Systemic non-compliance: the root cause of pain for healthcare organizations
Tommy Abraham, Senior Director of Healthcare Assurance, Coalfire
Recently, I was fortunate enough to experience the joys of becoming a father as my wife and I welcomed our first child into the world. It was one of the most beautiful experiences of my life and I’m grateful for the advances we have made in modern medicine and technology. I mention this personal anecdote to provide context for what I witnessed about the data security challenges that have existed for years in the healthcare industry and are still pervasive today.
Cloud tech first floor recommendations
Mike Weber, Vice President, Coalfire Labs
I hate to say it, but I’m an old, curmudgeonly guy that’s been in the industry more than 20 years. And after a while, things just start to wear on you. In fact, there was a point in my career that I swore if I had to counsel just one more company on the importance of having strong passwords and password policies, I would jump out a window. And yet here I am, still dealing with these issues many, many years later. Thank goodness my recommendations were always delivered on the first floor. Read more
Coalfire and HITRUST – 9 years, 1,000 engagements and counting
Zach Shales, Director, Healthcare Certification, Coalfire
Since 2007, HITRUST® has offered programs that protect sensitive information and allow organizations to manage information risk globally across all industries and throughout the supply chain. In collaboration with information security, privacy, and risk management leaders from public and private sectors, they develop, maintains, and provides access to comprehensive risk and compliance management frameworks, and related assessment and assurance methodologies.
Mining Splunk's Internal Logs
Matt Alshab, IT Security Consultant, Technical Cyber Services, Coalfire Federal
Splunk is great about logging its warnings and errors, but it won’t tell you about them – you have to ask!
As the leading machine-generated data analysis software, it’s not surprising that Splunk excels at creating robust logs. The current version of Splunk Enterprise (v 8.05) generates 22 different logs (for a complete current list see: What Splunk logs about itself). These logs don't consume license usage, so other than disk space, there is no downside to all this logging, and the information the logs provide can be eye opening. The challenge for the Splunk administrator is getting a handle on these logs and using them to troubleshoot issues, find unknown errors, and improve performance.
Using Azure Blueprints to Control Azure Compliance
Doug Francis, Senior Consultant, Cloud Solutions Engineering, Coalfire
As Peter Parker says, with great power comes great responsibility. And so it goes with public cloud: With cloud scale and agility come cloud-scale problems and compliance nightmares. Every day, IT professionals balance the need to act quickly—often leveraging cloud speed of execution to implement resources—with the need to control resource deployments in their efforts to maintain proper organizational compliance and security posture.