Introduction
Information is a very important aspect of running businesses today. Some organizations depend on the information in their systems such that if it is lost, their business will fail. As such, they need service providers that can guarantee maximum protection from the information they host. An organization such as Vekta Online Solutions is tasked with ensuring that information from the healthcare institutions in America and Europe, which are its clients, will be able to protect information they have in their systems. This can be possible if a concrete data security strategy is designed.
Vulnerabilities and Threats with Data in Storage, in Transit and in Use
Data at rest is vulnerable because it provides a more definite target for the attackers. In the case of Vekta Online Solutions, the attackers know that their clouds and servers contain information for a lot of patients and healthcare institutions all over the world (Patrick, 2014) . Thus, they could focus all of their resources on this source until they can access it. Data in transit is also very vulnerable because it provides attackers with various chances of accessing the information. They can corrupt the authenticity, integrity and confidentiality of the message and thus misinform them (Patrick, 2014) . Data in use can also be corrupted easily by attackers since being open increases the chances of it being accessible. This authorization to access the information could also be accessed from remote locations if the individual is connected to the internet and other networks.
Delegate your assignment to our experts and they will do the rest.
Cryptography Tools and Strategies for Protecting Data in Storage, in Transit and in Use
Since the organization deals with data that deserves to be private and that belongs to many institutions, data has to be secure while in the three states. Encryption is one of the tools that protects data while it is at rest and in transit (Bowman, Gesher, & John K Grant, 2011) . This can be done by both encrypting the data itself, the storage body as well as the channels using protocols such as SSL, HTTPS and TLS amongst others. Other types of data protection that uses cryptography includes the use of Virtual Private Networks and of firewalls to protect a network.
Non-Cryptographic Strategies for Storing Data at Rest, in Transit and in Use
Non-Cryptographic strategies also help to improve security in the system. One of the ways to do this is to create policies that should be implemented throughout the company (Spivey & Echeverria, 2015) . These should be aimed at classifying the company data and thus apply the necessary data protection-methods Another strategy would be to inform the users of the system (employees) on data awareness and what their role is in the process. This way, they will not create vulnerabilities in the system and will, instead, be a source of protection thanks to their vigilance (Patrick, 2014) . It would also be important to track the information and analyze the potential vulnerabilities from afar. If it becomes possible for these individuals to detect vulnerabilities and even suspicious attacks, it will be possible for them to protect themselves accordingly.
Strategies for Supporting the AAA Framework in the Company’s Security Solution
The AAA frameworks insists on adaptation, aggregation and arbitrage. In the case of Vekta Online Solutions, the firm has to adapt to the often increasing regulation of information handled by the healthcare institutions (Patrick, 2014) . On the other hand, the solutions should be effective enough to improve practitioner relations in the firm as well as to ensure effective outcomes when it comes to patient care. The organization should also have aggregation strategies that help to ensure that it can be able to achieve global effeciencies using its services. This can be done by designing data storage systems that are relevant and efficient. The arbitrage strategy include getting into related industries such as the nutrion’s which is also fast growing (Spivey & Echeverria, 2015) . Two tools are necessary for supporting the AAA framework include the internet and software systems which can help with the remote sharing of information within the organization’s system.
Access Control Application and Identity Management in Data Security
Access control applications include authorization and authentication. These help promote data security through the ability to be transparent and traceable (Spivey & Echeverria, 2015) . After it has been investigated and found out that a specific site was used to access the information needed there, it can also be easily deactivated and thus the site made secure again. Vekta Online Solutions has to use them since the users connect to the internet a lot of time and could thus be hacked. Identity management also helps to provide the right information and access to the right people (Bowman, Gesher, & John K Grant, 2011) . Some information, for instance, can be seen by the CEO but not by the employees of the firm. This way, it will be tough for the wrong information to be present to the wrong people and the system would thus be safe.
Policies and Guidelines to be Included in the Organization’s Data Security Manual
One of the policies to be included in the organization’s data security manual is the importance and necessity of a training program. HIPAA requires for the firms to ensure that they have trained their employees who handle healthcare information for their patients. Another policy would be about securing network access (Bowman, Gesher, & John K Grant, 2011) . The users in the system should be properly tracked so that each of their activities is transparent. This way they can also pay the price of any neglect.
Conclusion
Today information is very important as it can make or break an institution. Therefore, a company such as Vekta Online Solutions have no other options but to provide the best data security possible. This can be done through ensuring that data at rest, in transit and in use are all protected by the organization from falling into the wrong hands. Strategies to use include encryption and even the implementation of security policies in the firm. With these, it will be possible for the organization to successfully lock out attackers.
References
Bowman, C., Gesher, A., & John K Grant. (2011). The Architecture of Privacy: On Engineering Technologies that Can Deliver Trustworthy Safeguards. O'Reilly Media.
Patrick, P. A. (2014). The Complete Guide to Healthcare Privacy and Information Security Governance. Danvers: HCPro.
Spivey, B., & Echeverria, J. (2015). Hadoop Security: Protecting Your Big Data Platform. O'reilly Media Inc.
