Monday, April 17th, 2017

Time	Event
7:27p	Move to the Cloud, but Mitigate Risk Joe Pasqua is Executive Vice President for MarkLogic.  Security remains one of the biggest roadblocks for enterprises to move to the cloud, numerous studies and research firms have stated. We often talk about security as one thing, but in actuality, it is quite multifaceted. That’s why it’s important to distinguish between layers of security in a public cloud environment — and why concerns about data security and public clouds must be taken seriously. As 451 Research concluded in a recent report, leading public cloud providers, such as Amazon Web Services and Azure, have very good security. They have to. They are “secure by default because they have a vested business interest in being as durable as possible,” 451 says. Again, I agree. Public cloud providers do a great job of traditional network and operational security. In today’s world, and especially in the cloud, that’s not good enough anymore. While the cloud environment may be secure, the data inside that environment may not be. If the database you’re using lacks comprehensive, hardened security, you’re still at risk. You can’t read the news without seeing numerous data breaches that underscore this fact. A New Environment Think about it this way. If you run a physical retail store, you’ve got important security issues. You need good door locks, windows with alarms and security guards who keep bad guys out. Still, you want people to come into your store, browse, touch things and ultimately buy them. It’s not enough to have good perimeter security, you need security on the inside of the store, too. Traditional network security is like those door locks and window alarms. It is a great perimeter solution, intended to keep people out. In today’s hyperconnected cloud world, the world of the Big Data, you need to be able to securely let people into the network. You’ve got customers, partners, suppliers and Ops people in your network all the time. And remember, those Ops people don’t work for you, they work for your cloud provider. You want all those people on your network. You need them there. However, you have to keep track of who’s in, what they have access to, what they’re allowed to see and do, and be able to audit their actions. In this world, your security can’t just sit around your data, it has to be with your data. It also has to be flexible enough to allow some actions from some users, but not others from others. That’s where the database security inside a public cloud environment becomes as crucial, if not more so, than the network security. Cloud providers can’t help enterprises with data security and that’s what enterprises need to think about. Risks of Sharing Data Data governance is also a huge issue in the cloud, as it is on-premises. We see huge enterprises who want to leverage their data assets. They gather data, build massive and expensive data lakes, and then can’t use them because the data isn’t governed. Without good governance, they’re scared to share data because they might run afoul of regulatory compliance issues or unwittingly expose internal information. They are hesitant to share data with data scientists for analytical purposes because they’re not sure all of the personally identifiable information has been scrubbed from the data. Moreover, if they don’t know the lieneage of the data, they can’t be sure of the validity of their analytical results. Data governance is more important now than ever because enterprises are contemporaneously moving to the cloud. They want the elasticity and flexibility of the cloud to better leverage their data. To do that, they need to trust that the data can be safely shared. If not properly governed, enterprises can’t share data and they’ll lose one of the key cloud benefits. Rather than view data governance as a nuisance, enterprises need to see it as the key to unlocking the value of data. Enterprises want faster and smarter access and insight into their data and the cloud will help enable that. It will give them important gains in flexibility and agility. But to realize these gains, they need to be proactive in combating the Data Security and Data Governance issues that could derail their efforts. Opinions expressed in the article above do not necessarily reflect the opinions of Data Center Knowledge and Penton. Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating. View previously published Industry Perspectives in our Knowledge Library. (Comment on this)
9:14p	First Battery-Natural Gas Power Plant Unveiled in California (Bloomberg) — Edison International’s utility unit said it has completed the first-of-its kind battery storage and natural gas power systems in Southern California that will help the region backstop increasing amounts of renewable energy and cope with potential shortages after a historic gas leak. Southern California Edison, General Electric Co. and Wellhead Power Solutions partnered to install 10-megawatt lithium-ion batteries at two of the utility’s gas generators, Rosemead, California-based Edison said Monday in a statement. The plants are designed to fire up during periods of peak demand. The batteries, which can provide instant power while gas turbines ramp up, are expected to reduce fuel use and lead to emission reductions of at least 60 percent, Edison said. “The new system will help SCE better utilize the resources on the grid, provide enhanced reliability, reduce environmental impact, and reduce cost for our operations and for our customers,” Southern California Edison President Ron Nichols said in an emailed statement. The installation comes after a months-long leak crippled the state’s largest natural gas storage field near Los Angeles, raising concerns about potential energy shortages. In addition, the state has mandated that utilities get half of their power from renewable sources by 2030. Batteries have been viewed as helping accommodate more green energy by helping utilities manage the unpredictable output from wind and solar farms. (Comment on this)
9:26p	Phishing Attack Results in $400,000 HIPAA Breach Fine Brought to you by MSPmentor A Denver, Colo.-area network of public health clinics paid a $400,000 HIPAA breach penalty after a phishing attack let a hacker gain access to employee email accounts and obtain electronic protected health information (ePHI) of 3,200 patients, federal authorities said today. Metro Community Provider Network (MCPN) – which provides primary medical care, pharmacies, social work, dental and behavioral care to roughly 43,000 mostly poor patients – reported the breach in January of 2012. Investigators from the U.S. Department of Health and Human Services Office of Civil Rights (OCR) found that MCPN violated the HIPAA Security Rule by failing to do proper risk assessments or implement adequate cybersecurity measures and procedures. “Specifically, MCPN has failed to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of ePHI held by MCPN,” OCR wrote in the official Resolution Agreement. “Further, MCPN has failed to implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level.” Investigators indicated the financial component of the settlement might have been higher but OCR considered the public benefit of the services provided by the nonprofit. MCPN is a federally qualified health center (FQHC), which means it receives government reimbursement for treating people with incomes at or below the poverty line. “With this settlement amount, OCR considered MCPN’s status as a FQHC when balancing the significance of the violation with MCPN’s ability to maintain sufficient financial standing to ensure the provision of ongoing patient care,” OCR said in a statement today. MCPN must also adhere to a corrective action plan. The payment marks the first agreement in nearly two months, following three settlements totaling $11.4 million during the first six weeks of 2017. That pause coincided with the transition in presidential administration and prompted some observers to question whether new OCR Director Roger Severino would continue an enforcement crackdown that began under his predecessor Jocelyn Samuels. “Patients seeking health care trust that their providers will safeguard and protect their health information,” Severino said in today’s OCR statement. “Compliance with the HIPAA Security Rule helps covered entities meet this important obligation to their patient communities.” Compliance with the security and privacy rules of the Health Insurance Portability and Accountability Act has become increasingly important to IT services providers working in healthcare. Though lucrative, the vertical also carries risks for managed service providers (MSPs), who are required to sign business associate agreements (BAAs) which expose them to liability in the event that ePHI is mishandled. The MCPN settlement brings to $11.8 million the amount of HIPAA breach payments collected by OCR thus far this year. Last year, the agency collected a record $23.5 million, up from $6.2 million in all of 2015. This article originally appeared on MSPmentor. (Comment on this)

<< Previous Day

2017/04/17 [Calendar]

Next Day >>