Taking an Objective Look at Mental Health
Medibio is a mental health technology company that envisions a world where data empowers mental wellness. One of Medibio’s technology platforms, ilumen, is a corporate mental wellbeing product that utilizes assessments and biometric analysis to provide feedback to users. The platform also provides users with links to resources which may provide helpful information to improve mental wellbeing.
Medibio came to MentorMate in late-2019 with a program of work which was required to scale ilumen, migrate it to a new AWS platform, boost its security, and add some feature enhancements.
Building for Security and Data Privacy and Preparing for Growth
Since ilumen manages a lot of user data, we built it in a secure way with respect to standards for data security and data privacy. When working with Medibio to choose a cloud provider for ilumen, we guided them towards AWS. This choice was made because AWS allows businesses and organizations concerned with privacy and data protection to effectively manage their user’s data to assure privacy and security.
We took an infrastructure as code (IaC) approach while building ilumen and its underlying infrastructure. Using IaC to deploy and configure the needed AWS services makes the process visible, auditable, and repeatable from end to end. As we were building, we also kept the Well-Architected Framework in mind and addressed the Security, Reliability, Performance Efficiency, Cost Optimization, and Operational Excellence pillars.
For the deployed workload, we architected and implemented it using only services which met Medibio’s needs for privacy and data protection. Additionally, it’s designed to handle variable traffic and is more than ready for high growth.
The AWS Nuts and Bolts of ilumen
AWS ECS Fargate and EC2 are at the core of the solution build. Ongoing security and compliance are implemented with AWS SecurityHub while AWS GuardDuty is used for threat detection and as a network IDS system. We used BitBucket pipelines to build continuous delivery (CD) pipelines, automating the software delivery process.
This solution means critical workloads are deployed and users’ data is securely stored and transmitted with both encryption at rest and in transit. MongoDB Workloads inside AWS public cloud store sensitive data.
By implementing continuous delivery (CD) pipelines the application deployment is also fully auditable and traceable. Using AWS ECS Fargate and autoscaling, we quickly produced a working solution that was secure, scalable, stable, and cost-efficient.
Other services used in the ilumen build include AWS Route 53 for reliable DNS service and Elastic Load Balancer with AWS Web Application Firewall to face the web traffic. The opportunity to have AWS WAF facing the HTTP/HTTPS traffic narrows down the attack vector, mitigates bad actor behavior, and improves the overall security posture. The web APIs and user portals are orchestrated by AWS ECS Fargate.
AWS Fargate made the docker deployment very fast. It also integrated very well with Parameter Store where all container’s secrets are kept encrypted. Produced docker images are scanned for vulnerabilities on push by AWS ECR.
To ensure continuous compliance, we set up AWS Security Hub with alarms that notify our support team of any changes. AWS SSO service is used for signing in the multiple AWS accounts of Medibio, enforcing a two-step authentication. It also works as the identity provider for VPN user access. The Business Intelligence workloads are running on AWS EC2 with configure status alarms.
All of this gives the ilumen platform a very high level of resiliency.