Last year I was busy implementing policies and procedures to achieve HITRUST CSF certification. At the same time nation state hacking tools and vulnerabilities were being released on a monthly basis. I felt like I was caught in an IT security riptide. The goal of security and compliance seemed to be getting further away no matter how fast we tried to swim towards compliance. Then I happened on to the book by Alfred Lansing Endurance: Shackleton’s Incredible Voyage.

I was inspired by this incredible story. Certainly, if Ernest Shackleton and his crew could survive 19 months in Antarctica in 1915, we can survive the onslaught of threats to our infrastructure and achieve security and compliance in 2018.

This blog will describe some of the challenges we face and provide solutions and insights into building managed, secure, compliant IT infrastructure forĀ  healthcare companies, mostly in the cloud.

We will be covering the following areas in future articles

  1. About the HITRUST Alliance and Common Security Framework
  2. JumpCloud – Directory as a Service
  3. Eliminating Cron Jobs with RunDeck servers
  4. LastPass Password Manager
  5. Multi-factor Authentication – use Google Authenticator vs SMS messages
  6. Apple Business Manager (ABM)
    1. Device Enrollment Program (DEP) and
    2. Volume Purchasing Program (VPP)
  7. JAMF Now – Mobile Device Management
  8. Amazon Web Services (AWS)
  9. Sophos End Point Protection (EPP)
  10. Google G-Suite or Office 365?
  11. NextCloud self hosted cloud file sharing
  12. WordPress hosted in AWS
  13. Email Setup – MX records, SPF, DKIM and DMARC DNS records
  14. Amazon Route 53 and registrar
  15. Setting up Confluence, Jira and BitBucket
  16. Documenting Policies and Procedures in Confluence
  17. Building IT Documentation and Workflows in JIRA
  18. Configuring New Relic APM with SSO
  19. Configuring Sumo Logic SEIM with SSO
  20. Building VPNs with OpenVPN and SSO
  21. Deploying Immutable Servers with Terraform
  22. Deploying/Integrating RingCentral phone with SSO
  23. Performance Monitoring with New Relic
  24. Need a NAS? – Synology or QNAP with LDAP and S3 backups
  25. Secure Software Development Lifecycle – Static and Dynamic Code Scanning
    1. Veracode
  26. Vulnerability Scanning – Qualys