DeviceLock, Inc. announced that University of Alabama-Birmingham (UAB) Health System, one of the most prestigious health care organizations in America, is entering Phase II of its implementation of DeviceLock endpoint security controls. The organization implemented DeviceLock in “observation mode” via its deep auditing, shadowing and forensic reporting capabilities for over a year in a mixed Novell® and Microsoft® network operating system environment. The analysis of end-user data handling practices justified approval of DeviceLock’s access controls to ensure data security compliance and use of specifically assigned encrypted USB storage devices for any data moving off the network to removable media.
The deployment of Phase II controls will ensure that the health system’s policies, procedures and security technologies are enforced and well aligned with its data protection goals, as well as compliant with HIPAA and the Health Information Technology for Economic and Clinical Health Act (HITECH) provisions of the American Recovery and Reinvestment Act of 2009 (ARRA). During the initial evaluation phase, DeviceLock auditing revealed exactly where data loss was occurring.
“It’s not unusual to hear from the field that DeviceLock more than proved itself in ‘observation-mode’ pilot testing,” remarked David Matthiesen, Director of Sales-Americas, DeviceLock, Inc. “It’s common for enforcement controls to be the next logical step once you have made an assessment and formulated a policy regarding removable media.”
The combined solution allows the UAB Health System to set a DeviceLock access policy that limits users to connecting only an IronKey® or another approved encrypted device to their PCs and laptops for the purpose of portable storage. Other specialty USB-based medical devices would also be whitelisted in DeviceLock’s flexible policy. Should any of the IronKey secure portable storage devices be lost or stolen, the hardware encryption would prevent stored data from being penetrated by any unauthorized person.
“We have a large, complex and multi-NOS environment dealing with requirements for handling acute patient care, research and education; so there is absolute need to support a wide variety of USB-mounted device types,” comments David Gardner, Data Security Specialist, UAB Health System. “We found DeviceLock to be the most cost-effective solution for endpoint device management after months of product evaluation. It has proven itself to be one of the biggest ‘bangs for the buck’ in our arsenal of information security controls.”