News
In the News
IT security systems move to handle all threats
By John Andrews
December 1, 2006
Courtesy of Healthcare IT News
THE DIGITAL AGE of healthcare has generated rivers of data, accessed by users from locations all over the map. But as technology has become more portable, so has the need to safeguard the sensitivity of the data being shared.
For instance, San Mateo, Calif. -based Elemental Security is addressing the challenge of "stitching together solutions that are not necessarily designed to work together," says chief marketing officer Roy Agostino.
Rather than viewing network security as a policing issue, he suggests hospital executives approach it as a business concern.
"Security needs to be aligned so that there is continuity," he said. "From a business standpoint, the objective should be that critical processes are not compromised, that patient information is protected and that intellectual property is safeguarded."
Elemental's security software is an "agent-based" architecture that acts as a configuration monitor, allowing IT staff to set up the system according to organizational policy. A connection matrix in the database conveys how resources are being used, said account executive Todd Radermacher.
"The configuration homogenizes disparate sources and centrally defines and monitors so that you know whether or not you are complying with policy," he said.
Ensuring 'safe passage'
Companies like Fiber Optics in Research Triangle Park, N.C. , are focused on protecting "data in motion" as it channels its way throughout borderless networks. The goal is safe passage along its many routes by minimizing the number of way stations, said Jim Doherty, vice president of marketing.
"Up until now, the focus has been on encryption between two points," he said. "But the fundamental limitation with encryption over the network is a key exchange, where information needs to be transferred. It forces a point-to-point security association where both sides share a key, allowing them to encrypt the data across the network in both directions. As networks continue to gain multiple points, the number of key exchanges and security associations proliferates like bunnies on steroids. The more end points there are, the more complex it gets and the greater the likelihood of errors occurring."
Fiber Optics has introduced CypherEngine Policy & Key Manager, which fundamentally changes how policies and keys are distributed throughout the network, keeping the encryption intact while removing the limitations. That way, the number of key exchanges can remain at one no matter how many points are added.
E-mail vulnerabilities
"We had restrictions on the size of files and type of file extensions attached as e-mails, so if people wanted to move around outside the institution, we had to go with raw FTP transfers," he said. "These are essentially readable by anyone on the Internet. The problem grew over the years as Power Point and similar files grew in size and overloaded the system. It was a situation that wasn't secure."
A Web server that sits inside the hospital's Intranet, the Accellion appliance allows users to move files around. Basically, the sender ships a secure link to the receiver, who picks up the file using an ID and password.
"It provides a high level of security for moving files in and out and does it in a way that requires low overhead," Olson said.
'Roaming' desktops
Because healthcare professionals are becoming increasingly mobile, they need access to data from wherever they may be. It can be a logistical hassle to log on and off while keeping track of passwords and other specifics.
Lexington, Mass. -based Imprivata viewed the situation as an opportunity to introduce its "roaming desktop" concept, said Gregg LaRoche, director of product development. The company's OneSign product is an appliance-based authentication management and enterprise single sign-on system that is akin to having users' personal desktop computers follow them around.
"It's a technology that allows a desktop session to get parked, preserved and resumed as workers roam around the hospital," he said. "We manage the identities of the system users and authenticate those who lock and unlock sessions. We allow them to roam around even if the server doesn't know who they are."
Monitoring third parties
Another security concern amid the "extended enterprise" is the third party contractor. With so many hospitals outsourcing services to save costs, how do they ensure that the data safety net reaches off-campus locations?
Herndon, Va. -based Cybertrust devised its Partner Security program so that providers and payers can evaluate the risk of potential relationships, said Jennifer Mack, director of product management.
"There are hundreds and thousands of third parties out there that handle payroll, billing, prescription services, patient record keeping and data warehousing and the internal systems are theirs," she said. "We offer a Web-based program that allows customers to understand who they are dealing with and how secure they are. It gives them feedback that they can use to make decisions."