Azure Security Containers for Healthcare

May 24, 2017

container-registryProject Hosts is a Microsoft Cloud Solution Provider that manages the application-level HIPAA / HiTRUST / NIST 800-66 security controls that must be in place for healthcare companies to move their Windows and Linux Deployments into a secure Microsoft Azure Container.  Our Microsoft Azure Security Container and Managed Services include ongoing scanning, patching, log reviews, alerting, incident response, backup, DR tests, user authorization tracking, data loss prevention and more for customer developed, or ISV-based applications.

Project Hosts’ cloud security experts ensure that all HIPAA / HITRUST / NIST 800-66 security controls are implemented and documented for your deployment. Deployments are subjected to annual penetration testing and certified auditor assessments. Whether custom developed, or obtained from an independent software vendor (ISV), your software will be fully scanned, logged, and penetration tested to meet compliance standards when migrated to Azure.

Ashley_LRG_HIPAAHealthcare Client Value:

Enable you to move on-premises Windows and Linux apps into a HIPAA / HiTRUST / NIST 800-66 compliant Azure cloud quickly and cost-effectively.

Leverage our expertise in Healthcare security standards and security control methodologies to get, and maintain your certification and compliance.

Reduce your IT services and support workloads while delivering more integrated cloud offerings.

Enable you to leverage your existing on-premises software solutions into the cloud, without starting over.

Ensure the overall success and adoption of your cloud with ongoing management, monitoring, support and optimization.

Secure Azure Services

Secure SharePoint on Azure

Remote SharePoint Administrator

Azure Managed Services

 

 


New Cybersecurity Executive Order Released

May 12, 2017

presidential_sealOn May 11, 2017, President Donald Trump released a Presidential Executive Order on strengthening the cybersecurity of federal networks and critical Infrastructure. As expected, ‘The President will hold heads of executive departments and agencies (agency heads) accountable for managing cybersecurity risk to their enterprises.  In addition, because risk management decisions made by agency heads can affect the risk to the executive branch as a whole, and to national security, it is also the policy of the United States to manage cybersecurity risk as an executive branch enterprise.”

Agency heads are required to seek IT services for Email, Cloud  and Cybersecurity services within 90 days of the date of this order. As defined in the Presidential Policy Directive 21 of February 12, 2013, all agency heads (Secretary of Homeland Security, Secretary of Defense, Attorney General etc. ) shall: “Identify authorities and capabilities that agencies could employ to support the cybersecurity efforts of critical infrastructure entities identified pursuant to section 9 of Executive Order 13636 of February 12, 2013 (Improving Critical Infrastructure Cybersecurity), to be at greatest risk of attacks that could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security.” Fortunately for these agencies, FedRAMP Compliant CSPs, such as Project Hosts provides such capabilities.

PrintProject Hosts is a recognized Cloud Services Provider (CSP) and leader in delivering FedRAMP SaaS compliant cloud solutions for U.S. government agencies on top of FedRAMP compliant infrastructure.  Our Federal Private Cloud supports more than 20 applications from leading software vendors, and is compliant at the FedRAMP Moderate, High, and DoD CC SRG IL4/5 levels. We have been hosting cloud-based software solutions for more than a decade, serving thousands of government agencies, global enterprises and medium-sized businesses.

For more on the Executive order, please follow this link: New Cyber Security Executive Order

Click here for more information about FedRAMP SaaS Compliant Solutions.

Secure Azure Services

Secure SharePoint on Azure

Share Point FedRAMP Cloud

CRM Custom Cloud

CRM FedRAMP Cloud

PPM Custom Cloud

PPM FedRAMP Cloud

Remote SharePoint Administrator

Azure Managed Services

 


President Donald Trump’s Cybersecurity Executive Order Leak

May 11, 2017

SecureCloudGraphicThere has been a leaked draft of President Donald Trump’s cybersecurity executive order emphasizing the need for the entire executive branch to compare the standing of the USA’s cybersecurity capabilities with the capabilities of the rest of the world. According to an earlier draft previously obtained by MeriTalk, “The executive branch has for too long accepted antiquated and difficult to defend IT and information systems,” the order states. “Effective immediately, it is the policy of the United States to build a more modern, more secure, and more resilient Executive Branch IT architecture.”

According to the leaked order, the president is now asking executives to draft several reports, which can be used to compare these factors.

  • Each agency head will provide a risk management report to the secretary of Homeland Security and the director of the Office of Management and Budget within 90 days of the date of this order. Then the secretary of DHS, secretary of Commerce, the director of OMB, and the administrator of General Services will report to the president on how to secure the executive branch’s networks. Reed Cordish, assistant to the president for Intragovernmental and Technology Initiatives, will coordinate a report to the president from these executives regarding modernization of IT. Agency heads are required to show preference in their procurement for shared IT services to the extent permitted by law, including email, cloud, and cybersecurity services.
  • The secretary of Defense and the director of national intelligence will be in charge of IT modernization for national security networks.
  • The secretary of Homeland Security, the secretary of Defense, the attorney general, the director of National Intelligence, and the FBI director are tasked with leading the efforts to secure the nation’s critical infrastructure. They will provide a report to the president, which will state a plan for how to secure these networks within 180 days of the executive order.
  • The secretary of DHS will examine the efficacy of the existing cybersecurity policies and make recommendations for any changes that need to be made.
  • The secretaries of Commerce and Homeland Security will consult with the secretary of Defense, the attorney general, the director of the FBI, the chairs of the Federal Communications Commission and Federal Trade Commission, and other interested agency heads, about how to combat automated cybersecurity attacks such as denial of service attacks, and will submit a publicly available report within 240 days.
  • Within 90 days of the date of this order, the secretaries of State, Treasury, Commerce, Homeland Security, and Defense, the attorney general, and the United States trade representative, in coordination with the director of national intelligence, shall jointly submit a report on the nation’s options for deterring adversaries and better protecting the American people from cyber threats.
  • The secretary of State will be required to submit a report on international cybersecurity policy priorities.
  • The secretaries of Commerce and Homeland Security, in consultation with the secretaries of Defense, Education, and Labor, the director of the Office of Personnel Management, and other executive branch agencies identified by the secretaries of Commerce and Homeland Security, will address the state of education of the cybersecurity workforce and present a report to the president within 120 days.
  • The director of national intelligence will submit a report to the president on the education of the international cybersecurity workforce within 60 days.
  • The secretary of Defense, in coordination with the secretaries of Homeland Security and Commerce, will write a report on the scope and sufficiency of U.S. efforts to ensure U.S. national security-related cyber capability advantage within 150 days of the order.

presidential_sealBy working with a FedRAMP compliant Cloud Service Provider (CSP) such as Project Hosts, Inc. you are always at the forefront of highly secure cloud computing solutions. FedRAMP SaaS compliant solutions offer innovative and holistic security solutions and features that protect against foreign threats, attacks and cyber crimes – enabling you to quickly detect and respond to attacks should they occur.

Click here for more information about FedRAMP SaaS Compliant Solutions.

Secure Azure Services

Secure SharePoint on Azure

Share Point FedRAMP Cloud

CRM Custom Cloud

CRM FedRAMP Cloud

PPM Custom Cloud

PPM FedRAMP Cloud

Remote SharePoint Administrator

Azure Managed Services


Understanding the FedRAMP Control Families ( Video Series with Project Hosts)

May 9, 2017

Project Hosts has recently released a series of 17 videos that outline the security controls required for FedRAMP compliance of an environment built on Microsoft Azure.  IaaS/PaaS services like Microsoft Azure take care of 25-30% of all required FedRAMP security controls, but the remaining 70-75% still need to be put in place.  In the series, Project Host CEO Scott Chapman addresses each control family, describing in detail what needs to be implemented above Azure for ISVs who sell to the Federal Government or for Agencies who would like to move applications to the cloud.

FedRAMP_Video_Series

In the series, Project Host CEO Scott Chapman addresses each control family, describing in detail, what needs to be implemented above Azure for ISVs who sell to the Federal Government or for Agencies who would like to move applications to the cloud.

Our Federal Private Cloud for Windows and Linux Applications (FPC) provides cloud-based access to Microsoft applications including SharePoint, Project Server, Dynamics CRM, Power BI, Visual Studio, TFS, Remote Desktop, and Office; applications from other commercial software vendors such as AvePoint, BrightWork, Gimmal, Innovative-e, Nintex, UMT360, and Urban Turtle; and open source applications such as Drupal, WordPress and Joomla for agency website content management.   A hybrid cloud architecture allows agencies to leverage shared services for some functions (e.g. authentication, monitoring, scanning) while still having the option to choose dedicated servers for applications and databases. This series of videos offers some insight into the controls that make all of this possible.

Click here for more information about FedRAMP SaaS Compliant Solutions.

Secure Azure Services

Secure SharePoint on Azure

Share Point FedRAMP Cloud

CRM Custom Cloud

CRM FedRAMP Cloud

PPM Custom Cloud

PPM FedRAMP Cloud

Remote SharePoint Administrator

Azure Managed Services


Compliance: The Path to Cloud Security

April 19, 2017

Cloud security begins with compliance. “When negotiating contracts with cloud providers, have an attorney review the fine print to ensure your company will be compliant with security and privacy laws, and to guarantee that all data is secure.” -Raun Nohavitza, Senior Director of IT at Centrify.  With more than 13 years of hosting and managed services expertise, Project Hosts is a recognized leader in delivering high performance, secure and compliant cloud-based solutions.

Whether you need managed services for your Azure cloud subscription, or you need assistance in deploying, hosting and managing the solution over its lifespan, rest assured we will secure your cloud. Our cloud security experts have the expertise
and compliance competency for today’s most rigorous cloud security standards including ISO 27001, NIST 800-53, HIPAA / HITRUST, FedRAMP Moderate, High and DoD CC SRG IL4/5. Government security standards such as FedRAMP/DoD are only available in a Project Hosts’ subscription.

HIPAA_ShieldBy leveraging an Azure IaaS or PaaS cloud platform you can quickly create a a windows server environment with minimal effort and trust that the infrastructure (servers/storage/network) and platform (operating system/database) elements will be available 24×7. But once servers are spun up, application management services are still needed. Project Hosts’ Azure Managed Services with Extended Security fill the current gap that many enterprises and government agencies have in managing critical elements of their Azure deployments:

Security Management
Continuous Monitoring and Optimization
User Support

Secure Azure Services

Secure SharePoint on Azure

Remote SharePoint Administrator

Azure Managed Services


Avoiding security breaches in a HIPAA Compliant Microsoft Azure Cloud Environment

March 21, 2017

Ashley_HIPAAAccording to HIPAA compliance regulations, security breaches of confidential patient data must be reported to the Office of Civil Rights (OCR). When your organization has access to Protected Health Information (PHI), it is essential that HIPAA compliance is maintained, making it less likely to experience such breaches. The act of not adhering to the HIPAA Breach Notification Rule by failing to report a breach can result in criminal charges and civil action lawsuits, severely damaging your practice or organization. Working with a compliant Cloud Service Provider (CSP) gives you peace of mind that all security controls are in place, effectively securing patient’s sensitive information from breaches.

HIPAA_ShieldBy moving your data into a Microsoft Azure cloud, your data is protected on the infrastructure and platform levels with HITRUST compliance. Working with a CSP like Project Hosts adds 200+ controls on the SaaS level, while also adding ongoing scanning, patching, log reviews, alerting, incident response, backup, DR tests, user authorization tracking, data loss prevention and more for customer developed or ISV-based applications.

A compliant CSP provides technical, physical and administrative safeguards against breaches, lowering the probability of having to ever concern yourself with the HIPAA Breach Notification Rule.

Secure Azure Services

Secure SharePoint on Azure

Remote SharePoint Administrator

Azure Managed Services


Trump’s executive order on Cybersecurity calls for Shared Services

February 20, 2017

presidential_sealPresident Donald Trump’s recent executive order on cybersecurity requires all Federal agencies to develop a plan for transitioning to shared services for email, cloud computing and cybersecurity. According to the order, obtained by MeriTalk, “The executive branch has for too long accepted antiquated and difficult to defend IT and information systems,” the order states. “Effective immediately, it is the policy of the United States to build a more modern, more secure, and more resilient Executive Branch IT architecture.”

To improve on IT architectural security, the order focuses heavily on the modernization of legacy IT systems. Agencies that are running and managing server software that’s past end-of-support are rolling the dice with the security of their agency. Continuing to use out-of-date server software technology presents an open invitation to attacks. Software end-of-support means:

  • Increased vulnerability with no security updates or patches
  • Agencies are on their own for support
  • Onus of hardware issues rests on agency
  • Loss of time and resources working on processes
Project Hosts Federal Private Clouds

Project Hosts Federal Private Clouds

By working with a FedRAMP compliant Cloud Service Provider (CSP) such as Project Hosts, Inc. you are always at the forefront of highly secure cloud computing solutions. FedRAMP SaaS compliant solutions offer innovative and holistic security solutions and features that protect against foreign threats, attacks and cyber crimes – enabling you to quickly detect and respond to attacks should they occur.

Click here for more information about FedRAMP SaaS Compliant Solutions.

Secure Azure Services

Secure SharePoint on Azure

Share Point FedRAMP Cloud

CRM Custom Cloud

CRM FedRAMP Cloud

PPM Custom Cloud

PPM FedRAMP Cloud

Remote SharePoint Administrator

Azure Managed Services

 


%d bloggers like this: