Today, almost all businesses are affected by compliance. Whether you’re in the healthcare industry and are bound by HIPAA regulations, or you’re a manufacturer attempting to meet NIST standards before you lose your government contract, your business cannot afford to be in the dark about compliance regulations.
What Technologies Should be in Place to Remain Compliant?
Data Encryption – All regulatory programs require organizations to encrypt and control their sensitive data. When data is encrypted and controlled with data loss prevention policies, the information is illegible– unable to be read without a secret key and proper permissions.
Data Life Cycle Management – It is easy to lose track of information after it leaves its original source. Do you know what happens to your data after you hit send on an email? Most regulatory standards require that you track exactly who sees that data and what they do with it. Data Life Cycle Management software allows organizations to track the entire lifecycle of their documents– and revoke access to that sensitive information at any time.
Disaster Recovery – What is the first step your business would take in the event of a breach? How long would it take to get up and running if you suffered a natural disaster? Being compliant means having a disaster recovery plan in place, and testing that plan regularly to ensure its effectiveness.
Due to the complexity of the requirements and what is at risk if you don’t comply, an IT resource that understands the complexities of maintaining compliance in your industry is essential. Consider a third-party resource, so you can focus on your business while they handle the rest.
Advance Business Systems
Advance Business Systems helps organizations focus on their core mission by providing technology that can increase efficiency and effectiveness and services that eliminate the distractions that many organizations face. The right resources and a plan are critical to an organization achieving and exceeding their goals. Advance provides services such as IT planning and support that will take IT off your plate, keep you from worrying about data security and position your business for the future. Having the right business technology solutions in place, such as multifunctional copiers, interactive white boards and document management software, can greatly improve the flow of information through an organization.
Specter and Meltdown, names given to a recently discovered vulnerability that affects almost every computer chip manufactured in the last 20 years. If exploited, attackers could gain access to data previously considered completely protected. The Specter and Meltdown flaws work by exploiting two important techniques used to make CPU chips execute faster, called speculative execution and caching.
Speculative execution allows a CPU to attempt to predict the future to work faster. For example, if the chip determines that a program contains multiple logical branches, it will start calculating the values for all of the branches before the program decides which branch to take. When the correct branch is determined, the CPU has already produced the values for that branch. If the CPU sees that the same function is frequently used, it might use idle time to compute that function so it has what it thinks the answer will be ready if needed.
Caching is used to speed up memory access. Random access memory (RAM) is located on separate chips and it takes a relatively long time for the CPU to access data in the RAM. There is a special small amount of memory storage called CPU cache that is built on the CPU chip itself that can be accessed very quickly. This cache memory gets filled with data that the CPU will need soon or often. Data that is produced by such speculative execution is often stored in the cache, which contributes to making it a speed booster. The problem arises when caching and speculative execution start circumventing protected memory.
Protected memory is a foundational concept underlying computer security. It allows a program to keep some of its data private from some of its users, and allows the operating system to prevent one program from seeing data belonging to another. In order to access data, a process needs to undergo a privilege check, which determines whether or not it’s allowed to see that data.
A privilege check can take a relatively long time. Due to speculative execution, while the CPU is waiting to find out if a process is allowed to access that data, it starts working with that data even before it receives permission to do so. The problem arises because the protected data is stored in CPU cache even if the process never receives permission to access it. Because CPU cache memory can be accessed more quickly than regular memory and due to the long latency associated with privilege checks, the process can potentially access certain memory locations that it shouldn’t be allowed to access. As this problem exists in the hardware there is no direct way to correct it. Software patches have been offered to mitigate the exposure but have led to some degradation in performance of the CPU. In many cases, the software patch is targeted at a specific product and installing the wrong patch can severely impact system operation.
The most immediate action security teams and users can take to protect computer systems is to prevent execution of unauthorized software and avoid access to untrusted websites. Security policies must be are in place to prevent unauthorized access to systems and the introduction of unapproved software or software updates.
Written by: Prof. Bill Pierce. Submitted by Ivana Shuck
Prof. Bill Pierce, the author of this article, is an Assistant Professor of computer science at the Department of Computer Science & Information Technology at Hood College in Frederick, Maryland. He teaches undergraduate and graduate courses in Computer Architecture, Digital Logic and Switching Theory, Digital Signal Processing and Musical Computing.*
Please see important information below regarding our office move, guest blogs and member videos! Let me know if you have questions. I’m looking forward to seeing you soon!
Maryland Tech Council is saying goodbye to our old digs on September 20, 2017. Please make note, our communications will be down that day and we will resume full activity on September 21, 2017. MTC’s new headquarters will be located at Launch Workplaces in Gaithersburg MD, 9841 Washingtonian Boulevard, Suite 200, Gaithersburg MD 20878.
Be a Guest Blogger
Maryland Tech Council is launching the Member Point of View (POV) guest blogs. We are inviting members to submit content for our blog page. The content will be focused on your niche/industry where you can add a new POV for the MTC audience. Our goal is to position you as an authority and well-known name in the industry. And for us, we will have fresh new content for the page and get new readers to our blogger community. It’s simple and a win-win. We will have numerous categories that you can write articles for; those will be available in the next few weeks. We are kicking off the Member POV blogs during Cyber Security Awareness month in October. If you are interested in submitting a blog on that topic, please let me know and we will get you started.
Become a Familiar Face in the Community
Maryland Tech Council is revitalizing the “member spotlight” that is featured in the VIBE E-newsletter. We now offer the opportunity to feature you, the member, through our new and exciting video blog or vlog. The video will be 30-45 seconds, prerecorded at our offices, about your company. We will then feature the vlog in our monthly VIBE E-newsletter. The vlogs allow us to distribute the member spotlight through other formats such as twitter, Facebook, etc. to get you more exposure. I mean, we are the Tech Council, right?
Remember, everyone in your company is a member of MTC. Please share this important information with your team.
Maryland Tech Council