Dominic Tancredi, profile picture
Uploaded byDominic Tancredi
PDF, PPTX986 views

Dom & Tom NYC Healthcare Cloud Meetup Case Study (5/4)

Dom & Tom Inc. is a digital product development agency based in New York, Chicago, and Los Angeles, specializing in mobile and web products with a portfolio of over 90 mobile and 300 web applications. A case study on Dignity Health revealed the creation of a NICU app for engaging new parents, featuring encryption and strong legal collaboration to ensure compliance and efficiency. The company emphasizes devsecops practices and infosec training to maintain data security throughout the development process.

Embed presentation

Download as PDF, PPTX
DOM & TOM INC  DOMANDTOM.COM  NEW YORK: 646 741 5049 / CHICAGO: 773 377 5585 DOMANDTOM.COM NYC 646.741.5049 / CHI 773.377.5585
Do Good. Be Good. That’s what we do.
WHO AM I? Dom Tancredi » Full-Stack Developer of 18+ years. » CTO School Member (since 2014). » Fun Fact: Theatre + Computer Science degrees. » Certified ScrumMaster + Product Owner. 3 Dom & Tom » Launched 90+ mobile // 300+ web products. » 60 team members. » New York, Chicago & Los Angeles. » Digital product development agency. » Enterprise + startup-friendly.
D&T BREAKDOWN
CASE STUDY: Dignity Health Hospital Group
OPPORTUNITY 6 Goals » Bring brand to the 21st Century on mobile and tablet. » Grow relationships with patients. » Stay within InfoSec and legal policies of hospital.
SOLUTION 7 The Product » St. Rose's NICU app reaches out to new parents on mobile and tablet. » Cross-platform marketing approach to communicate with parents. » Portfolio of products: » iPhone, iPad, Android phone and tablet. » 2 hospital NICU centers.
SOLUTION 8 Mobile » iOS and Android phone and tablet applications for Dignity Health Group’s neonatal intensive-care unit (NICU). » The hospital group was not granted access to retrieving cloud patient data. » The applications track and graph measurements and feeding data. Information is provided to doctors for tracking child progress after parents bring their infants home. All data is stored locally.
SOLUTION 9 Mobile » Strong collaboration with Dignity Health’s legal team to approve all content. » Architecture for white labeling and sharing resources among applications made building and deploying much more efficient. » 6 applications were built. » iOS: utilized multi-target codebase and had a core library for specific packages and extended to custom visuals. » Android: utilized core library (package-first) philosophy to integrate into custom product versions.
SOLUTION 10 Mobile » Encryption of data locally in key-value pairs. » Decrypted data when visualized and viewed by users. » iOS data stored in key-value pairs which, since iOS6, has encryption built in. » Recommend RNCryptor (iOS) and AESCrypt (Android) for higher-order encryption (AES-256) if customizing encryption with datastores methodologies. » Datastore (iOS): CoreData, SQlite, Plist (iOS), Keychain as potential vectors for lifting datasets out of system. » Datastore (Android): Database, Internal // External Storage, SQLite Shared Pref (similar to Keychain).
Personally identifiable information (PII) is any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used for de-anonymizing anonymous data can be considered PII. SOLUTION 11 Server-Side » AWS utilization was planned for in the product roadmap. » AWS technologies roadmapped.
SOLUTION // PROCESS » Planning: Project planning added milestones and estimations for user experience, design and sprint feature-set per platform for legal review. » Legal: Created early relationship in process with legal teams on feature-set, design and implementation changes. » “MLR:” Medical Legal Review where legal can make adjustments and changes to any part of an application. » Planning: Planned per release platform for MLR. 12
DEVSECOPS @ D&T FIP-range restricted access to servers Key-restricted servers to DevOps + Tech leads Tech AWS + Digital Oceans; Ansible; Docker + Rancher for dev, staging, production instances. 13 Client-side encryption of data Encryption via SSL communication to servers MDM or testing Mobile device management or testing with Hockey or TestFlight. Ask yourself: How might someone access the data, the business logic or spoof the experience?
DEVSECOPS @ D&T » InfoSec Policy defined at D&T. » InfoSec Training with technical leads. » Working to shape and share DevSecOps policies with startup clients (being aware of OWASP Top 10, social engineerings, etc.). 14
Questions?
THANKS! Dom Tancredi (CEO & CTO) dom@domandtom.com DOM & TOM // domandtom.com LinkedIn

More Related Content

PDF
Giovane Moura - Cybersecurity voor .nl
byMichiel Cazemier
 
PPTX
Company presentation
byQiwen (Owen) Weng
 
PPTX
GDPR project board deck (example)
byTommy Vandepitte
 
PDF
Keith prabhu global high on cloud summit
byadministrator_confidis
 
PDF
Big Data and High Performance Computing
byAbzetdin Adamov
 
PDF
Security First: What it is and What it Means for Your Business
byGeorgian
 
PDF
HDI - Blockchain White Paper
byDavid MANSET
 
DOC
The National Security Agency (NSA) -- PRISM Surveillance System _Not a Surpri...
bySonia Usih, PMP, MCPM, BSc.
 
Giovane Moura - Cybersecurity voor .nl
byMichiel Cazemier
 
Company presentation
byQiwen (Owen) Weng
 
GDPR project board deck (example)
byTommy Vandepitte
 
Keith prabhu global high on cloud summit
byadministrator_confidis
 
Big Data and High Performance Computing
byAbzetdin Adamov
 
Security First: What it is and What it Means for Your Business
byGeorgian
 
HDI - Blockchain White Paper
byDavid MANSET
 
The National Security Agency (NSA) -- PRISM Surveillance System _Not a Surpri...
bySonia Usih, PMP, MCPM, BSc.
 

Viewers also liked

PDF
Appster Executive Briefing
byAppster
 
PDF
The Future of Storytelling
byVectorform
 
PDF
Dev seccon london 2016 intelliment security
byDevSecCon
 
PDF
RoboCop: Bringing Law and Order to CI/CD
byFranklin Mosley
 
PPT
DevSecOps SG Introduction - August Meetup
byDevSecOpsSg
 
PPT
DevSecOps Singapore introduction
byStefan Streichsbier
 
PDF
Jakob Holderbaum - Managing Shared secrets using basic Unix tools
byDevSecCon
 
PDF
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
byPriyanka Aash
 
PDF
Vulnerability Advisor Deep Dive (Dec 2016)
byCanturk Isci
 
PPTX
The End of Security as We Know It - Shannon Lietz
bySeniorStoryteller
 
PPTX
Safely Removing the Last Roadblock to Continuous Delivery
bySeniorStoryteller
 
PPTX
Rugged DevOps: Aligning Your Team and Your Powers for Success
bySeniorStoryteller
 
PDF
The Art of Identifying Vulnerabilities - CascadiaFest 2015
byAdam Baldwin
 
PDF
Continuous Security - Thunderplains 2016
byAdam Baldwin
 
PDF
Evident io Continuous Compliance - Mar 2017
bySebastian Taphanel CISSP-ISSEP
 
PDF
How can i find my security blind spots ulf mattsson - aug 2016
byUlf Mattsson
 
PPTX
Null application security in an agile world
byStefan Streichsbier
 
PPTX
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
byUlf Mattsson
 
PPTX
Cloudsolutionday 2016: Compliance and cost controlling on AWS
byAWS Vietnam Community
 
PPTX
Unit testing : what are you missing for security
bySuman Sourav
 
Appster Executive Briefing
byAppster
 
The Future of Storytelling
byVectorform
 
Dev seccon london 2016 intelliment security
byDevSecCon
 
RoboCop: Bringing Law and Order to CI/CD
byFranklin Mosley
 
DevSecOps SG Introduction - August Meetup
byDevSecOpsSg
 
DevSecOps Singapore introduction
byStefan Streichsbier
 
Jakob Holderbaum - Managing Shared secrets using basic Unix tools
byDevSecCon
 
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
byPriyanka Aash
 
Vulnerability Advisor Deep Dive (Dec 2016)
byCanturk Isci
 
The End of Security as We Know It - Shannon Lietz
bySeniorStoryteller
 
Safely Removing the Last Roadblock to Continuous Delivery
bySeniorStoryteller
 
Rugged DevOps: Aligning Your Team and Your Powers for Success
bySeniorStoryteller
 
The Art of Identifying Vulnerabilities - CascadiaFest 2015
byAdam Baldwin
 
Continuous Security - Thunderplains 2016
byAdam Baldwin
 
Evident io Continuous Compliance - Mar 2017
bySebastian Taphanel CISSP-ISSEP
 
How can i find my security blind spots ulf mattsson - aug 2016
byUlf Mattsson
 
Null application security in an agile world
byStefan Streichsbier
 
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
byUlf Mattsson
 
Cloudsolutionday 2016: Compliance and cost controlling on AWS
byAWS Vietnam Community
 
Unit testing : what are you missing for security
bySuman Sourav
 

Similar to Dom & Tom NYC Healthcare Cloud Meetup Case Study (5/4)

PDF
Personalized Mobile Applications in HealthCare by Bhargavi Upadhya
byApollo Hospitals Group and ATNF
 
PDF
CIS14: Using IDaaS to Enable IAM for Multiple Web-based and Mobile B2B and B2...
byCloudIDSummit
 
PPTX
20171108 IAPP Congress - Privacy by Design presentation
byBrussels Legal Hackers
 
PDF
Bgg Mobile: Top 10 Tech Trends 2014
byBGGMobile-- Sheila Bacon
 
PDF
When Heroes Become Superheroes Using Apps
bySceneDoc
 
PDF
Case Study - System Access Audit Compliance at The Center to Promote HealthCa...
byObserveIT
 
PDF
CIS13: Dealing with Our App-Centric Future
byCloudIDSummit
 
PPTX
Unc charlotte prezo2016
bySanjay R. Gupta
 
PDF
It's About The Citizen - Changing Needs and Rising Expectations
byPeter Coffee
 
PDF
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
byIBM Sverige
 
PPTX
Intel Cloud Summit 2012 ODCA + NAB
byIntelAPAC
 
PPTX
Netapp - An Agile Data Infrastructure to Power Your Cloud
byGlobal Business Events
 
PDF
Connecting Above the Cloud
byPeter Coffee
 
PDF
Rules for great digital government
byProudCity
 
PDF
110307 cloud security requirements gourley
byGovCloud Network
 
PDF
From Valleys to Clouds
byPeter Coffee
 
PDF
C* Summit 2013: Stepping Through the Lifecycle of a Service Offering with Cas...
byDataStax Academy
 
PDF
Kostnadseffektiv implementation av IT-säkerhetsstrategi – Accenture - IBM Sma...
byIBM Sverige
 
PPTX
Emerging Trends in Cybersecurity by Amar Prusty
byCysinfo Cyber Security Community
 
PPTX
Security Imeprative for iOS and Android Apps
bySymosis Security (Previously C-Level Security)
 
Personalized Mobile Applications in HealthCare by Bhargavi Upadhya
byApollo Hospitals Group and ATNF
 
CIS14: Using IDaaS to Enable IAM for Multiple Web-based and Mobile B2B and B2...
byCloudIDSummit
 
20171108 IAPP Congress - Privacy by Design presentation
byBrussels Legal Hackers
 
Bgg Mobile: Top 10 Tech Trends 2014
byBGGMobile-- Sheila Bacon
 
When Heroes Become Superheroes Using Apps
bySceneDoc
 
Case Study - System Access Audit Compliance at The Center to Promote HealthCa...
byObserveIT
 
CIS13: Dealing with Our App-Centric Future
byCloudIDSummit
 
Unc charlotte prezo2016
bySanjay R. Gupta
 
It's About The Citizen - Changing Needs and Rising Expectations
byPeter Coffee
 
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
byIBM Sverige
 
Intel Cloud Summit 2012 ODCA + NAB
byIntelAPAC
 
Netapp - An Agile Data Infrastructure to Power Your Cloud
byGlobal Business Events
 
Connecting Above the Cloud
byPeter Coffee
 
Rules for great digital government
byProudCity
 
110307 cloud security requirements gourley
byGovCloud Network
 
From Valleys to Clouds
byPeter Coffee
 
C* Summit 2013: Stepping Through the Lifecycle of a Service Offering with Cas...
byDataStax Academy
 
Kostnadseffektiv implementation av IT-säkerhetsstrategi – Accenture - IBM Sma...
byIBM Sverige
 
Emerging Trends in Cybersecurity by Amar Prusty
byCysinfo Cyber Security Community
 
Security Imeprative for iOS and Android Apps
bySymosis Security (Previously C-Level Security)
 

Recently uploaded

PPTX
A7383 3D Printing UNIT-III : 3D printing techniques
byVishnuVardhan909561
 
PPTX
Optimizing Operations: Key Elements of a Successful Plant Maintenance Plan — ...
byMaintWiz Technologies Private Limited
 
PDF
Modeltomodel_Transformation_with_ATL (1).pdf
byISEMENSIAS
 
PPTX
How to Create an Effective Monthly Preventive Maintenance Plan
byMaintWiz Technologies Private Limited
 
PPT
Tutorial-security-privacy-cloud intro duction about cloud compting its services
byHEmansuSingh
 
PPTX
Aix-Marseille Université Diploma
by美国加利福尼亚州立理工大学波莫纳分校学位证书补办【Q微号:1954 292 140】CPP毕业证购买
 
PDF
Bee problems on the basic engineering of electrical
byVinodkumar941730
 
PPTX
22PEOIT4C Session 4 Breath First Search & Depth First Search.pptx
bymailmegokilavani
 
PPTX
22PEOIT4C Session 7 A searching algorithm.pptx
bymailmegokilavani
 
PPTX
MODULE 1-UNIT_1.pptx MODULE 1-UNIT_1.pptx MODULE 1-UNIT_1.pptx
bypavanscholar123
 
PPTX
How to Implement Kaizen in Your Organization for Continuous Improvement Success
byMaintWiz Technologies Private Limited
 
PPT
Intro AI DBATU.ppt ppt useful engineering
bydevinjon990
 
PPTX
Data Science with R Final yrUnit II.pptx
byOsmania University
 
PPTX
Environmental and Ecology UNIT 4 - Global Warming-1.pptx
byMinakshiSultania
 
PPTX
Network Security v1.0 - Module 2.pptx
byssuserb1479b
 
PDF
3rd International Conference on AI & Civil Engineering (AICiViL 2025)
byieijjournal
 
PPTX
Plant Bio-additives (2).pptxA plant bioadditive is a functional substance der...
byMadan Bhandari university and St. Xavier's college , Maitighar
 
PDF
Troubleshooting of Marine Refrigeration System - Part 4
byMahmoud Moghtaderi
 
PPTX
Civil_Engineering_Technician_Skill_Assessment_2025_2026_Presentation.pptx
byCDR Australia Engineer
 
PPTX
infosecurity & Cyber Sec 2025 September for deep.pptx
bymsrehan
 
A7383 3D Printing UNIT-III : 3D printing techniques
byVishnuVardhan909561
 
Optimizing Operations: Key Elements of a Successful Plant Maintenance Plan — ...
byMaintWiz Technologies Private Limited
 
Modeltomodel_Transformation_with_ATL (1).pdf
byISEMENSIAS
 
How to Create an Effective Monthly Preventive Maintenance Plan
byMaintWiz Technologies Private Limited
 
Tutorial-security-privacy-cloud intro duction about cloud compting its services
byHEmansuSingh
 
Aix-Marseille Université Diploma
by美国加利福尼亚州立理工大学波莫纳分校学位证书补办【Q微号:1954 292 140】CPP毕业证购买
 
Bee problems on the basic engineering of electrical
byVinodkumar941730
 
22PEOIT4C Session 4 Breath First Search & Depth First Search.pptx
bymailmegokilavani
 
22PEOIT4C Session 7 A searching algorithm.pptx
bymailmegokilavani
 
MODULE 1-UNIT_1.pptx MODULE 1-UNIT_1.pptx MODULE 1-UNIT_1.pptx
bypavanscholar123
 
How to Implement Kaizen in Your Organization for Continuous Improvement Success
byMaintWiz Technologies Private Limited
 
Intro AI DBATU.ppt ppt useful engineering
bydevinjon990
 
Data Science with R Final yrUnit II.pptx
byOsmania University
 
Environmental and Ecology UNIT 4 - Global Warming-1.pptx
byMinakshiSultania
 
Network Security v1.0 - Module 2.pptx
byssuserb1479b
 
3rd International Conference on AI & Civil Engineering (AICiViL 2025)
byieijjournal
 
Plant Bio-additives (2).pptxA plant bioadditive is a functional substance der...
byMadan Bhandari university and St. Xavier's college , Maitighar
 
Troubleshooting of Marine Refrigeration System - Part 4
byMahmoud Moghtaderi
 
Civil_Engineering_Technician_Skill_Assessment_2025_2026_Presentation.pptx
byCDR Australia Engineer
 
infosecurity & Cyber Sec 2025 September for deep.pptx
bymsrehan
 

Dom & Tom NYC Healthcare Cloud Meetup Case Study (5/4)

  • 1.
    DOM & TOMINC  DOMANDTOM.COM  NEW YORK: 646 741 5049 / CHICAGO: 773 377 5585 DOMANDTOM.COM NYC 646.741.5049 / CHI 773.377.5585
  • 2.
    Do Good. BeGood. That’s what we do.
  • 3.
    WHO AM I? DomTancredi » Full-Stack Developer of 18+ years. » CTO School Member (since 2014). » Fun Fact: Theatre + Computer Science degrees. » Certified ScrumMaster + Product Owner. 3 Dom & Tom » Launched 90+ mobile // 300+ web products. » 60 team members. » New York, Chicago & Los Angeles. » Digital product development agency. » Enterprise + startup-friendly.
  • 4.
  • 5.
  • 6.
    OPPORTUNITY 6 Goals » Bring brandto the 21st Century on mobile and tablet. » Grow relationships with patients. » Stay within InfoSec and legal policies of hospital.
  • 7.
    SOLUTION 7 The Product » St.Rose's NICU app reaches out to new parents on mobile and tablet. » Cross-platform marketing approach to communicate with parents. » Portfolio of products: » iPhone, iPad, Android phone and tablet. » 2 hospital NICU centers.
  • 8.
    SOLUTION 8 Mobile » iOS andAndroid phone and tablet applications for Dignity Health Group’s neonatal intensive-care unit (NICU). » The hospital group was not granted access to retrieving cloud patient data. » The applications track and graph measurements and feeding data. Information is provided to doctors for tracking child progress after parents bring their infants home. All data is stored locally.
  • 9.
    SOLUTION 9 Mobile » Strong collaborationwith Dignity Health’s legal team to approve all content. » Architecture for white labeling and sharing resources among applications made building and deploying much more efficient. » 6 applications were built. » iOS: utilized multi-target codebase and had a core library for specific packages and extended to custom visuals. » Android: utilized core library (package-first) philosophy to integrate into custom product versions.
  • 10.
    SOLUTION 10 Mobile » Encryption ofdata locally in key-value pairs. » Decrypted data when visualized and viewed by users. » iOS data stored in key-value pairs which, since iOS6, has encryption built in. » Recommend RNCryptor (iOS) and AESCrypt (Android) for higher-order encryption (AES-256) if customizing encryption with datastores methodologies. » Datastore (iOS): CoreData, SQlite, Plist (iOS), Keychain as potential vectors for lifting datasets out of system. » Datastore (Android): Database, Internal // External Storage, SQLite Shared Pref (similar to Keychain).
  • 11.
    Personally identifiable information(PII) is any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used for de-anonymizing anonymous data can be considered PII. SOLUTION 11 Server-Side » AWS utilization was planned for in the product roadmap. » AWS technologies roadmapped.
  • 12.
    SOLUTION // PROCESS »Planning: Project planning added milestones and estimations for user experience, design and sprint feature-set per platform for legal review. » Legal: Created early relationship in process with legal teams on feature-set, design and implementation changes. » “MLR:” Medical Legal Review where legal can make adjustments and changes to any part of an application. » Planning: Planned per release platform for MLR. 12
  • 13.
    DEVSECOPS @ D&T FIP-rangerestricted access to servers Key-restricted servers to DevOps + Tech leads Tech AWS + Digital Oceans; Ansible; Docker + Rancher for dev, staging, production instances. 13 Client-side encryption of data Encryption via SSL communication to servers MDM or testing Mobile device management or testing with Hockey or TestFlight. Ask yourself: How might someone access the data, the business logic or spoof the experience?
  • 14.
    DEVSECOPS @ D&T »InfoSec Policy defined at D&T. » InfoSec Training with technical leads. » Working to shape and share DevSecOps policies with startup clients (being aware of OWASP Top 10, social engineerings, etc.). 14
  • 15.
  • 16.
    THANKS! Dom Tancredi (CEO& CTO) dom@domandtom.com DOM & TOM // domandtom.com LinkedIn