{"id":2473,"date":"2019-08-05T10:18:46","date_gmt":"2019-08-05T07:18:46","guid":{"rendered":"http:\/\/gcp.ideus.com.tr\/index.php\/change-healthcares-road-to-cloud-compliance-is-paved-with-lessons-learned\/"},"modified":"2019-08-05T10:18:46","modified_gmt":"2019-08-05T07:18:46","slug":"change-healthcares-road-to-cloud-compliance-is-paved-with-lessons-learned","status":"publish","type":"post","link":"https:\/\/www.ideus.com.tr\/index.php\/change-healthcares-road-to-cloud-compliance-is-paved-with-lessons-learned\/","title":{"rendered":"Change Healthcare\u2019s  Road to Cloud Compliance is Paved with Lessons Learned"},"content":{"rendered":"<div>\n<p style=\"text-align: center;\"><iframe loading=\"lazy\" width=\"560\" height=\"315\" src=\"https:\/\/www.youtube.com\/embed\/djph8x8vGas\" frameborder=\"0\" allow=\"accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<p>Traditionally, <a href=\"https:\/\/www.changehealthcare.com\/\">Change Healthcare<\/a> operated in a legacy data center environment. That is until about 5 years ago when we set out on our digital transformation journey with all roads leading to the cloud. Fast forward to today, the cloud provides us with a common architecture that our business relies on to support operations across our multi-cloud deployments, spanning AWS, Azure and Google Cloud Platform. Longer term, our cloud strategy will encompass IT operations that account for roughly one third of the company\u2019s annual revenue.<\/p>\n<p>Like for many other enterprises, the cloud has allowed us to move quickly at scale, helped to automate processes for meeting regulatory requirements and provided a better security profile than many on-premises equivalents. Through our use of the cloud, Change Healthcare is now able to efficiently certify cloud environments and processes to free up resources to focus on our core business: <em>Running the largest medical network in the United States, which processes 17 billion transactions a year\u00a0 \u2013 everything from enrollments, eligibility claims and other transactions \u2013 for insurers, providers, patients and employers.<\/em><\/p>\n<p>But this didn\u2019t happen overnight. We tackled the journey in phases with many lessons learned and iterations along the way.<\/p>\n<p>\u00a0<\/p>\n<p><strong>Let\u2019s Start at the Beginning<\/strong><\/p>\n<p>Five years ago, the cloud was relatively new and a bit, well, overwhelming. So, we started small with a pilot program looking to improve three core areas:<\/p>\n<ol>\n<li>Increase responsiveness to customer requests<\/li>\n<li>Reduce complexity<\/li>\n<li>Decrease costs<\/li>\n<\/ol>\n<p><strong>\u00a0<\/strong><\/p>\n<p><strong>Phase I \u2013 Cloud 1.0<\/strong><\/p>\n<p>In the early days, Cloud 1.0, we tried a \u201clift and shift\u201d approach, moving some of our original IT processes direct to the cloud. Unfortunately, that did not yield significant benefits. The IT team lacked the new skills needed to take advantage of the cloud\u2019s benefits. The existing systems were designed to always be running at peak load and were cost-optimized for the data center. With the \u201clift and shift\u201d methodology, we ultimately ended up paying more money out of pocket, while also giving up control of our end to end infrastructure. As you can imagine, this wasn\u2019t an easy business case to make.<\/p>\n<p>We also experimented with a hybrid approach. In my opinion, this offered the <strong>worst<\/strong> of both worlds.\u00a0 In this model we were forced to manage network traffic between the two locations, and that became expensive. Unfortunately, in a hybrid model, because you\u2019re not really re-architecting, you\u2019re not fixing the underlying problems and you end up with a complicated solution with minimal benefits.<\/p>\n<blockquote>\n<p style=\"padding-left: 30px;\"><em>\u201cTo take advantage of the cloud\u2019s dynamic scalability requires a shift in mindset and approach. Leave the data center concepts and legacy security models behind.\u201d<\/em><\/p>\n<\/blockquote>\n<p>\u00a0<\/p>\n<p><strong>Phase II \u2013 Cloud 2.0<\/strong><\/p>\n<p>Now we enter phase Cloud 2.0. We seized the opportunity to refresh our technology, rebuilding apps versus shifting legacy code to the cloud.\u00a0 Our goal here was to optimize for the cloud architecture, with app design based on infrastructure as code coupled with built-in, automated testing. We took the \u201dShift Left\u201d movement to heart and soon realized we could build and deploy apps \u2013 securely \u2013 in as little as a day. To put that into perspective, it can take more than a year to add new functionality to apps running in a legacy data center.<\/p>\n<p>By slashing time to market in this way, we caught the attention of other business units within the organization. These small-scale successes showed them that moving to the cloud could be done in a way that was not only secure, but faster and at less cost. But again, the transition to the cloud must be done right \u2013 with the right architecture and the right cloud services. Only by putting the proper guard rails in place \u2013 including central management of network, users and roles \u2013\u00a0 were we able to empower the other business units to quickly spin up cloud workloads in AWS, as well as connect to services and build and deploy applications on their own.<\/p>\n<blockquote>\n<p style=\"padding-left: 30px;\"><em>\u201cAutomation is a critical factor to successfully rebuild technology for the cloud. However, we have learned that automation can sometimes be misapplied to give us a false sense of security, so it needs to be augmented by a strong focus on evidence. Evidence can demonstrate that the automation is running and consistently doing the right thing. It also allows us to automatically identify and respond if we drift away from standards.\u201d<\/em><\/p>\n<\/blockquote>\n<p><em>\u00a0<\/em><\/p>\n<p><strong>Cloud 3.0 \u2013 To Infinity and Beyond <\/strong><\/p>\n<p>In our current state, Cloud 3.0, we\u2019ve expanded the security and development guardrails to encompass Azure and Google Cloud Platform. We are truly operationalizing a multi-cloud innovation model. As a result, we\u2019re now doing full-scale rewrites with some of our largest products. The next version of our medical imaging system is among the product set that will be 100 percent cloud.<\/p>\n<p>Finally, we\u2019re also focused on building out automation to make it easy for us to operationally manage the cloud. By doing this, we\u2019ve further empowered teams and business units to quickly and effectively use the rich services the cloud affords \u2013 while upholding the security guardrails and required visibility into data, assets and risks across our cloud infrastructure.<em>\u00a0<\/em><\/p>\n<blockquote>\n<p style=\"padding-left: 30px;\"><em>\u201cAs we forge ahead in Cloud 3.0, secure and compliant serverless and container-based innovation and development, mapped against initiatives like\u00a0 ISTO and service mesh, will be key.\u00a0 Tying it all together will be an emphasis on evidence-based reporting to prove continuous compliance.\u201d<\/em><\/p>\n<\/blockquote>\n<p><em>\u00a0<\/em><\/p>\n<hr>\n<p><strong>A Cloud Security Metaphor<\/strong><\/p>\n<p>Data center security is like candy with a hard shell and a chewy center. You\u2019ve got this strong network protection on the outside (e.g. perimeter), but once inside a user likely has many more privileges than maybe he or she is supposed to.<\/p>\n<p>In our move to the cloud, we made sure to apply the principles of least privilege and security by design to build out a system that\u2019s hardened \u2013 from the core to the outside \u2013 built on top of native cloud technology from the cloud providers themselves.<\/p>\n<p>This way, we operationalize within an inheritance model of security where every component has a security element to it. This has strengthened our overall security story and posture, which becomes even more critical in the highly regulated healthcare industry.<\/p>\n<hr>\n<p>\u00a0<\/p>\n<p><strong>The Cloud = Opportunity<\/strong><\/p>\n<p>Change Healthcare\u2019s cloud journey has been truly eye-opening. Some of the biggest surprises, looking back at the last five years, are the things that I\u2019m not doing anymore (e.g. bug bashes, big bug triage meetings, worrying about changes made to production, etc.). This is primarily because I\u2019m continuously building, testing, and deploying. I know that if I stepped out of the office right now and I asked my team to do a deployment, they would be able to within the hour, with virtually no impact to our customers.<\/p>\n<p>The cloud has really eliminated fear around rolling out a production release. Pre-cloud, apprehension was the name of the game. We literally made a dedicated effort to not be in the office. Now it has become such a non-event that I could not tell you when our last deployment was, or what our deployment schedule is. I honestly don\u2019t know because we deploy on demand \u2013 in an automated, secure fashion \u2013 purely driven by business need.<\/p>\n<p>Net net, because we rewrote our applications for the cloud, we were able to achieve the following outcomes \u2013 with many more to come:<\/p>\n<ol>\n<li><strong>Infrastructure as code.<\/strong> This is a game changer for us. It has allowed us to shift left on security and more.<\/li>\n<li><strong>CI\/CD and full test automation.<\/strong> This is current state and we are quickly moving toward DevOps and AI Ops models.<\/li>\n<li><strong>Cloud-First approach.<\/strong> We\u2019re truly cloud-first and continuing to move the management of hardware to outside our own IT via managed services, containers, and serverless technologies.<\/li>\n<\/ol>\n<p>If you remember nothing else, remember this: The security partner you choose in your cloud journey makes a dramatic difference, not only in the process but to the final outcomes. For Change Healthcare, it was important to have a security partner who believe as strongly in all the advantages the cloud represents. For Palo Alto Networks, the cloud is synonymous with the future and they provided us with the services, and tools, both hardware and software, to make the journey easier for our employees, partners and customers.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.paloaltonetworks.com\/2019\/07\/change-healthcares-road-cloud-compliance-paved-lessons-learned\/\">Change Healthcare\u2019s  Road to Cloud Compliance is Paved with Lessons Learned<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.paloaltonetworks.com\/\">Palo Alto Networks Blog<\/a>.<\/p>\n<p><img loading=\"lazy\" src=\"http:\/\/feeds.feedburner.com\/~r\/PaloAltoNetworks\/~4\/6OLNDuFoxe4\" height=\"1\" width=\"1\" alt=\"\"><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Traditionally, Change Healthcare operated in a legacy data center environment. That is until about 5 years ago when we set out on our digital transformation journey with all roads leading to the cloud. Fast forward to today, the cloud provides us with a common architecture that our business relies on to support operations across our<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":""},"categories":[24],"tags":[141,33,29,27,34],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/www.ideus.com.tr\/index.php\/wp-json\/wp\/v2\/posts\/2473"}],"collection":[{"href":"https:\/\/www.ideus.com.tr\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ideus.com.tr\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ideus.com.tr\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ideus.com.tr\/index.php\/wp-json\/wp\/v2\/comments?post=2473"}],"version-history":[{"count":0,"href":"https:\/\/www.ideus.com.tr\/index.php\/wp-json\/wp\/v2\/posts\/2473\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.ideus.com.tr\/index.php\/wp-json\/wp\/v2\/media?parent=2473"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ideus.com.tr\/index.php\/wp-json\/wp\/v2\/categories?post=2473"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ideus.com.tr\/index.php\/wp-json\/wp\/v2\/tags?post=2473"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}