Contact us at info@uzado.com
David Millier

David Millier

Dave has over 20 years of cyber security experience, and is recognized as one of Canada’s leading authorities on Information Security. Dave founded and sold Sentry Metrics, an industry leader in the MSSP space, and recently released Breached!, a novel about the challenges businesses face around cyber security and ways to effectively manage it. Dave founded Uzado (which means “use or “usage” in Esperanto) to help companies simplify IT by using its visual workflow engine. As an avid off-road motorcycle rider, intrepid traveler, and foodie, Dave’s love of cooking is only surpassed by his love of eating!

Author's Posts

Four Measures Your Organization Needs to Achieve HIPAA Compliance

David Millier

HIPAA Compliance Healthcare Survey.jpg

With revisions to federal legislation around the security and storage of health information in the US, many businesses are aware that they need to ensure compliance with standards mandated in the Health Insurance Portability and Accountability Act (HIPAA). But that's left many with a big question: how does my organization become HIPAA compliant?

What Is HIPAA?

HIPAA is a federal legislation from 1996 that governs the security and storage of medical information in the United States. Health information can be important, especially if doctors need to share information with hospitals or other practitioners. But this kind of information is also very sensitive, and the act is designed to keep patients and their medical records safe in the digital age.

What Does It Take to Be Compliant?

Businesses become HIPAA compliant when they follow the standards of practice set out in the law. With the passage of the Patient Protection and Affordable Care Act of 2010 and the subsequent rollout of changes to the US medical care program, there has been a renewed focus on HIPAA and its standards.

Any company that deals with protected health information must comply with HIPAA. To do so, the business must ensure that the following four measures are being followed: physical, network, process security measures and “addressable” measures.

Physical Security Measures

Perhaps the simplest part of being HIPAA compliant is ensuring that physical security measures are in place and followed. These requirements focus on physical access to information and the workstations they're accessible from. To be compliant, you'll need to implement workstation security. This includes policies and procedures for workstation use that identify the work to be done and how it is to be done at that station, as well as protocols around the disposal of media and equipment that may have stored health information on it. Procedures addressing how to remove information from reusable media are also required.

Network Security Measures

There are 5 requirements in HIPAA that address network and network access in order to provide more security for sensitive health information. To be HIPAA compliant, you must implement unique user identification to facilitate tracking, create an emergency access procedure, and implement audit controls to record and monitor systems and workstations that collect and store electronic health information. You must also have an authentication process to ensure that someone requesting access to health information is the person they claim to be.

Process Security Measures

These administrative measures are probably the most difficult to implement—and the most important. To be compliant with HIPAA, your organization must perform risk analysis and risk management and have proper procedures in place. You must also designate HIPAA officers to monitor compliance. You must regularly audit and review use of workstations. Sanctions also need to be in place to discipline employees in breach of policy. If multiple organizations will have access to files or workstations, you need to ensure that only those who are authorized will have access to health information. You are also required to develop a contingency plan to protect sensitive health information in an emergency. You are required to evaluate your compliance and update it when necessary, and when you enter into an agreement with another business, you are responsible for ensuring that they will operate in compliance with HIPAA.

Addressable Measures

In addition to the required measures, there are also a number of items that HIPAA considers "addressable." While businesses aren't required to implement these measures to be HIPAA compliant, these additional measures provide added security for sensitive health information. These measures range from having a facility security plan to and clients. protecting your systems against malware. These items should be addressed by businesses dealing with health information—not just to be compliant with the law, but to provide more security for patients.

To learn more on how Uzado can help your organization become HIPAA Compliant, click below to request a demo.

 Request A Demo

Read More
Topics: Compliance, HIPAA Compliance, Security

Compliance Does Not Equal security

David Millier

Being_Compliant_Does_Not_Mean_Your_Business_Is_Secure.jpg

It’s a serious mistake—and one that too many people make all too often: assuming that your business is secure simply because you’re compliant with all current standards and legislation. Compliance simply isn’t enough to guarantee that your business is as secure as it could possibly be.

A Good First Step

Compliance is the starting point of security for many companies. For example, businesses that want to accept credit card payments will need to ensure they’re compliant with the PCI standards. Standards exist within industries to ensure businesses adhere to some minimum level of security in order to give clients, consumers, and other businesses peace of mind.

But while compliance is a good first step, it is just that: a first step. It is not the end of your business’s security journey.

The Problem with Compliance

Problems arise when ensuring adherence to various standards and legislations is the only step that businesses take to secure their operations. Most standards and laws contain only minimum requirements. They do not guarantee that you’re doing the most you can possibly do to be secure. While being compliant is better than having no security at all, the bare-bones requirements are often so minimal that they do very little to guarantee security. Take, for example, standards that require only annual scanning of systems. There are plenty of risks that will arise between scans—which means your business could be blindsided by a threat that comes up between scans.

Going Beyond

Once your business is compliant with the standards and legislation governing your industry and operations, it may seem like you don’t need to do much more to guarantee your security. After all, no one is asking you to do any more, so becoming compliant should be enough.

This is where many people make the fatal mistake: simply equating compliance with security. For your business to truly be secure, you need to go a step beyond. You must do more, even if a governing body isn’t asking you to. It may not seem cost-effective or efficient, but taking the extra step to ensure your business’s security is vital to your own operations.

What Should You Do?

Taking the extra step beyond compliance can seem like an enormous leap. After all, standards tend to set out measurable steps and finite guidelines for what you need to do. After you’ve become compliant, however, there’s much less in the way of guidelines; after all, if you only need to scan your systems once per year, no one is going to check if you’re going above that duty and scanning on a monthly basis.

Security can take many different forms once you’ve moved beyond simple compliance. You might opt to scan your systems more frequently; some businesses will do vulnerability scans once a month, or even more often. Other businesses will employ vulnerability management software to help them stay on top of potential risks. One of the best steps you can take is to adopt a risk-based approach to vulnerability management, which allows you to rationalize your IT security operations. Some standards will even outline additional or optional steps a business can take to ensure their security.

The Benefits

You need to move beyond simple compliance for your own peace of mind, so the methods you use to ensure your business is secure are largely up to you. Although the initial costs of engaging in additional scans or adopting vulnerability management software may seem daunting, the benefits far outweigh the costs. Mitigating risks, both known and unknown, now and in the future, is imperative for any business owner.

Why Compliance Does NOT Equal Security

Read More
Topics: Vulnerability Management, Compliance, Security

How Your Business Can Benefit from ITSM Software

David Millier

How-IT-Service-Management-Can-Improve-Company-Productivity.jpg

IT service management (ITSM) offers businesses a significant advantage over traditional IT. But even if your business implements ITSM and has brilliant IT employees, things can still go wrong. That’s why you need to supply your team with the best possible tools for the job: ITSM software.

What Is ITSM Software?

This would seem to be self-evident: ITSM software is software that supports the ITSM process. But what does that software actually do? And what does it look like?

Sometimes referred to as ITSM tools, this is specialized software, often focused on workflow-driven processes. Often bundled in “suites,” ITSM tools will support not just one process, but several. The core of the suite is usually the workflow management system. This system handles incidents, service requests, problems, and changes. Another tool commonly packaged in suites is a configuration management database (CMDB). ITSM tools should fulfill certain functional requirements (such as supporting automatic date and time stamping), to support ITIL’s recommended processes.

There’s a great variety of software suites available to support your ITSM processes. Since one of the greatest benefits of using ITSM in the first place is that it can be customized to your business’s needs, it follows that the tools that support those processes should also be customizable to an extent. While some businesses or vendors will opt for a suite that manages all of their processes, others may opt to implement only core tools or a less extensive suite.

Why You Need It

If you’ve implemented ITSM processes or you’re thinking about doing so, then it goes without saying that your business needs to invest in ITSM software too. Not giving your IT team the tools they need to implement ITSM processes properly is only going to frustrate them—and everyone else in your organization. But there are other benefits of using specialized software to support ITSM in your business. In fact, some of the benefits of using these tools will convince you that you need to be using an ITSM suite.

Easy Linking

An ITSM suite can facilitate linking between incident records, service requests, and problem and change logs. The software will often enable linking between these records. The tools can also link these records to configuration items in the CMDB. This can save time and it can also highlight issues affecting multiple users and link those problems or incidents back to changes or configuration information. It can also speed up resolution and the flow of information if, say, two different people are working on the same problem or if there’s a recurrent incident.

Manage Change in a Mobile World

More and more employers have employees who telecommute or work remotely. Employees who travel may rely on a smartphone to retrieve documents to take to an important meeting. All in all, today’s workforce relies more heavily on mobile technology and cloud storage than ever before. ITSM suites provide specialized tools for managing things like public/private cloud storage and for providing better service for employees on the go.

Cost Reductions

Just like ITSM processes can save your business money, so too can using the right tools for the job. ITSM software is specialized, designed specifically to support ITSM processes. Using it helps IT professionals implement those practices more efficiently and seamlessly, meaning you spend less time dealing with frustrating tech issues that keep you from doing important work. Preventative maintenance is worth a pound of cure and ITSM tools allow your IT team to keep a better eye on your systems so they can nip any issue in the bud.

Want to learn more?  Watch our video to learn more about ITSM Software and how your business will benefir from Simplifying IT! 

Watch our Video

Read More
Topics: IT Service Management, ITIL, ITSM Software

Simplifying IT in 6 Steps

David Millier

How_to_Simplify_Your_IT_Management.jpg

Today's business environment requires sophisticated technology departments fulfilling numerous vital functions. As IT and business functions become increasingly intertwined, managing IT becomes more important—and often, more complicated. But IT management doesn't need to be complex to be effective. In fact, sometimes it's better to keep things simple—and, in most cases, it’s easier than you think. Here are 6 steps to help you simplify IT.

1.      Use an ITSM Framework

Most businesses employ a service management approach to their tech department. Using any of the various ITSM frameworks will ensure that your IT department is more firmly integrated with the rest of your business. It will also ensure that your team is always looking for ways to improve, whether it's reviewing processes or automating certain tasks. The ITSM model can also help other divisions of your firm, as they realize more efficient processes and more cost-effective ways of completing vital tasks. The framework will also ensure that your IT is delivered on a consistent basis, which makes the department much more accountable to you.

2.      Use ITSM Software Solutions

Along with adopting an ITSM paradigm, you should also invest in the tools that allow your team to implement the framework quickly and easily. Many ITSM software solutions include a suite of products that can help your IT team do everything from manage their workflows to review your processes and ensure things are running efficiently, to run reports and analyses. This will provide insight into where your business's strategic advantages lay and how a process decision might affect your business.

3.      Ensure Compliance and Accountability

There are many standards and legislation that govern almost every aspect of every industry. This is especially true when it comes to cyber security and information security in the digital age. Many standards are, in some ways, sets of minimum requirements or best practices. No matter what industry you're in, monitoring and ensuring your compliance with various standards and legislation can help you manage your IT department more effectively. Using a tool like compliance management software can help your IT team do this in a cost-effective way.

4.      Take a Risk-Based Approach to Remediation

One of IT's biggest tasks in the current business environment is detecting and mitigating security risks. The process of scanning, monitoring, and remediating vulnerabilities is known as “vulnerability management.” But managing this task is enormous. Help your IT team out by implementing a risk-based approach to your vulnerability management. This means scanning more frequently, making better rules for which systems to fix and which ones to watch, automating some patch updates, and monitoring patched vulnerabilities to ensure they've been properly fixed. Doing this might sound like a lot of work, but the tangible benefits—including increased system security—make it a more cost-effective and efficient way of managing this aspect of modern IT departments.

5.      Use Vulnerability Management Software

Just as using ITSM frameworks requires the use of ITSM tools, the use of a vulnerability management system almost always requires vulnerability management software. This software can help your team pinpoint security threats, automate patches, and monitor your systems more closely and on a more frequent basis. That means your IT team will spend less time fixing breaches or undoing damage done by cyber criminals, and more time on their core tasks, while still maintaining system security. It will save you both time and money!

6.      Keep It Simple

All these frameworks and software solutions together help you streamline your IT processes and institute best practices. In turn, that makes IT management much more efficient and effective for your business. When IT management is less complicated, it helps your organization save time and money!  Find out how Uzado can help your organization save time! New Call-to-action 

Read More
Topics: IT Service Management, ITSM Software, Software as a Service