health it and information security by manish tiwari
TRANSCRIPT
1
IT Security in Healthcare
Manish Tiwari
The explosion of devices is eroding the standards-based approach to IT.
Devices
Deploying and managing applications across platforms is difficult.
Apps
2
DataUsers need to be productive while maintaining compliance and reducing risk.
Users expect to be able to work in any location and have access to all their work resources.
Users
Today’s challenges
Devices AppsUsers
3
Empower usersAllow users to work on the devices of their choice and provide consistent access to corporate resources.
Unify your environmentDeliver a unified application and device management on-premises and in the cloud.
Protect your dataHelp protect Critical Information and manage risk.Management. Access. Protection.
Data
People-centric IT
Industry trends and cybersecurity impact
Malicious software
Targeted attacks
Data theft & insider leaks
Business Impact
Mobile
65% of companies are deploying at least one social software tool.
Social Cloud Digital content will grow to
Over 80% of new apps will be distributed or deployed on clouds in 2012.
Big Data
70% of organizations are either using orinvestigating cloud computing solutions
By 2016, smartphones and tablets will put power in the pockets of a billion global consumers
The world’s mobileworker populationwill reach
80% growth of unstructured data is predicted over the next five years.
1.3 billion over 37% of the total workforce by 2015
Millennials will make up75% of the American workforce by 2025
2.7ZB in 2012, up 48% from 2011, rocketing toward 8ZB by 2015.
average annual spend to protect from, detect, and recover from attacks
1.8 successful attacks experienced every week
Cumulative Cybersecurity spend by 2023
$8.9M
$165B
End Users want and need new ways to work
Attackers see opportunity
Organizations need to find balance
Cyber Attacks against Health Sector
Insulin Pump Vulnerable to Hacking, Johnson & Johnson Warns
Rainbow Children's Clinic in Texas hacked, patient records deleted
In 2011, cybercriminals in China stole 2,000 patient X-rays
Credit / Debit Card details of 100,000 Britons for sale on internet - Feb 16
246,876 U.S. healthcare patient records were breached in Sep -Protenus
Massive DDoS attack harnesses 145,000 hacked IoT devices
Vulnerability of certain pacemakers
Sectors facing Increased Cyber Threat KPMG Report
Building a Secure Critical Information Infrastructure
Digital Transformation Strategy (3 year plan)- Risk Assessment > Vulnerability Assessment > Penetration Testing- Info-sec policy and enforcement- Data Classification Policy & controls- Assume Breach strategy (Protect, Detect, Respond & Recover)
Timely upgradation of Technology
Network Security Architecture and Baselining
IT Asset Management
Domain Design, Deployment & Management- Group policies- Central patch management & security updates- End Point security & hardening / server hardening- Central IAM
- IM- PIM- SSO with MFA
Building a Secure Critical Information Infrastructure
Implement PKI- Implement DRMS wrt Data Classification- DLP solution ( with Effective DFA)
Secure Email- use of Digital Signatures- Advanced Threat Analytics
Application Whitelisting & Security
Enterprise Management- BYOD Policy- Mobile and Laptop devices
Change Management
Adoption of Hybrid Model for better IT Risk Management- Web Portal- Email services
Cohesive Structure for Risk Assessment & Risk Management
Typical state of identity management todayLots of manual process across different, decentralized systems
CreateDelete
Attribute Sync
Active Directory
Exchange
HR (SAP)
ApplicationOwner
BusinessManager
Users
IT Helpdesk
Administrator
Administrator
Financials
SharePoint
Sales
Future state, centralized identity managementLocate the logic in one place and automate it with many systems
• Self Service Group Management• Self Service Password Reset• Improved Productivity
• Workflow• Notifications• Approvals• Attestation and Reporting
• Automated Provisioning• Automated De-provisioning• Account, Group and Mailbox
Management
HR (PeopleSoft, SAP, Workday)
Administrators
Active Directory
Exchange
ApplicationOwners & Managers
Users
IdentityManagement
On PremiseDatabase, Directories
& Applications
Over a million servers in data centers around the world
How can adopting a Cloud Model improve our security?Take a proactive approach against the expanding threat landscape
Incident response team works 24/7
Centralized monitoring and logging
Security embedded in systems and software
(SDL)Predictable security
controls through Operational Security
AssuranceSophisticated intrusion detection controls
Anti-virus and anti-malware
Best-in-class security professionals
Up-to-date software & patch management
“Assume breach” strategy
Deep understanding of new threats and
attack vectors
The Cloud
Responsibility for Security is based on the type of Cloud Service
16
Thank You