Security Development Conference 2013: Highlights (Part 3)

Healthcare is one of the most vital industries worldwide, helping to diagnose, treat and administer care to millions of people every day.  The importance of this industry cannot be overstated and technology plays a vital role.

With the onset of electronic healthcare records, and increased accessibility to private information, the industry is faced with growing pressures to conform to regulations such as HIPAA and others.  Given how critical healthcare is to our daily lives, it’s no surprise that secure software development for this industry was a hot topic at this year’s Security Development Conference.

 While at the conference, Microsoft released a new white paper called “Secure Software Trends in Healthcare”. The paper lays out some of the security issues and requirements specifically facing the healthcare industry and draws on the experience of Accuvant and other industry participants to illustrate the benefits of secure software development in meeting those challenges.

Accuvant, an IT security firm, has been successful in employing secure application development in the healthcare industry. In their work with established healthcare companies, Accuvant has used the Microsoft Security Development Lifecycle (SDL) extensively. The firm leverages many of the processes in the SDL, like threat modeling, setting benchmarks for security and privacy and training employees in the principles of application security.  If you have not read the new paper yet, I encourage you to check it out here.

In addition, I had an opportunity to discuss secure software development as it relates to the healthcare industry with Sean Nolan, Distinguished Engineer for HealthVault at Microsoft.   In the short video below, Sean shares his perspectives on the topic:

For more information on hot trends to surface from the latest Security Development Conference, I encourage you to check out Part 1 and Part 2 of this series.

Tim Rains
Trustworthy Computing

About the Author
Tim Rains

Chief Security Advisor, Microsoft Worldwide Cybersecurity & Data Protection

Tim Rains is Chief Security Advisor of Microsoft’s Worldwide Cybersecurity & Data Protection group where he helps Microsoft’s enterprise customers with cybersecurity strategy and planning. Formerly, Tim was Director Cybersecurity & Cloud Strategy in Trustworthy Computing at Microsoft, where he Read more »