The Visiting Nurse Service of New York conducts 40,000 patient visits a day. With 15,000 employees and about 130,000 patients under its care over the course of a year, it is the largest not-for-profit home healthcare organization in the United States. The majority of employees work remotely, using laptop and tablet computers, creating a multitude of ways in which the organization's data can be compromised. With the data privacy compliance requirements of the Health Insurance Portability and Accountability Act as well as the more recent HITECH Act, the service faces a host of complex security challenges. In an interview with FierceCIO, Larry Whiteside, CISO for the VNSNY, discussed the critical importance of log management in his security framework.

FierceCIO: What was the main reason for deploying log management tools at your organization?

Larry Whiteside: Security. Logs are the most basic and fundamental piece to any security environment. And, for me, compliance is an offshoot of a secure program. If you implement a security program based on a sound framework, you will be in compliance. Being able to query the logs in a very concise manner is extremely important. 

FCIO: Can you elaborate on why logs are so fundamental to security?

Whiteside: All of my career my mantra has been: Logs are everything. If you don't have the log information, you're really at a loss for getting any other information. For us, log management is there to capture as much information as possible. We are in the process of implementing a database security technology, for example, and we will be taking the information from it and plugging it into our log management suite [from LogLogic] to query logs.

We also use the log suite to help identify other things through correlation and grabbing information from different sources. We capture log-in data from all machines, and [we combine that information with data] when an intrusion detection system identifies security alerts. If we see multiple failed passwords on a system, for example, and if that system does a port scan of another system, that's a critical alert. 

FCIO: Can you give a specific example of log management enhancing security?

Whiteside: At a previous company, I had a manager of a pretty large group who gave his two-week notice. As part of the termination process, the HR process kicked off, and a notice went out to different groups. About five days later, I identified that there were some rather large queries of client lists that had taken place by that particular user. 

FCIO: What do you see as the greatest threat to data security?

Whiteside: Honestly, I'll say education. Carbon-based life forms will always be the biggest threat in any corporate environment that exists.

As a security officer, I think in a certain way. I take into account a lot of things when I'm handling data. I think about the impact of it being compromised or lost, but regular users don't take those things into account. They think about trying to be the most efficient. That opens corporations up to risk. We've done a very good job including education and awareness as part of our training.

FCIO: How would you characterize the external threat?

Whiteside: For the external entity, we have layers and layers of protections in place. The internal entity is considered a semi-trusted person. Because people are semi-trusted internally, that is the area where protection points are put in last. You want people to have access to information. When you start putting security controls in place internally, it can create a hindrance. That doesn't mean that everyone is trustworthy. The unfortunate part is that human nature tends to take over. Over the last 10 to 15 years, it's been identified that you must put controls on the internal entity as well.

I have one employee. I'm always looking at ways to gain efficiencies. Log management allows us to determine what is normal behavior and be alerted when there is behavior out of the norm. We've taken log management and used it in a strategic way to give us an extra hand.

FCIO: How do users react to the log management suite?

Whiteside: With any log management suite, it should be completely seamless to the users, and hopefully seamless to the rest of IT. They have no idea it exists until they are told. Managers find out about it when they ask for certain information and we're able to come back with it in a matter of minutes: Yes, they checked into the building that day; yes, they logged into a computer system; yes, they logged into this application; yes, they did this query. 

FCIO: How do you see log management evolving?

Whiteside: As we move toward making what was a paper process electronic, log management is going to become that much more important. We're not hiring more bodies unfortunately. We're having to do more with less. In an effort to gain efficiency, having a log management system gives you the ability to query information from different systems via one consolidated console.