The healthcare industry must take security and privacy seriously. They collect and retain personal health information (PHI) and financial information while providing life-saving medical care. The protection of this information and the networks that manage it is one of the top concerns for IT organizations in the healthcare industry.
It is the time of the year where adults and children alike put on costumes and go out to gather candy or create mischief. The costumes are scary or cute, but always achieve the goal of obfuscating the individual and hiding their true identity and intent. The person wearing the costume does not express their goal until they are interacting with their target.
Many years ago, one of my customers had an internet-facing application. They positioned load balancers in front of the application to support the growing traffic load. Traffic to the website was growing so fast, that parts of the network infrastructure could not support the customer load.
If you are like most people and myself, you do not go into a bank and have a conversation with a teller when you make a deposit or withdrawal. You probably do not write paper checks and sign them. You have an app on your phone to access your bank account and use one of the thousands of automated teller machines (ATM), around the world to move money in and out of your accounts.
People’s lives are at risk as the healthcare industry transforms patient care with modern IT technologies. Data security and application availability are essential when a patient’s medical information is on the network. Hospitals and medical practices are digitizing healthcare applications like x-rays, CAT scans, medication distribution and surgical procedures using interactive video. In addition, patient care staff are accessing all of this medical information on tablets, phones, and other devices in real-time.
In World War II, the Allies had a significant advantage because they were able to compromise the encryption protocols that the Japanese and Germans used to send sensitive messages. They were able to intercept and decode messages to gain intelligence concerning sensitive military operations.
Businesses need to protect their assets when they are within their protective infrastructure AND when they are actively exposed or placed within the unprotected external world. The tools and procedures needed to protect the internal assets are different from the ones that protect the assets when they leave the confines of the secured network.
One of the responsibilities of the Key Master is to provide access to the sensitive and secure information hidden within the locked facilities. In my last post, I explained why the application delivery controller (ADC) is the Key Master for SSL/TLS communications on the internet. It is the responsibility of the ADC to manage and distribute the access to the different essential security services.
In the movies (and real life) one often needs to go through the Key Master to get to the destination. The job of the Key Master is to keep control of the access to the locks and barriers that protect important or sensitive material. Sometimes there is one key to get to the hidden rewards while other times, there is a long string of keys that must be maintained and managed. In other situations, the Key Master is more of a Key Maker, generating keys upon request.
Driving a car is like riding a bike, if one refers to the old expression. It is fairly easy to recall how to do it if there has been some time since the last time one has been behind the steering wheel. Of course, this old adage does not apply if the way cars are driven has changed. It can be disconcerting going from automatic to manual transmissions or driving on the right side of the road instead of the left.