Enterprise Security Services - Secure SI from CMA

Enterprise Security Services

Enterprise security services require multi-layer strategies to protect your infrastructure and your data. As an enterprise systems integrator, infrastructure strategist and provider, and custom software developer, CMA understands the depth and breadth of security risks, as well as the right way to build and implement security solutions.

CMA specializes in rapid enterprise deployment, embedding pervasive and cooperative security within all the enterprise platforms we deploy. CMA’s data centers comply with and operate under advanced security protocols. We currently service public and private organizations.

Our strategic partnerships ensure our clients have quality access to a variety of security products, particularly within Oracle’s software suite.

Learn more about this service:

Please complete your information on the form. We will be in touch with you soon.


Build Effective Enterprise Security Programs

Our enterprise security consulting services help you build the best security programs to protect your information and infrastructure assets and enhance your business operations.

CMA employs some of the most sophisticated security assessment tools in the industry, and makes use of the latest threat intelligence and countermeasures to help you build effective, efficient security programs. Service offerings include:

  • Information & Cyber Security
  • Secure Cloud Computing
  • Data Protection
  • Assessments for HIPAA/HITECH and PII/PHI
  • Environment and Physical Design Security Assessments
  • Implementation of NIST 800-53 Security and Privacy Controls
  • Encryption Assessment & Design Services
  • Federal or State Compliance Requirements
  • Device-Level Encryption
  • Encryptics for Email
  • Identity & Access Management
  • Data Rights Management
  • Risk Management
  • Policy-Based Protection
  • Incident Planning & Response

More specifically, CMA specializes in the following:

HIPAA/HITECH Assessments

CMA can provide assessment and scorecard risk-ranking services for your technology environment in preparation for CMS HIPAA/HITECH compliance audits.

Environment and Physical Design Security Assessments

Based on your custom policy and physical design requirements, CMA can assess your environment for security weaknesses, risk and compliance, and provide guidance for optimizing infrastructure implementations or platforms.

Implementation of NIST 800-53 Security and Privacy Controls

Using industry-standard NIST 800-53 guidance, CMA can augment your existing data security control framework using controls specifically designed to mitigate, reduce, or eliminate data security risks.

Encryption Assessment & Design Services

Using the newest best-of-breed technologies, CMA can provide design and assessment services to assist you with implementing the strongest possible encryption methodologies to reduce your risk of breach or unexpected data exposures across all data channels.

Other Federal or State Compliance Requirements

As needed, CMA can assist you with assessing your environment as you prepare for a variety of compliance needs in the healthcare sector, including assessing Omnibus, Meaningful Use Stages 1, 2 and 3, JCAHO Standards, and NYSDOH DSRIP SSP compliance maturity.

Implement an Informed, Multi-Layer Security Approach

CMA has deep knowledge, skills, and experience implementing enterprise security solutions for our clients, including employing a “public/private” framework to execute the security architecture. CMA undergoes an annual HIPAA/HITECH security audit and a MARS-E security audit by an independent certified auditor.

Enterprise Layer

Core to our security solutions is an enterprise layer and associated LDAP implemented within the Oracle IDM suite; access management using Oracle OAM and associated rules engine OAAM; and LDAP access using Oracle Virtual Directory (OVD for directory abstraction) and Oracle Internet Directory (OID) for direct access.

Private Layers

The enterprise layer works cooperatively with individual private layers (private to each specific resource such as applications or databases) by passing context / attributes required for each local resource to implement local gating of resources. This provides for a consistent view and application of security throughout the enterprise. In addition, when necessary, we also deploy product specific technologies (Ex. Oracle Virtual Private Database) to provide even finer grain access control within each database/application.

Enterprise Security Experience

Our security consultants possess comprehensive and broad industry expertise, and offer services across multiple IT security disciplines including compliance, data protection, encryption, application services, risk management, identity and access management, cyber security, cloud, and incident planning and response.

CMA has successfully implemented this enterprise security architecture in one of the largest and most complex agencies in New York State, the Department of Health, for one of the largest Medicaid Programs in the country managing an annual program budget of over $55 billion. Using our Oracle enterprise security framework, NYS provides secure access management controls, based on multifactor authentication, to highly secure applications and data that meet a variety of security requirements including Personal Health Information (PHI), Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act. CMA works closely with the NYS Office of Information Technology Services (ITS) to leverage the State’s investment in their enterprise services and infrastructure to meet NYS security standards.      

Security Partners


CMA has been an Oracle partner for more than 25 years. For security, we have heavy experience in Oracle Access Manager (OAM), Oracle Adaptive Access Manager (OAAM), and other related products.


Encryptics for Email is an off-the-shelf product that works seamlessly with existing email services to protect outgoing messages and attachments. Utilizing our DRM features, organizations can maintain control of emailed data even after it leaves the corporate network. Ideal for Bring Your Own Device (BYOD) and mobile environments, this cross-platform solution provides data protection in the office and on the go.