As the BYOD trend becomes more and more common in organizations worldwide, there is a push to both comply with HIPAA and establish network accessibility for personal devices, most of which rely on Cloud or SAAS. Requiring network connectivity for their operation, these devices can increase the risk and severity of attacks. There could be dire circumstances if devices such as surgical lasers, MRI, or CAT scanners experience a network issue.
The BYOD trend can shoot holes through an otherwise effective network security system, thereby making HIPAA compliance harder to achieve while maintaining network accessibility. For organizations sifting through this new landscape, there are three important steps to help reach this balance.
1. Increase traffic based monitoring. The first step toward dealing with these challenges is through the use of network security devices that can monitor network traffic regardless of who owns the connected device. Intrusion detection systems (IDS) can be used to detect and report intrusion attempts, and intrusion prevention systems (IPS) can be used to stop attacks. Increasing deployment and visibility for these types of devices in and around the network will improve security.
2. Deploy static and dynamic security monitoring devices. BYOD can make network security a headache by increasing the total number of devices connected to a network, and increasing the variety among those devices. An optimized security architecture is vital, and network security devices must be placed at points in the network where they can access a wide spectrum of traffic. Device deployment depends on the type of security tool. Some devices need to be deployed inline while others only need to see a copy of the traffic going through the network to perform their task. The common decision for inline or out of band security tool deployment depends on the action that the tool will take. For example, IPS devices will remove packets that it determines are threats, so these devices must be deployed inline, to remove these malware packets. Some security and network engineers are hesitant to deploy vast numbers of IPS based tools that can dynamically remove packets from the network. If an issue occurs with an IPS, the network link that the IPS is deployed on can demonstrate slowness or possible loss of valid network packets. Other security appliances will simply alert or alarm on threats that they detect. These out of band devices are commonly deployed with a connection from a SPAN or port mirror, but are increasingly deployed with network taps. Using a tap, instead of a SPAN, creates a permanent location for the security device to collect information, and leaves the SPAN available for other analysis. It is essential to weigh the deployment advantages against the consequences of these security solutions to select the best option for your organization.
3. Know best practices to deploy traffic based security tools. To best protect your organization from security threats and maintain HIPAA compliance requires understanding of the strengths of both inline and out-of-band monitoring.
- Inline appliances such as an IPS are useful components of a security solution, but can carry inherent risk due to their dynamic nature. While IPS devices typically carry mechanisms to route traffic through them if they lose power, more realistic appliance issues are often overlooked, such as the impact that a mere firmware update can have on a security device Which can result in slower speeds. One solution to this issue is to use a Bypass Switch. A bypass switch can detect speed issues and route traffic around the appliance, while maintaining the network connection. Bypass switches come in a variety of types, speeds and features, but their main task is to improve online security tool uptime.
- Threat detection tools that only alert you when issues occur are commonly deployed using out-of-band technology such as a SPAN or port mirror to receive their data, copying data from one port on a switch to another for monitoring. These are great solutions to see traffic running over the backplane or VLAN of a switch. Keep in mind that many SPAN/port mirrors can be easily oversubscribed, which means the SPAN/port mirror is dropping packets. Since these packets never make it to the security tool, this in an inefficient method to connect IDS style security tools on busy networks.
The best security solutions use a combination of proactive threat elimination (from inline tools) and alert monitoring from detection systems (from out of band monitoring) for their security analysis needs.
The BYOD environment creates unique challenges for the network and security engineers in today’s workplace. Increased investment in security tools that monitor network traffic is a cornerstone to maintain security standards as the volume of BYOD devices increases. A set of security tools that have a combination of detection and prevention features are key components of a strong security compliance architecture. Understanding the network, types and volumes of packet traffic, and busy times, including backups, are essential background to help develop a good compliance architecture. Keep in mind that the method used to deploy security tools, such as SPAN/port mirror, taps and bypass switches, can be as important as the tool vendor chosen.
With BYOD seemingly here to stay, network and information security are becoming more difficult to maintain. Implementing a dynamic, strong security system can assist with HIPAA compliance and compensate for the challenges brought about by new trends like BYOD. It’s important to choose the right solution in this environment to maintain usability for end users as well as security of data, and Datacom Systems is striving to help our customers cope with the changing connectivity landscape.