Put together by the Chief Technology Officer, Himanshu Rastogi, and his team.
Medi Assist has been an evolving platform for years. We have seen a significant shift in information security guidelines in the Industry. We have been ensuring that security becomes the primary thought for our organization.
What makes us passionate about data security?
Security lapse and data leakage have been the biggest of worries for our customers. We have constantly been evolving to ensure that our underlying layers and the customer layers keep getting robust to handle any such attempts.
In terms of shifting the security to the left has been about changing the timing of testing. We have thought of the change in the application layers and tried to ensure regular up-gradation of our underlying infrastructure to handle any exploited vulnerabilities.
DevSecOps has been the forefront runner of this cause. Two branches have been working to ensure we keep pushing new security practices in the organization.
How did we overcome security issues while shifting services online?
Let’s look back at the history of the healthcare insurance sector. Doctors have been governing the industry and preferring hard copies of reports to adjudicate a claim, evolving and changing with the advent of digital. The origin of Covid pushed a lot of norms to switch from physical hard copies to digital data.
The shift to digital brought an array of security vulnerabilities to the system. We upgraded our transit data guidelines and ensured that we avoid physical data in our premises. Not only have we pushed our operations to a paper-free environment, but we also provided higher security for our customers as well as for our internal employees.
We have taken specific steps to run a continuous improvement program, including monitoring our platform from a third-party view. We keep continuous monitoring of our digital landscape. There are dashboards provided not only to the Engineering and IT departments but also to the Senior Leadership.
We have incorporated filtering of any traffic inbound or outbound at multiple layers; this enables us to ensure that any malicious traffic gets blocked.
How did we cope with the sudden changes after the advent of the pandemic?
The biggest challenge of the ongoing changes has been to ensure all these changes do not reduce the speed at which we evolve, develop and implement new services onto the platform. Product Managers have been responsible for understanding the requirements and thinking from a security perspective to ensure that we do not make any mistakes when looking at a new feature or enhancement.
The entire application lifecycle has various checkpoints with a non-biased approach by DevSecOps.They are no more just the doers but have also become the thinkers in the whole process. They are involved on day one of the application development lifecycles. Multiple layers of testing continue in parallel. We have ensured that no silos exist in the organization, especially between the various Engineering teams.
Every employee of the team has been made aware of the multiple vulnerabilities and exploits carried across the globe. Our teams understand the underlying threats of any change going into the production environment.
We evaluate teams in the organization not only on their work efficiency but also on the defects of security released by them. We also score our employees to ensure healthy competition and make informed choices towards the entire SDLC process.
Pillars of our security portfolio that helped us in making the shift:
- Autonomous security from day one
- Integrated as we code
- Avoid false alarms
- Created security champions
- Developed a culture of visibility