WPPS C-Suite News

The PCI Security Standards Council created the criteria, but the five leading credit card companies each maintain their own compliance and enforcement programs

In many cases, banks or merchant service providers are now sending letters to organizations that have smaller payment card transaction levels and asking them to prove they are compliant by completing a self-assessment questionnaire,

best practices are being swept under the rug. Only 31 percent of respondents archived according to HIPPA recommendations

Another third stored archives in a single data center and only slightly more (36 percent) stored archives in datacenters located less than 100 miles apart.

Hosted solutions offer an attractive alternative to the healthcare industry. Such solutions ease the burden on in-house IT, which is typically characterized by few people, limited dollars and huge workloads.

“The fact that passwords remain the cornerstone of enterprise authentication represents a significant and increasing risk. The vulnerability of password-based authentication is widely recognized: From the earliest phishing attacks to the most sophisticated spyware, passwords still represent one of the most common methods hackers target and use to access corporate systems and sensitive data”, the study observed.The way to reduce the costs of lost passwords and the increased vulnerability of similar user passwords is through the use of strong multi-factor authentication, explained Chatterjee. For example, two-factor authentication involves the use of something the user remembers, such as a password, and something the user has, like a token.

This approach increases security because a hacker needs both to gain access to a system or account; figuring out the password is not enough. It also reduces the need for users to have multiple, complex passwords. The system's two factors provide the complexity from a security point of view, he explained. Chatterjee used the example of a bank ATM card, which requires the use of the card along with the password for the user to gain access to his or her account.

With the two-factor authentication, users do not need to have complex passwords that change frequently. This reduces the burden on the employees as well as on the help desk, he noted.

The new 25-point plan establishes a Data Center Consolidation Task Force with a goal of reducing the number of data centers by 800 as of 2015.

The plan also touts scalability as a reason for embracing the cloud over traditional solutions. It cited the example of a private-sector company doing video editing that experienced a surge of demand and was able, using the cloud, to scale from 50 to 4,000 virtual machines in three days.

There's an expectation that moving applications such as e-mail to the cloud will facilitate data center consolidation and reduce IT budgets. Some federal agencies have already awarded contracts to move e-mail to the cloud. In addition, the government has selected a dozen vendors to supply Infrastructure-as-a-Service (Iaas).

As of April 2010, only about 7% of small-business owners were using cloud services, but that number is expected to grow to more than 10% by mid-2011, according to a survey by technology-research firm IDC.

Half of small firms that use "the cloud" say it has improved their bottom line, according to a survey this fall by Microsoft Corp., which provides cloud services.

A number of surveys show that some business owners are hesitant to try cloud computing because they don't want to stray from familiar systems or invest in new ones. Some owners that have made the switch, however, say it has been a boon to their cash-strapped firms.

Staying Wired When possible and convenient, use a wired network. Wired networks, whose signals are contained within wires, are much safer than wireless networks, whose signals are broadcast into the air. One can be safe from a number of malicious attacks by connecting a computer to the router (a device that connects networks, in this case, your local network to the Internet) via an ethernet cable, instead of connecting via wireless. Appropriate network settings, of course, must be entered into the computers.

Taking the Office Wireless

Securing Each Network Node

The results indicate that "there are more cloud implementations within the enterprise than people were aware of," Jay Fry, vice president of marketing for the cloud computing division at CA Technologies, told eWEEK. The report indicates that IT administrators are starting to get some visibility on what the various groups within the organization are working on, he said. As more people begin to discuss the cloud within the enterprise, the visibility will continue to improve, said Fry.

In the past, there were "rogue deployments" that the company’s IT staff didn’t even know about, because the individual line of business was purchasing software-as-a-service offerings without involving IT.

Collaboration tools such as hosted e-mail, antivirus and spam filtering and Web conferencing software accounted for a bulk of cloud deployments, at 75 percent, according to the report

1. The growth of cloud computing is astounding. It is estimated that the worldwide cloud computing market is $8 billion with the U.S. market accounting for approximately 40% of that: $3.2 billion.  According to Gartner’s 2011 predictions, number one on their list of Top Strategic Technologies is Cloud Computing. Gartner also predicts that the SaaS market will hit $14 billion in 2013.

2. Cloud Computing Software Solutions VS Desktop Applications The most common reason why small businesses choose cloud computing solutions over desktop applications is this: It is less expensive because you pay a small monthly amount instead of a one-time fee as it works now with traditional desktop software. On a cash-flow basis, it is less costly because your cloud based apps are often slightly less costly than an annual purchase or upgrade for common programs.  However, you have to look closely at the pricing plans and details for each application.

3. Cloud Computing Solutions are available all the time – no matter where you are. For some business users that operate virtual offices or operate remotely on different machines depending on location and they need the application to be accessible from a web browser. That is one of the biggest advantages of cloud computing– it is available wherever you have access to a computer and browser.

"The vast majority of staff in any organisation are trustworthy and honest. However, businesses are now beginning to realise and understand the scale of the threat posed by the small proportion of staff that act dishonestly and defraud their employer."

According to the ACFE 2010 report on occupational fraud the median length of the schemes was 18 months from the time the fraud began until the time it was detected. The median loss caused by the occupational frauds in the report was $160,000. Nearly one-quarter of the cases caused at least $1 million in losses and nine cases caused losses of $1 billion or more.

Historically, the most serious threat from staff fraud has been centred on relatively senior employees in management positions. However, the major threat has now shifted down the organisational hierarchy to more junior members of staff, who have access to, and responsibility for, more confidential customer and payroll data than ever before,"

CSC (NYSE: CSC) announced today that the State of California awarded the company a contract to migrate its current multiple e-mail applications to a cloud-based solution with Microsoft Business Productivity Online Suite (BPOS)

Work under this contract will support Governor Schwarzenegger's executive order and the state's efforts to improve information technology (IT) infrastructure, increase government efficiency, save costs and consolidate IT functions under the Office of the State Chief Information Officer.

“This is part of our efforts to consolidate and standardize information technology infrastructure to reduce costs and enhance productivity,” stated Teri Takai, chief information officer of the State of California

"Our research shows that the healthcare industry is struggling to protect sensitive medical information, putting patients at risk of medical identity fraud and costing hospitals and other healthcare services companies millions in annual breach-related costs," said Dr. Larry Ponemon, chairman and founder, Ponemon Institute.  "At this point one would hope to see that healthcare organizations have improved information security practices and come into compliance with HITECH, now that it's been more than one year since it was enacted.  Instead we found enormous vulnerabilities.  The protection of patient data should be at the forefront of their efforts."

ey findings of the research: Data breaches are costing the healthcare system billions.  The total economic burden created by data breaches on the healthcare industry is nearly $6 billion annually.  The impact of a data breach over a two-year period is approximately $2 million per organization and the lifetime value of a lost patient is $107,580.  The average organization had 2.4 data breach incidents over the past two years.  Major factors causing data breaches are unintentional employee action, lost or stolen computing devices and third-party error.Healthcare organizations are not protecting patient data.  Organizations have little or no confidence in their ability to appropriately secure patient records (58 percent).  Healthcare organizations have inadequate resources (71 percent) and insufficient policies and procedures in place (69 percent) to prevent and quickly detect patient data loss.Protecting patient data is not a priority.  Seventy percent of hospitals stated that protecting patient data is not a top priority.  Patient billing (35 percent) and medical records (26 percent) are the most susceptible to data loss or theft.  A majority of organizations have less than two staff dedicated to data protection management (67 percent).HITECH has exposed the healthcare industry's lax data protection practices rather than improved the safety of patient records.  The majority (71 percent) of respondents do not believe the HITECH Act regulations have significantly changed the management practices of patient records.  The findings indicate that there is a significant number of data breaches that go undetected, and therefore unreported.

"We talk with healthcare compliance people dealing with data breach risks every day and they just can't get their arms around the problem of data exposure," said Rick Kam, president and co-founder of ID Experts.  "Unfortunately, in healthcare organizations, patient revenue trumps risk management."

Here are five steps your company can implement quickly and cost-effectively.

1. Deploy comprehensive endpoint security to check endpoint devices for spyware and malware.

2. Ensure that user devices adhere to defined corporate security policies before, during, and after network connection.

Employee awareness of their companies' security policies is high—if you ask the employees. In a survey of 2,000 office workers, software security company Clearswift found almost three quarters, 74 percent, felt 'confident' that they understand their employers' Internet security policies. That is, policy designed to safeguard data and IT security, as well as maintain productivity.

But the confidence is misplaced, Clearswift suggests in their summary of the findings, because a third of those surveyed have not received any training on IT security since joining their firm. And more than two thirds of those who have not had recent training joined their organization more than five years ago—a 'technological lifetime,' notes Clearswift.

"When security is kept in the shadows and not discussed openly, and only referred to when things go wrong, it is all too easy for office 'folk-law' to become perceived as official policy very quickly. If employees are not aware of when they have broken policies—in some cases because the policy is not even enforced—it can lead to a false sense of security or a belief that what they are doing is actually in line with the corporate policy."

"Three-fourths of businesses are deleting files, reformatting or destroying drives, or 'do not know' how they are erasing sensitive data. Deleting files from a hard drive only marks the files to be rewritten, which may never occur. Furthermore, reformatting the drive only removes the entries in the index or table of contents that point to the data. And, physically destroying a drive is not a guaranteed method of protection, as Kroll Ontrack has been recovering data from severely damaged drives, such as the Columbia space shuttle, for more than 25 years.

"Surveying more than 1,500 participants from 12 countries across North America, Europe and Asia Pacific regarding their data wiping practices also revealed that four in 10 businesses gave away their used hard drive to another individual and 22 percent do not know what happened to their old computer.

Only 19 percent of businesses deploy data eraser software and fewer, 6 percent, use a degausser to erase media. When asked if and how businesses verify their data has been deleted, very few (16 percent) reported relying on a product or service report to confirm all of their data had been wiped.