HTD Health is a global company specializing in custom healthcare software solutions. The company aims to create a more human-centric and productive healthcare system. Since its start in 2016, HTD Health has grown to about 120 employees, embracing a remote-friendly work model.
With offices in New York, Nashville, TN, and Lodz, Poland, they primarily serve U.S.-based clients coming from many different fields: Venture studios, Medical device companies, Life sciences, and Academic Medical Centers making compliance with security certifications and policies a paramount concern. For a service provider that is developing software for organizations dealing with the utmost sensitive information, there are a few checkpoints to achieve.
Adrian Iwanowski is an IT Security Manager at HTD Health whose focus is to secure hardware and software and ensure that the company is compliant with security certifications and internal policies. During our conversation, he revealed what challenges lurk behind creating compliant and secure systems, all while maintaining lean and organized processes in their own organization.
The challenge
Balancing the internal processes and compliance requirements
HTD Health's challenge revolved around managing multiple software and applications for network security. The traditional setup included firewalls, antivirus software, and secured Wi-Fi with access control and user permissions.
Click to tweet“We could set up the notifications for all software and apps to streamline maintenance if needed, but it's just another tool we would have to look after.”
This approach was cumbersome, requiring extra software management and diverse setups for each security component. Thus, the company needed a simplified approach to day-to-day tool management and network monitoring in order to simplify it from its core.
Besides, following strict compliance requirements are always on the list. The nature of HTD Health’s business insisted on clearly defining how access to sensitive data is managed, leading to another operational challenge.
Click to tweet“In terms of HIPAA, we have to establish where the data is stored. Is it our servers, or is it the company’s declined server and its database? After that, we must implement minimum access to this data, deciding who has access to the data, why, and at what range?”
Adhering to regulatory requirements and staying compliant all the way through all the processes while having minimal overhead on your team requires a systematic approach.
The solution
Seeking a more streamlined solution, HTD Health turned to NordLayer. The solution offers simple and easy deployment, management, and use for all involved parties, like administrators and end users.
Click to tweet“NordLayer was very easy and straightforward to implement. It didn't require any additional setup or man hours to deploy it.”
NordLayer offered a desirable price-to-outcome ratio and ease of implementation without demanding additional IT manpower. A design that reduces the hours spent on maintaining the app and improves the efficiency levels of network monitoring, protection, and access management helps greatly in watertight situations like HTD Health’s.
Click to tweet“Applying automation as much as possible makes it easy to maintain our applications and helps us run the security department with two or three people.”
The idea of getting a new tool must align with operational strategy. Internal processes, available human resources, simplification, and efficiency influence decision-making. NordLayer combines all the benefits HTD Health sought, from automation, network visibility, access management, and data security.
Why choose NordLayer
NordLayer's appeal to HTD Health lies in its dedicated servers and gateways, allowing private project access and client-specific configurations. Features like ThreatBlock, Always On VPN, Single sign-on (SSO), and device security compliance were crucial.
Click to tweet“The developer teams can have private access to the project, and we can also establish that access for a client.”
The flexibility and scalability offered by NordLayer perfectly aligned with HTD Health's needs, especially in maintaining compliance with regulations like HIPAA (Health Insurance Portability and Accountability Act).
Click to tweet“Every company somehow related to medical records knows very well how obligatory compliance is HIPAA. They know exactly what the outcome is if the data gets leaked—financial fines can be tremendous depending on various factors.”
NordLayer being compliant with such regulatory requirements like HIPAA lets companies rest assured that they get the full package of what they are looking for, combining a few perks into one decision and complying with their framework.
Always On VPN enforcement for security and compliance
NordLayer’s Always On VPN feature ensures that the user connection is always encrypted when connected to the internet. If the connection to the VPN is broken, the end user gets disconnected from the network until the VPN is restored. This way, admins can have peace of mind knowing that data is protected to the maximum.
The outcome
Implementing NordLayer resulted in a more efficient and secure IT environment for HTD Health. The cloud-based solution enabled easy monitoring of user engagement with the security tools. Centrally enforcing internal rules and security tools allows for maintaining an organization's security posture.
Click to tweet“From my standpoint, the UX and UI are very easy and clear to navigate, and I can create and extract the data that I'm looking for.”
Simple navigation, intuitive design, and straightforward application to the tech stack and daily operations made it easy for HTD Health to improve its current setup.
Click to tweet“Developing applications and tools that boost the healthcare industry not only in the US but worldwide implies our cybersecurity has to catch up with the technology better sooner than later.”
The transition to NordLayer facilitated a more robust security posture, which is especially important in the healthcare sector, where data sensitivity is paramount.
Pro cybersecurity tips
Practice makes perfect—the same applies to cybersecurity. Start creating small habits that help secure your company and your personal data from increasing digital threats. Adrian Iwanowski, an IT Security Manager at HTD Health, shares his three favorite tips, highly recommending that everyone should implement them.
HTD Health's experience showcases the importance of a tailored, efficient cybersecurity solution in today's hybrid work environment. It’s particularly important in sensitive sectors like healthcare. NordLayer's ability to provide comprehensive, compliant, and user-friendly security tools stands out as a key factor in HTD Health's successful security overhaul.
