http://www.communities.hp.com/securitysoftware/blogs/rafal/archive/tags/HIPAA/default.aspxTags: HIPAAenCommunityServer 2008.5 SP1 (Build: 31106.3070)http://www.communities.hp.com/securitysoftware/blogs/rafal/archive/2008/11/17/compliance-ushering-in-the-apocalypse.aspxMon, 17 Nov 2008 03:56:00 GMT94bda21f-7d63-4095-85de-7c2a68fb172c:86635RafalLos0http://www.communities.hp.com/securitysoftware/blogs/rafal/rsscomments.aspx?PostID=86635http://www.communities.hp.com/securitysoftware/blogs/rafal/archive/2008/11/17/compliance-ushering-in-the-apocalypse.aspx#comments<p>&nbsp; I read an interesting article tonight, on my flight out to Washington, DC for the CSI Conference (where I hope to meet some of you... ping me if you&#39;re here and I haven&#39;t talked to you yet).&nbsp; This article, titled &quot;<a class="" title="The Coming HIPAAcalypse" href="http://takingthehelloutofhealthcare.com/blog/2008/11/14/the-hipaapocalypse/" target="_blank">The Coming HIPAAcalypse</a>&quot;, presented a very grim view of compliance with the HIPAA regulations, but the author could have just as easily been talking about PCI or any other regulation.&nbsp; As I read this article I couldn&#39;t help but think... &quot;What does it have to be this difficult?&quot;&nbsp; I say this from experience, having been there in the thicket of PCI compliance in a previous job - trying to manage the complexities of budget, compliance need, and resources with frustration to spare - but does it really have to be so hard?</p> <p>&nbsp; Thinking in the context of web applications - that&#39;s the focus of this blog - everyone has them in their business.&nbsp; What&#39;s more, everyone has mission-critical applications in their business.&nbsp; Further than that... these applications must be available, usable AND secure... 24x7x365.&nbsp; This can at times seem like an unattainable goal when you add compliance to the mix.&nbsp; You know you&#39;ve been there, and you&#39;ve wondered how you&#39;re going to solve these issues.</p> <p>&nbsp;I offer a glimmer of hope.&nbsp; When it comes to compliance, <strong>automation is the key</strong>.&nbsp; You won&#39;t get more staff, more budget, or more resources especially with the looming economic conditions so how do you get into the compliance winner&#39;s circle?&nbsp; Automation.&nbsp; If you can find a way to automate some of your security &quot;testing&quot;, you may be able to get complianct faster and have a few dollars left over for other critical security initiatives.&nbsp; Automation of testing, data aggregation, and presentation of IT Risk as a component of compliance makes it easier to not only assess where your company is on the compliance journey - but also helps to (to use an old cliche) &quot;do more with less&quot;.&nbsp; If you&#39;re facing compliance challenges, and web applications are involved... this should ring bells for you.&nbsp; If you&#39;re interested in hearing more, or a message more customized to your specific situation - contact me directly, I may have an answer you can live with.</p><div style="clear:both;"></div><img src="http://www.communities.hp.com/securitysoftware/aggbug.aspx?PostID=86635" width="1" height="1">complianceHIPAAsecurity automation