Applying the HHS framework to assure compliance in the virtual data center
The software defined data center is gaining ground as virtualization of data centers becomes mainstream. Organizations benefiting from the flexibility and economic advantages of virtualization also have to consider the impact of virtualization on compliance. Virtualized security can bring significant assistance to achieving compliance. The benefits of encapsulation and isolation have enabled Catbird vSecurity to provide the monitoring and control that make compliance more attainable, and the auditing to help provide proof of compliance.
Virtualization Brings HIPAA Compliance Closer
Health Insurance Portability and Accountability Act (HIPAA) compliance requires a combination of trained staff and management, together with strong policies and industry leading technology. The Department of Health and Human Services (HHS) has provided a framework of control objectives for measuring HIPAA compliance.
Virtualization brings positive advantages to supporting HIPAA controls and for measuring HIPAA compliance. Catbird vCompliance for vSecurity complements VMware virtualization by providing comprehensive support for the key controls required by the HIPAA framework and hence brings major benefits to achieving HIPAA compliance.
How Catbird vCompliance for vSecurity Helps HIPAA Compliance
Access Controls and Virtual Administration
Virtualization collapses traditional data center roles and potentially increases the risks associated with inadequate segregation of duties. Catbird vSecurity provides dual controls to support strong segregation of duties within the virtual infrastructure environment, supporting the creation of specific roles for Operations, Security, and Audit personnel. These roles are then enforceable by zone and policy.
Monitoring and Reporting
Catbird vSecurity includes detailed and multi-layered device, system, service, and Internet web-application monitoring capabilities and provides standard and customizable thresholds for applicable service levels. Reports may be published for individual services, groups of services, or for all services. Real-time monitoring for service and virtual machine availability together with network flow reports may be used to inspect virtual network topologies.
Catbird vSecurity provides policy-driven security with configuration baselines. This includes security services, alerts, and reporting to monitor events, detect attacks, validate configurations, and protect against unauthorized changes and unauthorized use.
Support for continuous and periodic assessment of quantitative technical risks to the IT infrastructure assists in the provision of risk reporting. These assessments are available by asset, asset type, zone, site, or any other custom portfolio.
Catbird vSecurity supports manual and automated controls with monitoring and reporting of the integrity of test environments. Catbird TrustZones may be configured to simplify comparison of production and development environments to ensure configuration consistency and integrity
Get HIPAA Compliant with vCompliance for vSecurity
Catbird vSecurity is the only product that addresses the key HIPAA controls needed for HIPAA compliance. Catbird vSecurity goes beyond monitoring and audit by instantly identifying compromised assets, alerting appropriate personnel, and enabling optional quarantine of offending virtual machines. No other vendor can deliver the breadth and depth necessary for HIPAA compliance from within the virtual infrastructure.
This radar graph illustrates HIPAA compliance posture as seen within the Catbird vSecurity web interface. The blue line indicates the HIPAA compliance controls baseline and the shaded area represents the actual HIPAA compliance level within this virtual infrastructure.
Catbird vCompliance includes the following features supporting HIPAA compliance in the virtual data center:
- Default HIPAA specific policies and reports built upon Catbird vSecurity controls that are automatically mapped to the appropriate HIPAA controls. Catbird vSecurity monitors, audits and enforces more HIPAA controls than any other vendor
- Enforcement of network access and traffic flow controls even in a flat network—significantly reducing the scope and cost of audit and compliance requirements
- Automatic quarantine of out-of-policy or compromised VMs to prevent breach of data center security
- Network segmentation
- Continuous vulnerability management
- Continuous monitoring and configuration validation of Catbird TrustZones
- Change audit and compliance enforcement
- Specific HIPAA security policies designed for optimal protection of the management network and other hypervisor management component
For more information, read our HIPAA paper:
We also invite you to test drive vSecurity. Request our free interactive demo. And, if you would like to talk one-on-one about how you can significantly reduce risks and costs associated with HIPAA audits, contact us.