Identity & Access Management

Prioritize Privilege to Protect Patient Data, Secure and Simplify Operations while ensuring Compliance

Large volumes of patient data or Electronic Personal Health Information (ePHI) are generated daily by the rapidly expanding, interoperable care delivery networks.

From birth dates and social security numbers to private health concerns and detailed illness histories, healthcare information can be much more valuable to cyber attackers than credit card numbers.

​Internet-connected medical devices – such as infusion pumps, heartrate monitors and even imaging and biopsy tables – have become a critical part of the healthcare environment. With medical devices outnumbering healthcare industry staff three to one, this broad movement of connected devices now represents a growing cybersecurity threat that puts patient data, medical information and, potentially patient wellbeing at risk.

From an operational perspective, juggling between various security zones and tiers, means valuable time lost in administering several virtual entrypoints, devices and passwords, or regulatory compliance requirements being unmet.

Securing connected devices – both unsupported legacy devices and new IoMT devices, providing easy and secure access for healthcare workers regardless of location, while taking into account "joiners, movers and leavers" – has emerged as one of the top priorities for healthcare IT security professionals.

​In addition to addressing compliance recommendations and requirements from industry regulators as:

• Datatilsynet
• Helsetilsynet
• Norm for informasjonssikkerhet og personvern i helse- og omsorgssektoren (Normen)
• NSM's Grunnprinsipper for IKT sikkerhet
• The European Union Agency for Network and Information Security
• European Data Protection Board - EPDB
• NIST Framework - National Insitute of Standards and Technology

​With over 20 years of experience within the healthcare sector, our solution architects and advisors have an in-depth understanding and sector insight with a broad skillset within network architecture, IT security and automation, applied in this field.

We can provide you with the following :

• Expertise
  
  • ​Information Security Advisors
  • Solution Architects
  • Project Managers
  • Consultants​​

• Technologies
  • Privileged Access Management
  • Identity & Access Management
  • Endpoint Detection and Response
  • Data-Centric Audit and Protection
  • 
    

For more informaiton, contact us.

Telecommunications Systems Serve as a Critical Backbone to Nations and Economies Across the Globe.

These systems enable the transmission of financial transactions, business transactions and emergency response communication daily, and if compromised, the consequences could be dire.

Access to these systems are too often left unsecured and unmanaged, putting these critical assets at an increased risk of a damaging cyber attack that could impact telecommunications companies and everyday citizens alike.

Privileged accounts and sessions are repeatedly the target of both internal and external attacks – due to the system-wide access they grant – controlling these sensitive credentials is vital to remain compliant and to protect a business’s core assets.

To reduce the risk of potentially damaging unauthorized access to critical telecommunications systems, organizations should:

• tightly control and monitor all internal and third-party user and application access to privileged accounts on these systems
• maximize visibility of IT infrastructure changes and data accesses
• know ones data in order to protect what really matters
• have visibility of the traffic behind the perimeter security
• be fully aware at all times whether one is under attack, be able to rapidly respond and mitigate in an informed manner
• enforce identity and access management to build a strong IT security posture and ensure compliance​

Having proactive security measures in place to mitigate risks associated with privileged accounts, identity verification, access grants and sensitive data, is not only important to the IT team supporting growing businesses, but it is also a priority for CEOs who understand the business benefits of protecting digital assets.

Approach compliance with confidence - address the evolving set of compliance and audit requirements facing telecommunication companies today:

• The Electronic Communication Act ("eKOM Loven")
• Post og telestyrelsen

​Solutions and services we can provide

With over 20 years of experience within the telecom sector, our solution architects and advisors have an in-depth understanding and sector insight with a broad skillset within network architecture, IT security and automation, applied in this field.​

We can provide you the following solutions and services:

Expertise

• ​​Information Security Advisors​
• Solution Architects
• Project Managers
• Consultants

Technologies

• Privileged Access Management
• Identity and Access Management
• Endpoint Detection and Response
• Data Centric Audit and Protection
  

For more information, contact us.

From isolated legacy systems to Internet of Things, Integrated Operations, Hybrid- and Cloud environments

Critical production systems as ICS (Industrial Control Systems) have for decades been isolated from other systems or the Internet as a whole. Due to recent technological developments and business objectives to lower costs, improve operational efficiencies and meet regulatory compliance, IT systems and OT environments have increased connectivity exposing them to a significantly larger attack surface and risk of intrusion from malicious actors.

While the profitability of industrial organizations are heavily dependant on the ability to secure their intellectual property and trade secrets, the implementation of security controls designed to mitigate the risks associated with these vulnerabilities, if not planned carefully, can be very costly.

Some of these risks include:

• high number of administrative or privileged accounts that enable user and application access to ICS
• use of shared accounts that enable access to critical systems without individual oversight
• use of industrial applications with embedded hard-coded credentials
• use of workstations with excessive administrator rights
• challenges of integrating and maintaining legacy systems in an ever evolving IT landscape
• uncontrolled processing of sensitive data leaving sensitive information over-exposed, potentially tampered with, copied, moved or deleted

​Kommando can help your organization address the information and cyber security challenged through our:

Expertise

• ​​Information Security Advisors​
• Solution Architects
• Project Managers
• Consultants

Technologies

• Privileged Access Management
• Identity & Access Management
  
• Endpoint Detection & Response
• Data Centric Audit & Protection
  

Fore more information, contact us.

Industrial Control Systems - A High Value Target for Cyber Criminals

Industrial Control Systems (ICS) are critical production systems which are part of the Operational Technology (OT) environment in industrial enterprises. As IT systems and OT environments increase connectivity to each other, ICS are now exposed to IT systems and the Internet - significantly increasing the risk of intrusion from malicious actors that aim to cause damage to the systems themselves or to use the systems to gain access to other parts of the corporate IT Infrastructure.

Due to the high availability requirements of ICS assets, by enlarge, the risks associated with running commercial-off-the-shelf (COTS) equipment into operations and supervisory levels of ICS architecures are unaddressed.

Some of these risks may include:

• The high number of administrative or privileged accounts that enable user and application access to ICS
• The use of shared accounts that enable access to critical systems without individual oversight
• The use of industrial applications with embedded hard-coded credentials
• The use of workstations with full administrator rights
• The broken process of provisioning access with restrictions on what, when and where one can perform a job/task

To mitigate these risks and to address compliance requirements from industry regulators as:

• NVE - The Norwegian Energy Regulatory Authority (Emergency Regulation/Beredskapsforskrifter)
• The Norwegian Oil & Gas recommended guidelines (#104, #110 #123)
• ReNational Institute of Standards and Technology (NIST) SP-800-82

Industrial enterprises must proactively protect and monitor priviled accounts that enable accesses to ICS environments.

With long and broad experience from working with IT security and access control for the Oil and Energy sector, Kommando can provide:

Expertise

• Security advisors
• Solution architects
• Project managers
• Consultants

Technologies

• Privileged Access Management
• Identity & Access Management
• Endpoint Detection & Response
• Data Centric Audit & Protection (orchestrate IT security with data at its core)
  

For more information, contact us.

Attacks against the financial industry continue to grow as firms consecutively collect sensitive customer information. IT security must be as proactive and automatic as possible, for organizations to remain compliant, rapidly respond to threats and free IT to focus on digital innovations rather than firefighting.

Banks, insurers and other financial service providers require strong privileged access security to protect against growing external and internal threats to personal and proprietary information. Financial and banking firms continuously collect sensitive information about their customers and house considerable amounts of valuable resources, they are attractive targets among hackers worldwide.

The stringent regulatory requirements from both domestic and international governing bodies as GDPR, PCI-DSS, Sarbane's Oxley, MAS TRM, EBA-guidelines and more, keep financial service providers challenged. To remain compliant, respond to threats rapidly and free IT to focus on the digital innovations that strengthen customer loyalty and capture new sources of revenue, IT security must be as proactive and automatic as possible.

Kommando can help your organization address the information and cyber security challenged through our:

Expertise

• ​​Information Security Advisors​
• Solution Architects
• Project Managers
• Consultants

Technologies

• Privileged Access Management
• Identity & Access Management
• Endpoint Detection & Response
• Data Centric Audit & Protection
  

For more information, contact us.

Mitigate security risks for national and local government agencies

National and local government IT teams are tasked to protect an immense variety and volume of sensitive information and critical systems - from human services to citizens' healthcare data, court and law systems, traffic systems, tax-, voting-, and financial information, etc.

The collection of Personally Identifiable Information (PII), and sharing it with other agencies to conduct business, makes it equally important for these agencies to stay compliant while providing effective IT security and ensuring operational efficiency.

Cyber-attacks on systems supporting public services can compromise public health and safety. Financially, state and municipal governments are increasingly seen as attractive targets of ransomware attacks. Whether it's ransomware or other malware, the costs, in terms of resources to recover from a cyber-attack can be significant, whereas in some cases records may be irretrievable.

​Kommando can help you meet the exceptional demands of public sector IT and assist your organization in addressing the information and cyber security challenged through our:

Expertise

• ​​Information Security Advisors​
• Solution Architects
• Project Managers
• Consultants

Technologies

• Privileged Access Management
• Identity & Access Management
• Endpoint Detection & Response
• Data Centric Audit & Protection

For more information, contact me.