From HIPAA to hyper-converged – a healthier storage scenario lies ahead
February 26, 2018
By Shridar Subramanian
In 2017, HIPAA turned 21. Had you told a health care IT professional in 1996 that health care data would grow 48% YoY, and the projected total volume by 2020 would be close to 2,500 exabytes, their head would have spun at the massive task of managing cost, complexity, risk and compliance.
If that weren’t enough, when HIPAA was enacted into law, just 13% of the U.S. population had Internet, only 15% owned a mobile phone, and the smart phone hadn’t even been imagined. Today, a third of a billion smartphone users have a health app on their phone.
Oh, and just to rub salt in the wounds, 1996 also saw the birth of cryptovirology – a cryptoviral extortion protocol – that would grow up to form the basis of what we know today as ransomware; which grew over 89% in terms of health care-targeted attacks in 2016 to 2017.
That’s some coming-of-age party — massive volumes of high-value, critical and personal health care data spread across multiple locations, becoming increasingly vulnerable through factors including human error, natural disaster and malicious threat. Of course, the crux of the problem is not simply HIPAA. The scale of the data management, compliance and protection challenges that health care organizations are dealing with today is unrecognizable from twenty, ten, even five years ago.
For example, a petabyte worth of storage used to be a Fortune 500 problem. Today, a petabyte of storage is commonplace to organizations of all sizes – particularly health care organizations. It’s easy to understand the scale of the problem by looking at just one scenario of a StorageCraft customer – a regional health care leader with eight imaging centers, two radiation therapy centers, and four hospitals that initiated a proactive breast health strategy by going beyond the standard mammogram, and introduced high-resolution 3-D mammograms. With the move came a massive increase in data-storage requirements. What was formerly a gigabyte-scale storage operation, immediately turned into a petabyte-scale operation.
The struggle with data management, compliance and protection is reaching breaking point for many organizations. A recent independent survey by StorageCraft among IT Decision-Makers (ITDMs) showed that more than half of U.S. organizations are at risk from potentially disastrous data recovery practices. Fifty one percent are not confident that their IT infrastructure can perform instant data recovery in the event of a failure, and nearly half of the surveyed organizations are struggling with data growth. In fact, they believe it is only going to get worse. Health care organizations appear to be struggling the most, with 56% of health care ITDMs saying their organization would benefit from more frequent data backups, but the scale of data growth and their backup technology infrastructure doesn't allow it.
Diagnosing the problem is merely the first step toward the solution. As with most maladies, there isn’t a magic medicine that will instantly cure the problem of data deluge. There is a new regimen though. One which, over time, will create a robust, nimble, simple and cost-effective alternative.
A shift from traditional – often separate – backup and data protection models toward a converged model is poised to help ease the data cost, complexity, risk and compliance burdens faced by health care organizations. Traditional backup needs to read all primary data before moving it over a network to write to another storage target. When backing up applications, such as radiology, involving petabyte levels of storage, the systems and the cost of storage skyrockets. Even worse than clogging up the network is the challenge to successfully recover data in the event of drive or system failure. It’s challenging enough to recover files when the system is fully functional, in a disaster recovery situation such as a ransomware attack, it’s is just that – disastrous.
Technology and pricing innovation in scale-out storage means that advanced file-serving capabilities for primary and secondary storage, continuous and unlimited snapshots, inline deduplication, compression and off-site replication are now achievable for mid-sized and smaller organizations, and not just accessible to the large enterprise any longer. As a result, this dramatically erodes the performance gaps between primary and secondary storage; and equally significantly, it reduces the overall cost of storage and risk of miscalculating storage needs and investments.
The ability to have continuous and unlimited snapshots of unstructured data, made possible by using object storage technology, is cause for celebration in health care IT circles. For compliance and protection against increasingly dangerous threats such as ransomware, this represents a major advancement. In the case of a ransomware attack which might seek to encrypt and corrupt primary files, the attack can be thwarted because the snapshots are immutable and will be completely unaffected and immune from deletions and modifications.
The convergence of primary storage, secondary storage, backup storage, disaster recovery and compliance technologies into a single, intelligent platform represents a transformation in health care storage. Moving forward, it will be important to pace and plan to be ready for what will be a much healthier storage environment – headaches will be the first to go. The solution doesn’t lie in a massive forklift upgrade. It lies in taking small digestible steps. First walk, then run. The first step is creating a scalable infrastructure, then creating an environment that unifies primary and secondary data and integrates disaster recovery. This kind of setup is then able to digest massive amounts of structured and unstructured data; and can provide analytics and data intelligence. Imagine an infinitely scalable self-managing storage environment – self-managing, self-compliant, intelligently compliant, self-protecting and self-learning. It will not happen overnight. it will happen though, so planning now is vital.
About the Author: Shridar Subramanian has more than 23 years of experience in information technology. Shridar joined StorageCraft with the acquisition of Exablox in January 2017. Prior to StorageCraft, Shridar was the VP of marketing at Virident Systems, a leading provider of PCI SSDs, where he was responsible for product strategy, go-to-market, as well as awareness and demand generation. In addition, Shridar was the senior director of marketing at Monosphere Inc., a storage virtualization software company, where he was responsible for market and product definition for the company. Shridar has also held senior marketing positions at NetApp, and was a management consultant for Booz Allen & Hamilton. Shridar received his M.S. in computer science from Penn State University and an MBA from the University of Chicago.
In 2017, HIPAA turned 21. Had you told a health care IT professional in 1996 that health care data would grow 48% YoY, and the projected total volume by 2020 would be close to 2,500 exabytes, their head would have spun at the massive task of managing cost, complexity, risk and compliance.
If that weren’t enough, when HIPAA was enacted into law, just 13% of the U.S. population had Internet, only 15% owned a mobile phone, and the smart phone hadn’t even been imagined. Today, a third of a billion smartphone users have a health app on their phone.
Oh, and just to rub salt in the wounds, 1996 also saw the birth of cryptovirology – a cryptoviral extortion protocol – that would grow up to form the basis of what we know today as ransomware; which grew over 89% in terms of health care-targeted attacks in 2016 to 2017.
That’s some coming-of-age party — massive volumes of high-value, critical and personal health care data spread across multiple locations, becoming increasingly vulnerable through factors including human error, natural disaster and malicious threat. Of course, the crux of the problem is not simply HIPAA. The scale of the data management, compliance and protection challenges that health care organizations are dealing with today is unrecognizable from twenty, ten, even five years ago.
For example, a petabyte worth of storage used to be a Fortune 500 problem. Today, a petabyte of storage is commonplace to organizations of all sizes – particularly health care organizations. It’s easy to understand the scale of the problem by looking at just one scenario of a StorageCraft customer – a regional health care leader with eight imaging centers, two radiation therapy centers, and four hospitals that initiated a proactive breast health strategy by going beyond the standard mammogram, and introduced high-resolution 3-D mammograms. With the move came a massive increase in data-storage requirements. What was formerly a gigabyte-scale storage operation, immediately turned into a petabyte-scale operation.
The struggle with data management, compliance and protection is reaching breaking point for many organizations. A recent independent survey by StorageCraft among IT Decision-Makers (ITDMs) showed that more than half of U.S. organizations are at risk from potentially disastrous data recovery practices. Fifty one percent are not confident that their IT infrastructure can perform instant data recovery in the event of a failure, and nearly half of the surveyed organizations are struggling with data growth. In fact, they believe it is only going to get worse. Health care organizations appear to be struggling the most, with 56% of health care ITDMs saying their organization would benefit from more frequent data backups, but the scale of data growth and their backup technology infrastructure doesn't allow it.
Diagnosing the problem is merely the first step toward the solution. As with most maladies, there isn’t a magic medicine that will instantly cure the problem of data deluge. There is a new regimen though. One which, over time, will create a robust, nimble, simple and cost-effective alternative.
A shift from traditional – often separate – backup and data protection models toward a converged model is poised to help ease the data cost, complexity, risk and compliance burdens faced by health care organizations. Traditional backup needs to read all primary data before moving it over a network to write to another storage target. When backing up applications, such as radiology, involving petabyte levels of storage, the systems and the cost of storage skyrockets. Even worse than clogging up the network is the challenge to successfully recover data in the event of drive or system failure. It’s challenging enough to recover files when the system is fully functional, in a disaster recovery situation such as a ransomware attack, it’s is just that – disastrous.
Technology and pricing innovation in scale-out storage means that advanced file-serving capabilities for primary and secondary storage, continuous and unlimited snapshots, inline deduplication, compression and off-site replication are now achievable for mid-sized and smaller organizations, and not just accessible to the large enterprise any longer. As a result, this dramatically erodes the performance gaps between primary and secondary storage; and equally significantly, it reduces the overall cost of storage and risk of miscalculating storage needs and investments.
The ability to have continuous and unlimited snapshots of unstructured data, made possible by using object storage technology, is cause for celebration in health care IT circles. For compliance and protection against increasingly dangerous threats such as ransomware, this represents a major advancement. In the case of a ransomware attack which might seek to encrypt and corrupt primary files, the attack can be thwarted because the snapshots are immutable and will be completely unaffected and immune from deletions and modifications.
The convergence of primary storage, secondary storage, backup storage, disaster recovery and compliance technologies into a single, intelligent platform represents a transformation in health care storage. Moving forward, it will be important to pace and plan to be ready for what will be a much healthier storage environment – headaches will be the first to go. The solution doesn’t lie in a massive forklift upgrade. It lies in taking small digestible steps. First walk, then run. The first step is creating a scalable infrastructure, then creating an environment that unifies primary and secondary data and integrates disaster recovery. This kind of setup is then able to digest massive amounts of structured and unstructured data; and can provide analytics and data intelligence. Imagine an infinitely scalable self-managing storage environment – self-managing, self-compliant, intelligently compliant, self-protecting and self-learning. It will not happen overnight. it will happen though, so planning now is vital.
Shridar Subramanian