Alicia: Hello everybody, thank you for joining us today, my name is Alicia Kay and here we have Gil Vidals, the CEO of HIPAA Vault, which is an MSSP specializing in HIPAA compliant cloud services. So today I just wanted to ask you, what are your top, let’s say, three security tips for just remaining HIPAA compliant, or just being secure in general with health information and stuff like that in the cloud.
Gil: Well that’s a tough thing, there are so many things that are important, but if I had to start off and pick something that was absolutely critical, that would be to have a good scanner, that would be scanning looking for the problem, so even if you don’t have the skill, let’s say you’re a business owner and you’re thinking “I’m not an expert in security, what am I supposed to do?”, well if you get a good scanner that can scan your services you have in the cloud, then you’ll be able to find the holes, then you can hire a consultant to say “Look at these problems I have, who can help me solve these?”
Alicia: Okay, and is the scanner like an application, like how do you get a scanner?
Gil: Okay, a scanner can be, there’s a couple different kinds of categories of scanning and all that, but i would recommend using something like Nessus, Tenable, Lynis, Arachni scanner, in fact we’ll put some of the links at the bottom of the video for the audience to use those. Some of these are free, so don’t get worried it’s going to cost you a lot of money, but the bottom line is: an owner needs to know if their system is secure. The last thing an owner should do is just ask their engineers, “Hey is the environment secure? It better be!”, and then when they say yes you’re like “Oh that’s great!”. No no no, as a business owner, you need to hold your staff accountable, and “trust and verify”, that’s the term I’m looking for. You trust your engineers, but you’re also going to verify by running the scan. Hey look at your links below and leave us some comments please.
Alicia: Awesome, thank you!