Client
The client is the industry leader in providing credentialing programs with expert review of test accommodations requests and accessibility consultation, was looking for MeU Solutions to build a secure SaaS-based application hosted in the Cloud for testing programs that need to manage accommodations requests. It is a flexible and easy-to-use application for the disability people, focusing on accessibility issues and disability compliance.
Challenges
- Easy to use but secure app for individuals with disabilities, making UX design to compliance with 508 standards.
- HIPAA, GDPR compliance implementation to ensure the privacy and security of the patient’s data (ePHI).
- Building high availability web apps with zero downtime deployment strategy, auto-scaling of app servers, and database servers.
Solutions
- Utilizing AWS’s architected framework such as EC2, S3, Lambda, Terraform, Cloudwatch logs, ALC, KMS, PostgreSQL (RDS), GuardDuty, EBS, AMI, Kinesis, CloudTrail, Load balancer, API Gateway.
- Multi-tenant database infrastructure. Use HashIds and UUID for data reference across tables.
- Programming: PHP/Lavarel, Nodejs
- The testing team performs the functional test, accessibility test, usability test, penetration test (OWASP practice), and performance test.
Results
- Release the web application that meets HIPAA technical safeguard compliance, Operating System, and web server are hardening to against the attackers.
- Entire infrastructure can be deployed in less than an hour in an event of a disaster, thus reducing the recovery time significantly.
- A lot of functions were applied to use Lambda, reducing dependency on EC2 instances.
- Cost of infrastructure reduced by using a multi-tenant model. Separate EC2 instances are not required for various customers.