Skip to content

Posts tagged ‘HP’

How Absolute Protects Patient Data At Apria Healthcare

How Absolute Protects Patient Data At Apria Healthcare

Bottom Line: Healthcare providers need to adopt more persistent, resilient endpoint cybersecurity to thwart cybercriminals who are escalating their efforts to steal healthcare records. Motivated by up to $1,000 being offered on the Dark Web for healthcare records, cybercriminals are prioritizing healthcare breaches for financial gain.

Endpoint Resilience Is the Cornerstone of Apria Healthcare’s Cybersecurity Strategy

Healthcare providers are a favorite target for cybercriminals, and their popularity is growing. In the first eight weeks of 2020, the U.S. Department of Health and Human Services received 66 reports of breaches affecting 500 patient records or more at healthcare providers and health plans. The Health & Human Services Breach Portal, which contains a list of all cases under investigation today, reflects the severity of healthcare providers’ cybersecurity crisis and the urgent need for a strong, resilient system to protect patient information. Apria Healthcare is well aware of these threats and has taken an innovative, insightful approach to thwart them.

Apria Healthcare’s cybersecurity strategy focuses heavily on deterrence at the endpoint and device level, an approach that has proven effective in mitigating breaches globally. The company is a recognized leader in healthcare, serving nearly 2M patients annually across 300 locations in 49 states. They have more than 8,000 laptops, desktops and tablets, many of which regularly leave the organization. Apria needed a way to deliver zero-touch IT asset management, provide self-healing endpoint security, and employ always-on data visibility and protection whether an asset was on or off their corporate network. They turned to Absolute and the company’s patented Persistence technology.

“Persistence [located] in the BIOS is the number one item that I think really sets Absolute apart from other companies touting that they can do asset tracking better,” said Janet Hunt, Senior Director, IT User Support at Apria Healthcare. “The other vendors really can’t, they don’t have that piece – that persistent piece is so important to me. I always am looking for opportunities to use different technologies as they come up, and I haven’t found anything that’s as good as Absolute. Nothing can compare.”

Absolute’s Persistence technology, the foundation of the company’s Resilience solution, enables a self-healing, unbreakable two-way connection to endpoints, applications, and data. It provides an adaptive layer of defense by notifying IT of where devices are and when security applications are removed or corrupt, and triggering automatic reinstallation. Because Absolute is already embedded in the BIOS of Dell, HP, Lenovo, and 22 other leading manufacturers’ devices, it provides Apria with the single source of truth needed to protect personal data and help achieve HIPAA compliance.

Turning HIPAA Compliance into A Competitive Advantage  

Apria quickly established a leadership position in the healthcare industry by setting and maintaining stringent requirements needed to achieve HIPAA compliance across its patient data platform. Leveraging Absolute’s Resilience solution and Persistence technology, Apria differentiated itself from its competitors and reduced the risk they would ever see fines for HIPAA non-compliance. And with HIPAA fines ranging from $25,000 to $15.M per year, Apria’s prescient decision to turn compliance into a competitive advantage was an excellent one because it put patients’ welfare and data security first, above all other IT priorities.

Achieving Greater Device Control & Visibility Is Key 

Absolute’s dashboard provides Apria with both a snapshot of the status of all devices, updated every 15 minutes, as well as a complete device history that enables security managers to see and report on encryption, geolocation, and usage.

“Our geo-fencing is extremely tight. I have PCs that live in the Philippines. I have PCs that live in India. I have one, or actually two, PCs that live in Indonesia. If somebody goes from where they say that they’re going to be to another part of Indonesia, that device will freeze because that’s not where it’s supposed to be, and that’s an automatic thing. Don’t ask forgiveness, don’t ask questions, freeze the device, and see what happens. It’s one of the best things we’ve done for ourselves,” Janet Hunt recently said during a recent during a recent panel discussion. Geofencing is a must-have in any persistent endpoint security strategy.

“[With Absolute] I have a complete history of each device, which makes it really easy for me to say not only whether it is encrypted now, but also what its status was a week ago, or two weeks ago, or two months ago,” said Dave Ochoa, Manager, Information Security Operations at Apria Healthcare. “So, you get this lovely little package that you can hand off to your auditor and say, ‘Not an issue.’ You know that this is not an incident, this is not a breach.”

Endpoint Security’s Network Effect Is Accelerating

Apria Healthcare’s decision to protect its 8,000 laptops, desktops, and tablets using Absolute’s Resilience endpoint solution is a leading indicator of the Network Effect happening with endpoint security today. A sure sign the Network Effect is taking place is how demand is growing for more endpoint security agents and applications. Absolute is seeing this Network Effect globally and has been steadily adding integrations with more than 30 endpoint security agents and applications – most recently adding support for the market-leading security solution VMware® Carbon Black.

“The average enterprise today has already spent thousands, if not millions, of dollars on security controls and applications, and that total security investment only continues to rise in the face of escalating risk,” said Christy Wyatt, CEO of Absolute. “However, the vast number of controls and agents being invested in and subsequently piled onto the endpoint can introduce a false sense of security; those controls are only effective if they are present and actually running. A foundation of Resilience enables IT and security teams to understand the current state of their assets, understand if the security controls have been compromised, and heal those that have been taken offline.”

Conclusion

In the face of increasingly sophisticated attackers and vectors, organizations continue to layer on security controls. Gartner estimates that more than $174B will be spent on security by 2022, and of that, approximately $50B will be dedicated to protecting the endpoint. Absolute’s 2019 Endpoint Security Trends Report revealed that organizations have an average of 10 distinct agents layered onto endpoint devices, all competing with one another for device services and resources. The resulting complexity not only negatively impacts endpoint performance but creates an environment ripe for collision and decay. This, along with humans tampering with or removing security controls, means that even the most well-functioning endpoint agents have a high probability of failure.

All of this has IT and security administrators grappling with increasing complexity and risk levels, while also facing mounting pressure to ensure endpoint controls maintain integrity, availability, and functionality at all times, and deliver their intended value. And so, organizations need complete visibility and real-time insights to pinpoint the dark endpoints, identify what’s broken and where gaps exist, as well as respond and take action quickly.

Absolute’s Resilience offering empowers organizations to build an enterprise security approach that is intelligent, adaptive, and self-healing. Rather than perpetuating a false sense of security, Absolute provides a single source of truth and the diamond image of resilience for endpoints as Apria Healthcare’s cybersecurity strategy and results indicate.

 

 

 

 

Top 12 Sites For Free Cloud Computing & Enterprise Software Research

campusOne of the most common questions I get from students is where they can find free cloud computing and enterprise software research.

Few if any of my students work for companies who have subscriptions with the top analyst firms however.  A small group of students are working on a start-up on the side and want to absorb as much market data as they can.

Many of my former students are also in IT management roles, and when they become interested in a specific cloud computing or enterprise topic over time, they write me and ask if I have any data on their subject of interest.  I keep the following list updated from them too.   To serve all these students I’ve been adding to the list shown below for a number of years. None of these companies are current or past clients and I hold no equity positions in any of them.

The requests are so prevalent in global competitive strategy courses I distribute this list at the beginning of the semester with the following disclaimers.

  • Many of the cloud computing and enterprise software companies pay to have white papers written and research done.  Writing white papers and doing research for an enterprise software vendor client is a very lucrative business for many industry analyst firms.  Ethical industry analysts will often insist that a disclaimer be included in the white paper and on the website stating that they and their firms were hired to write the paper or do the research and publish the report.
  • The reports are intellectual property of the firms publishing them.  Enterprise software vendors often pay tens of thousands of dollars at a minimum for reprint rights and the right to provide them on their websites.  I advise my students to seek out the copyright and quote policies of the research firm of interest if they plan on re-using the graphics in any published materials or in their blog posts.  One for example, the Gartner Copyright and Quote Policy is shown here.
  • Pay attention to the methodologies used in each report and realize they change over time.  This is especially the case with the  Gartner Magic Quadrant and MarketScopes. Gartner has been very active this year in refining the Magic Quadrant methodology for example.

The following are the list of cloud computing and enterprise software vendor sites that offer free downloads of cloud computing and enterprise software research:

  • Amazon Web Services – Amazon has purchased re-print rights to the Gartner Magic Quadrant for Cloud Infrastructure as a Service written by Lydia Leong, Douglas Toombs, Bob Gill, Gregor Petri, Tiny Haynes published on August, 19, 2013 in addition to the latest reports from Forrester on enterprise public cloud platforms and enterprise cloud databases. Link:    https://aws.amazon.com/resources/analyst-reports/
  • BMC Software – Many free reports from Gartner, Forrester, The 451 Group and other research firms covering advanced performance analytics (APA), cloud computing, IT Service Management and long-term technology trends. Link: http://www.bmc.com/industry-analysts/reports/
  • Computer Associates – An extensive collection of cloud computing and enterprise software research organized into the following categories: cloud; data management; energy and sustainability management; IT automation; IT security; IT service management; mainframe; project and portfolio management; service assurance and virtual organizations.  CA requires opt-in on the latest research as they use this site as part of their lead generation strategy.  Link: http://www.ca.com/us/collateral/industry-analyst-reports.aspx
  • Cisco Systems –  Data Center and Virtualization; includes the latest Current Analysis, Forrester, Gartner, IDC, Lippis and Yankee Group research reports covering Big Data, blade servers, cloud computing, Hadoop, unified data centers and many other topics.  Be sure to click across the Computing, Network, Orchestration/Automation,  and Network Services tabs to find additional research:   Link: http://www.cisco.com/en/US/solutions/ns340/ns857/ns156/ns1094/analyst_reports.html
  • Hewlett-Packard – HP has invested primarily in networking-related analyst research including the latest studies and market frameworks from Forrester, Gartner, IDC and Infonetics Research.  Link: http://h17007.www1.hp.com/us/en/networking/ar/index.aspx#.Uhp-ERufg-J
  • Intel – Organized around the topic of designing a data center for the cloud, Intel is providing a series of research studies, reports, white papers and videos that provide insights into virtualization, networking, mobility and Intel-based servers running cloud architectures.  Link:  http://www.intel.com/content/www/us/en/cloud-computing/cloud-computing-analyst-reports.html
  • Microsoft – Balancing the need to support their enterprise applications today and create demand for cloud-based initiatives now and in the future, Microsoft’s series of analyst reports reflect their evolving business model.  Microsoft has licensed the latest research from Enterprise Strategy Group (ESDG), Forrester, Gartner, IDC, Ovum, Yankee Group and others listed on this site. Link: https://www.microsoft.com/en-us/news/itanalyst/
  • Oracle – The most comprehensive collection of industry analyst research online for any enterprise software vendor, Oracle has hundreds of research reports available for viewing under their reprint licenses for free, and also for download.  The reports are organized into corporate, infrastructure, systems, services, solutions, industries, enterprise applications and regions.     Link: http://www.oracle.com/us/corporate/analystreports/index.html
  • Progress Software – Extensive collection of research from Bloor, Forrester, Gartner, IDC, Tabb Group, Ovum and other research firms are available for download from this site. Link:  http://www.progress.com/en/inthenews/analyst-reports.html
  • SAS – The most extensive and well-organized online collection of analyst research on analytics and business intelligence (BI) available, SAS makes research available from fifteen analyst firms across six industries on this area of their website.  You can find the SAS Analyst Viewpoints section of their website here: http://www.sas.com/news/analysts/
  • Symantec – Provides downloadable analyst reports in the areas of risk and compliance, endpoint security and management, information and identity protection, messaging security, backup and archiving, storage and availability management, services and emerging trends.  ESG, Info-Tech Research Group, Forrester, Gartner and IDC reports are on this page for download. Link: http://www.symantec.com/about/industryanalysts/analystreports.jsp
  • Teradata – Extensive collection of industry analysis and research organized into the sections of Active Data Warehousing, Active Enterprise Intelligence, Enterprise Data Warehousing, Teradata Analytical Ecosystem and Teradata Integration Analytics.  The latest market frameworks from Gartner, Forrester, IDC and other research firms are available for download.  Link:   http://www.teradata.com/analyst-reports/
%d bloggers like this: