EHR Healthcare is a leading provider of electronic health record software to the medical industry.
EHR Healthcare provides their software as a service to multi- national medical offices, hospitals, and insurance providers.
Solution concept - Due to rapid changes in the healthcare and insurance industry, EHR Healthcare's business has been growing exponentially year over year.
They need to be able to scale their environment, adapt their disaster recovery plan, and roll out new continuous deployment capabilities to update their software at a fast pace.
Google Cloud has been chosen to replace their current colocation facilities.
Existing technical environment - EHR's software is currently hosted in multiple colocation facilities.
The lease on one of the data centers is about to expire.
Customer-facing applications are web-based, and many have recently been containerized to run on a group of Kubernetes clusters.
Data is stored in a mixture of relational and NoSQL databases (MySQL, MS SQL Server, Redis, and MongoDB)
EHR is hosting several legacy file- and API-based integrations with insurance providers on-premises.
These systems are scheduled to be replaced over the next several years.
There is no plan to upgrade or move these systems at the current time.
Users are managed via Microsoft Active Directory.
Monitoring is currently being done via various open source tools.
Alerts are sent via email and are often ignored.
Business requirements - On-board new insurance providers as quickly as possible.
Provide a minimum 99.9% availability for all customer-facing systems.
Provide centralized visibility and proactive action on system performance and usage.
Increase ability to provide insights into healthcare trends.
Reduce latency to all customers.
Maintain regulatory compliance.
Decrease infrastructure administration costs.
Make predictions and generate reports on industry trends based on provider data.
Technical requirements - Maintain legacy interfaces to insurance providers with connectivity to both on-premises systems and cloud providers.
Provide a consistent way to manage customer-facing applications that are container-based.
Provide a secure and high-performance connection between on-premises systems and Google Cloud.
Provide consistent logging, log retention, monitoring, and alerting capabilities.
Maintain and manage multiple container-based environments.
Dynamically scale and provision new environments.
Create interfaces to ingest and process data from new providers.
Executive statement - Engine.
You want to follow Google best practices.
Considering the EHR Healthcare business and technical requirements, what should you do to reduce the attack surface?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
In order to reduce the attack surface for EHR Healthcare, it is important to consider the security implications of the solution concept and existing technical environment. One approach to reducing the attack surface is to use a private cluster with a private endpoint with master authorized networks configured (Option A).
A private cluster provides greater security because it is not exposed to the public internet. This reduces the attack surface by limiting access to the cluster to only those with explicit permissions. The private endpoint also ensures that traffic to the cluster is encrypted and that the cluster is not exposed to the internet.
Configuring master authorized networks adds an additional layer of security by limiting access to the Kubernetes API server to only those IP addresses that are explicitly authorized. This helps prevent unauthorized access to the cluster by limiting access to the API server, which is a critical component of Kubernetes.
Option B, using a public cluster with firewall rules and Virtual Private Cloud (VPC) routes, may provide some level of security, but it is not as secure as using a private cluster. With a public cluster, the cluster is exposed to the internet and is therefore more vulnerable to attack. While firewall rules and VPC routes can help limit access to the cluster, they do not provide the same level of security as a private cluster.
Option C, using a private cluster with a public endpoint with master authorized networks configured, is not recommended as it exposes the cluster to the public internet. This increases the attack surface and makes the cluster more vulnerable to attack.
Option D, using a public cluster with master authorized networks enabled and firewall rules, is also not recommended as it exposes the cluster to the public internet. While firewall rules can help limit access to the cluster, they do not provide the same level of security as a private cluster. Additionally, enabling master authorized networks does not provide sufficient security to make a public cluster a viable option.
In summary, to reduce the attack surface for EHR Healthcare, it is recommended to use a private cluster with a private endpoint with master authorized networks configured (Option A). This approach provides the highest level of security by limiting access to the cluster and ensuring that traffic to the cluster is encrypted.