Defining standards rather than specific regulations also keeps the door open for technology advancements and lets IT implement best-of-breed systems. For example, providing secure e-mail to transmit protected data under GLBA or HIPAA means using encryption like PGP to protect privacy, digital signatures or digital certificates to authenticate users, and a hashing function to ensure data integrity. Both Lotus Notes and Microsoft Exchange can satisfy these requirements. Newer products like one from Siemens and Sigaba provide secure
e-mail and a document-delivery service for the health-care industry. There are also outsourced secure e-mail services, like MxSecureMail and Hushmail.
Speaking of outsourcers, choose them wisely. There's no passing the buck when dealing with financial and health information. If your company engages a service that handles data that comes within the scope of these acts, make sure the service provider complies with the law and regulations. Although the Department of Health and Human Services (HHS) would not likely prosecute an offshore transcription service, it would go after an enterprise that intentionally or negligently entrusted PHI to an insecure link.
A commonsense approach to keeping networks secure goes a long way toward complying with these laws (though the government is moving to offer guidelines; see "FYI"). For example, keep your Internet-connected hosts and proxy servers patched at the operating system and application levels, and maintain firewalls, VPNs and other devices that control TCP/IP traffic between the Internet and the intranet. Apply antivirus software to protect data from malicious code.
In addition, maintain logs of system access and keep track of who accesses data and engages in transactions. These requirements are not new for network professionals--in fact, more than two-thirds of readers surveyed say they already audit log data. But now you are required by law to maintain this data and archive it. Treat your logs like business records, complying with your company's data-retention policies. Several vendors are releasing data-archiving tools to help streamline this task. Addamark Technologies provides software to archive large volumes of systems activity, and database vendors like Oracle are shoring up their products' logging features. In addition,
e-mail archiving applications, like Re-Soft's EmailXtender, can add e-mail to your data-retention policies and maintain a record of incoming and outgoing messages (if you have yet to set up a data-retention policy, see "The Rules of Electronic Record-Keeping").
Beyond the immediate technical solutions, complying with these laws also requires administrative support for safeguards. In other words, documentation. For IT, though, documentation often is more of a bear than are installation, configuration and maintenance.
Bob Friday, Chief AI Officer for Juniper Networks, explains how the advanced technology is transforming operations.
Contact center leaders from 8x8, Awaken Intelligence, and 360insight discuss the importance of agent experience.
AI may force enterprises to rewire parts of their data centers so they are fully optimized to run such workloads. The question is do you use Ethernet or InfiniBand?
