HIPAA Compliance discussion

Transcription

1 HIPAA Compliance discussion

2 GoToWebinar Housekeeping: attendee participation Open and hide your control panel Join audio: Choose Mic & Speakers to use VoIP Choose Telephone and dial using the information provided Submit questions and comments via the Questions panel Note: Today s presentation is being recorded and will be provided within 48 hours. Send questions via Twitter and #duotalk

3 All Breaches Involve Stolen Credentials Strong two-factor authentication stops breaches February 2013

4 Malware and cybercrime success AV-Test Malware Samples Delaware FINCEN SARs

5 HIPAA isn t the biggest risk The total economic impact of medical identity theft is $30.9 billion annually, up from $28.6 billion in Ponemon Institute, Second Annual Survey on Medical Identity Theft. (2011)

6 HIPAA compliance isn t the easiest task Administrative Physical Technical

7 Barriers for two-factor success Complex User Enrollment/User management Complex Deployment and Administration Terrible End User Experience Lack of 2nd factor authentication options Expensive (Cost and Time)

8 Solution: two-factor authentication Something you know + something you have (are/do) Regulatory standard (PCI, HIPAA, FFIEC, CJIS, SOX) and industry best-practice, even for consumer accounts

9 A nightmare for users and admins Two factors: Cost & Complexity! Customers & users hate Defeated 20-year old tech Phishing used in RSA breach:

10 Duo: Making Your First Line of Defense Easy Your User Your System + Duo Security Industry-Leading Security Easy to Deploy: Scale in the cloud Easy to Manage: Users enroll themselves Easy to Use: Your phone is your key

11 Duo s Mission We do this by... Solve the biggest problems in security today: Account Takeover and Online Fraud. Making security easy and scalable, eliminating the cost and complexity of traditional two-factor solutions Leveraging and securing mobile devices Pro-actively securing your BYOD environment... for enterprise, provider, and consumer web

12 Easy to Use: Your Phone is Your Key Duo verifies users after their regular login Using any phone, mobile device, or standard token Duo Push Passcodes SMS Phone call Tokens

13 Duo s Primary Benefits Intuitive User Experience Friendly, interactive login process Flexible, convenient form factors Customizable user interface Easy Setup & Administration Administrator & developer friendly Simple, fast, self-service user enrollment Affordable, Scalable & Best TCO Mobile security and control 2012 Pay-as-you-grow, free for personal use No hardware requirements, no token overhead Industry-Leading Security Secure by design, externally audited Security is in our DNA

14 Easy to Deploy - 15 minute setup 1 Sign-up 2 Configure Application

15 Easy to Manage - users enroll themselves 1 Inline self-enrollment 2 One-click app install

16 Industry-Leading Security Duo Push: Public key protocol secure by design Out-of-band verification defeats Man-in-the-Middle, Man-in-the- Browser, other endpoint attacks Support for tamper-resistant mobile HSM / secure element BYOD visibility, audit, and control % availability since 2010

17 Outlook Web Access

18 Step 1: primary login

19 Step 1: primary login

20 Step 2: Duo login

21 Online: Duo Push

22 Online: Duo Push

23 Online: Duo Push Login Approved

24 Logged In

25 Offline: Passcodes

26 Offline: Passcodes

27 Offline: Passcodes

28 Offline: Passcodes

29 Logged In

30 royal victorian ear & eye hospital Business Challenge Failed IT audit: lack of two-factor authentication for remote employees Using both webmail and VPN Non tech-savvy user base primarily located in Australia Duo Solution Duo 2FA Cloud Service Citrix Access Gateway and Microsoft Outlook Web Access integrations Auth factors: primarily SMS Employee self-enrollment Results Hosted solution with Citrix and Outlook support made Duo their top pick User base is happy with the solution especially those using Duo Push Administration has been straight-forward. IT department easily handles requests for phone number changes, re-enrollment via link, and log monitoring

31 Online Tech Upcoming Events July 30 - How to Achieve Maximum ROI and Patient Satisfaction via EMR Webinar Contact Online Tech contactus@onlinetech.com Phone: Web: White Papers:

32 Q&A Thank you for participating in today s webinar! Try Duo Security s solution yourself with a free trial: Download Evaluation Guide for two-factor solutions: Duo Security Diane Sheldon-Ku (734) diane@duosecurity.com InCommon and Duo Security offer affordable campus licenses for phone-based second-factor authentication. Download our white paper: Duo Security's two-factor authentication is easy to integrate and use on a wide variety of systems. They are raising the bar for login security. Steve Weis, computer security expert and creator of the Google Authenticator online account protection.