Securing your Azure Cloud for Healthcare

September 21, 2017

Healthcare organizations are finding it more cost-effective to garner the services of a reputable Cloud Service Provider (CSP) to manage their Azure cloud. Whether the need is to provide managed services for their Azure cloud subscription, or a need to deploy, host and manage the solution over it’s lifespan using the CSP’s subscription, there is peace of mind that their cloud is compliant and secure.

Azure’s IaaS or PaaS cloud platform allows you to quickly create a Windows or Linux server environment with minimal effort and trust that the infrastructure (servers/storage/network) and platform (operating system/database) elements will be available 24×7. But once servers are spun up, application management services are still needed. Project Hosts’ Azure Managed Services with Extended Security fill the current gap that many enterprises and government agencies have in managing critical elements of their Azure deployments:

    Azure Security Management

    Continuous Monitoring & Performance Optimization

    Applications Access & Management,  User Support

Our cloud security experts have the expertise and compliance competency for today’s most rigorous cloud security standards including ISO 27001, NIST 800-53, HIPAA / HITRUST, FedRAMP Moderate, High,  and DoD CC SRG IL4/5.

Note: Government security standards such as FedRAMP/DoD are only available in a Project Hosts’ subscription.

HIPAA/HITRUST Compliant Clouds

Secure Azure Services

Secure SharePoint on Azure

Share Point FedRAMP Cloud

CRM Custom Cloud

CRM FedRAMP Cloud

PPM Custom Cloud

PPM FedRAMP Cloud

Remote SharePoint Administrator

Azure Managed Services

 


Azure Security Containers for Healthcare

May 24, 2017

container-registryProject Hosts is a Microsoft Cloud Solution Provider that manages the application-level HIPAA / HiTRUST / NIST 800-66 security controls that must be in place for healthcare companies to move their Windows and Linux Deployments into a secure Microsoft Azure Container.  Our Microsoft Azure Security Container and Managed Services include ongoing scanning, patching, log reviews, alerting, incident response, backup, DR tests, user authorization tracking, data loss prevention and more for customer developed, or ISV-based applications.

Project Hosts’ cloud security experts ensure that all HIPAA / HITRUST / NIST 800-66 security controls are implemented and documented for your deployment. Deployments are subjected to annual penetration testing and certified auditor assessments. Whether custom developed, or obtained from an independent software vendor (ISV), your software will be fully scanned, logged, and penetration tested to meet compliance standards when migrated to Azure.

Ashley_LRG_HIPAAHealthcare Client Value:

Enable you to move on-premises Windows and Linux apps into a HIPAA / HiTRUST / NIST 800-66 compliant Azure cloud quickly and cost-effectively.

Leverage our expertise in Healthcare security standards and security control methodologies to get, and maintain your certification and compliance.

Reduce your IT services and support workloads while delivering more integrated cloud offerings.

Enable you to leverage your existing on-premises software solutions into the cloud, without starting over.

Ensure the overall success and adoption of your cloud with ongoing management, monitoring, support and optimization.

Secure Azure Services

Secure SharePoint on Azure

Remote SharePoint Administrator

Azure Managed Services

 

 


Understanding the FedRAMP Control Families ( Video Series with Project Hosts)

May 9, 2017

Project Hosts has recently released a series of 17 videos that outline the security controls required for FedRAMP compliance of an environment built on Microsoft Azure.  IaaS/PaaS services like Microsoft Azure take care of 25-30% of all required FedRAMP security controls, but the remaining 70-75% still need to be put in place.  In the series, Project Host CEO Scott Chapman addresses each control family, describing in detail what needs to be implemented above Azure for ISVs who sell to the Federal Government or for Agencies who would like to move applications to the cloud.

FedRAMP_Video_Series

In the series, Project Host CEO Scott Chapman addresses each control family, describing in detail, what needs to be implemented above Azure for ISVs who sell to the Federal Government or for Agencies who would like to move applications to the cloud.

Our Federal Private Cloud for Windows and Linux Applications (FPC) provides cloud-based access to Microsoft applications including SharePoint, Project Server, Dynamics CRM, Power BI, Visual Studio, TFS, Remote Desktop, and Office; applications from other commercial software vendors such as AvePoint, BrightWork, Gimmal, Innovative-e, Nintex, UMT360, and Urban Turtle; and open source applications such as Drupal, WordPress and Joomla for agency website content management.   A hybrid cloud architecture allows agencies to leverage shared services for some functions (e.g. authentication, monitoring, scanning) while still having the option to choose dedicated servers for applications and databases. This series of videos offers some insight into the controls that make all of this possible.

Click here for more information about FedRAMP SaaS Compliant Solutions.

Secure Azure Services

Secure SharePoint on Azure

Share Point FedRAMP Cloud

CRM Custom Cloud

CRM FedRAMP Cloud

PPM Custom Cloud

PPM FedRAMP Cloud

Remote SharePoint Administrator

Azure Managed Services


Avoiding security breaches in a HIPAA Compliant Microsoft Azure Cloud Environment

March 21, 2017

Ashley_HIPAAAccording to HIPAA compliance regulations, security breaches of confidential patient data must be reported to the Office of Civil Rights (OCR). When your organization has access to Protected Health Information (PHI), it is essential that HIPAA compliance is maintained, making it less likely to experience such breaches. The act of not adhering to the HIPAA Breach Notification Rule by failing to report a breach can result in criminal charges and civil action lawsuits, severely damaging your practice or organization. Working with a compliant Cloud Service Provider (CSP) gives you peace of mind that all security controls are in place, effectively securing patient’s sensitive information from breaches.

HIPAA_ShieldBy moving your data into a Microsoft Azure cloud, your data is protected on the infrastructure and platform levels with HITRUST compliance. Working with a CSP like Project Hosts adds 200+ controls on the SaaS level, while also adding ongoing scanning, patching, log reviews, alerting, incident response, backup, DR tests, user authorization tracking, data loss prevention and more for customer developed or ISV-based applications.

A compliant CSP provides technical, physical and administrative safeguards against breaches, lowering the probability of having to ever concern yourself with the HIPAA Breach Notification Rule.

Secure Azure Services

Secure SharePoint on Azure

Remote SharePoint Administrator

Azure Managed Services


New Secure Cloud Services For Azure and Hosted Microsoft Apps Protect Businesses and Employee Data

April 4, 2016

Scott-Chapman-SecureCloudServicesToday from the floor of the Microsoft 2016 Envision Conference, in the heart of New Orleans, we announced our new lineup of Secure Cloud Services for Azure and hosted Microsoft solutions. Our Secure Cloud Service offerings for Microsoft ISVs, government agencies and enterprises will help fully protect their business and employee data from unauthorized access or theft.

Our new security services are available for Azure or as a fully hosted private/hybrid cloud solution and support today’s most rigorous industry security standards including Department of Defense IL4, FedRAMP, NIST 800-53 and ISO 27001+.  If you are in New Orleans this week at Microsoft Envision stop by Project Hosts’ booth # 1725  to discuss your cloud security options.

From today’s Secure Cloud Services announcement: “With government agencies and enterprise organizations adopting cloud-based services at an unprecedented rate, never before in the history of information technology has the risk of theft and unauthorized access of business assets and employee data been so great,” said Scott Chapman, CEO and co-founder of Project Hosts, Inc. “As such, we’ve developed a new set of fully-secured cloud service offerings that protect your Microsoft cloud-based applications for Azure and in hosted environments.”

envision-booth-pic.jpg

Secure Cloud Services are available in four distinct platforms, and can be implemented in an ISV’s or customer’s Azure environment, or as private or hybrid hosted solution.  Project Hosts’ secure cloud platforms include:

  • ISO 27001 Compliant Cloud – Our ISO 27001 cloud delivers a dedicated private or hybrid cloud for commercial customers that meets the 120 security controls defined by the International Standards Organization. About ISO 27001:13: an information security standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission(IEC) under the joint ISO and IEC subcommittee.
  • NIST 800-53 Compliant Cloud – Our NIST 800-53 cloud provides an additional 141 security controls delivering a robust commercial cloud with 261 security controls. About NIST 800-53: an information security controls standard for information systemsexcept those related to national security. It is published by the National Institute of Standards and Technology.
  • FedRAMP Compliant Cloud(SaaS Level)- Our FedRAMP SaaS-Level compliant Federal Private Cloud (FPC) for Windows and Linux apps meets the GSA’s mandated ~325 security controls for federal agencies; also a popular platform for state and local agencies looking for robust cloud security. About FedRAMP:  the Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
  • DoD IL 4 Compliant Cloud – The most secure cloud platform that is expressly designed and audited for the U.S. Department of Defense — meets DISA (Defense Information Systems Agency) Level 4 standard with 369 security controls. About DISA IL 4: an extension to FedRAMP with the security controls and access designed specifically for the needs of the U.S. Department of Defense.

%d bloggers like this: