After an initial evaluation, 2 major problems were identified: APIs were not secured against bot or back-door attacks as they were stateless and involved no front end authentication (which was a business requirements), the databases contains columns of data that qualify as highly restricted healthcare data that was not isolated or protected from unauthorized employees.
To address the API threat, an API proxy with Google Enterprise reCaptcha integration was built to protect the back-end APIs was developed and integrated into the solution. This involved building a separate Node.js GKE application to fronts all the API calls from the Angular application. This also involved modifying the Angular application to integrate with Enterprise reCaptcha to create a reCaptcha token that gets validated into an access token which Angular then uses for their API calls.
To address the database threat, Dito recommended that health data be encrypted by the applications writing to the database with a versioned key stored in Google Secrete Manager. Both the application writing and reading the database columns would the same version of the key to write and read the data while making the highly restricted data unreadable to employees who should not have visibility to said data.