“We chose Veracode because it was the easiest and best solution when it comes to integrating into our existing processes.”
Cloud-native developer of electronic health records boosts engineering efficiency with Veracode Continuous Software Security Platform™
Azalea Health Empowers Its Software Developers to Code More Securely
Executive Summary
Azalea Health is on a mission to help underserved healthcare providers improve patient care and profitability. Nathan Shepard, Azalea’s vice president of product, explains, “Our healthcare customers want a way to manage the patient record in one place, even if patients come in at different times for different services.” The company answered that call by developing cloud-native solutions designed to truly simplify patient care and service for physicians and administrators. However, being in the cloud heightened security concerns, especially with the company’s platforms hosting health records and personal information. By partnering with Veracode, Azalea built a robust software security program that empowers its developers to build security early in the software development life cycle (SDLC). The result is more secure, higher-quality applications and greater customer confidence in Azalea’s cloud-based healthcare management solutions.
The Challenge
Meeting heightened security demands in the cloud
Azalea’s cloud solutions help more providers, especially those in rural areas, gain access to modern healthcare management services that otherwise might be out of reach financially. However, being in the cloud also elevates security concerns and the need to ensure regulatory compliance.
“Even though we were very diligent about performing penetration tests on a regular basis, we wanted a way that we could catch issues even earlier in the development process—before they got to our staging servers,” Shepard points out. “We also wanted a way to make it easier for our engineers to identify issues and correct them faster.”
Andrew McCall, vice president of engineering at Azalea Health, notes, “The biggest obstacle to building security into our workflows is that developers will treat security as just a checkbox. But security is an ongoing process and has to be top of mind throughout the software development lifecycle.”
To bolster its security initiatives, the Azalea team needed a comprehensive software security solution that integrated seamlessly into its existing development pipelines. Also key was having easy-to-consume training resources and systems to accelerate developer adoption and enable the company’s software engineers to address security issues earlier in the SLDC.
Humberto Ontiveros Garcia, junior quality assurance engineer at Azalea Health, says, “We don’t want to be reacting to incidents, we want to be proactive and build security steps into software development to better protect our customers.”
The Solution
Integrate Veracode Software Security Platform seamlessly into the SDLC
The Azalea team started its search by consulting the Gartner Magic Quadrant, finding Veracode a nine-time Leader in the Application Security Testing category. Following due diligence, Azalea evaluated four Application Security solutions, ultimately selecting the Veracode Continuous Software Security Platform™.
McCall says, “We chose Veracode because it was the easiest and best solution when it comes to integrating into our existing processes.”
The decision criteria spanned four key points:
- Seamless integration with Azalea’s cloud infrastructure,
- Support for the development languages used by Azalea’s software engineers,
- Veracode eLearning and Security Labs, which help engineers design better code from the outset, and
- Low number of false positives returned by Veracode compared to competitors during the proof of concept.
With its decision made, Azalea Health quickly moved forward with implementing the Veracode platform and ramping up a robust application security program across its product portfolio.
Shepard recalls the experience: “When we started our implementation, the Veracode team worked alongside us and helped establish scanning on our first repository very quickly. Based on that template, we were able to iteratively roll out the scanning to our other repositories. And over the course of just a few weeks, we were able to scan everything in the Azalea code base using Veracode.”
McCall adds, “Implementation was very seamless. We were able to do a scan output to the Veracode platform and have the results there without any manual effort.”
In addition to core platform products such as Veracode Static Analysis, Azalea also takes advantage of Veracode eLearning and Security Labs to help its software engineers continually build their software security skills and competency. Additionally, Azalea Health participates in the Veracode Verified program to validate its practices and further strengthen its overall security posture.
Results
Greater developer adoption, more secure applications
Since deploying Veracode, Azalea Health quickly recognized a valuable impact on its day-to-day software engineering practices. Importantly, software engineers aren’t wasting time chasing false positives and instead can focus on the code issues that genuinely require attention, helping to improve development productivity and efficiency.
“The accuracy of the Veracode scans is very impressive,” McCall remarks.
Because the Veracode platform integrates seamlessly into existing workflows, developers enjoy a frictionless experience, boosting adoption by making it easier to find and fix software flaws. Garcia says, “Using Veracode, we’re able to review new flaws found in our different applications and determine which ones take priority. Having Veracode greatly reduces the time we spend on debugging.”
Shepard points out that having the Veracode Verified “seal of approval” is another valued benefit in terms of building trust and confidence among Azalea’s healthcare customers. “Azalea Health established this partnership with Veracode to ensure we’re always delivering the most secure software possible for our clients. Participating in the Veracode Verified program provides objective evidence for our customers and our cyber insurers that we are trustworthy and stand behind our commitment to maintain security best practices.”
As Azalea Health continues to build and strengthen its application security program, Veracode eLearning and Security Labs play a vital role in building greater security awareness and strategies to empower the company’s software engineers to code more securely. Garcia concludes, “Veracode helps open up the eyes of our engineers so they can see that it’s not just about writing code, it’s writing secure code.”
About Azalea Health
Azalea Health is changing the way health IT platforms connect community-based healthcare providers and patients across the lifecycle of care. Offering a 100% cloud-based integrated solution, Azalea delivers electronic health records and revenue cycle management designed for rural and community practices and hospitals. Quick to deploy and intuitive to use, Azalea solutions ensure better care coordination and communication – enabling better outcomes and a meaningful competitive advantage. For more information, visit www.AzaleaHealth.com.
“Veracode helps open up the eyes of our engineers so they can see that it’s not just about writing code, it’s writing secure code.”