ViaTech News

Six Security Questions You Should Be Asking Your Service Providers

Written by Amelia Orwick | Apr 9, 2020 6:23:00 PM
Written by Amelia Orwick

These days, security is a primary focus for nearly every enterprise, regardless of industry, revenue or size. Changing regulations, rampant data breaches and increased privacy concerns have driven businesses into a frenzy trying to protect themselves.

But, what does it mean to be secure? Unfortunately, “security” has become little more than a buzz word thrown around by technology companies and service providers. 

Many vendors claim to offer secure solutions, when in reality, their security systems and protocols are not half as robust as they would lead you to believe.

A recent report revealed that Zoom – the popular video conferencing application – relies on a deeply flawed encryption scheme that leaves users susceptible to hacking. Experts went on to declare the platform unfit for government and business use. 

Business leaders may have been able to trust perfunctory proclamations of security in the past, but the current climate no longer allows for that sort of blind trust. Enterprises must begin rethinking their approach to security or risk compromising their intellectual property and sensitive data.

Even if you believe what you’re getting to be secure, it’s best to do a thorough vetting of your service providers’ systems and protocols to ensure conformity.

At ViaTech, we support your commitment to compliance and security. In fact, we’ve outlined several questions you should be posing to prospective service providers (along with our responses).

1. How do you encrypt your data?

All external network traffic is encrypted during transmission. Additionally, all data that is at rest is encrypted while not in use at the physical level. Encryption keys and the equipment used to generate, store and archive keys are protected against modification, loss, destruction and disclosure.

2. How do you identify and respond to vulnerabilities?

ViaTech applications are designed based upon secure coding guidelines to prevent common vulnerabilities and undergo routine scanning and NIST-based scanning techniques. Applications that store, process or transmit sensitive information undergo automated application vulnerability scanning on a quarterly basis, in addition to third-party penetration scanning by a qualified vendor.

3. What additional actions do you take to protect your end users?

Antivirus and anti-spyware are centrally managed, installed, operating and updated on all end-user devices and set to conduct periodic scans of the systems to identify and remove all unauthorized software. Server environments are also protected by managed endpoint security software, and the network is protected by network-based malware detection (NBMD).

Additionally, all users are limited to subnets and network services to which they have authorized access. Network services are formally managed and monitored to ensure that they are provided securely. For any public-facing application, application-level firewalls are implemented to control traffic. All sensitive systems are logically and physically separated into an isolated network to provide multiple levels of network security.

4. Do you possess any certifications?

ViaTech has been HITRUST certified since March 4, 2018. The Health Information Trust Alliance (HITRUST), in collaboration with healthcare, business technology and information security leaders, established the HITRUST CSF – an overarching security framework that incorporates and leverages the existing security requirements placed upon healthcare organizations, including federal (e.g. HIPAA and HITECH), state, third-party (e.g. PCI and CoBIT) and other government agencies (e.g. NIST, FTC and CMS).

While specifically geared toward the security and preservation of healthcare information and personal identifiable information, ViaTech chose to achieve certification with HITRUST for its comprehensive framework, which encompasses many of the requirements of PCI-DSS and SOC-2.

5. Are you willing to submit to a risk assessment?

We welcome the opportunity to complete a risk assessment to ensure that we meet or exceed your security expectations.

6. What is your privacy policy?

See here.

As security and compliance continue to evolve, ViaTech is best prepared to support your business. Our technology is flexible, integrative, and most of all, safe.

For more information about our solutions, visit viatech.io.