Securing Unified Communications for Healthcare



Similar documents
Securing SIP Trunks APPLICATION NOTE.

White Paper. avaya.com 1. Table of Contents. Starting Points

Ingate Firewall/SIParator SIP Security for the Enterprise

What is an E-SBC? WHITE PAPER

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

ENTERPRISE SESSION BORDER CONTROLLERS: SAFEGUARDING TODAY S AND TOMORROW S UNIFIED COMMUNICATIONS

Recommended IP Telephony Architecture

SIP SECURITY JULY 2014

A Business Case for Mobility Solutions

How the ETM (Enterprise Telephony Management) System Relates to Session Border Controllers (SBCs) A Corporate Whitepaper by SecureLogix Corporation

An Oracle White Paper August What Is an Enterprise Session Border Controller?

OpenScape Session Border Controller Delivering security, interoperability and cost savings to the enterprise network border

Session Border Controllers in Enterprise

OpenScape UC Firewall and OpenScape Session Border Controller

Session Border Controllers: Securing Real-Time Communications

Best Practices for Securing IP Telephony

Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP

SBC - the UC-glue Security, Interoperability, Reliability. Alexander Kunzi

Clean VPN Approach to Secure Remote Access

SBC WHITE PAPER. The Critical Component

T6 w a y s t o m a x i m i z e y o u r s u c c e s s

How To Protect Your Business From A Voice Firewall

Security & Encryption

Voice over IP Security

VoIP Encryption in the Enterprise

Building the Lync Security Eco System in the Cloud Fact Sheet.

Oracle s Solution for Secure Remote Workers. Providing Protected Access to Enterprise Communications

Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER

Clean VPN Approach to Secure Remote Access for the SMB

Preparing VoIP and Unified Communications Systems for IPv6 Technical Summary September 2014

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

Cconducted at the Cisco facility and Miercom lab. Specific areas examined

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

How to Prevent a Data Breach and Protect Your Business

Oracle s Unified Communications Infrastructure Solution. Delivering Secure, Reliable, and Scalable Unified Communications Services

Whitepaper SBC Sticker Shock

SIP Security Controllers. Product Overview

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

PETER CUTLER SCOTT PAGE. November 15, 2011

Security Best Practices for Enterprise VoIP. Preventing Attacks and Managing Risk

WHITEPAPER. Addressing Them with Secure Network Access Control. Executive Summary... An Evolving Network Environment... 2

Whitepaper. Are Firewalls Enough for End-to-End. VoIP Security

S-Series SBC Interconnect Solutions. A GENBAND Application Note May 2009

VoIP Encryption in the Enterprise

ICTTEN5168A Design and implement an enterprise voice over internet protocol and a unified communications network

Comparing Session Border Controllers to Firewalls with SIP Application Layer Gateways in Enterprise Voice over IP and Unified Communications Scenarios

WHITEPAPER. Wireless LAN Security for Healthcare and HIPAA Compliance

Avaya Session Border Controller for Enterprise

SangomaSBCs Keeping Your VoIP Network Secure. Simon Horton Sangoma

Cisco Advanced Services for Network Security

SIP Trunking Steps to Success, Part One: Key Lessons from IT Managers Who ve Been There

Innovation in Security. Secure Enterprise U n i f i e d C o m m u n i c a t i o n to protect business assets in the 21st Century

How To Use An Apa Sip (Sip) To Improve Your Business

CounterPath Bria with Oracle TSC Feature Pack. A Solution for Operator and Enterprise (OTT) Service Delivery. Solution Brief.

WHITEPAPER. Addressing Them with Adaptive Network Security. Executive Summary... An Evolving Network Environment Adaptive Network Security...

T.38 fax transmission over Internet Security FAQ

SIP Trunking Configuration with

How To Secure A Voice Over Internet Protocol (Voip) From A Cyber Attack

Compliance and Unified Communication

The Healthcare challenge to protect patient information - HIPAA Compliance

SIP Trunking with Microsoft Office Communication Server 2007 R2

Say Yes to BOYD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices

Deploying Firewalls Throughout Your Organization

Session Control Applications for Enterprises

THE TOP SECURITY QUESTIONS YOU SHOULD ASK A CLOUD COMMUNICATIONS PROVIDER

Oracle s SIP Network Consolidation Solutions. Using SIP to Reduce Expenditures and Improve Communications

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

Multi-layered Security Solutions for VoIP Protection

Police. 21st Century Security Problem for Police Authorities.

Avaya SBCE 6.3 Security Configuration and Best

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

How To Support An Ip Trunking Service

Threat Mitigation for VoIP

Microsoft Lync and SIP trunking - Ensuring multi-vendor technology success with Prognosis

Professional Services

Network Security Forensics

Security Testing Summary of Next-Generation Enterprise VoIP Solution: Unify Inc. OpenScape SBC V8

Best Practices for Outdoor Wireless Security

Wireless like Wired reliability delivered

6 Steps to SIP trunking security. How securing your network secures your phone lines.

Easily Protect Your Voice Network From Attack

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

Using IP Networks for voice and video: benefits and challenges

Payment Card Industry Data Security Standard

Brochure. Dialogic BorderNet Session Border Controller Solutions

Building the Lync Security Eco System in the Cloud Fact Sheet.

Protecting the Palace: Cardholder Data Environments, PCI Standards and Wireless Security for Ecommerce Ecosystems

F5 and Microsoft Exchange Security Solutions

PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data

VoIP Trunking with Session Border Controllers

Firewalls vs. ESBCs: You May Be Under Attack and Not Even Know It. Mike Reiman Director of Software Solutions

Building A Secure Microsoft Exchange Continuity Appliance

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

Avaya plus Skype for Business: The Best of Both Worlds

Solution Review: Siemens Enterprise Communications OpenScape Session Border Controller

Deploying a Secure Wireless VoIP Solution in Healthcare

The Fortinet Secure Health Architecture

HughesNet Broadband VPN End-to-End Security Using the Cisco 87x

Transcription:

Securing Unified Communications for Healthcare Table of Contents Securing UC A Unique Process... 2 Fundamental Components of a Healthcare UC Security Architecture... 3 Making Unified Communications Secure Enough for Healthcare... 5 Avaya UC Solutions Help Healthcare Organizations... 6 Blending Opportunity with Security... 6 Learn More... 7 Secure unified communications that protect patients from privacy violations and healthcare providers from the consequences of noncompliance Unified communications (UC) is a mission-critical tool for today s healthcare organizations. Although it has advantages that apply to all industries and organizations, it is especially important for the healthcare industry because delayed or misinterpreted communications can affect patients health and even their lives. UC facilitates more effective communications and can help lower costs, in addition to helping meet the demand for better productivity and improved care. In response to government mandates, hospitals are transitioning to electronic health records (EHR), and increasingly, are delivering critical voice, e-mail, text, and video via mobile applications. UC helps address the challenges inherent in electronic distribution, such as the need to integrate the right communication tools into the context of the user and task. It can reduce errors and delays, and make operations more efficient creating a single interface for communications via smartphones, laptops, tablets and traditional telephone interfaces. All this means faster, more accurate communication, which in turn can translate into prompt, safe patient care. UC helps save time and resources, allowing staff to fully and efficiently utilize resources, shorten patient stays, and lower costs. Since most UC systems are auditable, it also helps healthcare organizations comply with government mandates such as the United States Health Insurance Portability and Accountability Act of 1996 (HIPAA). Whether or not healthcare providers can exploit these advantages hinges on another critical concern security. Healthcare organizations and the communications systems they use handle the most private and sensitive kind of information. Protecting that information from alteration, loss, and unauthorized access is a matter of law as well as compassion and common sense. Failure to comply with laws and regulations puts the organization at avaya.com 1

financial risk. Based on a February 2011 research report by the Aberdeen Group 1, poor communications security has the potential for serious consequences in the healthcare industry as well as in other industries. According to the report, the average maximum cost for a single lapse in regulatory compliance can cost: $2.1 million for Sarbanes-Oxley $1.5 million for Global Privacy Regulations $1.4 million for Securities and Exchange Commission Regulations $1.3 million for PCI DSS $1.1 million for HIPAA Securing UC A Unique Process When adopters begin using unified communications, many focus on the benefits realized by deploying the core technology, and are slow to recognize specific security concerns and the best practices to address them. As UC becomes more and more common across industries, some security insights are universally applicable. UC applications operate in real time, and must be secured in real time. UC operates at the application layer; therefore, it requires application layer inspection for proper security. UC is based on an endlessly changing combination of device types, creating more doors to guard. UC can use untrusted networks that are outside the IT department s control. (As in other industries, healthcare workers now continue to work while on the move or at home.) Compliance rules that apply to more traditional IT and communication types apply to unified communications as well. All these insights apply to healthcare operations, but healthcare also has its own unique requirements. UC security in the healthcare realm is not, for instance, the same thing as data network security, which is a primary concern in corporate UC implementations. The healthcare industry needs real-time, application-layer security for applications and devices sharing the same 1 Aberdeen Research Brief: Unified Communications Security: A Best-in-Class Strategy to Unleash Value February 2011 avaya.com 2

infrastructure. In addition, information security mandates and compliance rules are arguably more extensive and stringent than those in any other industry HIPAA in the United States, the Personal Health Information Protection Act (PHIPA) in Canada, the Data Protection Act (DPA) of 1998 in the United Kingdom, Data Protection Directive 95/46/EC for members of the European Union, and similar regulations enforced by national and local governments around the world. Complying with legal mandates is not easy. Hospitals are already bring-yourown-device (BYOD) environments, and unified communications solutions allow more smartphones, tablets, videophones, and soft clients into the mix as well as more end points. In addition, hospitals must contend with threats that are common across industries, such as identity theft, research espionage, and toll fraud, as well as many more pressing concerns. Hospitals must be on alert for denial-of-service attacks, which can affect the critical communications that direct patient care, or the privacy risk posed when doctors, nurses, and pharmacists send protected patient data over an unauthorized instant messaging application that uses a cloud-hosted application on the Internet. Fundamental Components of a Healthcare UC Security Architecture An effective UC security architecture for healthcare settings requires four critical capabilities: encryption, access control, threat detection, and policy enforcement. Encryption for privacy Although all unified communication devices offer encryption, some organizations don t use it. Particularly in healthcare institutions, internal users are seen as well intentioned and benevolent care givers who can be trusted with sensitive data. However, the risk of a single malevolent insider with access to life-critical, ultra-private information is unacceptable. From a security architecture standpoint, healthcare UC requires applicationlayer encryption, such as Transport Layer Security (TLS) for signaling and Secure Real-Time Transport Protocol (SRTP) for media. This is the most common encryption standard implemented in UC gear. Since clients that support TLS and SRTP encryption are available for smartphones, tablets, and avaya.com 3

other devices, adherence to these standards helps resolve the security issues associated with the proliferation of end points. TLS and SRTP are used to secure voice communications, as well as instant messaging and video traffic from intelligent endpoints. Access control and authentication for devices and users Access control is particularly important for hospitals, where there is a continuous turnover of patients and visitors, most of whom carry one or more communication devices. A healthcare UC architecture should include application-layer access control to complement standard network-level firewalling and authentication schemes. Equally important is session border control. The feature can be used to terminate SIP trunks, as well as provide a point of demarcation and control between trusted enterprise networks and untrusted carrier trunks. The architecture should also include the ability to hide topologies and conduct network address translation (NAT), which can effectively shield the healthcare organization s UC infrastructure, end points, and users from external parties. In addition, hospitals that use mobile UC end points can direct the session border controller to grant secure remote access to devices even if those devices are outside the enterprise. Threat detection and mitigation Toll fraud and eavesdropping are also key security concerns for hospitals. With a transient visitor population and easy public access to premises, vulnerability to toll fraud puts hospital funds (and ultimately patient care) at risk. Because patient information is among the most sensitive type of data, it must be stringently guarded against eavesdroppers. The appropriate defense is a signature-based intrusion prevention system that operates at the application layer and continuously scans signaling and media traffic to detect the patterns that indicate an attack. Policy enforcement The healthcare environment is heavily regulated, and at the same time, characterized by an extremely stringent demand for performance. A healthcare UC architecture must be able to act on regulatory mandated policies in real time without affecting speed and quality of delivery. This requires a centralized, easy-to-manage UC architecture to consistently apply policies avaya.com 4

across applications and networks. UC security should also enforce virtual LAN separation of voice and data traffic, to prevent attackers from hopping from the voice VLAN to the data VLAN, where they can gain access to any system on the network, including critical data repositories. Making Unified Communications Secure Enough for Healthcare Avaya has identified UC practices that can help healthcare organizations prevent intrusions and operational disruptions while maintaining compliance with privacy and security mandates. Secure all end points, especially those most often used for remote access such as smartphones, tablets, and laptops Use specialized UC security appliances that can encrypt both media and signaling connections in real time and on the fly, without requiring virtual private networks (VPNs) and tunnels for e-mail, IM, VoIP, and video communications Deploy SIP trunks for network and communications security, demarcation, and control Deploy enterprise session border controllers (SBCs) that contain integrated capabilities for policy enforcement, access control, failover, and deep packet inspection Figure 1 shows how SIP trunks and enterprise SBCs can provide comprehensive UC security when deployed together. SIP trunks protect enterprise VoIP communications by applying TLS or SRTP encryption. SBCs, especially if they contain the integrated components addressing the four elements of UC security described above, offer many benefits, including enforcement of enterprisespecific security policies. They also provide a layer of independence from service providers, enabling multiple SIP trunk provider access points, and support enterprise-specific call flows that service providers may not. By operating in real time, SBCs can secure VoIP and other UC applications over any network to any device. They help enforce enterprise security policies and compliance with industry privacy and security guidelines, without compromising performance. avaya.com 5

Avaya UC Solutions Help Healthcare Organizations REMOTE WORKER Hacker ROGUE DEVICE Properly encrypt the transmissions between INTERNET VoIP/UC applications and end points, including PSTN signalling and media Deploy SIP trunks with the industry s best security, demarcation, HOSPITAL Avaya SBCAE Avaya SBCAE SIP TRUNK PBX and control Support HIPAA Recording Compliance compliance by properly logging and protecting all private patient data communications Infected Softphone/PC Actively enforce security policies to prevent unauthorized applications or patient information Figure 1. Unified communications security with sip trunking and sbc controls leakage Scan and act on all Blending Opportunity with Security signalling and traffic based Today s communications travel in a multivendor, multiple-device, interoperable on updated threat and world. It spills into the controlled environment of the hospital or clinic, and attack markers provided brings opportunities to enhance patient care. Unifying these communications by the VIPER Lab can help healthcare organizations increase flexibility, reduce cost and complexity, and enhance user experience. But UC needs to be secure. By addressing the four dimensions of UC security, healthcare institutions can capture UC benefits, and at the same time, protect patient data from unauthorized access and patient care from disruption. avaya.com 6

About Avaya Avaya is a global provider of business collaboration and communications solutions, providing unified communications, contact centers, networking and related services to companies of all sizes around the world. For more information please visit www.avaya.com. Learn More To learn more and to obtain additional information such as white papers and case studies about Avaya Session Border Controller Advanced for Enterprise please contact your Avaya Account Manager or Authorized Partner or visit us at www.avaya.com/usa/product/avaya-aura. 2012 Avaya Inc. All Rights Reserved. All trademarks identified by,, or SM are registered marks, trademarks, and service marks, respectively, of Avaya Inc. 05/12 UC7078 avaya.com 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information