Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Health IT and Information security by Manish Tiwari

268 views

Published on

Health IT and Information security by Manish Tiwari, Chief Information Security Officer, Microsoft, India

Published in: Healthcare
  • Be the first to comment

  • Be the first to like this

Health IT and Information security by Manish Tiwari

  1. 1. 1 IT Security in Healthcare Manish Tiwari
  2. 2. The explosion of devices is eroding the standards-based approach to IT. Devices Deploying and managing applications across platforms is difficult. Apps Data Users need to be productive while maintaining compliance and reducing risk. Users expect to be able to work in any location and have access to all their work resources. Users
  3. 3. Devices AppsUsers Empower users Allow users to work on the devices of their choice and provide consistent access to corporate resources. Unify your environment Deliver a unified application and device management on-premises and in the cloud. Protect your data Help protect Critical Information and manage risk.Management. Access. Protection. Data
  4. 4. Malicious software Targeted attacks Data theft & insider leaks Business Impact Mobile 65% of companies are deploying at least one social software tool. Social Cloud Digital content will grow to Over 80% of new apps will be distributed or deployed on clouds in 2012. Big Data 70% of organizations are either using or investigating cloud computing solutions By 2016, smartphones and tablets will put power in the pockets of a billion global consumers The world’s mobile worker population will reach 80% growth of unstructured data is predicted over the next five years.1.3 billionover 37% of the total workforce by 2015 Millennials will make up 75%of the American workforce by 2025 2.7ZBin 2012, up 48% from 2011, rocketing toward 8ZB by 2015. average annual spend to protect from, detect, and recover from attacks 1.8 successful attacks experienced every week Cumulative Cybersecurity spend by 2023 $8.9M $165B
  5. 5. Insulin Pump Vulnerable to Hacking, Johnson & Johnson Warns Rainbow Children's Clinic in Texas hacked, patient records deleted In 2011, cybercriminals in China stole 2,000 patient X-rays Credit / Debit Card details of 100,000 Britons for sale on internet - Feb 16 246,876 U.S. healthcare patient records were breached in Sep -Protenus Massive DDoS attack harnesses 145,000 hacked IoT devices Vulnerability of certain pacemakers
  6. 6. Sectors facing Increased Cyber Threat KPMG Report
  7. 7. Building a Secure Critical Information Infrastructure Digital Transformation Strategy (3 year plan) - Risk Assessment > Vulnerability Assessment > Penetration Testing - Info-sec policy and enforcement - Data Classification Policy & controls - Assume Breach strategy (Protect, Detect, Respond & Recover) Timely upgradation of Technology Network Security Architecture and Baselining IT Asset Management Domain Design, Deployment & Management - Group policies - Central patch management & security updates - End Point security & hardening / server hardening - Central IAM - IM - PIM - SSO with MFA
  8. 8. Building a Secure Critical Information Infrastructure Implement PKI - Implement DRMS wrt Data Classification - DLP solution ( with Effective DFA) Secure Email - use of Digital Signatures - Advanced Threat Analytics Application Whitelisting & Security Enterprise Management - BYOD Policy - Mobile and Laptop devices Change Management Adoption of Hybrid Model for better IT Risk Management - Web Portal - Email services
  9. 9. Cohesive Structure for Risk Assessment & Risk Management
  10. 10. Typical state of identity management today Lots of manual process across different, decentralized systems Create Delete Attribute Sync Active Directory Exchange HR (SAP) Application Owner Business Manager Users IT Helpdesk Administrator Administrator Financials SharePoint Sales
  11. 11. Future state, centralized identity management Locate the logic in one place and automate it with many systems • Self Service Group Management • Self Service Password Reset • Improved Productivity • Workflow • Notifications • Approvals • Attestation and Reporting • Automated Provisioning • Automated De-provisioning • Account, Group and Mailbox Management HR (PeopleSoft, SAP, Workday) Administrators Active Directory Exchange Application Owners & Managers Users Identity Management On Premise Database, Directories & Applications
  12. 12. Over a million servers in data centers around the world How can adopting a Cloud Model improve our security? Take a proactive approach against the expanding threat landscape Incident response team works 24/7 Centralized monitoring and logging Security embedded in systems and software (SDL) Predictable security controls through Operational Security Assurance Sophisticated intrusion detection controls Anti-virus and anti-malware Best-in-class security professionals Up-to-date software & patch management “Assume breach” strategy Deep understanding of new threats and attack vectors The Cloud

×