©2016HyTrust,Inc.1

HyTrustHealsHealthcareChallengesandSolu<onstoSecurityandComplianceintheHealthcareIndustry EricChiu,

FounderandPresident

©2016HyTrust,Inc.2

WhoisHyTrust?

HyTrustWorkloadSecuritysolu<onsmi<gatesthesecurityandopera<onalrisksthatorganiza<onsfacewhenpursuingcloudandvirtualiza<ondatacentertransforma<on

Foundedin2007

Extensivevirtualiza<onandcloudsecurityexper<se

12grantedandpendingpatents

AcquiredHighCloudSecurityin2013

©2016HyTrust,Inc.3

Andithurts!

$2.1M/databreach

HowBadisSecurityinHealthcare?Howmanybreached:91%ofHealthcareOrgssuffereddatabreachinpasttwoyears

Whodiscoveredthebreach:69%ofthe<meauditor30%ofthe<mepa<ent23%ofthe<me-accidentally

Breachesoccurbecause:70%oforgssayemployeenegligence26%oforgssaymaliciousinsiders

40% 39%

12%9%

38% 36%

16%

10%

45%

33%

16%

6%

46%

33%

17%

4%

29% 31%26%

14%

0%

10%

20%

30%

40%

50%

Figure25.Trendsindatabreachincidents

Yes,morethan5breaches

Yes,2to5breaches Yes,1breaches No

CE2015 FY2013 FY2012 FY2011 FY2010

©2016HyTrust,Inc.4

TrendsDrivingSecurityChangesforHealthcare

TechnologyShiOs

Keyregula<onsremainsame,butaddedcomplexityofcloudusage

Cloudalsointroducesmoresupplychainobliga<on(viaBusinessAssociates)

BuyingdecisionsforserverandnetworkcomputecanbemadesolelybyITnow(withouteverygrouphavingareview)

Rolesoverlap(SDDC/NSX)crea<ngprocessconfusion

Admininvirtualenvironmenthasmoreimpactwitheachac<on

ThreatLandscapeShiOs

Valueofhealthcarerecordsishighestforblackmarket($470/recordvs$1orlessforcreditcarddata)–leadingtomorefrequentaeemptsatbreaches(internalorexternal)

NoteblackmarketrateforEHRhasincreased10xinjust3years!

From2013to2014alonehealthcarerelatedcompaniessawa72%increaseincyberaeacks(internalorexternal)

©2016HyTrust,Inc.5

WhatKeepsHealthcareCISOsUpAtNight?

2%

6%

13%

15%

15%

19%

26%

29%

32%

33%

40%

70%

0% 10% 20% 30% 40% 50% 60% 70% 80%

Other

Insecuremedicaldevices

Insecuremobileapps(eHealth)

Systemfailures

Processfailures

Iden<tythieves

Maliciousinsiders

Employee-ownedmobiledevicesorBYOD

Mobiledeviceinsecurity

Useofpubliccloudservices

Cyberaeackers

Employeenegligence

MarkeditemsshowareasHyTrustcan

addressimmediately!

©2016HyTrust,Inc.6

HowDoesHyTrustCureHeadachesfromSecurity/ComplianceRequirements?

Visibility

BestPracWces RegulatoryRequirement HyTrust

HIPAA(Audit/LoggingControls) Adminlogs,compliancelogs,compliance/security%met

HIPAA(Audit/LoggingControls)

HIPAA(AccessMgmt/DataProtec<on)/HITECH

HIPAA(AccessMgmt/DataProtec<on)

HIPAA(DataProtec<on)/HITECH(SafeHarbor)

HIPAA(DataProtec<on)

Finegrainedpolicycontrolsandextended/customizableRBACs;APIs

RBACs,HyTrustBoundaryControl(definedbydatacenterorgeography)

Veryfastandtransparentcontrolsandencryp<on;ac<ve-ac<veconfigura<ons

HIPAA(AccessMgmt)

HIPAA(BusinessAssociates/AccessMgmt)/HITECH

HIPAA(DataProtec<on)/HITECH

Audit

AutomaWcEnforcement

VirtualizaWonspecific

Run-Wme

DetailedprotecWon

Extendcoverage

Supportoffshore/contractors

Performance

Admins

HyTrustBoundaryControl

HyTrustDataControl/Policies

Run-<meencryp<onandre-keying(nodown<me/reboots)

28templateswithautoma<chardening

©2016HyTrust,Inc.7

Thankyou

www.Hytrust.com@hytrust

©2016HyTrust,Inc.8

Don’tBreakYourBack!HeavingLioing?Alreadydone.(HyTrust/HIPAAMapping)

©2016HyTrust,Inc.9

HyTrustWorkloadSecurityJourney

HyTrustDataControl

HyTrustCloudControl

HyTrustBoundaryControl

Protectservervirtualiza<onPrivatecloudSecuremul<-tenancy

01 Workloadencryp<onPubiccloudIaaSmigra<on

02 Mul<-cloudSooware-definedboundaryDatasovereignty

03

©2016HyTrust,Inc.10

What

HyTrustCloudControl

Why

HyTrustCloudControlCapabili<es

*Cominginfuturereleases

Who How

Strongtwo-factorauthen<ca<on

IntegrateswithAc<veDirectory,RSASecureID,CAArcotID,RADIUSandTACACS+,SmartCards(PKI)

Rootpasswordvaul<ng

LogViewer*UnifiedAccessRole–PermissionsAssessmentTool*

Role-basedaccesscontrol(RBAC)

Workload/SMARTtagging

Workflowescala<ons/secondaryapprovals

30+preconfiguredroles

Forensiclevellogs

Real-<mealertsforsensi<veorabnormalac<ons

Built-inintegra<ontoSIEMtools(HPArcSight,Splunk,RSAEnVision,McAfeeePolicyOrchestrator

©2016HyTrust,Inc.11

HyTrustDataControl

On-premisesandcloudready–acrossallmajorcloudprovidersHyper-Convergenceready–builtintoNutanix,Simplvity,othersStorageready–includingSSDtechnology

HTDCprotectsdataeverywhere

HTDCprovideseasymanagementScalable,zerodown<mere-keymanagementandencryp<onSingleinterfaceregardlessofwheretheworkloadrunsPre-integratedtoKMIPclient/serverforeasyextensibility

HTDCprovidesdeepprotecWon

Workloadprotec<onfromboottodatawithcompletestackprotec<onPortablepolicytravelswithworkloadtoensurealwaysonprotec<onConnectswithHyTrustBoundaryControlandHyTrustCloudControlforautomatedandworkfloworientedsecurity

OrchestraWon

HyTrustKeyControlandPolicyEngine

Workload Workload

Hypervisor

Hardware

Admins

KeyControl–thekeymanagerthatensuresenforcementofpolicyviakeymanagement

PolicyAgent–<espolicytoworkloadandexecutesencryp<onanddecryp<on

PolicyEngine–ensureappropriatecontrolswithcontext

©2016HyTrust,Inc.12