trusted advisor series desktop security: minimizing it threats through desktop virtualization and...
TRANSCRIPT
Trusted Advisor SeriesD e s k to p S e c u r i t y : M i n i m i z i n g I T T h r e a t s t h r o u g h D e s k t o p V i r t u a l i z a ti o n a n d A u t h e n ti c a ti o n M a n a g e m e n t
AgendaI n t r o d u c ti o n
Pa r t 1 : 3 S e c u r i t y C o n c e r n s & Te c h n o l o g y A p p ro a c h e s
Pa r t 2 : S S O & A u t h e n ti c a ti o n fo r V D I
Pa r t 3 : B r i n g i n g i t A l l To g e t h e r
Br ian P. BarnesD i r e c t o r - S o l u ti o n s A r c h i t e c t u r e
Headquarters • Founded in 2005• Farmington Hills, Michigan • 110+ employees• 85% of Staff is the
Delivery Team
Culture • 101 Best & Brightest Companies to
Work for• National—3 Years in a Row• Metro Detroit—7 Years in a Row• Project Success. No Exceptions.
Awards• Inc. 5000 – Ranked #634• Fastest Growing IT Services Company in
Michigan*. • 2013 Citrix Central Partner of the Year• 2013 Citrix Virtualization Deal of Year• AppSense Central Partner of the Year
*Inc 5000 over 100 employees
Who Is Coretek ServicesCoretek Services is a nationally recognized, industry-leading Consulting
Company and Systems Integrator that delivers high value and innovative solutions to any size organization.
Trusted Advisor SeriesPa r t 1 : 3 S e c u r i t y C o n c e r n s & Te c h n o l o g y A p p r o a c h e s
Security Concerns: Background Informati on
• The FBI Stated; “Healthcare systems suffer an acute risk of cyber attack for financial gain and are more vulnerable to attack than financial and government sectors.” https://info.publicintelligence.net/FBI-HealthCareCyberIntrusions.pdf
• Patient’s private health records now fetch higher black market prices than stolen credit card numbers on the black market http://www.reuters.com/article/2014/09/24/us-cybersecurity-hospitals-idUSKCN0HJ21I20140924
This reality is fueling an unprecedented number of fraudulent insurance claims, identity thefts, and a growing number of attacks targeting healthcare organizations!
• In 2014 alone, a record-breaking 47% of American adults had their data hacked http://money.cnn.com/2014/05/28/technology/security/hack-data-breach/
Unattended DesktopsPHI and PCI Data stays resident on computer screens, lacking ability to automatically lock
Simple & Unencrypted PasswordsGaining Access to text files, password lists or even worse, Sticky Notes!!
Security Concerns: 3 Key Security Threats
Lost & Stolen DevicesDevice Theft and Stolen Devices resulting in Data Breach!
Security Concerns: #1 - Unattended Desktops
The bottom line is that unattended PHI creates risks to both HIPAA compliance and patient safety.
• Care providers work in a hectic environment.
• Requiring care providers to manually log out is impractical.
• Automated inactivity timeouts are easily worked around
• Requiring providers to log back is frustrating and time consuming
Why Desktops are left unattended?
Security Concerns: #1 - Unattended Desktops
APPROACH: Secure Walk Away Automated Lockdown and Re-authentication closes this critical security gap by automating the process of securing the desktop when a care provider walks away, whether for just a moment or for hours, as well as automating re-authentication upon their return.
ISSUE: Unattended Desktops Interruptions cause care providers to abruptly leave a workstations while patients’ protected health information (PHI) can be left exposed and result in a potential HIPAA violation.
Security Concerns: #2 - Simple & Unencrypted Passwords
ISSUE: Unprotected PasswordsOftentimes password-fatigued healthcare employees will keep unencrypted text files containing their Application passwords on their computer, or leave sticky notes with various application passwords in plain sight on their keyboards, lab walls, or shared workstations. Most users are using password
APPROACH: Authentication Management & SSOThe implementation of complexity rules and password change rates are a must, but do little to prevent users from recording passwords in an unsecured manner. Combining an Active Directory Complex Password requirement along with something the user carries or a biometric element, eliminates the security risk of users managing password files and other means of remembrance.
Security Concerns: #2 - Simple & Unencrypted Password
Gartner Says Hosted Virtual Desktops Can Increase Security and Help Organizations Meet Compliance Standards http://www.gartner.com/newsroom/id/2444515
Security Concerns: #3 - Lost & Stolen Devices
ISSUE: Lost devices and hardwareTheft and Loss of Devices pose significant risks for healthcare
organizations that can house sensitive data on endpoint devices.
Security Concerns: #3 - Lost & Stolen Devices
APPROACH: Virtual Desktop InfrastructureDesktops are hosted from within the data center. Data, Applications and Services are all accessible through a device that houses NO PCI /
PHI Data contained locally and connected securely
Thin Client and Elimination of Windows EndpointsInstead of accessing a Virtual Desktop through a Windows Endpoint,
Users access their Roaming Virtual Desktop and Applications through a Solid State, Long Life, inexpensive Endpoint that has no real value
or use outside the Healthcare System.
Trusted Advisor SeriesPa r t 2A M o r e S e c u r e F r o n t D o o r : S S O & S t r o n g A u t h e n ti c a ti o n f o r V i r t u a l D e s k t o p s
Implementation of Virtual Desktop technologies on it’s own is not enough to secure your desktops and data.
The only barrier that stands between hackers and sensitive corporate resources is a simple or unsecured “password”
Organizations also need to be vigilant about internal threats that can result from lax security around sharing endpoints or data theft resulting from internal sources.
As the demand for Stronger Authentication measures grown, so have the solutions available to organizations today. The following are a list of 3 the most prevalent authentication methods and configuration available today in an proven and trusted widely deployed product.
SSO & Authenti cati on for VDI: Background
Virtualizing Desktop is not an adequate Security Strategy by itself!
Virtual Desktop Automation
Authentication Management
SSO & Authenti cati on for VDI : Increas ing Secur i ty
Single Sign-On (SSO)
SSO & Authenti cati on for VDI : Increas ing Secur i ty
Single Sign-On (SSO)
Authentication Management
Virtual Desktop Automation
Single Sign-On removes the need to repeatedly type usernames and passwords and streamlining application access for users
Authentication Management delivers fast, secure, No Click Access® to applications and desktops and re-authentication workflows
Imprivata Virtual Desktop Access (VDA) helps providers be more efficient, so they can spend more time with patients
Single Sign On addresses these 3 following challenges by significantly reducing clicks and eliminating the need to remember or enter application usernames and passwords.
Care providers regularly need to remember eight or more application passwords.
Security best practices require those passwords be unique, strong and frequently changed
Care providers writing down password, sticking them to monitors or even just plain forgetting them.
Optimized workflows enable faster access to patient information and enhanced care delivery. Passwords become centrally managed, simplifying HIPAA and HITECH compliance without impacting care providers or IT staff.
SSO & Authenti cati on for VDI : S ingle S ign On (SSO)
SSO & Authenti cati on for VDI : S ingle S ign On (SSO)
• SSO All Applications SSO provides support for all types of applications including terminal,
client server and cloud-based applications.
• Password Policy Automation Administrators can automate application password change processes
removing the task entirely from the care provider.
• Support for Application Virtualization Technologies support for virtual desktops and applications including Citrix
XenDesktop, XenApp desktops and applications, VMware Horizon View, VMware ThinApp and Microsoft App-V
• Auto-Launch Applications By automatically starting the required applications and signing
providers in, more time is given to patient care
Authentication Management delivers fast, secure access to the applications and information that care providers need, whenever and wherever they need it.
Security and regulatory compliance requirements mandate user authentication technology for accessing workstations and applications.
Care providers need to enter unique usernames & passwords for documentation signing, medication reconciliation and most other applications and workflows.
These laborious login requirements can disrupt clinical focus and obstruct patient care.
Authentication Management addresses these challenges by enabling fast, secure and auditable clinical access. Providers utilize either a badge or a fingerprint scan, coupled with an initial password or PIN.
SSO & Authenti cati on for VDI : Authenti cati on Management
SSO & Authenti cati on for VDI : Authenti cati on Management
• Proximity Card Readers proximity card readers allow care providers to access clinical applications and
patient records faster and easier. Care providers simply tap their badge and they gain access to the systems they need
• Self Service Password Management provides clinicians with a fast, easy and secure method to reset and retrieve
passwords, giving organizations a simple, easy-to-implement solution that helps clinicians quickly and securely reset their passwords
• Fingerprint Biometrics gives care providers secure and easy access to desktops and applications with just
a swipe of a fingerprint, eliminating the need to remember or enter usernames and passwords
• Secure Walk-Away automatically locks workstations when care providers leave and re-authenticates
them when they return
SSO & Authenti cati on for VDI : V i r tual Desktop Roaming
Virtual Desktop Access (VDA). gives care providers fast and easy access to their Citrix- or VMware-based virtual desktops. By replacing repetitive, manual log-ins with automated processes.
Manual log-ins at each location in a facility disrupts workflows and hinders efficiency.
Security and privacy requirements around patient data mandate that effective user authentication processes cover all types of access, including virtual
Virtual Desktop Access (VDA) provides fast access to virtual desktops that ‘follow’ care providers as they move around the office or hospital, maintaining the state of their systems and applications as they change locations, from Home to Work, or devices from their Desktop to their Tablet.
SSO & Authenti cati on for VDI : V i r tual Desktop Roaming
• No Click Access to Roaming Desktop integrates with Citrix and VMware environments to enable desktop roaming
with just the tap of a badge
• Strengthens HIPAA Compliance IT teams can define and enforce HIPAA-compliant policies for activities,
including frequent password changes, advanced authentication
• Simple Integration with Citrix and VMWare Imprivata Virtual Desktop Access is designed for easy and effective
implementation with desktop virtualization environments from market leaders Citrix and VMware
• Zero Client and Thin Client Support Imprivata Virtual Desktop Access is the only access management solution
available today that enables true desktop roaming between zero client devices, with industry-leading support for zero and thin client devices
SSO & Authenti cati on for VDI: Existi ng Environment
SSO & Authenti cati on for VDI : Secure & Integrated Soluti on
Trusted Advisor SeriesPa r t 3B r i n g i n g i t a l l To g e t h e r
• A fully automated, Virtual Desktop deployment with Hardware Based Primary Authentication, Single Sign On, Roaming Location Awareness supported on ANY device & ANY Location
• Hypervisor Agnostic, supporting both Citrix and VMware VDI Solutions integrated with ALL EMR / EHR Types!
• Fully focused on End User Experience and Clinical Optimization with advanced Workflows and Proven Deployment Mythology
• The Fastest Logon & Reconnect Experience of any Virtual Deployment with Coretek VDES!
• Active / Active Data Center Design providing Near Instant Scale Up and Full Business Continuity Design
Br inging i t A l l Together : V i r tual C l in ica l Workstati on (VCW)
Br inging i t A l l Together : V i r tual C l in ica l Workstati on (VCW)
• Position Use Case Assessment (1 Mon)• Conduct Clinical interviews with all stakeholders –
Providers, Clinical Workers, Unit Clerks, Accounting/Finance and more
• Lakeside VMP Planning Session• Defined user & datacenter requirements matched
on Assessment Data and Workflow Assessments• Review ergonomic, physical & device requirements:
Develop Design, ROI, Budget and Production Pilot
• Production Pilot (3 – 6 Months)• Advantage of Production Pilot to Drive User
Adoption and User Awareness• 8-12 Week Work Effort for 100 User, 30 Device Pilot
to an specified area / location
• Full Deployment (8 – 12 Months)• Full Enterprise Wide Deployment• Additional Use Cases like Physician Dictation (VDI),
Ambulatory Sites Reception and Outpatient Offices• Access Virtual Desktop Remotely / On the Road• Drive Deeper Adoption and Dual Data Center if not
already apart of the design.
Br inging i t A l l Together : V i r tual C l in ica l Workstati on (VCW)
Coretek Resources
Production Deployments
Over 400,000 Virtual Desktop Seats Deployed
Nat iona l ly