Tuesday, April 14, 2009

Security solutions respond to demand

BOSTON – The cyber threats to healthcare IT organizations may be too numerous to count, but this particular black cloud does have a silver lining – it's forcing IT security vendors to specialize in better-defined areas and to abandon impossible claims of providing blanket security.

If this fall's 10th annual HealthSEC show in Boston were any indication, the security category has effectively been subdivided into privacy compliance, network management and defense, intrusion detection and prevention, and identity management. With such specialization, it's hoped, will come greater effectiveness.

"There's a misconception out there that people are secure if they have a firewall," said Michele Taylor, healthcare solutions manager for SonicWALL. "People don't understand all the risks they face today."

SonicWALL was just one of several dozen IT security vendors at the HealthSEC show. Taylor and other vendor representatives at the event say that thanks to the impending April 2005 deadline of the HIPAA Security Rule, some high-profile attacks on healthcare organization data and the sheer number and ferocity of cyber attacks in general, healthcare CIOs have made protecting IT a strategic priority.

Taylor's own message to healthcare providers is simple: Battening down the servers is no longer enough, which is why SonicWALL recommends firewalls for client devices as well. The rise of wireless networks, the growth in digital technologies like PACS and an increase in rogue devices that can access data have all blurred the definition of what the network is.
Robert Markovich of Network Chemistry agrees with Taylor about the threats and the inadequacy of the typical response. His company specializes in intrusion prevention and wireless network integrity, and he's been surprised by the lack of awareness about the threats that exist today.

"Security is no longer a one-size-fits-all solution," Markovich observes. "People thought that if they encrypt and they authenticate, they're protected. Right?"

Wrong. Markovich argues that if IT organizations fail to vigilantly seek out intruders – whether they're at a desktop continents away or sitting in the parking lot accessing a wireless network – they will remain vulnerable to determined hacks looking for financial data or system resources.

"Corporations spend a lot of money to put up firewalls and identify intruders," adds Nicklaus R. Schleicher of Consul, which specializes in security audits and compliance solutions. "But the goal now is to open up networks (to valid users and business partners) while closing down unauthorized access."

In Schleicher's view, a strong defense isn't enough if it doesn't include reporting tools. Even the best security system needs auditing and the ability to test results against policies.

"These are the things HIPAA requires," he says, "and the things you need to be concerned about."

No comments:

Post a Comment