github-actions[bot]
commented
1 year ago Humongous Healthcare is concerned with application security, they want to ensure that everything is configured properly, and also they do not want any "shadow IT" initiative. They want all data stored in a single database, and they would like to centralize management of any access points to the data. Different Engineering teams will work on separate API endpoints and Molly is interested in anything which can improve the coordination between teams and make their architecture group's lives easier. They also want to ensure compliance with appropriate regulatory authorities and follow any regulations for Personally Identifiable Information (PII) or Protected Health Information (PHI). Security is paramount: they need a solution which provides a consistent security model across all components and can ensure that customer data is kept in a secure manner, as well as one which keeps compliance with data privacy regimes--such as the General Data Protection Regulation (GDPR) or California Consumer Privacy Act (CCPA)--in mind. In addition to these compliance and regulatory requirements, the security team is concerned about the possibility of denial of service (DoS) or distributed denial of service attacks (DDoS), as these applications will be accessible to mobile and desktop devices without tunneling through a VPN. Before they can sign off on a potential solution, they need to know that it can
What are the App Security Requirements?