Websense is readying its first hardware appliance, which will run the vendor's Secure Web Gateway Software including anti-malware filtering, SSL traffic inspection, application controls, and threat protections for Web surfing.
View this product in a slideshow.
The V10000 Web Gateway Appliance "is the first appliance we've ever done," says Dave Meizlik, director of product marketing. For customers, a hardware-based platform can provide the opportunity to consolidate servers, since the Secure Web Gateway Software typically runs on more than one server, depending on components installed.
The V10000 appliance will include a Web-based management platform. Because the hardware appliance makes use of the Xen virtualization platform, it will be possible to add new functional security components in the future, Meizlik said.
The V10000 starts at US$16,000 and is expected to ship at the end of April.
Ellen Messmer, Network World
Tuesday, April 7, 2009
Kaiser hospital cans 15 for peeking at octuplet mom's medical records
In the latest example of employee data-snooping, a Kaiser Permanente hospital located in a Los Angeles suburb has fired 15 workers and reprimanded eight others for improperly accessing the medical records of Nadya Suleman, the California woman who gave birth to octuplets in January.
The unauthorized accessing of Suleman's electronic records at the facility in Bellflower, Calif., violated a California law designed to safeguard the privacy of health care data, according to Kaiser spokesman Jim Anderson. He said the improper activities were discovered through increased network-monitoring procedures put in place by the hospital in connection with the birth of the octuplets.
Kaiser also conducted extra training to remind hospital employees of the need to keep patient data confidential, Anderson said.
The snooping incidents highlight the lack of adequate data-security controls at hospitals and other health care organizations, said Deborah Peel, who heads the Patient Privacy Rights Foundation in Austin.
Peel claimed that such privacy breaches occur on a broad scale because of the health care industry's continued reliance on "primitive" user-access controls. At large enterprises like Kaiser, she noted, thousands of workers may be able to access patient data, even if they don't need to do so.
In a similar case, the medical center at the University of California, Los Angeles, disclosed last April that as many as 165 doctors and other workers had improperly accessed the medical records of numerous celebrities over a 13-year period.
But such incidents aren't restricted to the health care industry. In January 2008, federal officials disclosed that U.S. Department of State employees and contractors had snooped in the electronic passport records of various politicians and celebrities, including then-Sen. Barack Obama's.
Jay Cline, president of Minnesota Privacy Consultants, thinks the "Facebook effect" is partly to blame. Users of social networks "have become used to poking through other people's profiles," Cline said, "and they see no ethical difference doing the same thing with employee and customer databases."
He added that IT and security managers need to make three things clear to employees: "Our systems are not Facebook. We're watching system usage closely. Use them for authorized purposes only, or you may be fired."
By Jaikumar Vijayan
Computerworld
The unauthorized accessing of Suleman's electronic records at the facility in Bellflower, Calif., violated a California law designed to safeguard the privacy of health care data, according to Kaiser spokesman Jim Anderson. He said the improper activities were discovered through increased network-monitoring procedures put in place by the hospital in connection with the birth of the octuplets.
Kaiser also conducted extra training to remind hospital employees of the need to keep patient data confidential, Anderson said.
The snooping incidents highlight the lack of adequate data-security controls at hospitals and other health care organizations, said Deborah Peel, who heads the Patient Privacy Rights Foundation in Austin.
Peel claimed that such privacy breaches occur on a broad scale because of the health care industry's continued reliance on "primitive" user-access controls. At large enterprises like Kaiser, she noted, thousands of workers may be able to access patient data, even if they don't need to do so.
In a similar case, the medical center at the University of California, Los Angeles, disclosed last April that as many as 165 doctors and other workers had improperly accessed the medical records of numerous celebrities over a 13-year period.
But such incidents aren't restricted to the health care industry. In January 2008, federal officials disclosed that U.S. Department of State employees and contractors had snooped in the electronic passport records of various politicians and celebrities, including then-Sen. Barack Obama's.
Jay Cline, president of Minnesota Privacy Consultants, thinks the "Facebook effect" is partly to blame. Users of social networks "have become used to poking through other people's profiles," Cline said, "and they see no ethical difference doing the same thing with employee and customer databases."
He added that IT and security managers need to make three things clear to employees: "Our systems are not Facebook. We're watching system usage closely. Use them for authorized purposes only, or you may be fired."
By Jaikumar Vijayan
Computerworld
Bill Seeks to Give Feds New Security Powers
Two U.S. senators last week proposed legislation that would give federal officials new powers to create and enforce data security standards for key parts of the private sector -- and even shut down systems in some cases.
The Cybersecurity Act of 2009 would empower the National Institute of Standards and Technology to set "measurable and auditable" security standards for all networks and systems run by federal agencies, government contractors and businesses that support critical infrastructure services.
NIST would also be charged with developing a standard for testing and accrediting software built by or for those groups. In addition, the bill would enable the president to order that critical infrastructure networks be disconnected in the event of cybersecurity emergencies or for reasons of national security.
The bill, which was introduced by Sens. Jay Rockefeller (D-W.Va.) and Olympia Snowe (R-Maine), doesn't specifically define what would qualify as a critical network or system.
But in a statement, Rockefeller cited a broad set of examples. "We must protect our critical infrastructure at all costs," he said. "From our water to our electricity, to banking, traffic lights and electronic health records -- the list goes on."
Snowe added that the public and private sectors "must unite on all fronts," and she warned of a possible "cyber-Katrina" if action isn't taken quickly.
The bill "loosely parallels" a set of cybersecurity recommendations released in December by an outside commission that was set up by the Washington-based Center for Strategic and International Studies, Snowe noted.
Another provision would require the development of a licensing and certification program for government and private-sector security professionals. Meanwhile, a companion bill calls for the addition of a national cybersecurity adviser within the Executive Office of the President.
But Brian Chess, chief scientist at security vendor Fortify Software Inc., isn't convinced that new regulations aimed at the private sector will improve data safeguards. "Security is an attitude," he said, "and it's hard to legislate attitude."
Jaikumar Vijayan, Computerworld
The Cybersecurity Act of 2009 would empower the National Institute of Standards and Technology to set "measurable and auditable" security standards for all networks and systems run by federal agencies, government contractors and businesses that support critical infrastructure services.
NIST would also be charged with developing a standard for testing and accrediting software built by or for those groups. In addition, the bill would enable the president to order that critical infrastructure networks be disconnected in the event of cybersecurity emergencies or for reasons of national security.
The bill, which was introduced by Sens. Jay Rockefeller (D-W.Va.) and Olympia Snowe (R-Maine), doesn't specifically define what would qualify as a critical network or system.
But in a statement, Rockefeller cited a broad set of examples. "We must protect our critical infrastructure at all costs," he said. "From our water to our electricity, to banking, traffic lights and electronic health records -- the list goes on."
Snowe added that the public and private sectors "must unite on all fronts," and she warned of a possible "cyber-Katrina" if action isn't taken quickly.
The bill "loosely parallels" a set of cybersecurity recommendations released in December by an outside commission that was set up by the Washington-based Center for Strategic and International Studies, Snowe noted.
Another provision would require the development of a licensing and certification program for government and private-sector security professionals. Meanwhile, a companion bill calls for the addition of a national cybersecurity adviser within the Executive Office of the President.
But Brian Chess, chief scientist at security vendor Fortify Software Inc., isn't convinced that new regulations aimed at the private sector will improve data safeguards. "Security is an attitude," he said, "and it's hard to legislate attitude."
Jaikumar Vijayan, Computerworld
Subscribe to:
Posts (Atom)
