Symphony Health, a PRA Health Sciences company, is a leading provider of high-value data, analytics, technology solutions, and actionable insights for healthcare and life sciences manufacturers, payers, and providers. The company helps clients drive revenue growth and commercial effectiveness while adapting to the transformation of the healthcare ecosystem, by integrating a broad set of patient, prescriber, payer, and clinical data together with primary and secondary health research, analytics, and consulting. Symphony delivers a comprehensive perspective on the real dynamics that drive business in the healthcare and life sciences markets. For more information, visit www.symphonyhealth.com

 

Business Need

  • There was a need to increase security around AWS user credentials and increase the security of AWS IAM accounts
  • Streamline security policies
  • Strengthen the security process which is part of the AWS security policy/Audit initiatives 
  • Avoid usage of credentials and access from anywhere
  • Implement key rotation policy for all IAM users and mitigate risks
  • Ease of management of IAM user accounts
  • Reduction in security concerns and risks
  • Tracking and setting of security policy 
     

HARMAN Solution Highlights

HARMAN has been part of the customer journey from inception and built a robust and secured environment for AWS users and security group

  • Designed, architected, and implemented enhanced secure IAM user policy and robust security process
  • Implemented process to rotate IAM credentials in AWS environment
  • Security policy was implemented in a phased manner
  • Identified and communicated to users for IAM key rotation, bringing in awareness
  • Educated the end-user on enhanced security policy 
  • Decommissioned user credentials that were no longer in use
  • Put processes in place for user IAM key rotation for all active IAM users
  • Regular follow-up and automation for IAM key rotation
  • Effective implementation of enhanced security policy
  • Removed the idle and vulnerable SG (security group)
  • Phase I - identified duplicate and overlapping rules in security groups
  • Phase II - security groups cleanup
  • Multiple security groups associated with resources made unique
  • No rules were repeated in security group

Business Benefits

Efficient use of IAM AWS user account
Highly secure AWS environment
Access restriction to prevent non-users from misusing credentials
Helped meet complaints with streamlined security policies
Enhanced security benefit for IAM users
Strengthened AWS S3 access and security - helped in data protection and audit requirements