Posts Tagged ‘security’

A few years back I worked for a client that was implementing cell level security on every data structure within their data warehouse. They had nearly 1,000 tables and 200,000 columns — yikes! Talking about administrative overhead. The logic was that data access should only be given on a need-to-know basis. The idea would be […]

In the past month, Microsoft has added two key new service capabilities to SharePoint Online and Rights Management that provide a more robust secure computing experience.  The first is the introduction of data loss prevention and the second is the improvements in protecting content across all platforms including OS X Support. Data Loss Prevention SharePoint […]

If you have read Google’s product literature, you know that the Google Search Appliance is a very secure device.  The bright yellow appliance runs a hardened version of CentOS, and the inner-workings are safely hidden behind root login. So, assuming we are dealing with an appliance with Fort Knox-level protection, what risks remain?  Below are several potential […]

You may have read recent media coverage about the SSL/TLS MITM vulnerability (CVE-2014-0224).  OpenSSL.org describes this vulnerability as follows: An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic […]

 I was reading the interview of Jamie Miller, the new CIO of General Electric.  Please do check out the interview. Some of the key focus areas she was describing are: Innovation Simplification Employee experience Cyber security Investing in our IT talent   The innovation explained in this interview revolves around the mobile technology, and big […]

# 5 – Familiarity One of the reasons organizations have tended to stay with XP for so long is their employees are familiar with it. Like an old friend, it’s comfortable and easy to deal with. However churn among your IT administrators and other employees has changed the dynamic. Most people are now more familiar […]

The Heartbleed bug is causing some real heart palpitations in the healthcare community (sorry for the pun), regardless of whether your organization is a health plan, a health provider or both. That’s according to Phil Lerner, chief information security officer at Beth Israel Deaconess Medical Center, who, on a scale from 1 to 10, ranks […]

A huge number of my projects are platform upgrades, and every time I ask my customers why they haven’t applied a single published fix for any of the products involved since the system was built (sometimes upwards of 7 years ago). They usually reply with a variation on the old trope, “If it ain’t broke, […]

Today, a report by market research consulting firm RNCOS released findings that predict the healthcare technology market will grow at a compound annual growth rate of about 10 percent between now and 2018. About one-third of healthcare organizations now use cloud technology. According to Fierce Health IT: Continued innovation and government suppport for such tools […]

SiteMinder is an enterprise-class secure single sign-on solution by CA (Computer Associates) which is employed by many large companies to secure their intranet access and provide single sign-on functionality to various intranet applications.  SiteMinder has a broad support for different application frameworks which is making possible to use in heterogeneous enterprise environment. For example, when […]

This blog post is third and final in series about MVC anti-forgery (CSRF) token. Part 1. Part 2.As we talked about it earlier, MVC have a great built-in functionality for securing form posts with anti-forgery tokens and it’s even possible make it work across multiple web applications. However, these days modern web applications tend to […]

Healthcare organizations must comply with complex medical coding and billing rules, along with HIPAA (Health Insurance Portability and Accountability Act) privacy and security regulations. Healthcare data, including Protected Health Information (PHI), must be kept secure, confidential, and available only to authorized users, traceable, reversible and preserved for long periods of time. The right cloud solution for a […]