Summertime security: No letup for IT

What ever happened to the lazy days of summer? For IT and security managers in businesses, hospitals and universities across the country, summer is just another season to get things done. Here’s a roundup of IT security projects we’re hearing about.

Overstock.com: Web application firewall

Compliance with the Payment Card Industry (PCI) data security standards is paramount for this Salt Lake City-based online retailer, which specializes in close-out merchandise. To meet the end-of-June PCI deadline for Web application protection, (often called the “6.6 rule”) it’s mandatory to either install a Web-application firewall or undergo an extensive software code review if a business processes card payments over public networks.

“Our business relies on this, and now that we’re a ‘Tier 1’ in terms of the numbers of cards processed, assessment is more strict,” says Bear Terburg, manager of network engineering for Overstock.com.  So Overstock.com has been installing the WebDefend application firewall from Breach Security close to its load balancers, says Terburg — and readying for a PCI review by auditors and banks that keep an eye on what the larger card-processing merchants do.

OhioHealth: Biometrics and single sign-on

With its flagship Riverside Methodist Hospital and over two dozen other hospitals and medical facilities, OhioHealth is a major healthcare provider in central Ohio. The Dublin Methodist Hospital, which opened this year, has been dubbed OhioHealth’s “digital hospital” because it was built from the ground up with advanced wireline and wireless networks. At Dublin Hospital, doctors, nurses and support staff can contact and speak to each other via a Star Trek-like communications badge they wear, made by Vocera. The Vocera system works over the wireless LAN, as does a wireless IP-based video service for language interpretation that’s instantly available when needed.

Click to see: Dublin Methodist Hospital staff communicate via Vocera badges.

Jim Lowder, chief technology officer for OhioHealth, says an ongoing project is adding biometric-based fingerprint authentication at the computer keyboard. This is strong security that supports the State Board Pharmacy’s new rule requiring two-factor authentication if physicians want to prescribe medications using electronic means rather than paper. Tying it all together is the Imprivata OneSign single sign-on appliance that lets users log in once to use all hospital-controlled computer and voice devices. “We’re applying technology to the business and clinical-quality issues,” says Lowder, adding, “This is the hospital of the future.”

University of Nevada at Reno: New building on campus

On the university campus, the library, study hall and learning lab of the future is taking shape. The Mathewson-IGT Knowledge Center is a 300,000-square-foot building housing about 400 computer workstations on a very high-speed network complete with multimedia applications and teaching areas where students will be able to blend academic discipline with Web 2.0 collaboration.

“It’s the post-Gutenberg environment,” says Steven Zink, vice president of IT and dean of university libraries. He says it’s been the thrill of a lifetime to be part of the design team on the $110 million project, which started over two years ago.