Cyber Protection | Data Protection

We provide security solutions to protect data in our networks, email systems, servers and endpoints such as workstations, laptops, tablets, and servers. Consultation and support are available for data encryption, data loss prevention, email security, and secure file transfer.

Data Loss Prevention

Data Loss Prevention focuses on KP’s email system to ensure regulatory and policy compliance. The tool is used to monitor usage of KP sensitive data (PHI/PII) on email and messaging platforms. The service also provides data-at-rest scanning for various internal data repositories.

Getting Started

  1. Create a Directed Service Request
  2. Select “Consult” from the “Select a category that best describes your request” dropdown
  3. Provide a brief description of your request in the “Describe your request” field. State your needs and provide the application/database/project name.
  4. From the “Support Group” dropdown, select “Cyber Data Protection Services”
  5. Attach additional details by clicking “Add attachments”
  6. Click “Add to cart.”

Secure File Transfer

Secure File Transfer (SFT) is a service that allows for the transfer of large data sets through the use of a web interface. It can be used to safeguard Kaiser Permanente sensitive data in transit. The service is the approved method for sending data to external and internal resources when the data exceeds the 25MB limitation in the standard encrypted email.

Getting Started

  1. Create a Directed Service Request
  2. Select “Consult” from the “Select a category that best describes your request” dropdown
  3. Provide a brief description of your request in the “Describe your request” field. State your needs and provide the application/database/project name.
  4. From the “Support Group” dropdown, select “Cyber Data Protection Services”
  5. Attach additional details by clicking “Add attachments”
  6. Click “Add to cart”

Email Security and Encryption

This service ensures best practices, connectivity to, and appropriate use of the KP SMTP infrastructure. The service is available to individuals, application teams, business partners, and external vendors and affiliates. It includes the design of the physical infrastructure along with the email flow through the infrastructure. It allows KP email users to encrypt outbound email messages to protect PHI or other sensitive information sent to email recipients outside of KP. The service is the primary defense layer for email-based threats, including SPAM protection, anti-virus, email firewall, and advanced threat protection services, to address the latest malware and phishing attacks.

Resources

Getting Started

  1. Create a Directed Service Request
  2. Select “Consult” from the “Select a category that best describes your request” dropdown
  3. Provide a brief description of your request in the “Describe your request” field. State your needs and provide the application/database/project name.
  4. From the “Support Group” dropdown, select “Cyber Data Protection Services”
  5. Attach additional details by clicking “Add attachments”
  6. Click “Add to cart”

Application and Database Encryption Key Management

Encryption Key Management provides guidance and solutions for the full lifecycle of cryptographic keys and protects them from loss or misuse. This includes consultation to help the client understand services related to generating, using, storing, archiving, rotating and deleting keys. Protection of the encryption keys includes limiting access to the keys physically, logically, and through user/role access.

For applications that leverage the enterprise key management system, Sarbanes-Oxley (SOX) and Payment Card Industry (PCI) standards require that enterprise encryption keys should be rotated every year. Also, application teams can request to rotate the keys as needed due to the key compromises.

Getting Started

  1. Create a Directed Service Request
  2. Select “Consult” from the “Select a category that best describes your request” dropdown
  3. Provide a brief description of your request in the “Describe your request” field. State your needs and provide the application/database/project name.
  4. From the “Support Group” dropdown, select “Cyber Data Protection Services”
  5. Attach additional details by clicking “Add attachments”
  6. Click “Add to Cart”

Web Application Firewall

This service identifies and blocks known malicious IP addresses, anonymous proxy addresses and known phishing URLs. The service also offers integration with web application vulnerability scanners to patch flaws before they can be exploited.

Getting Started

  1. Create a Directed Service Request
  2. Select “Consult” from the “Select a category that best describes your request” dropdown
  3. Provide a brief description of your request in the “Describe your request” field. State your needs and provide the application/database/project name.
  4. From the “Support Group” dropdown, select “Cyber Data Protection Services”
  5. Attach additional details by clicking “Add attachments”
  6. Click “Add to cart.”

Cloud Security

This service includes consultation, best practices, and tools used to monitor user access to and usage of KP sensitive data (PHI/PII) on various sanctioned Software as a Service (SaaS) platforms such as Office 365, Box, and OneDrive. The service also provides monitoring and control capabilities associated with the unsanctioned applications.

Getting Started

  1. Create a Directed Service Request
  2. Select “Consult” from the “Select a category that best describes your request” dropdown
  3. Provide a brief description of your request in the “Describe your request” field. State your needs and provide the application/database/project name.
  4. From the “Support Group” dropdown, select “Cyber Data Protection Services”
  5. Attach additional details by clicking “Add attachments”
  6. Click “Add to cart.”