LeanTaaS provides software solutions that combine lean principles, predictive and prescriptive analytics, and machine learning to transform hospital and infusion center operations. The company’s software is being used by over 150 health systems across the nation, which all rely on the iQueue cloud-based solutions to increase patient access, decrease wait times, reduce healthcare delivery costs, and improve revenue.
Industry: Software & Services
Location: North America
Customer since: 2021
LeanTaaS needed a security solution that could provide both visibility into their cloud-based APIs and defense in real time.
LeanTaaS serves some of the leading hospitals and healthcare providers across the country using a lean approach coupled with data analytics to create more efficient medical facilities. They needed a solution that could secure their cloud-based web services and APIs as well as meet their HIPAA compliance requirements.
LeanTaaS relies on Fastly’s Next-Gen WAF to detect and block known bad threats as well as provide deep visibility across all their web services. The Next-Gen WAF is a core component of LeanTaaS’ security and compliance toolkit.
Mixing security with fast-paced development pays off
For a company like LeanTaaS where software is deployed all the time, security must be tightly integrated with the development and deployment process. This is why Chandra Kalle, Director of Engineering, has been building a team that takes a holistic approach to security. He believes that, “Security is a state of mind, not an end state. It has to be baked in throughout engineering, infrastructure and operations—all the way from specs to design reviews to code reviews to infrastructure operations. Visibility and iterative process are important—everyone needs to understand how their code is being used (and can be abused), design accordingly, and react quickly.”
By using the Next-Gen WAF as a web application firewall across their infrastructure, LeanTaaS has seen huge success in their development, security, and operations teams. “We’re constantly seeking to incorporate state-of-the-art technology to improve our security posture. Fastly’s Next-Gen WAF not only blocks known malicious attacks, but also uses a variety of techniques and telemetry data to detect and block zero-day attacks as they happen. We were able to deploy it in blocking mode in under 40 minutes, and it seamlessly integrated into our CI/CD pipeline. We’re quite thrilled with it.”
Achieving compliance and more within the highly regulated healthcare industry
Healthcare is one of the most regulated industries on the planet, and LeanTaaS finds themselves right in the middle as a service provider to medical establishments. “We needed a way to meet our compliance standards, but we wanted more than just compliance,” notes Chandra. The team wanted proactive defense.
From their past experience using web application firewall products in monitoring mode, they knew that one critical piece to the success of their security efforts was security that worked in real time. “We wanted a way to be proactive, where most products only could offer insight long after the fact,” says Chandra. With the Next-Gen WAF, the team was able to get real time insight and active defense while also addressing compliance requirements.
Flexible, scalable application security for cloud-hosted applications
Like many software-as-a-service vendors, LeanTaaS is making use of Amazon Web Services (AWS). They provide dozens of web services via AWS cloud services, so they needed a solution that could scale with them and provide coverage quickly. LeanTaaS deployed the Next-Gen WAF across their entire infrastructure in under 40 minutes. Because of their confidence in the easy installation, they turned on blocking mode that same evening.
“Traditional signature-based firewalls cannot keep up with the constantly evolving zero-day attacks that companies like us face today. We wanted a solution that goes beyond signature scanning and can be seamlessly deployed and scaled with our cloud deployments. Fastly offered that advanced detection with lexical analysis and telemetry data and easy deployment options."
Director of Engineering
“This is security that doesn’t slow down development teams, and it provides blocking that we trust along with visibility we can use to understand where to prioritize effort. When we deployed directly into production, it worked just as expected."
Director of Engineering