M
mvergara
Guest
Today's Data Security Challenges in the Banking and Healthcare Industries: Many customers in the banking and healthcare sectors are currently being audit periodically to limit the data vulnerability and internal threats through their networks but most important to protect from internal (malicious users), hackers while they can tap into sensitive data like customer's credit cards, hospital patient info. to re-sell the data in back markers and make a profit. Therefore, companies perform internal audits and follow security guidelines like HIPAA, PCI, SOX (Sarbanes Oxley) to ensure their internal data is protected. Most audits are mitigated, meaning that they are not in fully compliance or they need actions items. Opportunity to improve Data Direct Security Driver: The Data Direct ODBC offers the Security tab to encrypt data between the application and database using the SSL/TLS layer. This means, that customer needs to provide the SSO, Root Certificate and Truststore certificates to encrypt the data using private key. Having the data encrypted by Data Direct today is not enough for internal and external auditors. They need evidence, including reports with users access and time stamp on them to demonstrate and test which active users in Active Dir have been logged in or touch the driver to connect to database for a period of time while accessing sensitive data. This new log report from Data Direct must show the port and data are being encrypted. The auditors can take a look at the Data Direct log report and use it as "Evidence" to demonstrate and test that ports and data have been tested. The following are some examples of control procedures that auditors need to test to ensure companies are in compliance; - PCI - DSS 1.1.6: Documentation and business justification for use of all services, protocols, and ports allowed , including; documentation of security features, implemented for those protocols, considered to be insecure. protocols, or ports include but are not limited to FTP, Telnet, POP3, IMAP. - PCI - DSS 4.1: Use strong cryptography and security protocols (for example, SSL/TLS, IPSEC, SSH, etc.) to safeguard sensitive data. - SOX – Sarbanes Oxley Section 404 (Internal Controls) Business Opportunity | Target Revenue: Target Customers: Any 'Public' Traded Company listed in the US Stock Exchange must comply with SOX. Healthcare companies, Hospitals that need to be in compliance with HIPAA regulations and Banks with ATM machines, that need to report Debit, Credit transactions to Visa, MC. companies using PCI controls. In CALA, we expect to increase sales for 100K in the next 6-12 months once we offer this new log report capabilities in our ODBC Data Direct Product. We hope you help us to provide this log report solution to a number of prospects in CALA that are waiting for a complete DD Security solution from us. Thank you for your help. Manny Vergara DCI - CALA Principal System Engineer.
Continue reading...
Continue reading...