Posts Tagged ‘Secure Backup’

h1

Health Officials Seeking More Secure Mobile Devices

March 14, 2012

Mobile devices, from smartphones to tablet computers, are increasingly used in hospitals and other health care settings. But regulators fear that manufacturers have not taken adequate steps to safeguard privacy and security with the technology.

To help seal those gaps, the Department of Health and Human Services (HHS) has launched the Privacy & Security Mobile Device project. The initiative will be managed by the Office of the National Coordinator for Health Information Technology’s (ONC) Office of the Chief Privacy Officer and the HHS Office for Civil Rights.

The project also will work to develop case studies to help communicate to health care providers how to secure and protect health information when using mobile devices. An example of a provider use case scenario is the health care provider who is at home and on call, using a laptop to read a patient’s electronic medical record.

“The rationale behind this specific project is that the use of mobile devices in health care has skyrocketed in the last year,” said Joy Pritts, JD, chief privacy officer for ONC, in an interview. “The concern is that health information is some of the most sensitive information that there is.”

Advertisements
h1

Free cloud services compared

March 13, 2012

Not all cloud services are built alike. We take a look at some of the most popular options — what they’re for, how you can use them and, most importantly, what you get.

h1

Cloud Computing – Business Transformation in the Cloud

February 3, 2012
h1

Verizon’s ICSA Labs Division Identifies Key Security Threats Aimed at Businesses

January 28, 2012

According to the Verizon “2011 Data Breach Investigations Report,” the number of data attacks has tripled in the past five years, making the need to balance security with risk an even greater priority for businesses and consumers. With this trend in mind, Verizon’s ICSA Labs division recommends that businesses and consumers guard against the following 13 security threats in 2012:

  1. Mobile Malware Is on the Rise. Malware targeting mobile devices will continue to increase, and enterprises will wrestle with how to protect users. Obvious targets will be smartphones and tablets, with the hardest hit likely to be Android-based devices, given that operating system’s large market share and open innovation platform. All mobile platforms will experience an increase in mobile attacks.
  2. Criminals Target and Infect App Stores. Infected applications, rather than browser-based downloads, will be the main sources of attack. Because they are not policed well, unauthorized application stores will be the predominant source of mobile malware. Cybercriminals will post their infected applications here to attempt to lure trusting users into downloading rogue applications. Cybercriminals also will find ways to get their applications posted into authorized application stores. And infections can easily spread beyond the smartphone and into a corporate network, upping the ante on risk.
  3. Application Scoring Systems Will be Developed and Implemented. To reassure users, organizations will want to have their application source code reviewed by third parties. Similarly, organizations will want to be sure that the applications approved for use on workers’ devices meet a certain standard. It is anticipated that the industry will develop a scoring system that helps ensure that users only download appropriate, corporate-sanctioned applications to business devices.
  4. Emergence of Bank-Friendly Applications with Built-in Security. Mobile devices will increasingly be used to view banking information, transfer money, donate to charities and make payments for goods and services, presenting an opportunity for cybercriminals, who will find ways to circumvent protections. To help ensure the security of online banking, the banking industry is likely to begin to offer applications that have strong, built-in security layers.
  5. Hyper-connectivity Leads to Growing Identity and Privacy Challenges. In today’s business environment, more users need to legitimately access more data from more places. This requires the protection of data at every access point by using stronger credentials, deploying more secure, partner-accessible systems, and improving log management and analysis. Compounding the issue are a new age of cross-platform malicious code, aimed at sabotage, and mounting concerns about privacy. Enterprises will no longer be able to ignore this problem in 2012, and will have to make some hard choices.
  6. New Risks Accompany Move to Digitized Health Records. In the U.S., health care reform and stimulus funding will continue to accelerate the adoption of electronic health records and related technologies throughout the industry. The American Recovery and Reinvestment Act calls for all medical records to be electronic by 2014, meaning that much work must be done in 2012 and 2013 to prepare.) New devices will be introduced that send sensitive information beyond the traditional boundaries of health care providers, and more and more health care providers are using mobile devices. Along with the need to secure newly implemented EHR systems, securing mobile devices and managing mobile clinical applications will continue to be an ever-increasing focus in the health care industry.
  7. Mobile and Medical Devices Will Begin to Merge. Mobile devices and health care apps will proliferate, making it easier, for example, to transform a smartphone, into a heart monitor or diabetes tester. As a result, some experts believe that industry health care groups will declare mobile devices to be medical devices in order to control and regulate them. As interoperability standards mature, more mobile devices and traditional medical devices will become nodes on an organization’s network. These devices also will share data with other devices and users and, as a result, be susceptible to the same threats and vulnerabilities that computers and other network-attached peripherals, such as printers and faxes, are susceptible to today.
  8. Smart Grid Security Standards Will Keep Evolving. In the U.S., public utility commissions, along with the National Institute of Standards and Technology, will continue to develop smart-grid standards. State PUCs will begin to agree on a standard in the coming year. The government will increasingly require utilities to demonstrate that their smart grid and advanced metering infrastructure solutions protect not only the privacy of consumers and consumer usage data but also the security of the AMI infrastructure. At some point, a single federal framework will supersede state regulations and requirements.
  9. New Concerns Will Surface About IPv6. The federal government is still struggling with the rollout of IPv6-enabled devices as organizations migrate from IPv4. This will be an ongoing concern and IPv6 specific vulnerabilities and threats will continue to cause trouble during 2012. In addition, the other two fundamental mechanisms of the Internet — Border Gateway Protocol and Domain Name System – also now offer a next-generation version. In 2012, many will start migrating to these newer versions, generating a new round of vulnerabilities and exploits.
  10. Social-Engineering Threats Resurface. More targeted spear-phishing — an e-mail-fraud attempt that targets a specific organization, seeking unauthorized access to confidential data – will be the major social-engineering threat of 2012. Efforts to educate user communities about safe computing practices, will continue to be a challenge as the user base of smart devices increases dramatically. Social networking sites will continue to implement protection for users from malware, spam and phishing, but sophisticated threats will continue to seduce users to visit a rogue Website or reveal personally identifiable information online.
  11. Security Certification Programs Will Increase in Popularity. Certifications will continue to increase, especially as the government accelerates IT mandates for its agencies in the areas of cloud and identity; and in turn, the private sector will follow suit. Internet threats will continue to affect business, government and user confidence and wreak havoc on computing devices in the office and at home. The challenge for all testing bodies will be to stay ahead of the ever-changing threat landscape and to evolve testing accordingly. Some testing bodies may suggest certifying the security of companies as a whole, not just their products or services, as a way to build trust online.
  12. ‘Big Data’ Will Get Bigger, and so Will Security Needs. ”Big data” — large data sets that can now be managed with the right tools — will be popular in 2012 as more companies derive greater value through analytics. Companies will use the data to create new business opportunities while empowering evidence-based decision making for greater success. However, companies will need to secure this data in order to achieve the gains they seek.
  13. Safeguarding Online Identities Will no Longer be Optional. With the rampant growth of online identity theft, consumers, businesses and government agencies are seeking ways to better protect their identities. These groups will look to the private sector to provide a cost-effective solution that helps to safeguard their identities and create greater online trust.

“The proliferation of Internet connectivity, mobile devices and Web applications are helping to enrich lives and advance global business opportunity in new meaningful ways,” said Roger Thompson, emerging threats researcher, ICSA Labs. “But in this new era of hyper-connectivity, which is compounded by the blurring of lines between our professional and personal lives, it’s everyone’s responsibility — whether as a business user or a consumer — to safeguard our online activities and interact with technology responsibly to protect our assets, identity and privacy.”

h1

CES 2012: A Federation of Storage Clouds will need data encryption

January 17, 2012

In 2012, these new technological advances provide home and personal cloud storage that can be used in addition to remote data center cloud storage. Together these various levels of networked storage, connected together through the public Internet, are creating a larger federated cloud service composed of public and private consumer cloud services.  Such a federation might provide new and useful services and entertainment capabilities for consumers in 2012. A federated cloud storage infrastructure could spur new businesses, new types of content, and new consumer devices to service these opportunities. Source CES 2012: A Federation of Storage Clouds

h1

A Handful of 2012 Privacy & Security Predictions

January 3, 2012

A handful of thoughts on what 2012 may hold by Attorney Richard L. Santalesa:

  • The EU’s on deck Data Protection Regulation promises – or threatens depending on your viewpoint – to significantly revamp the EU’s data protection regimes, adding additional potential uncertainty to the EU arena.  The leaked DPR indicated a new broad extraterritorial reach, stronger protections for children under 18, embracing privacy by design and the right to be forgotten, a requirement to designate a privacy officer, and increased enforcement powers and penalties.  We’ll see what happens when the rubber meets the road.
  • Will the final version of the HIPAA breach notification rule make a long-awaited appearance in 2012, along with guidelines per Stage 2 of the electronic record incentive program within the HITECH Act ?  The smart money says yes, especially since Congress recently admonished DHS to hurry up already given that the “interim” rule has been around since 2009.
  • The FTC plans to issue in early 2012 its finalized Privacy Report, formally titled “Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers,” which I believe will have a significant impact on the 2012 privacy/infosec landscape.  The draft version, issued a year ago in December 2010, immediately sparked wide-ranging conversations on Do-Not-Track, Privacy by Design, Fair Information Practice Principles, Geolocation and other privacy-related issues, many of which quickly found their way into 2011’s proposed bills.  I expect the finalized report to be heavily influential on 2012’s infosec and privacy debates.
  • Information security and data protection issues surrounding contracting for cloud services will begin the road to maturity in 2012 as the federal government continues its push of fed agency IT needs into the cloud.  The result will help provide guidance on cloud contracting issues addressing audit assurances, cloud security and accreditation, e-discovery issues, security controls and allocation of liability and responsibility for data security, to name but a few.
  • Finally, 2012 will unfortunately see no end in sight to advanced attacks resulting in data breaches, with attacks on mobile devices to ramp up significantly.  In response the move to Big Data and data hoarding may reverse as companies in specific sectoral areas begin paring back on how much data they retain.

For additional 2012 infosec and privacy predictions, pop over to Christine Marciano of Cyber Data Risk Managers’ collection, which includes the author’s  views of 2012, at  http://www.dataprivacyinsurance.com/wp-content/uploads/2012/01/2012-DATA-PRIVACY-AND-INFORMATION-SECURITY-PREDICTIONS.pdf

h1

The Communicators: Cyber Security & Cloud Computing

November 9, 2011