The HITECH act has earmarked $19.2 billion for incentives to help encourage healthcare organizations and physicians to start using electronic healthcare records.   What those organizations will actually spend on implementing EHRs is likely to be far greater than $19.2 billion, but it is a good incentive to start them down the road, and it is definitely better than the penalties that will kick in if they haven’t converted by 2015.    The incentives don’t start until 2011, but a lot of organizations have started investigating the work required so that they will be converted by the time incentives start flowing.    This makes now a good opportunity for channel providers to start networking with healthcare organizations and suggesting solutions bundling security products and professional services to them for converting their paper records to EHRs.   Chief among those bundled security products should be ones that offer encryption and data loss prevention since encrypted data is exempt from loss disclosure requirements.    So if you’ve got contacts in the healthcare industry, and want a share of that $19.2 billion pie, now is the time for you to start identifying the security products you think you can help them implement.

The  SC World Congress Enterprise Data Security Conference for 2009 is coming up soon, and it promises to be a great event with 4 interesting keynote presentations:

1. The CEO of Heartland Payment Systems will talk about what was one of the largest data breaches on record,  and what they are doing to make sure that it never happens again.
2. A mock trial of a computer crime case presented with the audience as the jury.  The case will rely heavily on electronic forensic evidence, and real DoJ prosecutors, lawyers, judges and FBI professional witnesses will participate.
3. FTC commissioner William Kovacic will discuss case studies on identity theft, phishing and other security issues, and how the FTC is addressing these issues.
4. A panel discussion from the CISOs from some of the largest ISPs regarding what they are doing to protect the basic infrastructure we all use.

In addition to the keynotes, attendees will be able to choose from sessions in four tracks: numerous sessions in four tracks: Policy and Management; Emerging Threats and Risk Planning; Editor’s Choice (sessions chosen as most relevant and interesting by SC Magazine); and a brand-new Technical track that will offer a deeper dive on the technical aspects of threats and vulnerabilities, as well as relevant solutions.  

And of course, Zecurion will be there to show you how to protect your critical data.  So please stop by the Zecurion Booth (#329) to see suite of products can protect your data from internal threats.

Ever since the Trusted Computing Group released its storage encryption standards earlier this year, companies have started touting the benefits of using self-encrypting hard drives as the solution to the problem of safeguarding data-at-rest.   These companies recognize one of the inherent limitation of self-encrypting hard drives, which is that managing the keys for multiple hard drives would quickly become a nightmarish task for an IT department.  Of course, they have a solution for the problem which is an additional hardware component that provides local key management for all the hard drives.   And they claim that these solutions are cost effective compared to the cost of a data breach.   Of course, any IT manager knows that justifying spending money based on avoiding the cost of a data breach is a fairly hard sell in most companies.  And in absolute terms, these solutions are not cheap.  That’s because you have to buy the individual self-encrypting drives, as well as the local key management hardware.

It would be much easier to justify a solution that has a low absolute price point and that allows you to leverage all of your existing hardware.  A solution like Zserver Storage.   The companies that offer local key management hardware will tell you that software based encryption management solutions are limited by the processing resources on the computer and thus can’t give you the performance of their hardware solution.   But CPU speeds are rapidly increasing and multi-processor boxes are now common.  So software solutions that have multi-threaded capabilities are capable of delivering the same performance as hardware solutions.

So the bottom line is that if you are going to encrypting data for your home or a small home office where you only need to encrypt a few drives, then standalone self-encrypting drives may be the most cost-effective solution for you.  But if you are responsible for an office, you should give serious consideration to an encryption management solution like ZServer.