08-22-13 | Blog Post
An interesting infographic by WeLiveSecurity.com delivers the latest statistics about health IT security with data from HHS.gov. They found that:
So how do you maintain cloud security? Choose a HIPAA compliant cloud that encrypts data at rest and in transit at the drive level, and layer up on security with additional security tools that each have their own function:
Daily Log Review – Logging user activity on the systems network and servers, you can track failed login attempts and other indicators of possible intrusions to curtail a potential data breach. With daily log review, logs are analyzed each day, producing a report each month.
File Integrity Monitoring (FIM) – FIM sends logs from the server stack to a management server that records and scans important files for any modifications, and then notifies you of any anomalies. Typically you can customize the certain folders and files you want to monitor.
Web Application Firewall (WAF) – A WAF is a physical device that sits behind your virtual or dedicated firewall and scans incoming traffic to web servers for malicious attacks; it can detect and prevent SQL injections.
Two-Factor Authentication – Two-factor authentication requires a username/password as the primary authentication method, and another secondary authentication factor (user’s personal phone) allows an individual secure access to the VPN (Virtual Private Network).
Vulnerability Scanning – Vulnerability scanning is a web application that detects outdated versions of software, web apps that aren’t securely coded and misconfigured networks.
Patch Management – Patch management is important to update systems in order to protect against known security vulnerabilities. Updating systems regularly is key to counteracting new malware and viruses.
Antivirus – With antivirus software, you can detect and remove malware for optimal server protection. It can block new threats and unwanted applications.
SSL Certificate – An SSL certificate encrypts data sent from the web server to the browser in order to create a secure browsing session for a user on a website. When the encrypted session is started, a padlock will appear in a web browser address bar to verify the website is secured with a valid SSL certificate.