Download presentation
Presentation is loading. Please wait.
Published byOctavia James Modified over 9 years ago
1
Wyoming Medical Center, Los Angeles County, and Raymond James: Endpoint Security Gets Complicated
Group 2: Marco Hidalgo Wesley Lao Michelle Marquez-Lim Nicole Marquez-Lim Liza Guades Rachelle Roque Golda Go
2
Overview Protecting end points is becoming more difficult as the type of endpoint devices (laptops, desktops, smartphones) grows, making security a complex moving target. Depending on the device and the user’s role, endpoints need to be locked down. An appropriate software must be used by organizations to protect sensitive information.
3
Wyoming Medical Center
Open PCs for staff use on hallways, nursing stations, offices, and PCs on wheels that move in between patient rooms. They have 850 out of the 900 PCs with the appropriate software use. With 110 applications and 40 major medical software systems. - it is a form of virtual private network that can be used with standard Web browser. -Citrix- market-leading technologies for virtualization, networking, cloud and collaboration (also has app firewall, etc) Physicians can access patient information via (Security sockets layer virtual private network)SSL VPN. They admit, they need more help desk to monitor network activities in the hospital, although they use (Citrix) to monitor and protect their data.
4
Los Angeles County Dept. of Health Services
Data Privacy One concern of Endpoint Security HIPAA- was enacted to protect patient from unauthorized use, disclosure or distribution of one’s health information without their consent. (it covers privacy and security rules on Protected Health Information - paper and electronic) The information security officer supports 18,000 computers and operates under the restriction of Health Insurance Portability and Accountability Act (HIPAA) regulations. They use disk encryption to protect patient information and confidentiality.
5
Survey Information Week Analytics/ Darkreading.com endpoint security survey of 384 business technology pros, 43% classify their organizations as “Trusting”. Allowing data to be copied to USB drives and other devices with no restrictions or protective measures. image source: money.cnn.com
6
Raymond James The chief security officer opted for Sopho’s Endpoint Protection and Data Security Suite, which offers firewall, antivirus, data loss prevention (DLP), antispyware, encryption, and network access control (NAC). Encryption key is wiped out when devices are stolen or lost; making it difficult to decrypt. Encryption of data has become an important way to protect data and other computer network resources, on the Internet, intranets, and extranets. The company wants tight control over web content available to users, to minimize malware coming in via web browsing. Mobile devices that could get sensitive information are disk encrypted. Guest users are allowed to use PCs with dedicated wireless network that leads to limited set of servers in a network.
7
Smartphones Presents ongoing challenge as companies figure out how to deal with it. (In terms of security) image source: travelforfreebook.wordpress.com 73% of businesses surveyed are at least somewhat concerned about smartphones being authorized for business use.
8
Case Questions What is the underlying issue behind endpoint security and why is it becoming more difficult for companies to address it? Management cannot keep track of the thousands and thousands of computers that have access into the system plus the devices owned by, for example, doctors and other healthcare professionals who needed access in the system.
9
Case Questions What are the different approaches taken by the organizations in the case to address this issue? What are the advantages and disadvantages? For LA County Dept. of Health Services: -Data encryption and password protected -Removable Storage (USB drives, are not allowed) At Raymond James: -Used DLP solutions, Sophos Endpoint Protection and Data Security Suite, which offers firewall, antivirus, antispyware, encryption, and NAC.
10
Case Questions A majority of respondents to a survey discussed in the case described their company as “trusting.” What does this mean? What is the upside of a company being “trusting”? What is the downside? What they meant by “trusting” was, everyone in the company have access to data, allowing them to be copied and stored in USB drives or other related devices without any limitations or preventive measures. Some organizations have full confidence in their employees that they will safe-keep all information shared in the organization. Upside? Trust is great and everyone can know corporate intel inside out. Downside? Too much power and information in the hands of all employees. It may compromise the company.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.