Fortifying the IT Infrastructure through IBM Solutions
Now, more than ever before, Personal Health Information, or PHI, has become a hot topic for patients, health care providers, and security experts. Why? Because PHI is much more valuable than typical financial information like credit card and banking information because it cannot be changed.
Guardium also monitors large file transfers within the network, which can help identify movement of data to a less secure node on the network for exfiltration
Just three short years ago, MyEyeDr was a small company covering one small geographic region. Today, there are locations throughout much of the eastern United States. That rapid growth necessitated a shift in our approach to data security. We realized that automated tools would be needed, not only to analyze the large (overwhelming) volume of data that is generated daily, but also to protect the company’s assets as they were moved to a cloud environment. After investigating what was available in the marketplace, we found the solution in a group of IBM security products.
We use several IBM products to secure our data and our network infrastructure.
IBM Guardium continually monitors and audits access to the database servers. It provides daily reports and alerts of privileged user access. These databases include those that run the primary point of sale system and those from legacy systems that have been converted into the new primary point of sale system. Guardium reports all activity within the databases. Then after filtering out application access, the logs are reviewed for suspicious activity. Once identified a team member investigates to determine the reason for the activity and if the alert needs to be escalated. Finally, Guardium also monitors large file transfers within the network, which can help identify movement of data to a less secure node on the network for exfiltration.
PIM is used to manage user access and passwords and track administrators’ activities. MyEyeDr associates access a large number of insurance verification websites. Because PIM manages user access to all these sites, security is enhanced because the passwords are not known to the associates. As a result, when an associate leaves the company, the risk of unauthorized access is reduced significantly. Moreover, passwords for the insurance sites can be securely updated without providing them to users. Finally, because of the ever increasing concern for patient privacy and security, associates are not able to access these sites outside of the corporate network. They must be logged into the ESSO agent, and when they browse to one of the insurance sites, the PIM software prompts them to use shared credentials. The user simply selects “Yes” and the credentials for that site are entered for them automatically.
MaaS360 is our mobile device manager. The doctors use an iPad as part of the examination. The iPads are locked down to allow access only to the electronic health record system and they are geo fenced to work only within the office. One benefit of this program is that if an iPad is lost or stolen, it can be remotely wiped to prevent data loss or malicious activity. The iPad also is connected to the company account and cannot be used by anyone else, even after being wiped. MaaS360 does allow associates to bring their own devices on the network, but the company maintains security settings around any corporate data and intellectual property that is stored on the device.
QRadar brings everything together into a single dashboard view. It provides real time insight into all activity within and around the network. Offences are easily identified and researched and data trends across the entire network and other security applications are analyzed for suspicious behavior. With full access to the logs and network flow data it is possible to detect lateral movement of data within the organization that might indicate possible exfiltration from a less secured device and to launch appropriate countermeasures.
This suite of IBM security products has made it possible to monitor and analyze data quickly and to respond to threats faster than was possible previously. Suspicious activity can now be identified and tracked as it happens rather than only when an issue was noticed and reported. Forensic activities also are considerably easier to conduct because the tools allow administrators to cull through all the data from all the systems quickly rather than having to perform analyses on each system individually. And compliance reporting and audits are much easier to handle.
Patient health information (PHI) is always monitored, that allows MyEyeDr to be confident that the data is secure, who is accessing it and why. These tools allow for time savings of the IT staff and frees them up to perform other necessary tasks. This allows the department to operate in a more efficient manner.