Assignment 3: Conceptual Security Architecture Development Process - Enterprise &

Application Architectures

Kaitlin Perkins, Michael Soto, and Nicholas Wicker

Program of Cyber Security Operations & Leadership, University of San Diego

CSOL 520-03-SU22: Secure Systems Architecture

Dr. William Hess

May 30, 2022

Table of Contents

Introduction.................................................................................................................................................2
Enterprise Architectures..............................................................................................................................2
Existing Capability..................................................................................................................................2
Risk Management....................................................................................................................................3
Strategic Planning....................................................................................................................................4
Scope.......................................................................................................................................................5
Formal Strategic Plan..............................................................................................................................6
Requirements Specifications...................................................................................................................7
System Boundaries..................................................................................................................................8
System Constraints..................................................................................................................................8
Security...................................................................................................................................................9
Application Architectures..........................................................................................................................10
Existing Capability................................................................................................................................10
Risk Management..................................................................................................................................11
Strategic Planning..................................................................................................................................11
Scope.....................................................................................................................................................12
Formal Strategic Plan............................................................................................................................12
Requirements Specifications.................................................................................................................13
System Boundaries................................................................................................................................13
System Constraints................................................................................................................................14
Security.................................................................................................................................................14
Development and Release Process.........................................................................................................15
References.................................................................................................................................................16
 2

Introduction

G5 Healthcare (G5HC) provides health and medical care services to patients within the

United States. As G5HC continues to expand and increase its services nationwide, our goal is to

maintain high-quality medical care for our patients while staying abreast with technology

capabilities that can efficiently increase collaboration between medical professionals. To meet

this challenge, the decision is to adopt the use of cloud technology which will allow G5HC to

migrate its current data into a virtualized database which will also allow for continued growth

and expansion of network services. Using the cloud service of Infrastructure as a Service (IaaS),

we can leverage a virtual infrastructure that reduces our physical footprint of on-premises data

centers at each facility.

Enterprise Architectures

Existing Capability

As G5HC is a healthcare organization that has operated its network using traditional on-

premises data centers, this current project is working to transition to a new cloud-based network.

The intent is to minimize our hardware footprint, by migrating our current databases from a

physical data center to a cloud environment to allow for scalability and for healthcare providers

across the organization to access health record databases for patient care. This means that new

concepts with cloud technology will be introduced because this will be G5HC’s first attempt at

implementing cloud-based technology.

The current existing capability of G5HC’s technical environment consists of Local Area

Networks (LAN) at each facility where healthcare providers can share patient health information

and collaborate with other healthcare providers within the LAN. This means that each facility

stores electronic patient healthcare information locally using servers within each facility. This
 3

requires each facility to use servers and other additional hardware to support their operations

using the on-premises LAN. While this system allows for healthcare providers to collaborate

within the same LAN, this does not allow for immediate collaboration for healthcare providers

that operate across different facilities in different geographic locations. This requires an

additional step, where healthcare providers must use additional methods to send and receive

patient electronic health information that is compliant with the Health Insurance Portability and

Accountability Act of 1996 (HIPAA) laws.

Risk Management

Providing quality healthcare services in today’s digital environment exposes businesses

to malicious activities and the possibility of becoming a victim of a cyber-attack. Accepting

some level of low- risk is part of developing a system architecture. This includes ensuring that

the confidentiality, integrity, and availability of all electronic patient health information is

protected. We have incorporated the National Institute for Standards and Technology (NIST)

Risk Management Framework (RMF) as part of G5HC’s risk management practices. The NIST

RMF is an appropriate framework to use for our industry because it is designed to help

organizations across different sectors with managing security and privacy risk (NIST, 2020).

With the healthcare industry already heavily regulated by laws such as HIPAA and Health

Information Technology for Economic and Clinical Health (HITECH), we must ensure that we

are using a security and privacy-focused RMF that is a continuous cycle designed to reduce all

known risks to acceptable levels. The NIST RMF can also be beneficial to G5HC because the

continuous cycle allows for our organization to continuously reassess our risks and adjust our

risk management practices accordingly.

While risk is an element that will always be present for any organization, across every

industry, some controls are currently implemented to reduce risk. Following the NIST RMF,

there are seven steps in the process which are: Prepare, Categorize, Select, Implement, Assess,

Authorize, and Monitor (NIST, 2022). Following these steps in the NIST RMF, G5HC has

identified various risks and included various security and privacy controls to reduce risk to our

enterprise security architecture. This includes the implementation of Access Controls, Physical

Protection, Identification and Authentication, Personnel Security, Risk Assessment, and more as

listed in the NIST 800-53 publication (NIST, 2020). At each facility, we have identified risks

relevant to our enterprise architecture, and have implemented controls to reduce the risk, as

mentioned in the previous sentence. This includes controlling access to the server rooms, using

locks, and requiring key card access only to authorized personnel. G5HC also currently requires

that security guards monitor all entrances and conduct regular patrols throughout the facility.

While there are additional controls that are implemented to reduce the risk of physical damage

and other threats to our enterprise architecture, the previous controls discussed are examples, and

we will continue to regularly assess our enterprise architecture using the NIST RMF in our risk

management practices.

Strategic Planning

When considering strategic planning, there are some business and technology planning

factors that should be considered. As G5HC is actively planning to transition to a cloud-based

architecture, we must consider the goals that G5HC wants to achieve from this transition. As

cloud technology allows for G5HC to implement a system that allows for scalability and

increased availability, this can allow healthcare providers to collaborate across G5HC facilities

and improve the overall healthcare services for patients. The scalability benefits from the cloud
 5

system will allow G5HC to continue its future expansion plans and continue to provide

healthcare services to patients in the event of unexpected increased demand for medical attention

such as a future pandemic, or massive casualty incidents such as a natural disaster or other

incidents.

In terms of business planning, G5HC’s current expansion plans to open new facilities

across the country will continue simultaneously as we continue with the technology plan of

migration to a cloud computing system. This will require G5HC to plan for potential deadlines

and dates for these expansion plans so that proper coordination can occur between the opening of

new facilities and the implementation of the cloud IaaS platform. As part of G5HC’s plan to

reduce the need for a physical footprint of hardware on-premises, we will need to take into

consideration that new facilities will be required to be configured to operate with our new IaaS

platform. This means that these facilities will not be hosting onsite data centers on their LAN and

will not be receiving the required hardware to host on-premises servers. This presents technical

constraints on the future operation of the new facility and changes the system boundaries of our

network as this requires that the information technology team plans for the proper security

controls that are required for cloud environments that comply with HIPAA and HITECH.

Scope

The scope of this system is to develop an electronic health record (EHR) database

accessible to medical professionals (i.e.: Doctors) at all G5HC facilities nationwide to enhance

the collaboration capabilities among medical professionals to continue providing quality

healthcare services. Utilizing the cloud environment for the database allows developers the

opportunity for cost savings related to hardware and maintenance, scalability, redundancy, risk

management, and continuous monitoring. An EHR system is built to go beyond standard clinical
 6

data collected in a provider’s office and can be inclusive of a broader view of a patient’s care.

EHRs are a vital part of health IT and can (HealthIT, 2019):

 Contain a patient’s medical history, diagnoses, medications, treatment plans,

immunization dates, allergies, radiology images, and laboratory and test results

 Allow access to evidence-based tools that providers can use to make decisions

 Automate and streamline provider workflow

EHRs are built to share information with other healthcare providers and organizations so

they contain information from all clinicians involved in a patient’s care (HealthIT, 2019). An

appealing feature is that data can be shared by authorized providers in a digital format capable of

being shared with other facilities and eventually providers outside of the G5HC network. Using

virtual databases in the cloud provides G5HC with a system that can provide data anywhere at

any time.

Formal Strategic Plan

G5HC plans to implement an EHR software application available to medical

professionals via a secured and encrypted web interface and compatible with an IaaS platform.

Focus areas will be ensuring that the applications and policies applicable to the system design

align with Confidentiality, Integrity, and Availability of the resources and data. The objective is

to minimize the requirement of physical network components that consume resources; physical

and logical while enhancing a network secure boundary that protects information and user

access. Projects of the design process will be captured from stakeholder inputs who have an

interest in their system requirements and the EHR platform. As the system development

progresses, event milestones will be identified and captured as part of an overall schedule with
 7

critical events set as key deadlines. Risks and issues will be recorded in parallel as part of the

system development process.

Key performance indicators (KPIs) will help assess changes and identify factors that will

set a pattern or trend. KPIs will include the growth of users and data, geographic locations with

the highest volume of activity, the volume of network attacks to compromise data, system

performance, and downtime. Other indicators can identify what the average costs to support the

system will be or the resources required to manage the network. Working with the cloud vendor

on resources and cost analysis will help with estimates of financial requirements and

complement statistics of the KPIs.

Requirements Specifications

To efficiently capture and share patient data, healthcare professionals need certified EHR

technology (CEHRT) that stores data in a structured format. Structured data allows healthcare

providers to easily retrieve and transfer patient information and use the EHR in ways that can aid

patient care (CMS, 2022). The EHR core features will provide a baseline for further functionality

and design improvements. Utilizing the cloud will help streamline scalability for additional

services and features as needed. The functions of the EHR system will perform storing health

information and data, decision support that aids clinical decision-making, electronic/digital

communication between medical professionals, and clinical and health reporting data concerning

population health.

Requirements of the EHR architecture will align with policies and compliance with

Federal and State mandates such as HIPAA. Safeguarding data will be a primary decision factor

as system requirements become finalized. If an application or feature poses a threat or

vulnerability that could compromise the system or data, then executive leadership will need to
 8

assess the risk acceptance or identify an alternate solution that maintains the integrity of the

system and data.

System Boundaries

A primary security concern is ensuring the boundary protects data privacy while stored in

the database or transmission to and from external sources in G5HC facilities. Using IaaS in the

cloud helps establish a boundary and will enable applications to challenge user access through

authentication factors before the user is granted access to information. Within the boundaries, the

implementation to secure applications will be protected by router access control lists, proxy and

firewall settings, and a host intrusion protection system.

Physical access control will be implemented at G5HC facilities through a combination of

guard patrol checks and locking mechanisms of spaces where sensitive information is accessible.

Physical and network security management will be the responsibility of all G5HC employees via

an acknowledgment of user agreement forms and through periodic information technology

training to include federal and state guidance and compliance regulations. Surveillance

equipment and alarm systems will add a layer of measures to protect facilities and critical

network components. The information security officer will work with the security team to

develop a program that safeguards people, network components, and data.

System Constraints

Employing a database in the cloud under IaaS comes with some limitations and

constraints for external network administrators and users. While security will be a joint effort

between both G5HC administrators and the cloud broker, agreements, memorandums, and trust

will need to be established as the servers and networking will be managed by the broker. The
 9

data stored on the broker's equipment will use encryption and authentication requirements to

safeguard data from unauthorized access or compromise from an attack.

Although redundancy and continuous online services are benefits of the cloud, G5HC has

no control over outages or disruptions of facilities and equipment managed by the broker. Both

G5HC and the broker will develop restoration or response processes such as an Incident

Response Plan, Disaster Recovery Plan, and Continuous Monitoring Plan. Plans such as these

will help in recovery or situations where constraints may limit actions from either party in

continuous operations.

Security

Physical security will include roving guards to identify suspicious activity near facilities.

Close Circuit Television (CCTV) will provide visual coverage to assist guards and monitoring

spaces. Locking mechanisms such as biometrics or cipher locks will be installed in spaces where

controlled authorization is required. Employees will be provided with badges to identify their

association with G5HC. Visitor control access will be implemented through logs and badges

where an escort is required to be always with unauthorized personnel in controlled spaces.

Network security will require users to sign agreement forms and complete cyber

awareness training before accessing the network. Each user will be given a credential token as

part of two-factor authentication. Hardware such as routers, servers, and switches for local

networks will reside in controlled spaces with access granted only to authorized personnel.

Alarms will be enabled and alert security and IT of any breach of the controlled space or a

casualty such as flooding, fire, loss of cooling equipment (air conditioning), etc.
 10

Application Architectures

Existing Capability

The existing capability of the Application Security Architecture consists of windows-

based computers that allow users to access a server that stores patient electronic health

information on the LAN at each facility. This server does not allow access to all users, as there

are identity and authentication controls configured to control user access. The LAN is isolated

within the facility and does not have an external connection to the public internet. However, the

software used to access the data on this server is uniquely configured to access the LAN server

where the electronic patient health information is stored. As mentioned in the Enterprise

Architecture Existing Capabilities section, this current architecture limits a healthcare provider’s

ability to collaborate with other providers across the organization and inhibits our ability to

provide patients with immediate healthcare services. The network perimeter of each facility is

also configured with a Demilitarized Zone (DMZ) to provide a layer of security between the

world wide web and the private LAN from untrusted traffic (Fortinet, n.d.).

As G5HC continues planning to migrate to a cloud IaaS platform, this will eliminate the

need to conduct daily operations using the current LAN architecture to access electronic patient

health information at each facility. This new application architecture will function with a user

interface that implements identity and access controls that allows users to access electronic

patient health information on the cloud. This means that this new software application design

will be compatible with a virtual IaaS platform and is also compliant with HIPAA and HITECH

requirements.
 11

Risk Management

As previously mentioned, the NIST RMF is incorporated into our risk management

practices. This will also be used to assess and mitigate risk in our Application Architecture. As

we transition from traditional on-premises architecture to cloud-based architecture we will face

new risks. With a new software application design that is compatible with cloud IaaS platforms,

we will face the risk of exposing a surface area to the world wide web, as this new application

design will be web-based resulting in an internet-facing web application (Moyle & Kelley,

2020). This will require that we follow our RMF to regularly assess the risks of our application

architecture and take measures to mitigate and reduce risk to acceptable levels. This will include

implementing additional controls that address the risk specific to our Application Architecture

such as Input Validation, Access Control, Configuration Management, Identification and

Authentication, Risk Assessments, Systems and Communications Protection, System, and

Information Integrity, and more as listed in the NIST 800-53 Publication (NIST, 2020).

Strategic Planning

As mentioned in the Enterprise Architecture Strategic Planning Section, G5HC Business

plans such as future facility expansion planning will be occurring in parallel to the current design

work for the cloud IaaS platform. This requires that proper coordination and deliverable dates be

set as Business planning and Technology planning occur in parallel to each other. While the

virtual infrastructure is built and configured, the new web application design will also have to be

completed so that users can access the cloud database where electronic patient health information

will be stored. This means that the application design should be complete and at full operational

capability before newer facilities are opened so that these new facilities can be properly outfitted

and configured to operate with the new cloud IaaS platform. This requires that the application
 12

interface be completed, tested, and evaluated to ensure that it is compliant with HIPAA and

HITECH requirements. In addition to the user interface application, all virtual configurations,

security controls, and logical configurations should be completed and evaluated to ensure that

they are compliant with HIPAA and HITECH requirements. As also previously mentioned, as

the IaaS architecture platform is selected for this current design, the user application and virtual

configurations must also be capable of handling the scalable capability of the virtual

infrastructure. For example, in the event of increased network traffic, the database should be

capable of continuous operations without degradation and availability of services.

Scope

This application architecture provides a means for medical professionals at G5HC

facilities to access and share EHRs with other medical providers. To adapt to the changing

healthcare landscape in modern healthcare, we will utilize IaaS technology that improves

collaboration among healthcare professionals for patient care. G5HC will collaborate with third-

party vendors to design a web-based application for medical professionals to use that has an

intuitive front-end, and a cloud-based back-end to manage and store health information. This

application architecture will be accessible to authorized medical personnel, comply with health

privacy standards, and supports scalability.

Formal Strategic Plan

Previously established G5HC facilities utilized traditional, on-site data centers. We had

control over the physical hardware and had greater influence over the security measures being

applied to that hardware. As we transition from on-site to cloud-based, we need to acknowledge

that some of the control we had previously with our on-site centers may now fall under the
 13

service provider’s domain. And to ensure that security is being upheld at all stages, there needs

to be close collaboration between G5HC and the IaaS providers.

We will work with vendors to establish our requirements for the front-end and back-end

applications. Determining what we require from user, technical, and security standpoints will

help us narrow down ideal, third-party solutions to implement in our new facilities. The

interoperability between the front-end and back-end solutions will then need to be refined, and

we will need to establish a sustainment process with the vendors, with a focus on releasing

software updates and the usage of scalability to address changes in application demand. Once the

plan for establishing the application is solidified with the vendors, we will coordinate with senior

management on when the application will be integrated with new facilities.

Requirements Specifications

From a user perspective, the application needs to be easy to use and maintain. The user

interface should display the data in a way that is immediate and comprehensible to medical

professionals. When software updates or patches are published, there needs to be little to no

impact on the flow of operations.

From a technical and security perspective, the application needs to be resilient against

common attack methods and compliant with HIPAA privacy and security rules. There needs to

be a variety of controls and tools that minimize the attack surface of the application. The

application should also have a feature that allows audit reports to ensure adherence to policies

throughout.

System Boundaries

Since there will be close collaboration between G5HC and IaaS providers, there will be

separate organizational boundaries, which in turn, can lead to “separate application security
 14

architectural scope between the two groups” (Moyle & Kelley, 2020, p. 113). With this cloud-

based landscape, IaaS providers have a greater hand in the creation and maintenance of the front

and back end of the application, with G5HC tailoring how the application will operate and

integrate into the facilities. Since no single entity has complete control over the application

architecture, G5HC, and the IaaS providers must align their security scope.

System Constraints

Due to IaaS's nature, the service providers will control when software and security

updates are released for the application. To mitigate concerns over this constraint, G5HC will

need to work with the service providers to establish clear expectations when it comes to software

and security maintenance, like what updates are being pushed, why they are being pushed, how

frequently will the application be updated, and when the updates will be released to minimize the

impact to operations.

Security

In terms of security, the application will utilize encrypted channels to securely transmit

data over the Internet and communication correspondence between medical professionals. For

medical professionals accessing protected health information (PHI) data through the front-end

website, access control measures will be enforced to ensure the integrity of data, and limit data

spillage, and unauthorized usage. This could look like requiring two-factor authentication before

requesting data on the database or restricting the medical professionals’ permissions to only

access the PHI of certain patients. Timestamped, monitor logs will also be implemented to

provide a record of who accessed what and when in case of a security breach. For security that

falls under the IaaS providers’ domain, routine compliance checks will occur to ensure that the
 15

protocols and tools being implemented on their end meet the requirements and standards of

G5HC.

Development and Release Process

The development and release process we want to adopt aligns with the DevOps model.

DevOps focuses on “closer collaboration between development and IT teams within an

organization” to improve software development and delivery (Sienkiewicz, 2019). From the

security perspective of DevOps or DevSecOps, vulnerability assessments, and analysis are

integrated and performed during the development, testing, and delivery of the software (Daniels,

2021).

The healthcare industry has been slow to implement DevOps into its architecture, but

many benefits directly impact the accessibility and usability of health information. DevOps can

be used as a tool to help manage copious amounts of data so medical professionals can “handle

data such as lab reports, pharmacies, medical device reports, EHRs, wearables, and insurance

claims, and leverage them for final analysis” (Daniels, 2021). When medical professionals

improve information availability, it allows them to make informed decisions efficiently, which

can result in better care and satisfaction of patients.

References

CMS. (2022, March 25). Certified EHR Technology. Retrieved May 26, 2022, from

https://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/

Certification

Daniels, A. (2021, December 3). A Guide for Implementing DevOps in the Healthcare Industry.

Retrieved May 29, 2022, from https://www.bairesdev.com/blog/implementing-devops-in-

healthcare-industry/

Fortinet. (n.d.). What is a DMZ and why would you use it? Fortinet. Retrieved May 30, 2022,

from https://www.fortinet.com/resources/cyberglossary/what-is-dmz

HealthIT. (2019, September 10). What is an Electronic Health Record (EHR)? Retrieved May

25, 2022, from https://www.healthit.gov/faq/what-electronic-health-record-

ehr#:~:text=An%20electronic%20health%20record%20(EHR)%20is%20a%20digital

%20version%20of,and%20securely%20to%20authorized%20users

Moyle, E., & Kelley, D. (2020). Practical Cybersecurity Architecture. Birmingham, England:

Packt Publishing Ltd.

National Institute for Standards and Technology (NIST). (2020, September). NIST Special

Publication 800-53: Security and Privacy Controls for Information Systems and

Organizations. Retrieved May 30, 2022, from

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf

National Institute for Standards and Technology (NIST). (2022, May). About the RMF - NIST

Risk Management Framework. CSRC. Retrieved May 30, 2022, from

https://csrc.nist.gov/Projects/risk-management/about-rmf
 17

Sienkiewicz, G. (2019, July 16). How to Implement DevOps in Healthcare. Retrieved May 29,

2022, from https://www.macadamian.com/learn/how-to-implement-devops-in-healthcare/