Premier Management Company Secures Healthcare Data with F5 Cloud-Based WAF

Premier Management Company needed to safeguard the confidential healthcare information housed in its cloud-based applications. Using an F5 security solution in the Microsoft Azure cloud, the organization protected its data and ensured compliance with industry regulations, while leveraging the scalability of a robust web application firewall.

Business Challenges

Premier Management Company (PMC) manages several Accountable Care Organizations (ACOs) in the Dallas/Fort Worth area and southern Oklahoma. “ACOs are driving a major transformation in healthcare in the United States,” says PMC CIO Sohail Mohammed. “We’re trying to change the whole care paradigm, so that the healthier the patient is, the more incentives there are for the primary care physician.”

In its operation of the physician-led ACOs, PMC takes in and manages massive amounts of data each day from insurance companies, Medicare, hospitals, and nursing homes. “We regularly receive complete claim data, which allows us to perform clinical predictions about patients and present a holistic picture of the patient to the physician,” says Mohammed. “At the end of the day, we have seen tremendous benefits accrue to both patients and physicians, while controlling the overall cost of the care.”

The organization hosts its core suite of critical business applications in the Microsoft Azure cloud. “We chose to host these apps in the cloud rather than on-premises because we are growing quickly,” says Mohammed, “and we wanted to have an infrastructure that could grow with us.”

As the company expands, more and more confidential healthcare data flows through its applications, which led Mohammed and his team to consider the best way to comply with regulations such as HIPAA that ensure the confidentiality of patient data. “Data security is our number-one priority,” says Mohammed, “because we know that if we make a mistake and there is a breach, we are done.” PMC needed a robust, easy-to-deploy solution to secure that confidential data as the organization continues to grow.

Solution

As the IT team at PMC embarked on its search for a cloud-based web application firewall (WAF), they began by contacting colleagues in similar organizations to see how they had handled the issue of compliance and data security. “Through our research, we decided that the F5 Web Application Firewall for Microsoft Azure Security Center was the right solution for us,” says Mohammed. “The risk of a breach is so high that we wanted to go with the best of the best and find a partner who could help us take care of this major concern.”

IT Infrastructure Manager Sajid Fiaz conducted most of the tests to determine the right solution for PMC. “The primary reason we chose F5 was based on the results of the technical comparisons we did with multiple other web application firewalls,” he says. “That played a major role in building my confidence with F5. The team also gave me a real-time demo and provided an extensive evaluation license, which allowed us to explore and configure the WAF to meet our requirements.”

For Mohammed, a key deciding factor was the relationship that PMC developed with their F5 account team. “That engagement was very important,” he says. “We were able to have discussions and get the information that gave us the confidence we needed to select F5 to help us protect our data.”

Sajid agrees that the level of support provided by F5 helped PMC deploy the WAF to meet their business specifications. “Throughout the process, the F5 team has been extremely effective in helping us with any technical issues,” he says. “We’ve had the WAF running for about three months now, and we’ve been very happy with the experience.”

Benefits

By leveraging the cloud-based F5 web application firewall, PMC ensures the security of the healthcare data housed in its critical applications, maintains required regulatory compliance, and can leverage the flexibility and scalability of its cloud-based solution as its business continues to expand.

Ensures application security and compliance

PMC deployed the F5 WAF in Azure Security Center to provide comprehensive layer 7 protection against existing and emerging application attacks. “Data security is core to our existence as a company,” says Mohammed, so PMC appreciates the robust capabilities of the F5 WAF, which guards the organization against threats such as the OWASP Top 10, layer 7 DDoS attacks, site scraping, web injections, and common application vulnerabilities.

Equally important is the solution’s defense against costly data breaches, which were concerning to Mohammed. “On the black market, healthcare data is extremely valuable,” says the PMC CIO, “so we needed a trusted solution to protect us.” Built on F5’s industry-proven, ICSA Labs certified web application firewall, the preconfigured virtual WAF service in Azure Security Center fit the bill, allowing the PMC team to block attacks on applications in the cloud with 99.89 percent effectiveness.

Makes it easy to customize and scale

Founded in 2013, PMC has been in growth mode since its inception. That’s why the ability of the solution to grow with the company was a key factor in the team’s decision to deploy the F5 WAF. “When it comes to scalability, the F5 WAF has the capabilities to make growing and scaling as easy as possible,” says Mohammed. “That scalability is one of the reasons we thought F5 would be a great partner.”

Fiaz, who oversees the day-to-day operations of the company’s cloud-based environment, including the key aspect of data security, appreciates the ability to customize the F5 WAF to meet PMC’s objectives. “I have configured four or five F5 iRules already,” he says, “and there are some upcoming requirements that mean I’ll be further customizing the WAF. I definitely think our level of familiarity with the WAF and its many capabilities will grow as we continue to work with it.”

Dedicated support speeds deployment

While the PMC team had managed other WAF solutions in the past, they had limited experience with F5 technology. Spurred by the good relationship they had developed with the F5 account team during the evaluation process, Mohammed and Fiaz were confident that they had the support they needed to ensure a successful deployment. “Initially we were having some issues with the Azure infrastructure,” says Fiaz, “so we reached out to the F5 team who worked with their contacts at Microsoft to come up with a solution.”

Throughout the process of evaluation and deployment, the IT team at PMC has appreciated the support of the F5 team. “F5 has been great,” says Fiaz. “Whenever I get stuck somewhere, the team has stepped in and given us everything we need in terms of technical support.”