on a keyboard and computer to unlock and use the drive. That makes it platform independent. The operating system used by the medical device didn’t matter. The software didn’t need to be rewritten to access the encrypted drive, and the medical devices could see the drives. Finding a fl ash drive that worked with the medical devices was only a partial victory. The V.A., like many federal agen- cies and major corporations, does not allow the use of thumb drives for data security reasons. LOK-IT’s FIPS 140-2 Level 3 rating was critical to the cardiac clinic getting permission to use the drive. The rating was developed by the federal government, and the 140 series refers to computer security standards that specify require- ments for cryptography modules. The U.S. National Institute of Standards and Technology sets the criteria; a Level 3 valida- tion requires that a component is tamper resistant, encrypts data and allows identity-based authentication. LOK-IT has an internal epoxy potting that prevents unau- thorized access to the internal components. If someone tries to remove the epoxy potting, it causes irreversible damage to the components and renders it unusable. To encrypt data, LOK-IT drives use on-the-fl y, full-disk, 256-Bit AES hardware encryption. All data stored on the drive is automatically en- crypted by LOK-IT’s encryption controller. And it’s onboard PIN pad allows for a seven- to 15-digit pass code. It took months, but in the end the V.A. information tech- nology department gave the cardiac clinic permission to use
Cryptzone predicts security trends
Cryptzone, IT threat mitigation experts, compiled this list of key security trend predictions: Targeted attacks
In 2011, we saw a number of examples of targeted attacks, such as Anonymous targeting Sony and the AT&T Terrorist attack. Attacks against well-known brands will become more common, as unsuspecting recipients receive malicious emails containing hostile code. Therefore, companies need to start thinking about zero-day threats and how to secure their data. Bring your own device (BYOD) Organizations will continue to adapt their enterprise mobility strategy. With more users bringing their own devices to work and expecting to use them to gain productivity and effi ciency benefi ts in the workplace, IT departments will have to manage device diversity. Therefore, every user who requests access to corporate resources through a mobile device should sign up to a corporate policy before access is granted. This will avoid some nasty surprises and employee grievances. Intranets on the iPad During 2012 and 2013, more and more organizations will offer end users the opportunity to interact with
14 February 2012
the fl ash drive. IT authorized access to the locked USB ports on the clinic’s desktop computers so that clinic staff could upload the data from LOK-IT.
Implementing the drive was simple. Basically, it’s a plug- and-play device, so there’s little training to be done. There were “no glitches … no hesitation,” Selzman says. The clinic found an added benefi t for patients who have home monitoring devices that transmit their cardiac reports using a landline. The reports are uploaded by the patient at home to the medical device companies’ websites. There are various devices, so there are several different sites where the patient reports end up. LOK-IT helps those patients who don’t have a landline by allowing the data from the medical device at home to be transferred to the hospital’s electronic medical records.
The clinic uses other medical devices besides St. Jude’s product, including Medtronic devices. Selzman says the LOK-IT drives they purchased also work with the Medtronic devices. For the clinic’s two physicians, two nurses and administra-
tor, LOK-IT has made fi ling patients’ medical records much easier. What once took hours can now be done at the end of a clinic day in 30 minutes. The stacks of paper are gone. “It’s easier to fi nd patient data,” Selzman says. Instead of looking through piles of paper, doctors now can search electronically. And the cardiac clinic has moved closer to the V.A.’s goal of going paperless.
Intranet sites or collaboration tools, such as SharePoint, on their private or corporate iPad. This will provide productivity gains for organizations and faster response times as users respond to corporate documents on a more convenient device, both at the offi ce and while travelling. Organizations will have to consider the security implications this poses.
Content security verses hardware security Increasingly, organizations will look into approaches
where the security focus is around actual content rather than the storage device. Instead of looking at storage security, CIOs will identify content at risk and secure the content, so when it is replicated security stays/travels with the content to all its ultimate destinations.
Shortened product development lifecycles Customers will increasingly expect vendors to adapt
software even more quickly in response to evolving working practices and emerging IT security threats. Those vendors best able to demonstrate technical and business agility to “tweak” their offerings for immediate threat protection will gain a clear competitive advantage. Technology has to be kept as simple as possible for users to adopt as second nature, without signifi cantly impacting their productivity.
HEALTH MANAGEMENT TECHNOLOGY www.healthmgttech.com