Monday, June 20, 2011

Is Snooping by IT Causing HIPAA Violations for You?

Disturbing information from a 2010 survey -- the professionals entrusted with data security are likely to be violating it. Of about 245 IT professionals surveyed regarding unauthorized access to confidential data:
  • 67% of respondents admitted having accessed information that was not relevant to their role.
  • 41% admitted abusing administrative passwords to snoop on sensitive or confidential information.
  • 74% of respondents in the United States believed they can get around any controls that have been put in place to monitor privileged access.
Enterprises are spending millions of dollars on advanced firewalls, intrusion detection systems, and data loss prevention systems to protect against external threats. However, securing the organization's perimeter and accepting trust of internal activity by default is not enough. A rogue insider can undermine hundreds of thousands of dollars in security investment. In a time of highly visible, expensive data breaches and other HIPAA violations, the trust given to insiders should be validated. There is a need for verification, not just trust, that user access is necessary and appropriate to the user's job function and responsibilities.
Bob Glithero, VP Business Intelligence, Veriphyr
To prevent evasion of internal monitoring systems, companies need to supplement their internal systems with a system of detection and verification that resides outside the walls of the enterprise. Such a system is outside the ability of employees to subvert, even ones with privileged access.
Veriphyr Identity and Access Intelligence for HIPAA provides effective verification that user activity corresponds with approved policies and authorized behavior. Veriphyr analyzes identities, privileges, and user activity to detect violation of access control down to the record level to deter snooping into sensitive data.
If you liked this story, follow us on Twitter by clicking the Twitter icon below.
Sources:
(a) Are your IT folks snooping your protected data? - Network World, July 7 2010

No comments:

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.