Pacific Dental Services (PDS) was founded by Stephen Thorne in 1994 with support for its first dental office in Costa Mesa, California and has expanded to include over 750 offices in 22 states, and is currently in a state of hypergrowth adding over 100 offices per year.
Hyperscale in the Cloud with AWS
In February of 2018, the executive team at PDS decided to move from a legacy electronic medical records (EMR) system to a cloud-based records system, which kicked off an entire IT transformation centered around the cloud. They knew their current approach to buying up datacenter rack space was not going to scale.
As the business started to enter a state of hypergrowth, it became apparent to the IT teams at PDS that they needed their data centers to scale alongside their business growth, and decided to leverage the efficiency and speed the cloud can provide, starting with Amazon Web Services (AWS). Following the best practices outlined by the AWS shared responsibility model, the security team at PDS knew they needed to apply additional security controls to their AWS environment to help prevent misconfigurations that could leave their sensitive data exposed. “We needed to be able to fully govern our data as we made the move to Epic,” says PDS’ senior IT security analyst, Maka Guerrero.
With both sensitive personal health information (PHI) and personally identifiable information (PII) from over 750+ dental offices migrating to the cloud, the security team at PDS also faced industry regulatory compliance challenges like HIPAA and HITRUST, knowing they needed to have additional security controls and parameters in place as they continued their cloud migration. With this in mind, they moved forward with the selection process for a cloud access security broker, commonly referred to as “CASB,” to help provide contextual and privileged access controls to their data.
The team at PDS chose McAfee MVISION Cloud as their CASB provider because of the seamless API integration to the cloud services they use and its ability to extend their existing on-premises security to their data in the cloud. “MVISION Cloud allows us to have more flexibility on the fly than any other CASB on the market,” says Guerrero.
Leveraging User Behavior Analytics to Secure Sensitive Data
With nearly 90% of sensitive cloud data residing in either sanctioned SaaS or IaaS applications, it was imperative for PDS have a clear understanding of where threats to their data were coming from. This is why the security team at PDS leverages MVISION Cloud’s machine-driven User Entity and Behavior Analytics (UEBA), allowing them to instantly analyze the millions of cloud events that occur daily in their environment to establish a baseline of user behavior, helping them cut through the noise and focus on the incidents that may be indicative of an insider threat or a compromised account. “The ability to detect and track superhuman anomalies is an important security use case,” says Guerrero, referring to a cross-region access attempt that is impossible to achieve by a human in a given timeframe. “McAfee delivers on this flawlessly and with a higher efficacy rating than any other CASB on the market.”.
Additionally, PDS uses MVISION Cloud with a business enablement approach for their internal users. They provide tailored feature sets to the application owners and DevOps teams that include different dashboard views for different teams allowing them to quickly slice and dice resources across account and region, providing them with relevant, actionable information.
Extending DLP to the Cloud in SaaS Applications, Office 365 and Box
Mr. Guerrero and the security team at PDS are taking a platform approach to securing their sensitive data across their entire enterprise. With MVISION Cloud, PDS can extend their existing, on-premises data loss prevention (DLP) policies to their data in AWS S3 Buckets, and to their sanctioned SaaS applications like Office 365 and Box to apply a standardized set of data controls.
“It is important to Pac Dental that we can offer cloud-based applications like Office 365 and Box to our customers and have the right security parameters in place to be successful in protecting our data,” says Guerrero. “With sanctioned customer-facing tools in place at PDS, it is essential to the business that the owner-doctors can share and collaborate securely with aligned business partners.”
With enhanced visibility, the security team at PDS uses just-in-time coaching methods to help change user behavior and redirect their users to safer, sanctioned services. “We take the initiative in our culture to collaborate like a family and sometimes you just have to be an extra set of eyes on things so you can teach them and say, ‘We think this is sensitive data, do you agree?’” states Guerrero.
This approach has led to users being very supportive and accepting of the additional security PDS has put in place to reduce their overall risk posture. “Thanks to the information MVISION Cloud provides us, we can identify our risk and inform the business to determine if they accept that risk,” says Guerrero. “We have been able to enhance our overall security posture.”
Cloud-First Enterprise by 2021
“At the end of the day, Pacific Dental Services is a platform and a foundation for dentists to focus on dentistry,” says Guerrero. “They don’t give you a business minor when you come out of dental school. We allow dentists to do what they do best, and we handle the rest.” With a set of core values that drive their initiatives and put the owner-doctor first, PDS is on their way to becoming a cloud-first enterprise.
“We have a pretty mature mindset when it comes to security and we would like to be 80/20 with a revised and evolved disaster recovery plan implemented by 2020,” says Guerrero; referencing a technology stack that is comprised of 80% of their applications living in the cloud and 20% staying on-prem. With an established security mindset and a foundational trust with their partners and owner-doctors, Guerrero sees great things in PDS’s future. “We have the technical expertise to take that leap and make it work. 2021 will be beyond belief,” he states.
Read the full case study
About the Author
Categories: Cloud Security