Regulatory compliance is a primary consideration for the enterprise. From privacy to corporate governance to business practices and standards, regulation has infiltrated so many aspects of corporate affairs that it has become a challenge for businesses just to keep up. Many organizations, such as those in the healthcare and financial sectors, are subject to so many different types of regulation on so many different levels, that selection of IT infrastructure – with both the flexibility and security to fully meet requirements – has become crucially important.
 

Healthcare Insurance Portability and Accountability Act (HIPAA)

Signed into law in 1996, HIPAA was intended to improve the interchange of electronic information among healthcare organizations for administrative and financial purposes – as well as provide stringent guidelines for protecting the security and confidentiality of this information. For countless healthcare providers, HIPAA has necessitated a thorough review of their IT infrastructure and security systems.

An ideal match for the healthcare industry, Array secure access solutions eliminate some of the biggest HIPAA headaches while ensuring that those who need information can get it, efficiently and securely. While other solutions are merely performance-oriented appliances with security features tacked on, Array solutions are built from the ground up as a secure access solution – standing between users and servers, providing true end-to-end security.

Compliance with HIPPA need not be a plague upon your business. Array products and solutions meet HIPAA requirements in over a dozen different areas, including:

  • Account type definition provides access control that guards data integrity and confidentiality – Section 142.308(a)

  • Event-logging capabilities are used to document security incidents so that appropriate action may be taken – Section 142.308(a.9)

  • Accelerated SSL provides high responsiveness, while securing messages traveling over the Internet – Section 142.308(c.1.iv) and Section 142.308(d.1.I.A.B)

For a detailed summary, with section-by-section citations of how we can help you meet HIPAA regulations, please contact your Array Networks representative.

 

Sarbanes-Oxley Act (SOX) & Graham-Leach-Bliley Act (GBLA)

Strict government demands on the financial industry mandate that banks secure access to sensitive banking and customer data. The Graham-Leach-Bliley Act of 1999 (GLBA), Sarbanes-Oxley, and the Basel II Accord all mandate strict controls on how data is handled and protected by financial institutions. Array helps financial institutions meet these demanding regulations with its family of purpose-built, multi-layer security solutions.

Array Networks enables banks and brokerages to consolidate applications on a unified architecture, reduce the complexity of user access and IT support, and most importantly, ensure compliance. With the TMX Series, customers can service themselves through online banking secured by accelerated SSL. With the SPX Series, branch offices and remote sales agents easily access business systems and customer information over SSL VPN.

Ensure your business is compliant with the following regulations while simultaneously generating cost reductions and efficiency improvements throughout the enterprise:

  • SOX: Comprehensive auditing capability meets SOX requirements for the reporting of all working papers, correspondence, and communications about public company financial statements

  • GLBA: Multi-layer security – including a hardened OS, reverse proxy architecture, integrated SSL VPN firewall, and full client-side security – meets GLBA requirements for protecting information collected about individuals such as social security numbers or credit histories

  • Basel II: Extensive security features and aggressive release schedules provide the flexibility and means to meet the demands and deadlines of the Basel II Accord as they are written and continue to evolve

For a detailed summary, with section-by-section citations of how the Array products and solutions can help you meet SOX, GLBA, and other financial services compliance mandates, please contact your Array Networks representative.

 

Federal Information Processing Standards (FIPS) Compliance

Federal Information Processing Standard 140-2(FIPS 140-2) is a standard that describes US Federal government requirements that IT products should meet for Sensitive, but Unclassified (SBU) use. The standard was published by the National Institute of Standards and Technology (NIST), has been adopted by the Canadian government's Communication Security Establishment (CSE), and is likely to be adopted by the financial community through the American National Standards Institute (ANSI).

The standard defines the security requirements that must be satisfied by a cryptographic module used in a security system protecting unclassified information within IT systems. There are four levels of security: from Level 1 (lowest) to Level 4 (highest). These levels are intended to cover the wide range of potential applications and environments in which cryptographic modules may be deployed. The security requirements cover areas related to the secure design and implementation of a cryptographic module. These areas include basic design and documentation, module interfaces, authorised roles and services, physical security, software security, operating system security, key management, cryptographic algorithms, electromagnetic interference/electromagnetic compatibility (EMI/EMC), and self-testing.

FIPS Levels

Level 1: The lowest level of security. No physical security mechanisms are required in the module beyond the requirement for production-grade equipment.
 
Level 2: Tamper evident physical security or pick resistant locks. Level 2 provides for role-based authentication. It allows software cryptography in multi-user timeshared systems when used in conjunction with a C2 or equivalent trusted operating system.
 
Level 3: Tamper resistant physical security. Level 3 provides for identity-based authentication.
 
Level 4: Physical security provides an envelope of protection around the cryptographic module. Also protects against fluctuations in the production environment.
 
 Array Networks uses the highest performing NIST FIPS 140-2 level 2 and 3 certified Cards
 
The following lists FIPS certified cipher suites supported in SPX4800 or 5800 or a 6800 FIPS system:

256-bit AES with SHA
128-bit AES with SHA
128-bit RC4 with MD5
128-bit RC4 with SHA
168-bit Triple-DES with SHA
 

Additional Case Studies

MOODY'S KMV - Application Delivery


INDUSTRY
Financial Services

APPLICATION
Custom Solutions

CASE STUDY
Case Study Download

Challenges:

High-volume, secure data analysis & transactions

Well-known, incumbant load balancing & SSL acceleration products slowing application performance

Array Solutions Benefits:

90% improvement in processing HTTPS traffic

Enabled more users on fewer servers, greatly increasing ROI

PRESBYTERIAN - Universal Access Control


INDUSTRY
Healthcare

APPLICATION
Intranet

CASE STUDY
Case Study Download

Challenges:

Increase Security

Accelerate Back-end Applications

Complex Administration

Array Solutions Benefits:

Increased Server Capacity

Improved End-User Response Times

Improved Server Optimization

Enhanced User Capacity

QUANTROS - Application Delivery


INDUSTRY
Healthcare ASP

APPLICATION
Oracle DB & Custom Apps

CASE STUDY
Case Study Download

Challenges:

Required a high-performance availability solution capable of meeting current application deployment objectives and...

Scaling without the need for additional hardware

Array Solutions Benefits:

Performance and availability targets exceeded without going over budget

Flexible, future-proof solution with continually increasing ROI