Last year I was busy implementing policies and procedures to achieve HITRUST CSF certification. At the same time nation state hacking tools and vulnerabilities were being released on a monthly basis. I felt like I was caught in an IT security riptide. The goal of security and compliance seemed to be getting further away no matter how fast we tried to swim towards compliance. Then I happened on to the book by Alfred Lansing Endurance: Shackleton’s Incredible Voyage.
I was inspired by this incredible story. Certainly, if Ernest Shackleton and his crew could survive 19 months in Antarctica in 1915, we can survive the onslaught of threats to our infrastructure and achieve security and compliance in 2018.
This blog will describe some of the challenges we face and provide solutions and insights into building managed, secure, compliant IT infrastructure for healthcare companies, mostly in the cloud.
We will be covering the following areas in future articles
- About the HITRUST Alliance and Common Security Framework
- JumpCloud – Directory as a Service
- Eliminating Cron Jobs with RunDeck servers
- LastPass Password Manager
- Multi-factor Authentication – use Google Authenticator vs SMS messages
- Apple Business Manager (ABM)
- Device Enrollment Program (DEP) and
- Volume Purchasing Program (VPP)
- JAMF Now – Mobile Device Management
- Amazon Web Services (AWS)
- Sophos End Point Protection (EPP)
- Google G-Suite or Office 365?
- NextCloud self hosted cloud file sharing
- WordPress hosted in AWS
- Email Setup – MX records, SPF, DKIM and DMARC DNS records
- Amazon Route 53 and registrar
- Setting up Confluence, Jira and BitBucket
- Documenting Policies and Procedures in Confluence
- Building IT Documentation and Workflows in JIRA
- Configuring New Relic APM with SSO
- Configuring Sumo Logic SEIM with SSO
- Building VPNs with OpenVPN and SSO
- Deploying Immutable Servers with Terraform
- Deploying/Integrating RingCentral phone with SSO
- Performance Monitoring with New Relic
- Need a NAS? – Synology or QNAP with LDAP and S3 backups
- Secure Software Development Lifecycle – Static and Dynamic Code Scanning
- Vulnerability Scanning – Qualys