Slideshow How Your Business Partners Put Your Data at Risk

Published
  • July 16 2015, 11:28pm EDT
8 Images Total

How Your Business Partners Put Your Data at Risk

With today’s security architectures, healthcare providers are only as secure as their partners. That’s because a perimeter-based security model focuses on granting access through the firewall for external contractors and other partners. But if a partner’s network is breached or credentials are compromised by a phishing or other attack, the hackers gain the same unfettered access to a provider’s internal systems. Security vendor Certes Networks, which sells virtual private networks, walks through common partner security risks. (Photo: Fotolia)

They’ve Turned Off Their Firewall

High overhead of encryption processing impacts performance of firewalls and other network devices. In many cases, partner enterprises open holes or even shut down some firewalling rather than impede application performance or network throughput. (Photo: Fotolia)

Content Continues Below


Their Employees Fall for Phishing or Other Attacks

Compromise of an external user’s credentials is the top attack vector in many high-profile breaches. Time and again, hackers have compromised a contractor or supply chain member and used that vector to bypass the enterprise firewall, get access to a providers’ systems, and get at the most sensitive data. (Photo: Fotolia)

They’re Not Segmenting Their Sensitive Traffic

Many organizations assume the firewall is enough and that once a “trusted” device is granted access to a “trusted” network, security is assured. Dozens of high-profile breaches across several industries has proven that theory wrong. Once past the firewall, hackers can move laterally to the most sensitive applications. Application and network segmentation are not optional in the modern enterprise environment. (Photo: Fotolia)

They’re Not Properly Patching Applications and Infrastructure

As many recent breaches have shown, SSL and “consumer grade” security technologies are not adequate for securing enterprise applications and the sensitive data that they contain, especially if such systems are not being patched and updated. If your partners are not adequately maintaining their systems, then you are exposing your own applications to increased risk when you share them with these partners. (Photo: Fotolia)

Content Continues Below


They’re Not Stringent Enough in Controlling User Access

Deploying two-factor authentication and role-based access controls for networked applications is a fundamental requirement for applications in the modern enterprise. If your partner is not deploying state-of-the-art access controls, then they are putting your own systems at risk because they can be a stepping stone for a hack attack. (Photo: Fotolia)

The Solution: Adopt a ”No Trust” Security Model

Modern cybersecurity assumes that all networks are essentially untrusted and that no user, device or application can be fully trusted. This means that applications should be protected, even when they are accessed by users on the local area network or another network that previously could be considered to be trusted. In addition, applications must be isolated and segmented with controls like real-time policy enforcement, traffic encryption and role-based access management. (Photo: Fotolia)

For more information on Certes Networks click here.