The HIPAA Omnibus Final Rule is now in effect and audits will continue in 2014. At the HIMSS Privacy and Security Forum in Boston on Sept. 23, Leon Rodriguez, director of the Department of Health and Human Services’ Office for Civil Rights said to those who are wondering how the new rule will be enforced: “You’ll see a picture of where we’ll spend our energies” based on previous enforcement actions. Enforcement actions to date have focused on cases involving major security failures, where a breach incident led to investigations that revealed larger systemic issues, Rodriguez said.
On our list of 9 HIPAA Network Considerations, it is timely that our topic in this blog is on #7, Security best practices are essential.
Breach discovery times: know your discovery tolerance
Your business associate(s)must be tracked
The general rule for the HIPAA Security Rule is to ensure the confidentiality, integrity, and availability of ePHI that is created, received, maintained, or transmitted [45 CFR 164.306(a)]. Protect against threats to PHI. That relates directly to network security best practices. In the 2012 HIPAA audits, security had more than its share of findings and observations, accounting for 60% of the HIPAA audit findings and observations, even though the Security Rule accounted for only 28% of the audit questions. At the NIST OCR Conference in May, OCR presented the summary below.
Disruptive technologies have become more frequent than ever before, making business agility and the ability to adapt key competitive differentiators. Every day I speak with IT executives who are asking how Cisco can help them respond to new requirements across their physical, virtual, and cloud-based environments. They feel compelled to accelerate the delivery of applications, better align IT with business activity, and reduce time to revenue. They want to know if their initiatives will have the impact and outcomes they require. Can they capture the full value of their technology investments? How can they up their game when it comes to delivering IT services that their businesses need to succeed?
Today Cisco introduced its Application Centric Infrastructure (ACI) offerings to manage the health and performance of the applications that you rely upon to run your business. A simplified, flexible, and agile framework, ACI aligns the needs of the entire application lifecycle, overcoming functional silos, and bringing together your infrastructure, security, application, and cloud teams through a holistic architecture and policy-driven framework.
Applications have become the lifeblood of our economy. They are how business is done; how partners and suppliers interact; how employees connect; how consumers share, learn and buy. Every business is becoming an applications business. Every industry is becoming an application-centric industry, and the business model shift is only accelerating. We all truly live in an application economy now.
And think about this: by 2020 there will be fifty billion things connected to the Internet. New and valuable connections will be formed between those things and people, processes and data, creating the next wave of the Internet -- the Internet of Everything. Most of us will experience the value of the Internet of Everything through applications. This shift to an application economy is perhaps the biggest IT market transition of all.
Business leaders are struggling with the pace of change. And Chief Information Officers (CIOs) feel the pressure more than most. The complexity of information technology (IT) is slowing down their ability to enter new markets, to deliver new products and services, to manage risk and security threats, and to drive more efficiency into their organizations.
After countless brainstorming sessions, code reviews, lab trials, scores of NDAs and nearly two years of intense speculation from media, analysts and the internet community – it is finally here! Today, Cisco is pulling back the curtains to reveal details of the vision of Application Centric Infrastructure (ACI) announced in June 2013. With shipping products as part of the announcement today, Cisco is also taking the first steps in making this vision a concrete reality. In the process, Insieme networks also returns to become a wholly owned subsidiary of Cisco.
For those tuning into the press conference and webcast today , you will see John Chambers, Rob Lloyd and Insieme executives get into the specifics of ACI, with the event being hosted out of the historical Waldorf Astoria in New York. You will also see Cisco’s partners and customers share both the stage as well as a common vision.
So, after months of silence, there will be quite a bit of information sharing, perhaps Information overload even. This is an announcement with innovation at multiple levels, and even for the tech savvy it will take time to fully understand and appreciate the architecture and the benefits it brings.
I wanted to share a few key concepts, innovations, and highlights of the announcement today. We will delve into additional details and dissect these pieces over the next few weeks on this blogging platform as well the public www.cisco.com/go/aci website, which will host a lot of the structured content.
1. The concept of Application Centric Infrastructure
We put together a short video to distill the concepts of ACI. It encompasses a lot of what existing networks today, as well as emerging SDN concepts (regardless of what the definition of SDN is), and goes quite beyond what anyone else is offering out there today. You will see some critical differentiators here:
De-coupling of application and policy from IP infrastructure
Ability to define application network profiles and apply them
Integration of physical and virtual infrastructure elements with end-to-end visibility
The Application Policy Infrastructure Controller (APIC) is a new appliance that will be the heart of the ACI fabric. While the actual product will ship around Q2 of next calendar year. An APIC simulator will also be made available on a controlled basis for customers and partners to get familiar and additional information will continue to be made available. Unlike most software-only controllers in the market today that have little ability to exploit the capabilities of hardware, APIC provides a holistic system level view and an ability to tap into the capabilities of the underlying infrastructure. While it will initially be paired with the Nexus 9000, the APIC will be expanded to support other parts of the portfolio as well as other infrastructure building blocks.
The APIC utilizes a centralized policy-model with an application network profile and open architecture that allows for the application needs to be defined and mapped to infrastructure, to make it application-aware.
3. Nexus 9000 – Expanding the Nexus switching family
We’re expanding the highly successful Nexus family with the next “big bad boy” -- the Nexus 9000. This will initially come in two models – the Nexus 9500 and the Nexus 9300, with the former shipping now. It has a variety of innovations for all of the “5 Ps” – (i) an extremely attractive Price point , optimized for 1G to 1/10G in the access, and for 10G to 40G migration in the aggregation layer. In addition (ii) It brings in Industry leading Performance with 1.92Tbps per line card and is 100G ready. (iii) Has significantly higher non-blocking Port-density (iv) Flexible programmability with JSON/XML API with a Linux container for customer apps and (v) Power efficiency – with an innovative design that has no mid-plane/backplane resulting in 15% greater power and cooling efficiency.
The kaon shows the “see-through” design of the Nexus 9500 without the traditional mid-plane design. To see the 3D design of the Nexus 9500 click here
The Nexus 9000 is designed from ground-up to be ACI ready with a combination of merchant silicon and Cisco custom ASICs to deliver the “5 Ps”.
As customers migrate to 10/40G over the next few years, the cost of laying new fiber and overhauling the optics is a tremendous drag and raises barriers for 40G adoption. I wrote about multi-layered innovations – this is one of them at a component level. The 40G BiDi lets customers preserve their existing 10G cables, resulting in tremendous time savings, cost savings (labor and fiber) as well as improved time to market for the upgrade. Bandwidth upgrades is one of the top reasons that drive network refreshes, and this innovation (a Cisco exclusive) produces remarkable results
5. The Partner Ecosystem
It is not possible for one company to address all the challenges manifesting in the data center on its own, no matter how revolutionary the architecture is or how radical the innovations are. This is where a rich ecosystem of partners have stepped in(see the technology leaders rally here), each of them market and innovation leaders respective domains, to make the vision of ACI all the more real and consumable.
Their vision and commitment is reflective both of the shared vision and commitment to transform the data center infrastructure, as well as reflective of the open architecture of the ACI approach in general, building on the principles of the Cisco Open Network Environment (Cisco ONE), but also taking it to other aspects of the infrastructure. You may expect to see a lot of the demos as the APIC becomes generally available next year, even as services offerings around ACI become much richer, as evidenced by Scott’s blog link below.
Please stay tuned to this blog space and the www.cisco.com/go/aciwebsite for additional information over coming weeks and months. As always we would like your comments and constructive criticism as we together help redefine the power of IT.
(*) Click on the Infographic to enlarge or download it
Today, rapid changes in the world we live in, driven by technology trends, business model changes and market transitions, like the Internet of Everything, profoundly impact our networks and our data centers. With the advent of all of these new capabilities, we have created a new paradigm for security—it is what I refer to as the “Any to Any” Problem. That is, any user on any device increasingly going over any type of connection, to any application, that could be running in any data center and on any cloud. Regardless of how or where our users are connecting, we have to provide the right levels of inspection and protection against malicious actors.
Today, Cisco is announcing the new Application Centric Infrastructure (ACI) designed to seamlessly integrate layer 4 through layer 7—and security, in particular—into next generation Data Center environments. As part of this framework, we are announcing ACI Security Solutions, which support next generation Cisco ASA physical and virtual firewall technologies by stitching them directly into the ACI network fabric, and can be managed using the ACI Policy Infrastructure Controller management tool.
The Cisco ASA 5585-X Series Next-Generation Security Appliance has been updated and certified to interoperate with the new Nexus 9000 switches—whether they are deployed in traditional or ACI modes. The new Cisco ASA Virtual Firewall (ASAv) performs the same functions as any ASA appliance. However, unlike an ASA 1000v Cloud Firewall, the ASAv maintains its own data path. This allows it to work with any virtual switch and it will be available on multiple hypervisors. Read More »