Anyone tired of hearing that the following architectures solve all the world's problems - SaaS, IaaS, Cloud? Here's a novel concept, why don't we take "control" of our solutions, from a security perspective, and leave our fate in our own hands. Case in point - MedStar Health:
- Per this Computerworld Article, MedStar was attacked over the weekend with the same ransomware that hit the Hollywood Presbyterian Medical Center in mid-February. Per the report, the organization lost "control" of files and their system. Does that sound like a potential HIPAA issue to you?
- Per this earlier ESPO Systems Blog, the Locky Ransomware is leveraging holes in our security controls. To be precise, the malware authors know we dare not block Microsoft Attachments... even if they have malicious macros. They also know AV Signatures are too slow to provide value. As such, the only answer is Sandboxing... ala Forcepoint's Solution.
- So, you likely are asking, what does the MedStar Health Organization use to protect against these threats? Well... they've bought into the Cloud Saves Everything dogma and have given "control" of their security to Google/Postini:
One final question, considering MedStar has given up "control" of their email security, is there much of a chance that outbound email is being monitored for PII or PHI? It may be time to take back control of our security solutions.
No comments:
Post a Comment