By all accounts, we’re approaching a new order of integration between technology and medicine. Real-time medical diagnostic data obtained from our mobile phones will soon be integrated directly into our electronic medical records where clinicians can use the data to make more-accurate (and potentially dynamic) treatment plans. Hospital staff can communicate and react to changing patient conditions faster and with less disruption to the patient experience than ever before, thanks to increasingly integrated mobile messaging systems and other mobile applications (for both the patients and clinical staff).
Applying big data analytics to PHI promises to improve patient outcomes and lead to more efficient —and less costly — patient care. It’s hard not to feel a level of excitement as this convergence of healthcare, mobile technology, and big data progresses at an accelerated rate. However, with all of this new patient data being collected by insurance payers, medical providers, and third-party services, healthcare employee endpoints have become an especially vulnerable source of data loss.
■Healthcare records are five times as likely to be lost due to device theft/loss.¹ If you’re a CISO at a healthcare organization, endpoint data security must be a top priority in order to close this faucet of sensitive data. Consequences will increasingly be more than just a mere slap on the wrist with fines, as consumers fight back.
If you have implemented or used either application wrapping or containerization technologies, please COMPLETE THIS SURVEY.
Application wrapping versus containerization: Which technology provides better security to an enterprise mobile deployment? What are the use cases for each technology, and which technology has a longer shelf life when it comes to being the de facto standard for enterprise mobile security? Are there times when containerization provides a better user experience than application wrapping? And more simply speaking . . . what the heck is the difference between these two technologies, and which one should you purchase?
In the sport of boxing, "the tale of the tape" is a term used to describe a comparison between two fighters. Typically, this comparison includes physical measurements of each fighter as taken by a tape measure before the bout, thus the term "the tale of the tape." I'm currently conducting research for a "tale of the tape" report between mobile containerization technologies and mobile application wrapping. There has been a significant amount of discussion lately regarding which of these technologies is better suited for enterprise deployment. In order to settle this dispute, I'm going to get out the virtual tape measure and analyze the fighters!
On May 5, 2014, Target announced the resignation of its CEO, Gregg Steinhafel, in large part because of the massive and embarrassing customer data breach that occurred just before the 2013 U.S. holiday season kicked into high gear. After a security breach or incident, the CISO (or whoever is in charge of security) or the CIO, or both, are usually axed. Someone’s head has to roll. But the resignation of the CEO is unusual, and I believe this marks an important turning point in the visibility, prioritization, importance, and funding of information security. It’s an indication of just how much:
Security directly affects the top and bottom line. Early estimates of the cost of Target's 2013 holiday security breach indicate a potential customer churn of 1% to 5%, representing anywhere from $30 million to $150 million in lost net income. Target's stock fell 11% after it disclosed the breach in mid-December, but investors pushed shares up nearly 7% on the news of recovering sales. In February 2014, the company reported a 46% decline in profits due to the security breach.
Poor security will tank your reputation. The last thing Target needed was to be a permanent fixture of the 24-hour news cycle during the holiday season. Sure, like other breached companies, Target’s reputation will likely bounce back but it will take a lot of communication, investment, and other efforts to regain customer trust. The company announced last week that it will spend $100 million to adopt chip-and-PIN technology.
The government of Singapore has released its 2014 budget, which includes S$500 million (US$400 million) to help drive economic changes at small and medium-size businesses (SMBs). This spending will focus on:
On January 22, 2014, a new mobile security player was born. This is the date that VMware announced its intention to purchase the mobile device management (MDM) firm AirWatch. With a price tag of $1.5 billion, this acquisition confirms that the mobile security market is scorchingly hot. This news comes on the heels of the November acquisition of Fiberlink by IBM. I expect additional mobile security market consolidation to occur throughout the remainder of 2014. This acquisition is a shot across the bow of any other major vendor looking to play in the mobile security market. If you don't step up and spend now, you might just be left holding the bag.
Symantec held its EMEA Industry Analyst Conference in the UK recently. Symantec saw targeted attacks increase by 42% during 2013. Although it’s always mentioned among the top concerns by businesses in surveys, security is still often treated in a somewhat blasé way by many of those businesses in reality. We took several messages away from Symantec’s conference:
Security is not just a simple IT issue but has wider business implications. Digital security has many facets, including cybercrime and online privacy. Security is an economic and societal dimension for the digital ecosystem. Just think of privacy legislation -- customers expect the businesses with which they interact to adhere to it. This also means that the future security manager will be someone who understands business requirements and employee wishes well enough to balance them against specific security threats and compliance obligations. The security officer who just “shuts the gates” and says “no” to requests like accessing video websites or installing software is damaging to what we call the connected business.
There is a need for Symantec to engage effectively with a partner ecosystem. Symantec is moving beyond products to become a solution provider. Symantec knows that integrated solutions need to work in a multivendor landscape across third-party and competitor products in a legacy environment. Such integration challenges hold back ecosystem ambitions. To strengthen its offering, Symantec has established partnerships with Hitachi Data Systems (data storage and interpretation), PwC (threat intelligence, incidence response, and digital loss prevention), and Colt (joint go-to-market offering for security-as-a-service). As part of these partnerships, Symantec sees a growing interest in the managed services option.
Every client (especially every government client) who says I’ll never use cloud services with highly secure data needs to hear this story. In no more sensitive a place than law enforcement is just such a value proposition playing out.
Police departments in 18 states in the US, and soon Canada, are dramatically increasing the efficiency of commercial use of highways through a disruptive SaaS solution that costs a fraction of the incumbent service and mixes well with their permitting and inspection databases.
If you drive toll roads or bridges you know the value of Drivewyze. In rush hour, you can wait 10-25 minutes to pay your toll with cash or you can sign up for an electronic toll system that lets you breeze past. Drivewyze does the same for commercial trucks and fleets but not at toll booths but weigh stations, that take much longer to get through. And in the trucking business every minute lost at a weigh station can cost thousands of dollars in lost delivery time. For law enforcement the value is even higher as any time lost inspecting a safe truck is time not spent stopping an unsafe one.
The system works by helping known-good drivers and trucks register with the weigh station wirelessly as they approach it on the highway, get an all-clear, then drive right by. Trucks send their credentials to the weigh stations using any mobile device they happen to have – iPhone, Android, Blackberry. Anything with a cellular connection will do the trick. At the weigh station, they receive the information about the driver over whatever equipment they have – aging PCs and laptops are most common. The system checks each driver and truck against long-standing databases of safety records, expired licenses, past weigh station checks and other information that would indicate an unsafe driving circumstance.
Ok, so NASA failed an audit. Don’t we all? I think it is important to understand the government’s cloud computing adoption timeline before passing judgment on NASA for failing to meet its cloud computing requirements. And, as someone who has read NASA’s risk management program (and the 600 pages of supporting documentation), I can say that this wasn’t a failure of risk management policy or procedure effectiveness. Clearly, this was a failure of third-party risk management’s monitoring and review of cloud services.
The Cloud Is Nebulous
Back in 2009, NASA pioneered cloud technology with a shipping container-based public cloud technology project named Nebula -- after the stellar cloud formation. (I love nerd humor, don’t you?)
Photo Source: NASA
During 2009, NASA, to determine if current cloud provider service offerings had matured enough to support the Nebula environment, did a study. The study proved that commercial cloud services had, in fact, become cheaper and more reliable than Nebula. NASA, as a result of the study, moved more than 140 applications to the public sector cloud environment.
In October of 2010, Congress had committee hearings on cybersecurity and the risk associated with cloud adoption. But remember, NASA had already moved its noncritical data (like www.nasa.gov or the daily video feeds from the international space station, that are edited together and packaged as content for the NASA website) to the public cloud in 2009. Before anyone ever considered the rules for such an adoption of these services.