bTrade, the leading provider of secure and managed file transfer technology solutions, has been recertified as a Minority Business Enterprise (MBE) by the National Minority Supplier Development Council (NMSDC). “I am pleased to announce that we have renewed our MBE certification, which is highly regarded by many customers, prospective customers, and business partners,” said Steve Zapata, President and CEO of bTrade. “Having the MBE certification is very valuable, and we take great pride in being recognized as a minority-owned business.”
NMSDC certifications cover a wide variety of businesses from small minority-owned organizations to billion-dollar powerhouses and NMSDC maintains a directory of certified MBEs. MBE certification is accepted and generally required by many of the largest publicly, privately and foreign-owned companies, as well as universities, hospitals and other buying institutions. NMSDC has an impressive list of corporate members that represent a veritable “Who’s Who” in corporate America.
NMSDC has established stringent certification standards which identify bona fide minority businesses, and the regional Councils do the investigation to determine whether a business is worthy of MBE certification. For the recertification process, bTrade worked with the Southern California Minority Supplier Development Council (SCMSDC). SCMBDC’s recertification process often alleviates the need for customers, prospective customers and business partners to conduct additional audits to verify bTrade’s commitment to workplace diversity. This process also distinguishes NMSDC from other organizations that publish directories which allow “self-certification” as their standard.
“This certification stands proudly alongside bTrade’s other certifications,” said Zapata. “These include our FIPS 140-2 security certification, meeting Drummond Group interoperability requirements, compliance with HIPAA standards, and many more.”
The US federal government, thru @USCERT_gov, has published an excellent “security tip” (which actually is more of a detailed guide) for better securing network infrastructure: https://bit.ly/2txAHLw . We love it when we see government working for its citizens!
Starting with the FTC vs. Wyndham case, bTrade’s MFT Nation blog has run a series of posts that we described as “case studies for what not-to-do” in the rapidly changing world of data security. The latest in this series involves the University of Texas MD Anderson Cancer Center (“Anderson”).
The U.S. Department of Health and Human Services, Office of Civil Rights (“OCR”), investigated Anderson after learning of three separate data breaches involving the theft of unencrypted electronic protected health information (ePHI) of tens of thousands of individuals. To Anderson’s credit, it had written encryption policies going as far back as 2006 and risk analysis performed by Anderson showed that the lack of device-level encryption posed a high risk to the security of ePHI.
The problem for Anderson, however, was its failure to implement the required encryption. Anderson did not begin to adopt an enterprise-wide solution to implement encryption of ePHI until 2011, and it failed to encrypt its inventory of electronic devices containing ePHI until much later.
OCR imposed a $4.3 million penalty against Anderson for violating HIPAA’s Privacy and Security Rules. The penalty was justified “given the high risk to its patients resulting from the unauthorized disclosure of ePHI,” a risk that Anderson “not only recognized, but that it restated many times.”
Click here to read more on OCR’s website about the recent actions taken against Anderson.
If you want to speak with bTrade’s data security experts about implementing an enterprise-wide encryption solution to protect ePHI, or any other type of data, please contact us at firstname.lastname@example.org.
Several recent MFT Nation posts have explored factors to consider when deciding between deploying your IT infrastructure on-premise (“on-prem”) or moving some or all of it to “the cloud.” Our last post said we were sharing “one last bit of info” on the subject. That was a bit premature because a lot of info is being published and we want to continue sharing for the benefit of our readers.
For example, Forbes wrote a good article titled With Cloud Security, The Devil’s In The Details. The author, Ameesh Divatia, begins by highlighting the virtue of deploying some or all of your infrastructure in the cloud—it “simplifies IT and offers a lot of value for companies.” But he continues the thought process by asking the question: “Who’s responsible for cloud security?” Mr. Divatia’s answer to the question imparts some food for thought, so to speak:
You, and virtually everyone else, will likely answer that the cloud provider (Microsoft, Amazon, etc.) is responsible. After all, it’s their cloud, right? But wait — dig a little into the details, and you’ll find that’s not the case. In all major cloud provider contracts and agreements, there’s a little devil of a detail: The cloud provider is responsible only for infrastructure security of the cloud — not for safeguarding the security, privacy or appropriate use of the data or information stored within it. And therein lies the rub.
The article is a good read for those of you concerned about #cloudsecurity. The author offers some real-world, common-sense points to consider.
If you want to speak with bTrade’s data security experts about deployment models, please contact us at email@example.com. If you want to keep updated on developments in the world of secure file transfer and data security, follow us on Twitter, LinkedIn, and our blog MFT Nation.
Beware of the “free” file sharing apps; often time you get what you pay for, so to speak:
MFT Nation wants to share on more last bit of info on #cloudsecurity, this time from a thoughtful article discussing how hackers prey upon the “mass movement of company and personal data to the cloud”: https://bit.ly/2seV1R2 . Please contact us at firstname.lastname@example.org to learn about using a bTrade MFT solution to protect ANY movement of data, to the cloud or ANYWHERE, whether internally or externally.