Securing Public Sector Networks in 2010
In my last post on the top security challenges for Borderless Networks, I focused on several issues facing businesses in 2010. Trends like an increasingly dynamic and distributed workforce, the growth of cloud computing and virtualization, and IT consumerization which are driving an evolution of the network bring not only great opportunities, but also new security threats. Outside the private sector, organizations are facing security issues that stem similarly from the ubiquity of the network as well as specific regulatory requirements.
Here, I focus on three areas that are coping with changing security threats in a borderless world: government, healthcare and education.
1. Government. In recent years, the world has seen how cyber attacks can cripple critical network infrastructure. A well known example was the 2007 Estonian cyberspace attack that affected the government, financial institutions, service providers, and even news organizations. A similar attack in 2008 affected the nation of Georgia. Recognizing the full spectrum of threats to national security, commerce, and infrastructure, the U.S. government and the private sector has strengthened their partnership to develop a full spectrum of defense.
For instance Melissa Hathaway, previously acting senior director for Cyberspace within the National Security Council for President Barack Obama, has become a senior adviser to Cisco’s security team to help promote such private-public sector partnership. Watch her discussion with Marie Hattar, VP of Cisco Borderless Networks Security, and John Stewart, Cisco VP and CSO on her role at Cisco and a broad range of cybersecurity issues. Another example is the joint federal and civilian development of the “Consensus Audit Guidelines” that provides concrete steps for government departments and agencies to address principally technical control areas. In addition to processes and methods for monitoring and responding to attacks, advancements in network security technologies including 802.1X requirements will be important in combating both external and internal threats to network security.
On February 24th, Cisco will host a 2010 Government Solutions Forum to discuss national cybersecurity and other issues.
2. Healthcare. The health industry’s movement to electronic health records and network-based applications is driving advancements in efficient communications and collaboration, ultimately leading to cost savings and improvements in patient care. But moving confidential information and critical data to the network also invites security threats from hackers and viruses. Awareness, policy compliance, best practices and use of the latest technologies will all help safeguard patient records and sensitive information.
Recently, the U.S. Department of Health and Human Services (HHS) has increased their effort to enforce compliance with the Health Insurance Portability and Accountability Act (HIPAA). Two recent HIPAA violations have resulted in substantial penalties and detailed corrective action plans. Going forward, Healthcare providers will look to bolster their efforts to establish appropriate security policies, meet compliance requirements and integrate security technologies in 2010.
3. Education. Educational institutions are becoming increasingly networked as well. Just as businesses are dealing with IT consumerization, or the transfer of consumer technologies and applications onto the network, educational institutions must manage a diversity of student laptops, smartphones, and other consumer devices connecting to the Internet. In addition, information sharing via the Internet on campuses provides more entry points for malicious software and attacks. To ensure healthy networks where students, teachers, private information and research assets are protected in 2010, educational institutions will look to develop smart policies for how their communities access the Web and the infrastructure to combat new threats. Check out Cisco’s Cyberspace Action for Education for helpful tips and recommendations on cybersecurity.
There are a number of other areas beyond the enterprise that are met with new network security challenges. The promise of Borderless Networks is not limited to businesses – everyone from consumers to government agencies to medical patients will benefit from the decline of location, application, and device borders. The risks of this transformation are real, but can be addressed in a number of concrete steps that utilize people, process, and technology.