- 12 myths about how the Internet works
- Smartphone smackdown: Storm vs. iPhone
- IETF: Should we ignore the Kaminsky bug?
- Top 10 wicked cool algorithms
- How to recession-proof yourself
 |
While rapid-fire cost-savings and consolidation efforts typically dominate an IT executive's annual to-do list, what's getting the green light this year are multiphase projects that protect organizations from regulatory fallout and data leakage.
At the California Department of Health Care Services (DHCS), for example, increased federal mandates and heightened media attention have led to a focus on projects that prevent data loss, says Christy Quinlan, CIO at the Sacramento agency.
"I know that whatever we spend on projects to secure data would be a whole lot cheaper than having to deal with even one leak," she says.
IT executives in a cross-section of industries, including government, education and the private sector, share the sentiment. In fact, three specific project areas – privacy, enterprise rights management and data center automation – are all getting the go-ahead because they can enable better data protection.
Since she took office as CIO in 2005, Quinlan has had a laser-like focus on improving the systems at the DHCS, a 2007 Enterprise All-Star Award honorable mention designee. She describes herself as a doer, not a talker, and doesn’t understand why implementing new technologies takes some IT teams so long. Being a doer served her well earlier this year when the U.S. Social Security Administration (SSA) notified her team that its main system, Medi-Cal, was in violation of the Health Insurance Portability and Accountability Act regulations.
The mainframe-based application lacked the ability to prove that only need-to-know personnel were gaining access to private patient information, the SSA said. More than 70,000 workers in 58 counties use Medi-Cal to access Medicare and Medicaid claims.
To come into compliance, Quinlan needed to install role-based access privileges coupled with auditable time-stamping. "The SSA said we only had a short time to fix the problem or it was going to deny us access to its network," she says. The DHCS had no time to rewrite the Medi-Cal application code itself or to do any major system changes.
Instead, the agency opted to tack IBM's Resource Access Control Facility (RACF) onto the mainframe to manage and log role-based permissions atop the Medi-Cal system’s own basic built-in privileges. Now Quinlan can set multilevel security policies based on users and the types of files they are trying to access. "This depth of tracking allows us to create a full audit trail," she says.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment