3 IT Security Compliance Challenges Facing CIOs

In a security landscape that brings new threats and attacker approaches daily, CIOs face challenges of threats on one side of the spectrum and IT security compliance challenges on the other. From the Sarbanes–Oxley Act (SOX) and Payment Card Industry (PCI) Data Security Standard to HIPAA and a host of other regulations, a wide spectrum of business sectors continues to struggle with implementing integrated security technologies.

CIOs must face a variety of emerging ingress and egress security challenges due to IoT, BYOD, cloud computing, and the growing need for application access, among others. These all pose different and overlapping regulatory and other compliance challenges that require CIOs to provide end-to-end, adaptable, and easily reported security measures.

For example, many healthcare organizations still struggle to reach HIPAA compliance, particularly with the HIPAA Security Rule. According to the 2017 SecurityMetrics Guide to HIPAA Compliance research report, smaller-entity non-compliance poses a threat to larger-partner entities. The research shows that:

  • 50 percent of respondents don’t know if their organizations use multi-factor authentication
  • 41 percent don’t know how often their firewall rules are reviewed
  • 26 percent don’t use mobile encryption
  • 27 percent don’t encrypt emails containing patient data
  • 51 percent don’t test employees on HIPAA-related training

Regulatory-compliant firewalls, PHI encryption, mobile device security, wireless network security, emails, and access management are all areas where CIOs in healthcare, finance, and retail can have compliance security challenges. The cloud stack becomes both a source of opportunity and a vulnerability that affects these areas.

Read on to discover the top compliance and security challenges facing CIOs.

1. THE CLOUD STACK, SHADOW IT, AND VPNS

The cloud stack—whether it be software as a service, platform as a service, or infrastructure as a service—has become integral to every sector. This has created an environment where private, public, and hybrid cloud solutions define businesses’ approach to computing, networking, storage, and security. While security is a challenge for every business, it is particularly challenging for the healthcare, financial, and retail sectors, which must deal with data security and compliance regulations.

Essentially, businesses must put processes and technologies in place for data and access management throughout the cloud computing life cycle.

Related Content:The Only Checklist You’ll Need to Uncover Your IT Security Risks

For example, PCI compliance is a major concern on the cloud, as many businesses must provide application access for consumers to make transactions quickly, efficiently, and safely. Here, application delivery controllers can play a major role in securing that access via appliance integrated firewalls as well as load balancing, compression, and caching.

The democratization of the cloud has enabled departments to provision cloud services for storage, communication, application access, and application development, among other things, without going through the IT department. This shadow IT becomes a major security challenge when the CIO’s security team is bypassed and is unaware of its use.

While employees are the weakest link in an organization’s infrastructure, anyone with access to corporate endpoints, data, and applications is a security risk, including contractors and business partners. This can manifest in cybersecurity risks via email, web use, mobile devices, and more.

This requires an overarching set of tools and protocols for monitoring, provisioning, and securing these areas. For example, the right cloud-as-a-service provider can facilitate a customized cloud model to fit both business and compliance needs. Of course, the movement of data to and from the cloud is part of a larger compliance concern that starts with the network.

2. NETWORK INGRESS AND EGRESS SECURITY

The increasing demand for network access has driven a need for securing devices within the on-site network as well as those outside of the network. This has spurred greater regulatory requirements for attaining network security compliance, which includes:

  • Securing mobile devices
  • Enabling protection from malicious software
  • Gaining control over access, permissions, and termination of network devices

Here is where end-to-end cybersecurity support via continuous monitoring tools and protocols can be vital in maintaining compliance with other security standards like HIPAA, SOX, and PCI. A solid continuous monitoring strategy incorporates analysis and reporting, management oversight, tools, training, and testing.

The use of remote-access VPN solutions that integrate Internet Protocol Security and SSL technologies in a single platform can enable unified management while establishing an encrypted tunnel across the internet for remote employee access. The advent of virtual firewalls for private cloud, hybrid cloud, or public cloudenvironments provides uncompromised flexibility, effectiveness, and performance. Some virtual firewalls integrate additional networking functions such as site-to-site and remote-access VPN, QoS, and URL filtering.

Data encryption is an important tool, but encryption alone does not satisfy every IT security compliance challenge. The entire area of access management requires a more holistic approach that integrates technology solutions and protocols to ensure access control and lessen the security compliance burden.

3. ACCESS MANAGEMENT

According to a Citrix/Ponemon Institute survey released in January of this year, 71 percent of IT leaders admit they are at risk from an inability to control employees’ devices and apps. The proliferation of BYOD, coupled with cloud, network, and application access, provides CIOs with access management challenges. Consequently, identity and access management solutions should include:

  • Mobile device management policies and technologies
  • Mobile app management security apps
  • Enterprise mobile management suites
  • Robust encryption and automated encryption key management
  • Multi-factor authentication and biometric tools

When it comes to IT security compliance, CIOs must create a holistic approach to data and access security to protect the organization from both internal and external threats. Data protection requires that CIOs create and oversee holistic policies and integrated technologies to keep their organizations safe and secure.

Artificial Intelligence: Google Creates Program That Easily Beats Humans

shutterstock_378418264

 

Artificial Intelligence: Google Creates Program That Easily Beats Humans at the Most Complex Game Ever Created

Move over, chess: the latest advances in artificial intelligence have resulted in a program that resembles deeper thinking and intuitive abilities that outpace humans at an ancient game that has more possible positions than there are atoms in the universe.

Google has created AlphaGo, a program that plays a 3,000-year-old Chinese game called “go,” which involves the capture of territory using black and white stones on a grid board. Chess, which computers defeated Garry Kasparov in 1997, has much fewer move choices in a given instance than go. Read more

Innovation Buzz: SpaceX to Launch Latest Falcon 9 Rocket on March 4th

dragon_v2_in_orbit (1)It’s never been a greater time in the history of humanity to witness the vast array of technological innovations evolving around us. Nothing probably captures more inspiration and awe than spaceflight, and SpaceX is a pioneer in attempting to make spaceflight a lot more affordable. Read more

What’s so Special About a Citrix Engineer?

This past January I had the pleasure of participating in the Citrix Partner Expert Council (PTEC) that was held in Las Vegas. Over 200 partners, myself included, were able to directly communicate and give our feedback to the different Citrix Product Managers. It’s great to know that Citrix is still on top of it’s game and gets partners involved in the product development cycle.

During one of the casual events I had a pretty interesting chat with a couple of my fellow participants. One thing we all seemed to agree on was the difficulty in finding senior level talent within our field – especially senior level talent competent in both Citrix virtualization and networking practices.

For many organizations, the Citrix engineers (Citrix/VDI/RDS) are seen as responsible for the whole of the presentation layer and all of it’s related parts. Usually this ends up meaning that when a user encounters any issue from that presentation layer (applications, the network, storage, etc.), they will first look to the Citrix engineer.

In order to adapt, Citrix engineers have needed to develop other skills to prove their innocence. They’ve now had to expand their areas of expertise to encompass other layers within the environment such as networking, applications, the database, storage, directory services, and anything else related to Citrix/VDI/RDS. Although still specialized in presentation layers, most Citrix engineers end up becoming a bit of an IT generalist due to their accumulated knowledge of the layers over time.

It’s hard to train anyone to become a subject matter expert in one area, but it’s even harder to train someone as a subject matter expert in multiple areas. This is what makes it so difficult to find experienced and competent Citrix engineers.

Here at Centrinet we are an engineer-driven company. Always striving to stay on top of the most cutting edge technologies, our engineers will delivery solutions that consistently exceed client expectations. Please contact us with any questions, we’d love to help!

Liquidware Labs Partner Solutions Brief

Our valued partner – Liquidware Labs – recently released a solutions brief on The Vital Role of  Robust Metrics in VDI Maintenance. The brief highlights the importance of their Stratusphere UX to support the delivery of managed VDI services. As only one of three Liquidware Lab Acceler8 partners to have achieved the Center of Excellence designation (COE), we have a deep understanding of deploying successful and effective desktop virtualization projects utilizing Liquidware Labs solutions.

From the beginning we recognized the need to find innovative and purpose-built VDI tools in order to maintain our standards of customer service. This search initially led us to Liquidware Labs Stratusphere, which provided the full range of desktop visibility across physical, virtual and RDSH desktops. New trends, and changing VDI environments, brought us to adopt Stratusphere UX for health checks and performance monitoring.

“With Stratusphere UX, we are sure we are doing the right thing by our customers. We are 100% positive that we are deploying products that don’t introduce problems, headaches, etc. That way we save time and effort for both our consultants, and especially for our clients, as we fast-track them to the right path.” – Dario Ferreira, Executive Vice President of Centrinet

Read the full solutions brief here.

About Liquidware Labs

Liquidware Labs is the leader in User Experience Management for next generation desktops. Analysts have described Liquidware Labs Stratsuphere and ProfileUnity solutions as the industry’s first “On-Ramp to VDI”. Liquidware Labs enables organizations to cost-effectively plan, migrate, and manage their next generation desktop infrastructure using the industry’s best practices.

Centrinet is one of only three partners worldwide to have achieved the Center of Excellence (COE) designation from Liquidware Labs. As a designated COE we demonstrate the highest level of knowledge in desktop virtualization, and have integrated Liquidware Labs technologies into our delivery to ensure superior service to our clients.

Season’s Greetings Video From Centrinet

Please enjoy our video presentation of the datacenter edition of “A Visit From St. Nicholas”, created for all of those lonely souls working away in the datacenters while most of the world sleeps soundly in their beds.

As the poem goes, “So remember the engineers, and devs, and QAs – as you sip your eggnog and toast the holidays!”

See it on the big screen at YouTube by clicking on the YouTube icon in the frame around the video.

It’s Not Always a Holiday for the IT Department

It’s that time of year again and everyone is busily preparing for the holiday season. There are trips to plan, Black Friday gifts to buy, and last minute preparation for the arrival of friends and family. This time of year sees a measureable increase in economic activity; part-time workers are hired, more shipments are made, and finally – an increase in network utilization.

Behind every merchant website (and network) is a backend system managed by an Administrator or Systems Engineer. These individuals are the ones who must deal with the numerous helpdesk issues – issues that escalate this time of year and are not easily resolved. These support professionals are often tasked with working late into the night and early in the morning. This rigorous holiday schedule is par for the course when it comes to keeping the network functioning smoothly for the customers. Downtime is directly correlated to lost sales, so a sense of urgency exists among the network support personnel.

An Engineer may be in the middle of Thanksgiving dinner, but if they get a call that the network is down they must immediately respond. These IT professionals are the unsung holiday heroes behind network connectivity. This can be a thankless job; customers don’t often recognize how quickly the problem was solved, just that there was a problem in the first place. Most support staff tend to be salaried employees, with after hours work remaining unpaid. You could call these holiday fixes “random acts of IT kindness”.

In gratitude, Centrinet would like to wish a Happy Holidays to all those hardworking IT professionals – thank you for making sure everything continues to run smoothly throughout the season!

TopGolf Open Technology Discussion

Tuesday September 30 marked our 2014 TopGolf event, with a great combination of games and interactive technology panels. We want to thank everyone who participated, all of our panelists with a special thanks to Daniel Black and Skip Loffreda, as well as TopGolf for hosting the event. TopGolf featured an impressive menu, with a wonderful lunch followed by a bit of fun and some competitive golfing games.

Our four panelists, Mark Ma, Eddie Kwasik, Daniel Black, and Skip Loffreda led an interactive discussion with the audience on topics surrounding virtualization and the future of technology. The discussion ended with predictions on the main technological changes on the horizon.

One of the panelists, Mark Ma, led a discussion on software defined storage conversion, and the newest leading innovations on the market today. It was a notable topic and is revolutionizing how storage is managed. Stay tuned for a blog on this topic later in the month.

Mark-and-Eddie-300x219

Two of the panelists, Mark Ma and Eddie Kwasnik, get ready to hit some balls after the technology discussion

Following the discussion panel we all enjoyed an afternoon of games and relaxation with some friendly competition on the driving range. After the event, all of the participants were included in a drawing to win a GoPro HD HERO2. A congratulations goes out to our lucky winner Jason Allen, from Health Information Designs.

DSC_0112-300x199

TopGolf Go Pro Winner- Jason Allen, from Health Information Designs with Centrinet CEO Keith Paschall