Solutions from Wall Street
to Main Street and everything in between
Because of explicit industry regulation for banks and credit unions, IT security programs and efforts continue to be scrutinized within the Financial Services Industry. To make things even more challenging, there are multiple and overlapping regulatory bodies, standards, policies, legal requirements and published guidance that are not synchronized between all entities because compliance jurisdictions and institution charters vary widely. Needless to say, what financial institutions are actually required to do to remain compliant is often a matter of interpretation that can vary significantly between regulators, auditors, and audit interpretations within IT departments.
Some of the different regulatory standards and requirements that we have built our On-Demand Managed Security offerings around adhere to published recommendations and guidance from the following regulatory and standards bodies:
- Gramm-Leach-Bliley Act (GLBA)
- Federal Financial Institutions Examination Council (FFIEC)
- National Credit Union Association (NCUA)
- Federal Deposit Insurance Corporation (FDIC)
- Department of Financial Institutions (DFI)
- Office of Thrift Supervision (OTS)
- Federal Reserve Bank (FRB)
- Office of the Comptroller of the Currency (OCC)
In addition to credit unions and banks, Security On-Demand provides On-Demand security monitoring and management solutions to mortgage companies, broker-dealers, investment advisors, student loan originators, finance companies, and other service organizations.
Healthcare & Related Industries
IT security has become an on-going challenge within the healthcare industry, and will remain so for many years to come. As the complexity and sophistication of medical technology has increased, the need to secure large decentralized networks with disappearing perimeters becomes tantamount. IP enabled monitoring equipment add to these challenges along with securely managing and protecting electronic Personal Health Information.
Using our On-Demand Managed Security Services within the healthcare industry provides:
- Availability of Critical IP enables healthcare equipment and computing devices
- Protects the internal and external network from unauthorized use or access
- Help meet HIPAA compliance requirements
- Provide guest network access without exposing corporate data assets
- Detect & contain endpoint, network, and external security threats
- Manage risk by ensuring compliance with access policy and associating a user ID with every endpoint
- Detect and contain malware, including zero-day threats, botnets, keyloggers, Trojans, worms, and viruses are quarantined before the propagate
Specific healthcare related industries that Security On-Demand has experience in servicing include biotechnology, Insurance, Third Party Insurance Administrators (TPAs), Medical device manufacturing, pharmaceuticals, outpatient clinics, hospitals, medical practices, hospice care, retirement/nursing Home facilities, etc.
Local Government, Utilities, & Education
Government agencies and other public institutions today face some of the most formidable security threats and often have the fewest resources available to defend themselves. Some of the types of organizations that we have helped and continue to assist include the following:
- City Governments — Includes past engagements with city agencies including the DA’s office, fire and police departments and also including support of city data computing resources.
- County Service Agencies — These agencies range from courts, to law enforcement, to 911 call services, to multiple other vital service agencies that are required for public safety.
- Municipalities — Local municipalities including waste treatment, landfills, and water districts are among the most stressed, but most critically important services that need to be protected.
- Education — Includes both public and privately funded institutions of higher learning. These environments are uniquely challenging due to their open environments that allow anonymity to the student population with few access controls.
- Transportation Agencies — These include rapid transit districts, bus systems, subway systems, trains, airports, and port districts and are among some of the most vitally important national security concerns.
- State Agencies — State agencies also deal with vital sources of sensitive information, from financial data to personal information such as tax information, benefits data, and personal healthcare information.
Security On-Demand provides government agencies and departments a security partnership that enhances, not impedes their ability to safely and securely operate and serve their respective organizations. Security On-Demand has years of experience in working within the limits of agency and departmental bureaucracies to help each entity accomplish their IT security and risk management goals.
Enterprise / Public
All enterprises today strive to defend their network from threats, policy violations, and unauthorized access to sensitive data. However, as threats have evolved, traditional security defenses are becoming less effective, which means that enterprises have been required to add additional layers of security countermeasures to complement existing defenses. One of the most important capabilities that an enterprise organization needs today is a robust security monitoring and management capability that can knit together disparate security technologies spread around decentralized networks, far flung branch offices, telecommuters, mobile devices, porous network perimeters and complex ecosystems of connected business partners.
In addition, Sarbanes-Oxley compliance and their related international cousins (Basel II, J-Sox, etc.), are often key areas of concern with regards to management of internal IT controls. Security On-Demand’s Sarbanes-Oxley compliance monitoring and reporting solutions deliver:
- Proper security controls around your critical information assets
- On-Demand, enterprise-wide security reporting
- Identification of existing vulnerabilities & early warning to emerging threats
- 24×7 Incident Handling capabilities
- An enhanced security posture
- Improved operational efficiency
- Increased shareholder value
- Cost Savings from staffing, license, and capital investment reductions
Small & Medium Sized Business
Most small and medium sized businesses today are feeling the economic pinch resulting from economic slowdown and worldwide recession. Everyone is under pressure to reduce costs and increase operational efficiencies. Everyone must do more with less. Compliance and risk management requirements, however do not disappear or is the burden lessened because companies have less money to pay for protecting confidential information. In fact, would-be attackers and those that are intent on committing financial fraud are increasing their activities during these lean economic times.
An optimum solution to such circumstances is IT security outsourcing. Increasingly for small and medium size businesses today, this service is more cost effective than performing these functions completely in-house. IT departments need not fear that this arrangement will force anyone to be laid off or that IT staff will lose control over technologies or areas they were previously were responsible for. Quite often the IT staff is quite overwhelmed and already suffering from such issues as:
- Lack of personnel, and IT security expertise
- 24×7 staffing coverage for monitoring of security events
- Managing and supporting a wide array of security technologies
- Lack of integrated reporting and log reviews to fulfill compliance requirements
- Time and product expertise required to tune, maintain existing security technology
- Annual costs of equipment, software, and license maintenance contracts
In addition, the Security On-Demand architecture was designed to provide transparency and accountability to the IT department staff, compliance manager, IT Director, and company management.
We have designed our offering to provide the small or medium sized business organization complete control over their IT security assets, including any and all decisions that may need to be made regarding incident response, quarantine of network users, research of potential malicious activity, compliance reporting, etc.
Retail & E-Commerce
The Payment Card Industry (PCI) Data Security Standard, has had a profound and far-reaching impact on businesses that process credit card information. The stakes are high. Credit card theft is the most popular and sought after form of financial fraud and exploitation in the world today. Combined losses and the financial business impact on organizations are in the billions of dollars worldwide.
This compliance standard not only applies to companies that conduct business on-line, but every other type of business that processes, accepts, or in some way uses credit cards in the course of doing business. Some of the critical protections that Security On-Demand provides today include the following:
- Broad compliance with PCI security objectives that make it easier to systemize security process
- External and Internal vulnerability scans that proactively identify known and potential weaknesses in the network, applications, and systems.
- Understanding of how to interpret and apply the PCI security standards to an individual company’s unique business and computing environment
- Through a security dashboard, an integrated frame work for viewing and understanding security risk as it relates to PCI, which helps the organization ensure they can pass audits, and meet standards of Due Care.
- Reporting and Log monitoring that specifically meets PCI reporting requirements without having to invest in purchasing and integrating multiple security technologies.
- Assurance and confidence that goes beyond “checklist” style compliance so that your expenditures help you protect sensitive data, manage risk, and lower maintenance costs.