skip navigation
Subscribe via RSS  


Tag Cloud
password management, hitech, data breach, breach, security, hipaa compliance, biometrics authentication, password sharing, security risk, security breach, secure authentication, data security, password policy, healthcare access management, user authentication, fingerprint biometrics, user access, data breaches, biometric authentication, healthcare single sign on, strong authentication, fingerprint biometrics,, hipaa, access management, single sign-on, onesign, application access, network access, proximity cards, insider breaches, compliance, authentication management, healthcare, emr, finger biometrics, two-factor authentication, security risks, biometric fingerprints, identity management, management, identity and access, secure application access, enterprise security, biometrics, application security, single sign on, mckesson insight conference, medical records, healthcare single sign-on, enterprise single sign on, single sign on technology, fingerprint biometric, identity and access management, biometric fingerprint, password policy management, himss 09, physical and logical convergence, two factor authentication, biometric identification, insider threat, events, user provisioning, electronic transactions, passwords, physical-logical convergence, physical logical security, esso, simple sign-on, sso, sso appliance, summit, keystone, 2008, authentication and access management, physical and logical access, authentication, physical/logical, asis, convergence, strong passwords, physical security, access and authentication, security breaches, secure access, sign-on


Archive
July 2010 (2)
June 2010 (3)
May 2010 (3)
March 2010 (4)
February 2010 (5)
January 2010 (1)
December 2009 (3)
November 2009 (3)
October 2009 (4)
September 2009 (4)
August 2009 (7)
July 2009 (4)
June 2009 (4)
May 2009 (1)
April 2009 (2)
March 2009 (2)
February 2009 (2)
January 2009 (1)
December 2008 (1)
November 2008 (2)
October 2008 (3)
September 2008 (4)
August 2008 (4)
July 2008 (6)
June 2008 (5)
May 2008 (8)


Authors
Michael Bilancieri
Dr. Barry Chaiken
Jim Whelan
Ali Pabrai
Tom McDermott
Jon Hamdorf
Chris Feeney
David Ting
Bill McQuaid
Jason Mafera
John Clark
Chip LeBlanc
Christopher Paidhrin
Rik Van Bruggen


Recent Posts
Even Spies Have Password Management Problems
HIT Policy Committee Consumer Choice Technology Hearing Recap
Major Healthcare Patient Data Breaches Nearing 100-Mark
PHI Access Requires Robust Security and Privacy
User Access Relevance in a HITECH Age


Chat Now
Chat Now
 


SSO and Strong Authentication: How OhioHealth Built a Paperless Hospital
In this case study presentation, Joe Greene, IT Security Director at OhioHealth, explains how he and his team approached employee access challenges when they laid the IT foundation at Dublin Methodist, a brand new paperless hospital. More than a year after the doors opened at Dublin, their project is a proven success and there are many best practices and lessons learned to be shared with viewers.  Download the webinar today!

Identity 360 - An Imprivata Blog



filter by tag: compliance

Security Wish List and This Year’s Ultimate Strong Authentication Stocking Stuffer

December 23, 2009 at 10:22 AM by David Ting

2009 was a tough year with the global economic downturn resulting in unprecedented workforce reductions.  As a result, security risk from insider breaches has never been greater.  Now, as we look to turn the page to 2010, it’s already clear that organizations will continue to go beyond the traditional levels of network access security by implementing policies that require users to provide a second form of identity to gain access to IT resources.

Once considered an unnecessary form of security, strong authentication has materialized into an essential part of data security best practices.  In fact, most regulatory bodies are now starting to mandate the use of strong authentication.  The need for organizations to implement multiple types of strong authentication options is driven primarily by user environment, habits and workflow.  While there are several options available—biometrics, One-Time-Password (OTP) tokens, proximity cards, USB tokens, smart cards – there’s only one that stands apart as the strong authentication method must-have this holiday season: proximity cards.

 After speaking with a slew of OneSign customers in recent months to hear how their single sign-on (SSO) experiences are going and to get a grasp on what their future security plans entail, the common denominator amongst these initiatives is the use of proximity cards.  Proximity cards are a practical and affordable way for organizations to gain greater control of their physical access systems and meet regulatory compliance demands. They also serve as an effective way to achieve a comprehensive view of who is accessing what, when, and from where.

From industries including financial services, government and healthcare, proximity cards is the strong authentication modality of choice for chief executives as they look to further leverage their existing network systems, achieve holistic security postures and meet budgetary concerns.  They also make for great stocking stuffers for the security guru that is looking to protect their family from an insider attack.

 What’s on your security wish list this holiday season?

Tagsnetwork_access proximity_cards insider_breaches strong_authentication compliance

FACEBOOK
LINKEDIN
DIGG
diigo itDIIGO
FURL
TECHNORATI
STUMBLE UPON
DELICIOUS
 

Massachusetts Data Privacy Regulations – Are You Protected?

November 26, 2008 at 3:30 pm by David Ting

A recent Gartner Blog Network post and Wall Street Journal article both focus on new, stricter data regulations being passed in several states, including Massachusetts.  The final set of the Massachusetts regulations focus on restricting employee access to data, monitoring malicious activity on the network, and strong authentication protocols. The new regulations will go into effect beginning January 1, 2009.

While it sounds like common sense legislation, and represents a good step forward in helping mitigate data breaches, the new regulations will have a wide ranging impact and will affect every business in Massachusetts that comes into contact with consumer information - including financial services organizations, healthcare organizations, and even educational institutions.

A closer examination of the regulations shows that they're very similar to the Payment Card Industry (PCI) Data Security Standards (DSS).  That's good news for many companies that handle financial information and have achieved PCI Compliance, or those that are working towards compliance.  In fact, a recent survey of IT decision makers commissioned by Imprivata examining identity management trends in PCI compliance, shows that a majority of companies are either currently compliant with PCI standards, or plan to be in the next 18 months.

The departure from PCI comes from the types of information that need to be secured - the new regulations go beyond financial information and cover any personal information a business might collect, including bank account information, social security numbers, etc...  This impacts a large number of businesses that might not have fallen under the PCI umbrella. 

If your business falls under that category and you haven't gotten started on your way to compliance with these new regulations, a good place to start is to make sure you have access policies in place to control how users access information. Implementing strong authentication wouldn't be a bad idea either as it ensures that access to records are controlled and you can verify and report on the identity of the user accessing the data.

From an IT stand point, this means that, not only do all users in your business have distinct passwords and logins but each user has the authorized rights to access the information. Consistent with the principles of role-based access and least privileged access, you also want to make sure the level of access granted to users is consistent with their job function and restricted in scope. Above all, IT systems need to have authentication, authorization, and traceability to demonstrate user accountability for whatever information they're accessing.

Most importantly, businesses need to ensure that when employees leave or job functions change, there is a quick way to deactivate access to information.  This is a critical step in preventing a data breach, ensuring that former employees can't access sensitive information and applications once they're no longer part of the company, and ensuring that unauthorized personnel can't access the same information using access credentials provided by their former colleague.  How often have we heard of data breaches traced back to expired accounts belonging to innocent former employees that no longer have access to the system? Keeping your IT and applications accounts in sync with active employee is just good IT housekeeping.

These new regulations put the onus on the business to make sure they're taking proactive steps to protect sensitive customer information.  While the new regulations haven't outlined the potential penalties for violation yet, the threat of a fine shouldn't be the trigger for an action when it comes to protecting customer information.  Nor should businesses wait until they have a breach before getting serious about security - these are common sense steps that all businesses should take to ensure that they're protecting their critical assets and data.

Is your business impacted by the new regulations? If so, where are you starting your journey to protect your business and your customers?

-David

Tagsstrong_authentication compliance

FACEBOOK
LINKEDIN
DIGG
diigo itDIIGO
FURL
TECHNORATI
STUMBLE UPON
DELICIOUS
 
© 2010 Imprivata, Inc. all rights reserved | Sitemap