A couple of weeks ago, my nephew had a seizure. He's ok. We did all of the right things and got him the help that he needed. He eventually ended up at a local emergency room. While I was there waiting on the test results to get back, I started to take note of the technology the hospital was using. The biggest observation that I made is that they use Electronic Medical Records (EMR) -- no paper charts. Each observation room had its own computer and there were wireless mobile stations a few feet down the hall. So that led me to ask, "How compliant are they with HIPAA Standards in this wireless environment?"
Yesterday, I was at a local grocery store. I only picked up a handful of items, so I decided to use the self checkout aisle. Unfortunately, my terminal froze on one of the items I was trying to buy. I politely put my hand up to get the attention of the attendant, thinking that she was going to come over and do something to my terminal to get me going again. She didn't come to me. What she did instead was to pull out the stylus on her hand-held wireless computer, made a few taps and voila... I was up and running again. So that led me to ask, "How compliant are they with PCI Standards in this wireless environment?"
Now in two different scenarios, I've asked two questions. Both are the same question and focus on a single technology-wireless networks. The only difference is that I inserted a different standard. One primarily focuses on protecting Electronic Personal Health Information -- HIPAA, and the other primarily focuses on protecting credit card information -- PCI. The installation of a wireless network introduces a new set of issues that have to be addressed in order to be compliant with these standards.
What are some of these issues?
There is no physical medium by which your data is passed. With the data passing through the air, how do you contain access to it?
Traditional means to secure a wired network won't all work on a wireless network.
Attackers can attack a wireless network without having to go through an internet connection or firewall and remain anonymous.
So what are "some" security measures that could be put in place to address these issues and have a secure wireless network?
Make sure your data is encrypted if you handle sensitive information and/or that your wireless connection is encrypted. Even if someone is observing your signal, they won't be able to understand what they're viewing.
Make sure there is a method in place to authenticate each user as well as a method to authenticate the wireless network you're using. This is called mutual authentication.
Use a Virtual Private Network or a VPN whenever possible. If you have a wireless network connected to your wired network, you should be using a VPN.
Implement a Location-Based Wireless Security System. A Location-Based Wireless LAN security system gives you the ability to precisely determine the physical location of all wireless devices, in and around your RF environment. It continues to monitor your environment 24/7 and implements security protection mechanisms in real-time to address issues such as policy violations, rogue devices, vulnerabilities and threats.
Wireless networks are here to stay and should at least have the 4 security measure mentioned above in place. Wireless networks offer mobility, convenience and a relentless connection to the network, and it's something that every business (even those with a "No Wi-Fi Policy") is going to have to address, especially those that are subjected to standards like HIPAA, PCI, SOX, DOD Directive 8100.2 and GLBA, just to name a few.
Rabu, 27 September 2017
Selasa, 05 September 2017
Enlisting Managed Hosting Services to Achieve Regulatory Compliance
Concerns over data security, particularly in the financial and medical services industries, have led to the development of new standards and regulations that govern how information is secured. As businesses move their data and applications to the cloud, managed hosting services can provide a cost-effective way to comply with heightened security requirements imposed by standards such as PCI DSS, HIPAA/HITECH and the Sarbanes-Oxley Act.
Companies that store, process or transmit cardholder data, for instance, are governed by the Payment Card Industry Data Security Standard (PCI DSS). This is a worldwide security standard created to help businesses that handle cardholder data to enhance security measures and protect customers from credit card fraud. In order to achieve compliance, businesses must be able to meet 12 stringent requirements and more than 200 security controls. Compliance is essential, however, since failure to follow the standard can result in heavy financial penalties.
Data security is also essential for the medical services industry. The Health Insurance Portability and Accountability Act (HIPAA) requires healthcare organizations to protect the privacy of individually identifiable health information. Organizations found in violation of HIPAA standards are liable for a maximum penalty of up to $1.5 million, as dictated by the Health Information Technology for Economic and Clinical Health (HITECH) Act.
Achieving compliance, however, can be challenging even for established businesses, since it's necessary to allocate a considerable amount of time and resources into building a secure, standards-compliant IT infrastructure. By utilizing the services of managed hosting providers with extensive experience in compliance management, companies can take advantage of the service providers' secure infrastructure and the expertise of personnel who are well-versed in the intricacies of industry/regulatory standards.
Preparing an organization's IT infrastructure for compliance requires a number of essential steps, which covers everything from installing anti-virus software and firewalls, to implementing strong access control measures and maintaining an information systems security policy. Regular log analysis, audits and host vulnerability scans are also implemented as part of a provider's compliance solution to spot potential security issues.
By entrusting mission-critical and sensitive client data to a managed hosting service provider, companies can rest assured that their database is housed in a secure network with enhanced security protocols and the constant care of IT professionals.
Considering the cost of running and maintaining a dedicated server, utilizing the services of a managed hosting service provider makes good business sense. By offloading server management and administration tasks to the experts, companies can focus on their core business competencies.
Companies that store, process or transmit cardholder data, for instance, are governed by the Payment Card Industry Data Security Standard (PCI DSS). This is a worldwide security standard created to help businesses that handle cardholder data to enhance security measures and protect customers from credit card fraud. In order to achieve compliance, businesses must be able to meet 12 stringent requirements and more than 200 security controls. Compliance is essential, however, since failure to follow the standard can result in heavy financial penalties.
Data security is also essential for the medical services industry. The Health Insurance Portability and Accountability Act (HIPAA) requires healthcare organizations to protect the privacy of individually identifiable health information. Organizations found in violation of HIPAA standards are liable for a maximum penalty of up to $1.5 million, as dictated by the Health Information Technology for Economic and Clinical Health (HITECH) Act.
Achieving compliance, however, can be challenging even for established businesses, since it's necessary to allocate a considerable amount of time and resources into building a secure, standards-compliant IT infrastructure. By utilizing the services of managed hosting providers with extensive experience in compliance management, companies can take advantage of the service providers' secure infrastructure and the expertise of personnel who are well-versed in the intricacies of industry/regulatory standards.
Preparing an organization's IT infrastructure for compliance requires a number of essential steps, which covers everything from installing anti-virus software and firewalls, to implementing strong access control measures and maintaining an information systems security policy. Regular log analysis, audits and host vulnerability scans are also implemented as part of a provider's compliance solution to spot potential security issues.
By entrusting mission-critical and sensitive client data to a managed hosting service provider, companies can rest assured that their database is housed in a secure network with enhanced security protocols and the constant care of IT professionals.
Considering the cost of running and maintaining a dedicated server, utilizing the services of a managed hosting service provider makes good business sense. By offloading server management and administration tasks to the experts, companies can focus on their core business competencies.
Langganan:
Postingan (Atom)