Category Archives: Cloud Computing

How to Use DLP to Secure PHI & Better Comply with Healthcare Regulations

Advances in technology have caused vast improvements to patient care in the healthcare industry. While healthcare administration has become more efficient, healthcare providers are able to offer improved patient care by reading patient data from sophisticated equipment in real time and being able to get specialists in different locations to offer professional advice on a specific patient’s treatment.

With this, of course, comes the risks involved with electronic data. Many of the publicized concerns, in the media particularly, lie with external threats, but almost half of all data loss happens internally, because of accidental or intentional and malicious release of sensitive information.

In this article, we’ll talk about how to use data loss protection (DLP) to better secure protected health information (PHI) in line with industry regulations.

What does PHI cover?

The key information covered in PHI includes, but is not necessarily limited to information about:

  • Health status
  • Provision of health care
  • Payment for health care

There are specific indicators, such as, in terms of location details, anything more specific than an individual’s state is protected. These can be found, as well as a full breakdown of the law, here.

Using DLP strategy

DLP strategy is much more than just rolling out expensive software for employees to use and ensure you’re covered. In fact, lawmakers will look at much more than just the technology employed if you are facing prosecution and liability for any internal data breach.

  1. Staff accountability

All staff, from HR personnel, to specialist healthcare professionals, IT departments and administrative staff should be on-board with the healthcare institution’s DLP strategy. They should understand it and be actively employing it. This means effectively communicating it to all staff through policies and procedures. Often some of these can be implemented in the actual DLP technology, meaning staff are getting real time updates on how they are using the DLP strategy, what they’re doing right and wrong, and how to improve.

  1. Identification and prioritization

Prioritizing how and what patient information should be deemed sensitive and how much DLP should be applied can be tricky. However, the laws around PHI help with this as they breakdown quite specifically what needs to be protected. From there, it is a matter of figuring out where that data lies and how the DLP technology can protect it.

  1. Audit, monitor and scale

It’s unrealistic to assume that a healthcare establishment, such as a large hospital, can protect every piece of information immediately. Budgeting and resource constraints get in the way. Additionally, new technology is always being implemented in the healthcare industry so rolling out a single DLP strategy that rigidly stays in place for the next decade will not do the job that lawmakers are expecting it to.

Instead, potential sources from which data can leak should constantly be assessed as they arise, data movement should be tracked to look for abnormalities and irregularities. And, audits should take place on how effectively the DLP strategy has been in ensuring the protection of patient information.

US lawmakers are serious about data loss protection in the healthcare industry and the laws around them are enforced, with individuals sometimes facing fines up to $250,000 if they are found to be liable. Ensure that your healthcare institution complies with industry regulations by working with your DLP company to create an effective, well-communicated strategy that protects you and, most importantly, your patients.

Is Cloud Storage Right for Your Business?

Storing data locally in your own data center has a number of limitations. Storage capacity and redundancy are limited by the server and drive space available in the data center. Increasing capacity to meet demand is costly and time-consuming. If demand falls off, you are left with wasted capacity sitting idle.

In the event of a hardware failure or power outage in the data center, your data will be unavailable, and could possibly end up corrupted or permanently damaged. In the event of a catastrophe, any backup data stored locally could be wiped out along with the production data, which would be devastating for most companies.

Benefits vary from vendor to vendor and depend on the service level you negotiate, but here are some of the primary benefits of storing data in the cloud:

  • Scalability―Cloud computing allows you to quickly and easily scale capacity, either increasing or decreasing available storage space to meet current demands. That means you will be able to handle unexpected spikes in capacity needs without having to over-invest in hardware that will spend most of the time idle.
  • Redundancy―Cloud storage providers generally provide multiple sites that are geographically separate, but with mirrored copies of all data. Hardware failures, power outages, or natural disasters affecting a site will be transparent to you because your data will still be accessible from the alternate sites.
  • Hardware Upgrades―Hardware changes so rapidly that your data center investment can be bordering on obsolescence when you have barely implemented it. A third-party vendor dedicated to providing hosted online storage will invest in hardware and infrastructure upgrades over time so you get the benefit of newer technology without having to constantly re-invest in new hardware.
  • Disaster Recovery/ Business Continuity―Storing data in the cloud also means that it is being stored offsite. In the event of a catastrophe or natural disaster impacting the local office, the data itself will still be protected and available online. Business will be able to continue almost seamlessly from alternate locations, and the data will be immediately available once normal operations resume at the primary office facility.
  • Cost―Considering what you get, scalable, redundant storage that also doubles as a disaster recovery and business continuity solution, the cost of cloud storage is typically quite reasonable. Consider as well that by engaging a third-party host for your data, you don’t have to hire personnel to manage data storage in-house, with their associated salaries and benefits. With the economies of scale offered by a cloud storage provider, adding additional space is a fraction of the investment that would be required for new hardware, and the power and cooling necessary to accomplish the same thing in an internal data center.

Leveraging cloud data storage provides a scalable, reliable, cost- effective storage solution. While there are multiple benefits, the type of cloud storage solution that works best for your company is based on your own specific needs.

Why is On-Demand Cloud Security Gaining Momentum?

 

Demand for cloud computing is high

Cloud computing today is the new normal. The need for cloud services is evidenced and accelerated by the growing number of organizations that are increasingly adopting cloud-based applications for communications, collaboration, business processing and storage. The use cases for the need is only strengthened by business drivers (cloud-driven innovation, user satisfaction, etc.) and technology drivers (agility, scalability, and costs).

Resistance to cloud adoption is gradually waning

In the near past, organizations have not been entirely comfortable with switching over to cloud computing. A big concern was (and to an extent, still is) the lack of faith in the provision of security in the cloud. Naturally, this means that organizations are not sure if data stored in the cloud is safe from incidents such as hacking and data theft. Add to this, the proliferation of bring-your-own-device (BYOD) to work―and the level of risks and concerns just shoot through the roof. A survey by HyTrust found that more than 45% of organizations identify security as a top concern when deploying cloud infrastructure.[1]

Organizations have, however, identified a mid-way through emergence of the hybrid model. The model allows organizations to leverage the benefits of cloud computing while retaining critical applications in their own data centres.  Towards this, a positive finding from the HyTrust survey is that nearly 70% of respondents believe that data breaches and other security risks are becoming less of an obstacle to cloud deployment.[2]

The shift to an on-demand cloud security model

Traditionally, organizations have deployed on-premise security controls to maintain greater control and flexibility over access and usage of data and applications. With confidence around cloud deployments growing, organizations are now extending security controls across the traditional on-premise model to an on-demand model. The drivers are the same as for any other cloud application―scalability, flexibility and cost.

The on-demand model brings in a lot more flexibility enabling organizations to deploy security agents based on usage. The benefits are immediate as the service can be deployed quickly. This allows organizations to scale their security as per business needs, without adding to costly administrative resources.

While some security controls are made available by cloud service providers, it becomes complicated and costly for organizations to keep a track of a plethora of cloud workloads. Towards this provision of an on-demand service, that gives clear visibility on all instances, streamlines security and greatly enhances operational efficiency.

As business threats are growing and getting complicated, organizations are realizing the benefits that the on-demand cloud security model can bring. While its adoption is yet to accelerate, the time is right to pause and think prudently―are you ready to do everything yourself or do you want to focus on your core business and deploy a managed service that takes care of all your vulnerabilities as well as compliance. It is time to act now.

[1] http://www.enterprisetech.com/2016/04/22/security-concerns-easing-cloud-deployment/

[2] Ibid.

Email Encryption – Not So Complex Anymore

In today’s time, when technology has taken control over almost everything in life from home to business, educational institutes, government agencies, doctor offices etc., the question arises as to how secure your data. With data breaches on the rise, data protection has become a hot topic.

How do you protect data ‘at rest’ and data ‘in transit’? How can you protect against the threat of espionage, hacktivism, spyware, or insider negligence? Encryption comes into play at this juncture. In recent years, there have been numerous reports of confidential data such as customers’ personal records being exposed through loss or theft of laptops or backup drives and data being breached when transmitted across networks by unauthorized users.

One of the proven techniques is to use algorithms for the purpose of encrypting data. The system encrypts the information contained on hard drives, disk arrays and SAN storage using an innovative, sophisticated encryption method to securely protect data stored on servers and on backup media.

Encryption protects stored information whenever physical control of the media is impossible, whether moving data to cloud, or in the case of hard drive loss. The permanent encryption of a file is a reliable way to protect any information it contains wherever the file physically resides.

For technical reasons, an encryption scheme uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients.To access encrypted data, the keys are a must. An unauthorized interceptor cannot access data without this key. The key can be either vendor-managed key or be a customer managed key.

Zecurion Zserver offers an excellent solution in this context. It takes advantage of complex cryptographic techniques to protect data stored on servers, SAN and NAS storages, magnetic tapes and optical disks. With unique media encryption capabilities, it protects data in use, storage and transport. Its system is designed with a balance between ease-of-use and the strongest available control levels by allowing administrators to decide when data is encrypted and decrypted through the Zserver Enterprise Key Management Server (EKMS). Zserver uses proven encryption algorithms with key lengths up to 512 bits (AES, XTS-AES). The adaptive multithreaded encryption, the system uses can significantly increase the speed of data encryption on multiprocessor and multicore systems.

EKMS empowers the customer completely. It may make the physical location of the files less relevant, since no party can decrypt the data if the customer has chosen to withdraw access to the encryption keys. In this way, the customer has the total control on whom to give the access to the data. The solution enables customers to manage the keys that encrypt and decrypt their data. EKMS gives customers their own key layer, and sole control over the management of the encryption keys used to protect their data in the cloud. It is up to the customers to properly manage the keys to avoid any interruption of data-sharing or collaboration with their own customers and partners.

All in all, data protection is very vital to avoid any kind of loss whether the breach is intentional or just a human error. You can research the type that best suits your needs, but you should make sure that you have your data protected.

Protect Your Cloud from Data Loss – 5 Best Practices

Uploading data in the cloud is not new anymore. Hosted email and marketing services, project collaboration, sales and customer relationship management services and document sharing are just a few to name. Although cloud computing is one of the most powerful megatrends sweeping corporations today, it has resulted in a struggle to balance the benefits with the associated security and technical risks.

Here are five best practices to enforce a robust cloud data loss prevention (DLP) strategy.Cloud Computing5

1. Make DLP a business process rather than using it as a mere IT tool

To reap the maximum benefits, develop awareness programs that share security policies and tools with employees. A key finding as per one of Gartner’s reports is, “Implementing DLP technology as an IT initiative in isolation of lines of business can lead to shortcomings, such as a misalignment between actual business risks and the detection policies (that is, business rules) programmed into the DLP platform and inadequate reporting. Thus, deploying and operating DLP technology without direct line-of-business involvement is likely to result in the failure to deliver required goals.”

Since employees use cloud computing services all the time, it is important to make data security everybody’s responsibility and not just a function of an IT department.

  1. Establish, educate and emphasize on secure cloud adoption practices within the organization

Through constant communication, develop a clear understanding of which data is most significant to the organization. Identify sources of data, formats in which that information is stored and cloud applications being most commonly used to store or exchange that information. According to IDG, cloud investments have increased by 19 percent in large-scale enterprises. In 2015, 24 percent of IT budgets will be allocated to cloud solutions, with the highest percentage being allocated to SaaS models. Establishing secure practices around commonly used cloud applications, particularly on storage and exchange of confidential files, and educating and emphasizing on the effecting implementation of these practices reduce the risk of data breaches.

  1. Develop confidence and trusted relationship with cloud service provider

A number of security concerns arise when organizations do not hold the encryption keys to cloud-stored business data. Cloud service providers that offer enterprise key management add an extra layer of security and confidence for organizations that are not comfortable with the public cloud. Practicing due diligence before adopting a cloud-based tool to clearly understand what is being offered and how transparent data security practices are go a long way in establishing an open and trusted relationship with the provider.

Alexey Raevsky, CEO, Zecurion, says, “Key management allows organizations to centrally, efficiently, and securely manage and store cryptographic keys and policies. This allows security teams to uniformly view, control, and administer cryptographic policies and keys for all their sensitive data—whether it resides in the cloud, in storage, in databases, or virtually anywhere else.”

  1. Implement data monitoring and context-aware solutions for data stored in the cloud

Organizations that rely on active data monitoring and context-aware approach are better able to mitigate the threat arising from accidental or intentional leakage of data stored in the cloud. Along with sophisticated detection techniques, robust encryption, policy-based access controls and centralized administration form the four pillars that enhance security in the cloud.

  1. Enforce a proactive response and recovery plan

An organization’s response time to adverse situations is directly proportional to the impact that a data loss incident has. As part of the response and recovery plan, organizations should document responses to specific incidents and ensure that the recovery plan is enforceable under all situations.

Zecurion’s DLP Cloud solution provides just the right solution that balances the benefits with the security concerns that enterprises have. Zecurion DLP Cloud offers an additional layer of security through its Zserver Enterprise Key Management Server (EKMS) that allows users to keep encryption keys on their own network while keeping encrypted data in a data center. To learn more about this solution, check out our product overview by downloading Zecurion DLP Cloud. No registration is required to download this document.

Image Source: http://www.freepik.com/free-vector/vector-cloud-computing-illustration_713177.htm; Designed by Freepik