For 33 years, the Kansas City Corporate Challenge has provided an event featuring Olympic-type games to unite nearly 200 local businesses under a singular, charitable cause. During the two-month challenge, companies have the opportunity to compete in 30 sporting events, network and promote teamwork among employees. In addition, participating companies volunteer at the events – with more than 20,000 participants and 30 different events, the Corporate Challenge would not be successful without the 1,300+ dedicated volunteers.

We have already shared some fun times with fellow employees and other local companies at this year’s Corporate Challenge. At the kick-off party on April 27, Layered Tech participated in the one-mile walk and then grilled up some Kansas City-style barbeque at the all-company tailgate at Truman Sports Complex, home to both the Kansas City Chiefs and Kansas City Royals. The photos you see are from the tailgate and walk – good food, good people and a great time! (View more photos on Facebook)

After the kick-off party, our Kansas City office immediately began gearing up for some friendly competition with other local businesses. This year, Layered Tech employees are participating in nearly all of the events, some of which include:

• Three-on-three basketball
• Darts
• Disc golf
• Dodgeball
• Fishing
• Flag football
• Golf
• Pool
• Soccer
• Softball
• Table tennis
• Volleyball
• Weight lifting

In addition to the camaraderie, fellowship and fitness generated by the Corporate Challenge, we are excited to further our mission of giving back to the community and staying involved in charitable organizations. Throughout the year, Layered Tech is committed to participating in charitable functions, including food drives, clothing drives and special events like the Corporate Challenge. We believe it is important to realize that charities’ needs for support don’t stop when various events or fundraisers conclude; they need volunteers and donations year-round.

How You Can Help
All year long, Special Olympics provides sports training and athletic competition in a variety of sports for children and adults with intellectual disabilities. Through these activities, Special Olympics hopes to give participants continued opportunities to develop physical fitness, demonstrate courage, experience joy and participate in sharing gifts, skills and friendship with others.

The 2012 Kansas City Corporate Challenge benefits the Kansas City Metro division of Special Olympics Missouri, but there are Special Olympics chapters across the globe, so check online for a chapter near you. Whether you choose to coach, volunteer or donate, Special Olympics Missouri and all of Special Olympics’ locations throughout more than 170 countries need consistent, year-round support.

Now, let the games begin!

As mentioned in the previous blog entry, Layered Tech recently attended the annual HIMSS Conference and Exhibition, the premier healthcare IT show of the year. In our last post, we recapped the main takeaways related to HIPAA, hosting and cloud computing, but there were some other aspects from the show we felt were noteworthy. Also, during the show, HIMSS released the results of its annual Leadership Survey. The findings illustrate the state of the industry, the challenges faced and the objectives that are top-of-mind for healthcare organizations.

One of the main news items from the conference was the delay in the federally mandated requirement to complete the migration to ICD-10, which has taken pressure off of healthcare providers. The final rule adopting ICD-10 as a standard was published in January 2009, and it set a compliance date of Oct. 1, 2013 – a delay of two years from the compliance date initially specified in the 2008 proposed rule. The U.S. Department of Health & Human Services has yet to announce a new compliance date. Although the delay was big news, many of the consulting services firms and the larger solution providers, such as Cerner, McKesson and Epic, are still heavily promoting their migration capabilites. In addition, HIMSS itself and other IT-related groups were telling their members and anyone who would listen to not slack off when it comes to ICD-10 preparedness.

HIMSS Leadership Survey Results

According to the Annual HIMSS Leadership Survey, for the first time in years, IT leaders at healthcare organizations did not identify a lack of financial support for IT as an obstacle to implementation; instead, concerns about staffing resources was cited as the key barrier to IT. The survey results, released on February 21, showed that one-quarter of respondents said adequate staffing resources within their organizations is the top barrier to IT implementation, and approximately two-thirds of respondents said their IT staff will increase in the next year. Leading areas of expertise in which survey respondents require staff include clinical decision support, network and architecture support, and clinical informatics.

As healthcare organizations move toward meeting their information technology priorities, key areas of focus, as reported by the survey’s technology leaders, are: achieving meaningful use and ICD-10; participating in health information exchanges (HIEs); addressing security concerns; and IT governance. Highlights include:

Nearly 90 percent of respondents expect to complete their ICD-10 conversion by the Oct. 1, 2013 deadline (survey results were captured before the ICD-10 delay was announced). Two-thirds of respondents also reported that implementing ICD-10 was the top area of focus for financial IT systems at their organization.

More than one-quarter of respondents have already attested to meaningful use. One-quarter of respondents also said that achieving meaningful use is the key business objective at their organization.

Almost half of respondents reported that their organization participates in an HIE. However, 22 percent of respondents said there is an HIE in their area in which they are not participating at this time.

Security continues to be a top concern for healthcare IT professionals. Approximately one-quarter of respondents indicated their organization has experienced a security breach in the past year.

IT is being successfully integrated into healthcare providers’ overarching business strategy. Half of respondents reported that the IT plan is part of the overall organizational strategic plan.

Key takeaway – Regulatory requirements are still driving healthcare IT spending. However, IT continues to be viewed as a strategic enabler of the overall healthcare provider’s business. This is leading to continued investment in personnel to address IT architecture and analysis. Areas not deemed to be core to the business are increasingly considered for outsourcing.

Layered Tech recently attended the annual HIMSS Conference and Exhibition, the premier healthcare IT show of the year, and we wanted to share what we thought was interesting and informative in terms of trends and news related to hosting, cloud computing and compliance. The education sessions covered everything from managing mobile devices to implementing electronic health records (EHRs), health information exchanges (HIEs) and bioinformatics. In addition, the application of technology and provider/vendor collaboration to reduce costs while increasing patient care were key focus areas for the more than 37,000 attendees and 1,100-plus exhibitors.

Healthcare, HIPAA and Hosting

This year’s show continued the theme of accelerating meaningful use and delivering upon the promise of accessible EHRs. The application of cloud technologies permeated the exhibition hall, especially with many healthcare providers leveraging the cloud for EHRs, unified communications, billing, storage and imaging. In the past, there was great concern about security of information in the cloud, but the trepidation seems to be melting away as providers are successfully completing trials and engaging with production applications using cloud services.

The education sessions reflected the general tone of HIMSS12 – that healthcare organizations are recognizing both the value and the opportunity presented by outsourcing aspects of their IT environments. This is especially true when it comes to the delivery of scalable, secure and highly available environments – both infrastructure and network. By embracing HIPAA-compliant clouds or virtual private data centers, healthcare providers can transfer the tedium of managing infrastructure, the need for CapEx and the role of managing HIPAA requirements to a trusted partner. Finding that trusted partner appeared to be the focus of the attending Healthcare Providers.

The main obstacle impeding the adoption of hosted or cloud solutions in healthcare has been the perceived loss of control of and possible breach of security. But the entry of hosting service providers with expertise in HIPAA-compliant hosting now provides superior security to that delivered within on-premise environments. The value of best-in-class security wrapped around a hosted or cloud solution is becoming an irresistible catalyst rather than the deterrent for moving to cloud.

The opportunity for healthcare providers lies in their ability to better allocate resources toward delivering optimum healthcare for their patients. After all, isn’t this the promise of outsourcing? On-site IT staff can focus on deploying and maintaining clinical, patient-facing applications, architecture advancements or other more valuable areas within the health provider’s enterprise. In addition, the shift toward more predictable operating expenses helps to improve business visibility, and more optimally focused staff supported by a more predictable cost basis will help hospitals drive better business results.

The best advice I can provide for health care providers that have not ventured into the hosted or cloud space is to find an application they feel would fit well and kick the tires. This will enable the creation of the right model for the organization while minimizing risk.

Layered Tech is one of the HIPAA compliant hosting leaders delivering cloud expertise that is increasingly difficult for healthcare providers to replicate with internal IT staff. In addition, we also take on capital expense burdens and provide healthcare organizations with a predictable operating expense model.

In parts one and two of this blog series, we’ve examined how community clouds are viable environments for PCI compliance, and in this segment we will explore how security is instrumental in guarding against data breaches.

Make security a priority in your community cloud

Many believe that PCI compliance alone will keep mission-critical data safe, but that is actually not the case. Almost every credit card data breach in the last five years has occurred in a PCI-compliant environment. This powerful statistic reinforces the fact that although compliance is required for success, it is “table stakes” as opposed to effectiveness. The data in your community cloud is only as protected as the amount of security you apply to it, so it is critical that businesses invest heavily in security.

This doesn’t mean that PCI compliance should be ignored. Rather, security measures should work in tandem with compliance efforts, and in all actuality, PCI compliance should be considered as a subset of security. Keeping that in mind, organizations must make risk-based decisions that embrace compliance while also addressing practicalities and technical capabilities in order to establish a secure community cloud.

In addition to assessing the practicalities of achieving compliance, organizations must acknowledge that compliance is maintained by viewing it as a necessary, daily process, not as an annual project that must be completed to pass an audit or test. Doing so will defeat the purpose of attaining compliance in the first place, and it will open up your business to a variety of security threats. To “raise the bar” beyond simply establishing compliance, companies should consider several security components, including social engineering, patching, system interfaces and the scope of administration rights, as well as routinely identify system vulnerabilities to ensure a fully secure environment. Some of these components can be addressed with automated security checks, while others require human interaction, which is why good security is part art and part science.

Security and compliance are no more difficult in the community cloud

The security concepts mentioned above are vital elements that help determine whether a company chooses to leverage the community cloud or a different hosting environment. Despite common misperceptions, it is no more difficult to be secure or PCI-compliant in the cloud than it is in a dedicated hosting environment. The essence of any security plan is in taking the necessary precautions to make sure that data is kept under strict control. The 2011 Verizon Data Breach Investigations Report states that the cloud does not really factor into many of the breaches they investigate because they have yet to encounter a breach involving a successful exploit of a hypervisor allowing an attacker to jump across VMs.

In terms of PCI compliant hosting, not all cloud providers are created equal. Some hosting providers offer cloud environments with all the tools needed to secure a company’s data but leave the management of incident response to the customer. This opens the door for important security measures, precautions and standards to go unnoticed or overlooked, increasing the risk of a security breach. To avoid this danger, businesses should confirm that their third-party cloud vendor will go beyond simply ensuring PCI compliance by conducting regular checks to safeguard critical data.

Layered Tech handles all of the IT controls (about 80 percent of the total criteria) associated with PCI compliance, and our dedicated security experts know how to achieve the utmost security for any environment. By working with an established, global provider of compliant managed hosting services like Layered Tech, companies can offload complex compliance requirements, avoid potential risks associated with non-compliance and most important, focus on their business rather than their cloud infrastructure. To learn more about Layered Tech’s services, please visit our website or send us an email.

In the first installment of this series, we looked at the magnitude in which companies are experiencing security data breaches and how PCI compliance can help businesses overcome these issues.  In this installment, we’ll examine how community clouds are emerging as an alternative environment for companies looking to achieve PCI compliance and robust security while also reaping benefits including reduced overhead.

The 1, 2, 3’s of securing data and achieving PCI compliance

Many technology security experts agree that securing company and customer data involves three steps:  1) identifying which data is critical and therefore needs to remain secure; 2) implementing the controls needed to protect that data; and 3) validating those controls.  As simple as this may seem, one misstep can result in not achieving PCI compliance, opening the door for highly damaging data breaches to occur.  For example, Verizon stated in its 2011 Data Breach Investigations Report that of the 761 data breaches it examined, more than 95 percent could have been avoided through simple controls.

By contracting with a PCI-compliant managed services provider, companies are able to put their security concerns in the hands of experts who stay up-to-date on security requirements and ensure that PCI compliance is maintained.  Managed hosting providers like Layered Tech make certain that regular monitoring occurs, audits run smoothly and all data is as safe as possible, allowing companies to focus resources on their businesses and customers.

Community clouds as an alternative

Community clouds are becoming a popular hosting environment option because they offer many advantages, including lower costs and more flexibility.  By utilizing community clouds, companies avoid expensive upfront hardware costs and don’t have to worry about the additional expenditures associated with hardware updates and maintenance.  In addition, companies with fluctuating data requirements can easily increase or decrease the services they receive and only pay for services used at any given time.

Community clouds also provide companies with “hidden” benefits.  For instance, if a cloud provider notices targeted malicious activity against one company, it can take actions to prevent the attack or similar attacks from affecting other companies.  Experienced cloud providers will place businesses with similar security needs and services on the same server to use the same pool of resources.

A hosting provider’s experience and expertise in the community cloud should be an important factor when selecting a vendor. Layered Tech pioneered virtualized and PCI-compliant environments and has years of accumulated experience in designing, implementing and hosting in the cloud. To learn more about Layered Tech’s services, check out the compliant hosting and cloud hosting information on our website or send us an email.

In the final installment of this blog series, we will explore security in the community cloud and explain the importance of security and how PCI compliance doesn’t necessarily ensure that data is secure.

Image credit: Kirsty Hall

It seems almost daily a new report emerges detailing how a company suffered a data security breach, resulting in the release of sensitive data for hundreds of people.  To help guard against these attacks, companies can become PCI compliant, but it is not an easy goal to achieve and does not guarantee complete and total security.  As an alternative, community clouds provided through third-party resources like Layered Tech offer security options and a path to compliance without the cost and labor issues present with in-house systems.

To better understand these issues, this blog series will explore the hazards data breaches present and how, even with its challenges, PCI compliance and added security can help protect companies.  Additionally, the series will discuss how leveraging a community cloud provides companies with added benefits, such as scalable infrastructure, flexibility and availability, all in a cost-effective manner.

The real risk hackers pose

In today’s business environment, data breaches are no longer disasters that happen to other companies, nor are they an issue that only plagues large enterprises.  These adverse events can affect small- and medium-sized businesses that have made the leap to computerized systems and digital records.

Hackers are becoming more sophisticated and are able to employ several different tactics to retrieve information, such as exploiting backdoors and using spyware, forcing companies to focus on every aspect of security.  Instead of just looking for credit card and social security numbers or personal data, such as birthdates, hackers are increasingly stealing online banking login details.  According to Verizon’s 2011 Data Breach Investigations Report, the U.S. Secret Service arrested more than 1,200 cybercrime suspects in 2010 that were connected to more than $500 million in fraud loss.

PCI compliance helps but includes challenges

All companies that accept credit card payments, either online or offline, are required to takes steps to secure customer information.  One way companies can accomplish this task is to become PCI compliant, meaning that the organization meets certain criteria throughout the security process, including prevention, detection and response, as set forth by the PCI Data Security Standard (PCI DSS).  These standards, developed by the Payment Card Industry Security Standards Council, provide a range of requirements based on a company’s size, its type of business and the number of credit card transactions it handles.  (Want to know more about PCI DSS?  See the helpful PCI DSS resources available on our website.)

The strictness of these requirements, however, can make it difficult for businesses to achieve compliance.  Verizon’s Payment Card Industry Compliance Report for 2011 states that only 21 percent of the companies assessed were considered fully compliant.  Additionally, even though PCI-compliant companies are safer and less likely to encounter a breach, PCI compliance does not guarantee complete security of data.  Additional security measures, including but not limited to patching and system interfaces, must be taken.

Many companies leverage PCI compliant hosting and managed services from providers like Layered Tech to take advantage of its security, compliance and cloud expertise.  With this approach, organizations gain all the benefits of a hosted IT infrastructure but without the headaches of owning and maintaining hardware.  In addition, you can dedicate your resources to what matters most: your business and your customers.  To learn more about Layered Tech’s services, please visit our website or send us an email.

In the second installment of this blog series, we will discuss PCI compliance and security in community clouds and how this environment can provide businesses with unprecedented processing power, bandwidth and storage capacity, without the burdens of capital expenses and IT staff overhead.

Image credit: Mikael Altemark

• Control costs more effectively – with a cloud environment, customers can build/repurpose infrastructure towards normal loads of traffic and then use cloud for peak capacity management
• Drive revenue growth and increase agility as a company – allows companies to bring on their customers more rapidly, load applications quicker, etc.
• Innovate and launch products much faster – leading to faster return on investments

Security and compliance concerns have often prohibited businesses from migrating to the cloud, but a private cloud or even hybrid/community cloud architecture of the kind that Layered Tech regularly deploys for its clients has demonstrated time and again that data and transactions can be so secure as to meet even PCI DSS strict requirements.

The full interview is available as an audio podcast at LightReading.com and as a slide presentation summary on SlideShare.net.

Today, Layered Tech utilizes both CA Technologies AppLogic and VMware vSphere to provide unique multitenant and private cloud services to our customers. We have long standing relationships with both companies and are one of the original adopters of 3Tera AppLogic before server virtualization, orchestration and automation was called Cloud.  As one of the early adopters of the AppLogic 1.0 platform, we have a unique insight and relationship with CA Technologies. I would like to share a few thoughts regarding the latest release.

The CA AppLogic 3.0 cloud computing platform continues its focus to innovate on the application deployment layer with its intuitive drag and drop application deployment interface. The visual interface, which is the hallmark of AppLogic, continues to differentiate this platform from the others. AppLogic enables complete deployment of entire application environments including virtual load balancers, firewalls, web servers, application server and databases in a single motion.

Among significant new enhancements, AppLogic has added the capability to support:

1)      vLAN tagging to further enable private networking and VPN;

2)      Role-based user access to further separate observers, operators, admins and owners access levels and to improve security;

3)      Support of OVF (Open Virtualization Format) standard to facilitate the import of Xen and VMware workloads from outside the Cloud;

4)      Enhanced cloud operation with the global fabric controller to further automate the maintenance and addition of resources and the enrichment of usage metering capabilities

These are interesting enhancements, and enable a broader set of use cases for our customers with privacy requirement and who want to migrate VMware and Xen environments to the cloud.

Our broad portfolio of managed hosting services includes on-demand multi-tenant cloud services, dedicated virtual and physical environment, and compliance services. With the AppLogic platform we offer Virtual Private Servers (VPS) which is a multi-tenant public cloud with on-demand user portal, and Virtual Private Data Centers (VPDC), which are dedicated cloud environments and give you complete customization and admin access.  In addition, we offer additional cloud services to meet enterprise high availability and compliance challenges.

Layered Tech applauds the advancements by CA Technologies, VMware and Citrix and we remain dedicate to offering the latest best of breed technologies with excellent service and support.

Bye for now.

Kevin Van Mondfrans

Sr. Director Cloud Services, Layered Tech

Cloudbook, an independent authority and educational resource for cloud computing, recently published an in-depth look at JDA’s process of evaluating and selecting a private cloud provider.

With the help of consultants from Burstorm, JDA — the leading supply chain solutions company — met the challenge of finding a flexible cloud provider who could help consolidate 1 million users from over 100 countries into a single hosted cloud environment.

View the videos and read the article over at Cloudbook to learn why Joe King, SVP of JDA Managed Services, selected Layered Tech to help migrate JDA’s mission-critical managed services to the cloud.  This is an interesting read and an excellent insight into how a well-respected enterprise selected a private cloud provider.

We’re excited to now serve the needs of security-driven organizations requiring PCI-DSS compliance, and we’re squarely focused on introducing additional compliance services, including healthcare HIPAA compliance.

There’s a compelling synergy between Layered Tech’s managed dedicated and cloud-based hosting solutions and GSI’s compliance capabilities, and this combination strengthens the service to existing customers of both companies, as well as creates new hosting options that will bring additional value to the market.  In addition, by combining our resources with GSI, we can offer customers an even stronger level of technical support.  We’re excited to welcome GSI’s talented team to Layered Tech and have Robin Greenhagen, GSI founder and CEO, join Layered Tech as CTO and Kelly Kephart, GSI COO, join as Chief Integration Officer.

Some of the strengths of the combined company include:

• Only provider able to support PCI compliance through all key audits
• PCI-compliant cloud offerings
• Compliance enabled in three flagship data centers initially, with compliance rollout in more of our data centers subsequently
• Fully managed, compliance-based hosting
• State-of-the-art customer portal, with extensive features for flexibility, control and ease of use

Here at Layered Tech, we’re looking forward to begin working with our new colleagues from GSI, merging our solutions portfolios, and begin offering our clients the next phase of secure managed hosting services.