Get compliant and stay compliant
The software defined data center is gaining ground as virtualization of data centers becomes mainstream. Organizations benefiting from the flexibility and economic advantages of virtualization also have to consider the impact of virtualization on compliance. Virtualized security can bring significant assistance to achieving compliance. The benefits of encapsulation and isolation have enabled Catbird to provide the monitoring and control that make compliance more attainable, and the auditing to help provide proof of compliance.
“HIPAA compliance is a requirement. By choosing Catbird, we’re keeping money in the company – avoiding fines and bad press.” Matthew Barrett, Jefferson Radiology
Virtualization Brings HIPAA Compliance Closer
Health Insurance Portability and Accountability Act (HIPAA) compliance requires a combination of trained staff and management, together with strong policies and industry leading technology. The Department of Health and Human Services (HHS) has provided a framework of control objectives for measuring HIPAA compliance.
Virtualization brings positive advantages to supporting HIPAA controls and for measuring HIPAA compliance. Catbird complements VMware virtualization by providing comprehensive support for the key controls required by the HIPAA framework and hence brings major benefits to achieving HIPAA compliance.
How Catbird Helps HIPAA Compliance
Access Controls and Virtual Administration
Virtualization collapses traditional data center roles and potentially increases the risks associated with inadequate segregation of duties. Catbird provides dual controls to support strong segregation of duties within the virtual infrastructure environment, supporting the creation of specific roles for Operations, Security, and Audit personnel. These roles are then enforceable by zone and policy.
Monitoring and Reporting
Catbird includes detailed and multi-layered device, system, service, and Internet web-application monitoring capabilities and provides standard and customizable thresholds for applicable service levels. Reports may be published for individual services, groups of services, or for all services. Real-time monitoring for service and virtual machine availability together with network flow reports may be used to inspect virtual network topologies.
Catbird provides policy-driven security with configuration baselines. This includes security services, alerts, and reporting to monitor events, detect attacks, validate configurations, and protect against unauthorized changes and unauthorized use.
Support for continuous and periodic assessment of quantitative technical risks to the IT infrastructure assists in the provision of risk reporting. These assessments are available by asset, asset type, zone, site, or any other custom portfolio.
Catbird supports manual and automated controls with monitoring and reporting of the integrity of test environments. Catbird TrustZones® may be configured to simplify comparison of production and development environments to ensure configuration consistency and integrity
Get HIPAA Compliant with Catbird
Catbird is the only product that addresses the key HIPAA controls needed for HIPAA compliance. Catbird goes beyond monitoring and audit by instantly identifying compromised assets, alerting appropriate personnel, and enabling optional quarantine of offending virtual machines. No other vendor can deliver the breadth and depth necessary for HIPAA compliance from within the virtual infrastructure.
Catbird includes the following features supporting HIPAA compliance in the virtual data center:
- Default HIPAA specific policies and reports built upon Catbird controls that are automatically mapped to the appropriate HIPAA controls. Catbird monitors, audits and enforces more HIPAA controls than any other vendor
- Enforcement of network access and traffic flow controls even in a flat network—significantly reducing the scope and cost of audit and compliance requirements
- Automatic quarantine of out-of-policy or compromised VMs to prevent breach of data center security
- Network segmentation
- Continuous vulnerability management
- Continuous monitoring and configuration validation of Catbird TrustZones
- Change audit and compliance enforcement
- Specific HIPAA security policies designed for optimal protection of the management network and other hypervisor management component
For more information:
Read about Jefferson Radiology's experience with Catbird.
Read our HIPAA Compliance with Catbird Data Sheet.
We also invite you to test drive Catbird. Request our free interactive demo. And, if you would like to talk one-on-one about how you can significantly reduce risks and costs associated with HIPAA audits, contact us.