building a next-generation platform that will look wildly different from what we have today, leveraging AWS native services and moving into modern data architecture like data lakes. The ability to leverage tools like Conformity to make sure our infrastructure is compliant, to make sure we’re doing regular scans, we’re proactively responding to alerts—all that is critically important as we grow.”

These infrastructure improvements will also benefit XSOLIS customers and potentially open new markets. While the first version of CORTEX was focused on solving one kind of problem, over time, customers have begun asking increasingly complex questions. The company sees an opportunity to leverage its massive datasets to drive more intelligent decisions through artificial intelligence (AI) and machine learning that expand beyond the friction points of providers and payers to areas such as intelligent clinical workflows. Having a more scalable AWS architecture will allow XSOLIS to develop a more flexible and extensible solution that can deliver value across multiple payer and provider touchpoints. “By leveraging tools like Conformity and reinventing our data models and platform inside AWS, we’re finding new ways to innovate and improve, and we’re becoming much more proactive in how we deliver value to our customers,” said Evans. “Conformity can help organizations evolve and be really creative while still meeting their security and compliance requirements,” concluded Laura Roantree, Product Marketing Manager at Trend Micro. “It provides the guardrails that allow innovation to flourish.”