Network security must balance the need to protect your network and patient data from outsiders while enabling your staff who depend on it to perform their jobs to do so efficiently and without obstacles. Too often companies focus only on the first objective, creating a network that frustrates and limits the very people it was established to serve. With today’s technology reliant business models, there is simply no room for downtime or compromised information. It’s a common goal that IT professionals share and enjoy implementing. Keeping people out and locking things down challenges us, and no one likes a challenge more than a “tech-head”, including myself. However, let’s not forget that our first objective is to provide technology to our users, our customers, so they can get their job done. 
Here’s a simple example of network security impeding the work of the business user who is depending on the network to get their job done. Since my days as a systems / net admin, I’ve had the joy of working closely with hundreds of information departments helping them implement and use Rock-Pond Reports and other Rock-Pond products at their home infusion organization. This usually involves using industry standard tools like WebEx, GoToMeeting, and CrossLoop. It’s about the only way for outside vendors to work with customers to provide software support, and is often time a standard part of meetings both internal and external. So what’s one to do when these types of tools are completely blocked by an organization. It causes frustration and time waste for both parties. Usually these tools aren’t specifically blocked, but there are strict network policies in place that prevent these types of tools for functioning.
Another example is the security and spam filters that are implemented for email systems. How many times have you sent and E-mail not only to find that the recipient never received it? Or you were supposed to get a critical E-mail that never arrived? I find myself sending an E-mail with an attachment, and then immediately sending another E-mail without an attachment asking if they have received it! The average user is not sophisticated enough to manage black lists and white lists on their machine and do not have access to these lists that are blocking email at the server level. As IT Professionals we must find a way to secure the email system from unwanted email while letting the email and attachments through.
Finally, consider the changes that are rapidly taking place in the area of social media (Facebook, Twitter, LinkedIn, etc.) and the amount of content that is delivered through digital media that requires a user to have FLASH installed and the ability to hear sounds on their computer. I worked with a company that made sure all of their users not only had sound cards but headsets so they could access training videos that helped them with their job. However, the process of putting this in place challenged many IT rules that were obstacles to getting work done in a changing workplace. If key vendors and companies you work with have effective Facebook pages, your staff should be able to access them. It was not that long ago that many companies did not want employees to have Internet access at their desk. We’ll have to find other ways to manage our employees than denying their access to key technologies that will empower them to be smarter, more efficient and more connected with others.
Now don’t get me wrong, there are reasons these things are locked up. They are abused, sometimes insecure, and are easiest to deal with by simply blocking them. The home infusion industry has to comply with HIPAA as well as their accreditors. There’s no room to have your CPR+ database leaked to the Internet, or your HomecareNet financial reports up on a WebEx screen not knowing who’s on the other side. The data stored in your SQL Server database from these systems contains private informaiton and it is your responsibility to protect it.
So here is our challenge; make these technologies all co-exist on your network without rendering it open to attacks, viruses, information leaks, and downtime while empowering your employers through the access to the data and systems to get them the information they need and connect with the people they need to connect with to provide safe patient care. It can be done, and your going to get a lot of credit for it, and see results. The technology exists today to safely allow modern services to be utilized while maintaining safety through automatic alerts, logging, and monitoring. New operating systems like Microsoft Windows Server 2008 R2 are helping making it easier by introducing firewalls that are smart enough to separate good and bad traffic. Network hardware is allowing for the virtualization of your networks to segment your sensitive data from the rest of your network where more vulnerable tools are being utilized. So that’s your challenge, start with the following:
- Enlist your users to educate you on why types of tools they already use, what types of tools they want to use and cannot, and how you can help make them more productive.
- Look at the technology you already have, such as operating systems and network hardware, and determine if they have built in security features you arn’t already using.
- Examine your internal auditing processes and determine if you can identify potential compromises more quickly.
- Research the Internet to find out what others are doing to protect their networks and users. The information is out there.
Most importantly, spend time talking with your customers (as IT people we usually refer to these people as “users” but they are really our customers) and find out if they are having trouble getting access to the systems, websites and data that they need. Often they won’t tell you, they’ll resort to inefficient alternatives and talk bad about you behind your back. If your system is hacked or experiences a security breach, it is definitely your responsibility. It is equally your responsibility to make sure your customers are able to access the data and systems they need to get their job done. How are you doing?
Find out what Rock-Pond Solutions can do for your organization. Click on the link below, or call 501-450-6446, and one of our representatives will follow up with you to schedule a demo of our reporting solutions.
