Case Study: MultiTenant Healthcare

Executive Summary

CTAC has developed a robust solution tailored for government healthcare agencies that require secure, isolated environments for managing sensitive patient data while maintaining strict regulatory compliance. Faced with challenges such as managing multiple AWS accounts, fragmented cost visibility, and the complexity of maintaining security and compliance, CTAC implemented a unified cloud management system using Terraform and Kion. This solution streamlines the management of multi-tenant environments by leveraging Terraform for consistent infrastructure provisioning and Kion for centralized governance, ensuring compliance with healthcare regulations. With automated provisioning, Zero-Trust security via Zscaler, and Okta integration for secure access, healthcare agencies can efficiently manage their AWS resources. This approach enhances operational efficiency, reduces manual interventions, and delivers significant cost savings while ensuring high levels of security and compliance across AWS accounts. By enabling scalability and simplifying infrastructure management, CTAC empowers healthcare organizations to focus on delivering quality patient care without being burdened by the complexities of cloud infrastructure management.

Introduction to Customer

CTAC created an innovative solution for managing and expanding a multi-tenant environment for government healthcare agency research groups. These organizations require highly secure, isolated environments to manage sensitive patient data and workloads while maintaining centralized control and strict compliance with healthcare regulations. Our clients depend on us to manage an integrated orchestration system that streamlines operations, monitoring, and data management within their infrastructure. To meet their cloud security needs, many of these agencies leverage Kion, a cloud operations platform that integrates seamlessly with AWS. The solution we provide is tailored to support both Kion and multi-tenant environments, ensuring that healthcare agencies can securely manage their data while adhering to compliance and operational best practices.

Customer Challenge

Prior to the implementation of this solution, clients and cloud consultants faced several hurdles in managing their AWS Cloud environments. Modern best-practice cloud infrastructure presents several key challenges: the isolation of environments means many accounts to manage, insight into spending across numerous projects and accounts is fragmented, and maintaining security and compliance across this complex base can require significant engineering.

Proposed Solution

To address these challenges, CTAC’s goal is to provide a unified solution that enables healthcare agencies to efficiently access and manage their AWS Cloud resources from a single point, with seamless integration across isolated environments. Ensuring consistent security, regulatory compliance, and optimal performance across multiple AWS accounts is crucial for maintaining the confidentiality and integrity of sensitive healthcare data. Our solution streamlines the management of these complex environments, minimizing the risk of security gaps and ensuring compliance with healthcare regulations. By leveraging standardized templates and modules, tailored to meet the specific needs of healthcare agencies, we offer account-factory style provisioning with minimal configuration, allowing healthcare organizations to focus on patient care rather than the complexities of cloud infrastructure.

Solution Implementation

CTAC offers a comprehensive solution using Terraform and Kion, providing clients with a single sign-on (SSO) experience and automated infrastructure provisioning. The technical and operational processes involved are as follows:

Account Creation & Integration:

  • Provisioning & Compliance-Ready Accounts: CTAC provisions new AWS accounts for healthcare agencies and incorporates them into the AWS Organizations structure with consolidated billing to simplify cost tracking and reporting. Each new account is linked to a Kion project, where healthcare-specific resources and permissions are centrally managed, ensuring sensitive patient data is isolated.
  • Regulatory Governance: Kion supports a structured organizational unit (OU) hierarchy designed to enforce compliance, project isolation, and the application of FISMA security levels across accounts. This OU structure is tailored for healthcare clients to ensure the highest levels of data privacy and security for protected health information (PHI).

Terraform Implementation:

  • Infrastructure as Code (IaC) for Healthcare: CTAC uses Terraform to define and provision infrastructure in a consistent and modular way, enabling healthcare agencies to adhere to strict security and compliance requirements. Terraform ensures that resources such as secure databases, compute instances, and network configurations are provisioned in a repeatable, compliant manner.
  • Automated Compliance and Security Control: By leveraging Terraform’s IaC capabilities, CTAC ensures that every environment, project, and AWS account follows predefined healthcare security standards. This fully automated process minimizes manual interventions and reduces the risk of errors, ensuring all healthcare-related workloads meet industry-specific regulations and security policies without the need for continuous manual oversight.

Modular & Consistent Environment:

  • Standardized Healthcare Infrastructure: Terraform modules are used to ensure that healthcare infrastructure is provisioned consistently across projects, accounts, and environments. These modules include pre-configured security measures such as data isolation and secure network configurations.
  • Scalability with Compliance in Mind: This modular approach not only simplifies scaling across different healthcare environments but also ensures consistent enforcement of healthcare security policies across all AWS accounts. The integration of Kion provides healthcare clients with a centralized dashboard that offers real-time status and visibility into security posture and compliance status across their entire AWS environment.
  • Minimizing Configuration Drift for Healthcare Clients: With Terraform, any changes to security configurations or infrastructure components are managed in a single place, ensuring that all environments maintain a consistent, compliant state. This reduces the risk of configuration drift, ensuring that sensitive healthcare data remains protected and compliant with regulations at all times.

Operational Workflow:

  • Healthcare-Specific Operations Management: Daily operations for healthcare clients include policy updates, provisioning and decommissioning of resources (e.g., secure EC2 instances for processing healthcare data), and management of cloud resources while ensuring compliance with healthcare regulations. Terraform allows us to manage the lifecycle of these cloud resources, ensuring that security standards like data encryption and access control policies are consistently applied across all environments.
  • Efficient, Secure Healthcare Operations: CTAC’s solution automates operational workflows while ensuring security policies are adhered to across all cloud resources. This operational model reduces the burden of managing manual configurations and ensures healthcare agencies can deliver high-quality care without worrying about the complexities of cloud infrastructure management.

Security & Access Management:

  • Zero-Trust Security for Healthcare: CTAC leverages Zscaler as a Zero-Trust solution for secure remote access to AWS resources, ensuring healthcare professionals can access systems without compromising security. Integrated with Okta for Single Sign-On (SSO)and Active Directory, this setup provides seamless access to AWS resources while ensuring that authentication and authorization policies are tightly enforced.
  • Seamless, Secure Access for Healthcare Providers: Healthcare organizations can securely access sensitive data and cloud resources without the need for multiple sets of credentials. This greatly enhances operational security and simplifies user management across numerous AWS accounts, allowing healthcare providers to focus on patient care rather than the complexities of access management.

Outcome(s)/Results and Benefits

Security & Compliance:

  • Consistent Healthcare Security Standards: By leveraging Terraform to enforce consistent security policies across multiple AWS accounts, healthcare organizations can ensure that security configurations are applied uniformly across all environments, minimizing risks associated with misconfigurations and compliance gaps.
  • Streamlined Secure Access & Compliance: The integration of Zscaler for Zero-Trust security, combined with Okta for Single Sign-On (SSO), simplifies user access control for healthcare professionals managing multiple accounts. Secure, centralized authentication minimizes the risk of unauthorized access to sensitive patient data, enhancing both security and compliance with healthcare regulations.

Operational Efficiency:

  • Standardized Infrastructure Provisioning for Healthcare: The modular approach of Terraform ensures that infrastructure is provisioned in a consistent and compliant manner across all healthcare accounts. Healthcare organizations can now rapidly deploy secure cloud environments without the need for manual configuration of security settings and infrastructure components, improving operational efficiency.
  • Automated Provisioning & Lifecycle Management: Automating infrastructure provisioning and management with Terraform reduces the need for manual interventions, allowing healthcare organizations to streamline their cloud operations. This leads to time savings, fewer human errors, and more reliable infrastructure that is always aligned with security and compliance best practices.

Time and Cost Savings:

  • Simplified Budget Monitoring and Cost Management: With the integrated Kion dashboard, healthcare organizations can easily track budgets, monitor spending, and identify savings opportunities across their various projects. This centralized approach to cost management ensures that healthcare providers can allocate resources more effectively and avoid over-provisioning, contributing to overall cost savings.
  • Reduced Operational Overhead and Faster Deployment: Clients experience significantly faster deployment times, enabling quicker provisioning of healthcare-specific infrastructure, secure compute instances, and encrypted storage solutions. The infrastructure-as-code (IaC) approach with Terraform eliminates the need for repetitive manual tasks, further reducing operational overhead and improving the speed of service delivery.

Centralized Management:

  • Unified Healthcare Management Interface: Kion consolidates management functions from various AWS tools into a single, intuitive interface. Healthcare organizations benefit from single sign-on (SSO) access to all AWS resources, simplifying user access without the need for managing multiple credentials. This centralized approach enhances operational efficiency and makes it easier to audit roles, track permissions, and ensure that only authorized users can access sensitive healthcare data.
  • Improved Change Management & Transparency: The integration of Terraform with Git allows healthcare organizations to track and document changes in their infrastructure in real-time, ensuring full transparency. Any changes made to cloud environments, such as updates to security configurations or compliance settings, are automatically versioned and can be audited, simplifying the process of managing infrastructure changes in a regulated environment.

Scalability:

  • Effortless Scaling for Healthcare Needs: The modular, infrastructure-as-code (IaC) approach enables healthcare organizations to scale their infrastructure rapidly and consistently. Whether they are expanding data storage, adding compute resources for healthcare applications, or creating new isolated environments for different teams, the solution ensures that all environments are compliant with healthcare security standards and performance expectations. The scalability of the solution allows healthcare providers to grow and adapt quickly in a constantly evolving environment, while maintaining high levels of security and compliance.

Conclusion

In conclusion, CTAC’s innovative cloud solution has successfully addressed the unique challenges faced by government healthcare agencies in managing complex, multi-tenant AWS environments. By leveraging Terraform and Kion, CTAC has enabled healthcare organizations to streamline their cloud infrastructure while ensuring the highest standards of security, compliance, and operational efficiency. The automated provisioning, centralized management, and Zero-Trust security model not only simplify resource management but also ensure consistent adherence to healthcare regulations. This solution empowers healthcare agencies to focus on what matters most—providing quality patient care—while minimizing the complexity and overhead of managing cloud infrastructure. Through improved scalability, cost efficiency, and transparent compliance management, CTAC has positioned these healthcare organizations for long-term success in a rapidly evolving cloud landscape.

A young professional at work looking at data reports on multiple large monitors

Let’s Chat

Our ears and doors are always open to exciting opportunities.
We’re excited to meet you and your team.

Drop us a line
Drop us a line

3120 Fairview Park Drive, Suite 600
Falls Church, Virginia 22042

703.289.3820 tel
703.359.0952 fax

info@ctacorp.com

© 2023 CTAC. All Rights Reserved. Privacy Policy

Certifications

CMMI DEV Level 3
ISO 9001:2015
ISO 27001:2022
ISO 20000-1:2018

AWS Partner Advanced Tier Services