Automated container security keeps Volpara abreast of new threats

Data security has proven to be a recurring challenge for the healthcare industry, where legacy systems are being compromised with frustrating regularity. For digital health company Volpara Health Technologies, however, the criticality of data-driven artificial intelligence meant building security into the core of its development processes.

At just a bit over three years old, the New Zealand based company – whose core technology interfaces with breast-screening equipment to evaluate the accuracy and specificity of its imaging in real time – had the luxury of working from a clean slate, chief information officer Gareth Beaumont told CSO Australia.

“A lot of our product suite is relatively new,” he explained, “and being able to leverage them to supply services in a secure manner has really been a benefit.”

“Because it has been a greenfields start from a project perspective, we haven’t had that existing technical debt to battle with and work around.”

The company’s youth meant not only being able to build it around ISO 27001 security processes, but allowing it to extend these processes to its core cloud-based platforms, which run on top of the Microsoft Azure public-cloud platform.

With new containers being regularly spun up and down in the cloud as part of its continuous integration/continuous delivery (CI/CD) processes, building Volpara’s core technologies in the cloud could have required manual management of containers and the data they contain – an error-prone process that has already caused data breaches for other organisations.

To streamline this process, Volpara’s development team has integrated Container Security vulnerability-management tools that automatically review containers as they are being developed, and as they are deployed.

Tracking of deployed containers ensures that unused or outdated containers aren’t left to create potential security vulnerabilities – providing a smoother development cycle that also increases the efficiency of resource utilisation. Paired with Tenable’s Nessus Pro vulnerability scanner, the tools have given the company deep insight into the integrity and security of its development and deployment processes.

The approach “has helped us do, in a lot more automated manner, the internal vulnerability testing that you would expect from companies with many terabytes of [sensitive] data like we have,” Beaumont said.

“Security is very much at the forefront for us, and we are running weekly checks against our internal infrastructure, against PCs, and against our products to see whether there is anything new that has popped up that we weren’t aware of.”