As Medical devices advance into the IoT (Internet of Things) usage model, the security of data is of paramount importance. Sufficient measures and countermeasures are necessary to protect patient and device data throughout the process, from collection, through transport, processing, access, and retention.
Regulations provide guidance for what must be protected, but not necessarily the means to provide the protection. Securing device and patient data is an ongoing, ever-changing effort where the data and services must be constantly monitored. Records of data access and usage combined with extensive reporting extend cybersecurity through audits and transparency. Furthermore, predicting and detecting potential intrusions and stopping them before they can happen strengthens the cyber-secure framework to unparalleled levels.
With these in mind, Promenade Software has developed a cyber-secure foundation utilizing tools and resources in a holistic architecture. Security in our foundation comes from a combination of a secure authentication and data encryption design, along with network security. This paper covers network security.
CyberMed∙Cloud employs a variety of tools (listed below) to meet requirements for compliance and for proactive protection of the cloud network infrastructure. The toolset covers auditing and compliance, security and infrastructure monitoring, and intrusion detection and prevention. These tools are widely used, industry standard, and highly reliable. The combination of these tools and secure configuration management provides the ongoing cybersecurity for CyberMed∙Cloud.
Amazon’s Web Application Firewall controls bot traffic and blocks common attack patterns, such as SQL injection or cross-site scripting.
Guard Duty is a threat detection service that continuously monitors the AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation.
Security Hub is a cloud security posture management service that performs security best-practice checks, aggregates alerts, and enables automated remediation.
Amazon Detective is used to analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities. Amazon Detective automatically collects log data from AWS resources and uses machine learning, statistical analysis, and graph theory to build a linked set of data that enables efficient security investigations.
Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. After performing an assessment, Inspector produces a detailed list of security findings, prioritized by level of severity. These findings are reviewed directly or as part of detailed assessment reports, which are available via the Amazon Inspector console.
Config is used to assess, audit, and evaluate the configurations of the AWS resources. It continuously monitors and records AWS resource configurations and supports automation to evaluate recorded versus desired configurations.
Amazon CloudWatch provides data and actionable insights to monitor the applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. CloudWatch collects monitoring and operational data in the form of logs, metrics, and events, providing a unified view of AWS resources, applications, and services that run on AWS. CloudWatch is used to detect anomalous behavior in environments, set alarms, visualize logs and metrics side by side, take automated actions, troubleshoot issues, and discover insights to keep the applications running smoothly.
CloudTrail monitors and records account activity across the AWS infrastructure, giving control over storage, analysis, and remediation actions. It can be used to prove compliance with regulations such as SOC, PCI, and HIPAA.
Tenable.io is used to actively identify, investigate, and prioritize vulnerabilities, providing full visibility to the entire attack surface covering more than 60 thousand vulnerabilities.
The requirements to maintain cyber secure services for medical IoT applications are stringent and vast. These tools and their configurations are a critical line of defense against data breaches and malicious attacks. CyberMed∙Cloud utilizes these tools to provide a safe and secure environment for medical devices and the associated data.