RenovoData Weekly Articles

The Health Insurance Portability and Accountability Act (HIPAA) has complex requirements to improve the access and transfer of critical patient health records while maintaining strict data protection procedures. The federal government has mandated that health data security standards require healthcare providers to implement comprehensive security measures to ensure that electronic patient records are protected against data loss and unauthorized access. This calls for compliant data backup procedures to ensure the confidentiality of patient records regarding data backup transportation and storage. Healthcare providers who engage in electronic transactions must adhere to data privacy safeguards to protect sensitive customer information and health records. Using a remote backup company will help meet HIPAA compliancy through providing automatic and secure offsite data backup, along with on-demand data recovery in the event of a disaster.

Data loss can cause a loss of productivity, patients or other customers, and revenue. Organizations are obligated to have a business continuity plan to sustain operations in the event of data loss. It is mandatory to include details concerning the data backup and data recovery process, offsite data storage, turnaround time, and all other matters regarding data protection and recovery.

Remote backup service providers offer the following:

• Automated data backups at secure offsite location

• Encrypted data

• Controlled physical access

• Disaster recovery and 24x7 restoration

• No extra hardware to purchase or manage

• Low service costs compared to media

• Tiered storage solutions to mange long-term data
  

Implementing remote backup solutions should be a key component to following HIPAA compliancy policies. It is critical that the remote backup service provider is a leader in integrated technology disaster recovery and on-demand remote backup that offers a comprehensive tiered storage solution for long-term data archiving capabilities. Remote backup ensures the highest degree of compliance standards are met regarding policies set by state and federal regulations.

Fact: 48% of data security breaches are caused by hackers, while 52% are a result of company insiders.

Until recently, all "backups" were treated the same.  Traditionally, when people thought of tiered storage technologies, it was for production data only.  However, today's factors such as availability, redundancy, scalability, reliability and regulatory compliance all need to be considered as key aspects of backup storage solutions.  By employing an offsite data backup provider with a tiered solution, small and medium-sized companies can instantly have the high performance data backup storage and data archiving capabilities of large enterprises at a reasonable cost - amongst other benefits. 

Tiered storage refers to the use of storage systems that have different performance, scale and cost characteristics.  A tiered storage solution assigns different categories of data to various types of storage devices and media based on service levels as defined by distinct business needs.  Data is moved across the tiers in accordance with business policies while data backup works throughout the storage environment to meet business continuity and disaster recovery obligations.

Tiered storage is a flexible and effective means of storage architecture.  It is a strategy employed by leading offsite data backup companies that allows for a more practical and streamlined method of managing data.  It enables data to be placed on a platform at an appropriate time for the purposes of providing agreed service levels and achieving desired business objectives. Key benefits of tiered storage include:

• Efficiency. By decreasing the number of systems within the business' data center, a tiered storage solution also delivers higher network utilization, faster access to data and a greater return on investment.

• Simplicity. Tiered storage integrates a simplified backup storage management solution. It eliminates the complex processes associated with disk to disk backups that later gets copied to tape, and finally moved offsite. In one backup process, the user can backup all data that ranges from high-priority and high availability data requirements, down through low-cost, less critical data that still needs to be sent offsite for disaster recovery and/or data archiving.

• Economical. Operational costs and total cost of ownership (TCO) are reduced through optimizing the use of existing devices and eliminating the need to purchase backup hardware, software and media. Using a service provider with tiered storage offers a real-time, "pay as you grow" solution which allows the right type of storage to be purchased at the most appropriate price point that meets the current needs of the business. There is no need to guess and overpay/underpay for the incorrect storage space. Additionally, implementing a tiered storage data backup solution can substantially drive down the costs associated with achieving Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO) without breaking the bank.

• Performance. Application performance is improved by relocating less frequently accessed data to more cost-effective storage. Information is immediately available and accessible and downtime is miniscule while IT staff productivity is maximized.

• Compliance. The rising number of corporate and governmental regulations [such as Sarbanes-Oxley, HIPAA and SEC] faced by businesses today require data to be stored securely over long periods of time. The rapid growth of this inactive data creates a substantial cost for IT. It is critical that this data be protected, retained, and made available to users, the business and external regulators only when needed.

When considering an offsite data backup company, make sure they offer a comprehensive tiered storage solution that offers offsite data protection, data security, disaster recovery and long-term data archiving capabilities.  These features are essential to meeting today's critical business demands and regulatory requirements. 

Fact:  The Gartner Group reports that 40 to 50% of all tape backups are not recoverable in full, and that 60% of all tape backups fail in general.

As the world stood still and focused on the historical inauguration of President Obama, there quietly came news of the largest single data infringement in history.  Heartland Payment Systems, which processes payments for over 250,000 businesses, may have compromised potentially hundreds of millions of credit and debit card transactions, making it one of the most significant data breaches ever reported.  After calling the U.S. Secret Service and hiring two breach forensic teams to conduct an investigation, it was found that malware planted on the company's payment processing network was the source of the data breach.

The decision to release the news of the breach could be viewed as a way to cover up the magnitude of what had taken place, or to avoid negative press.  Although this information was not immediately publicized when Heartland initially became aware of the problem in 2008, there will be lots of attention that brings it to light once the inevitable law suits arise.  In similar news, USAJobs.gov and Monster.com are two other high profile cases that were targeted by hackers, who stole large volumes of customer data via an automated and malicious Trojan-horse program. 

If these incidents are beginning trends indicative of 2009, data loss prevention and information security should be on the top of every IT to-do list.  A failure to secure the data of the customer is apathetic amongst enterprises and could be seen as gross incompetence, resulting in the collapse of the business following litigation and loss of revenues.  Data is the most important entity that can make or break a company.

Traditional methods of data storage using memory sticks, tapes, CDs, and hard drives are no longer secure.  Using tape (the most common) as a data backup or disaster recovery solution poses a serious threat; as tapes often have to be transported to an offsite storage facility.  While in transit, the tapes might be damaged, lost, misplaced, stolen or inadvertently discarded.  To make matters worse, most of the time the data is unencrypted.  Encrypting data ensures its safety and protection in the event of theft or data loss.

Use a remote backup service provider who has expertise in disaster recovery consulting as the most reliable solution for data breach prevention and backing up sensitive information.  The virtual management provided by a remote backup service provider allows for endless storage capacity and server consolidation.  Most importantly, data is sent directly to an offsite storage vault where it is compressed and encrypted and guaranteed confidential, safe and secure. 

Fact:  According to a report by TrendMicro, annual computer virus damages to U.S. businesses total $55 billion.  Even equipped with the latest antivirus software, viruses continue to pose a serious threat to your most valuable business asset.

As you are home during the holiday season enjoying your family and eggnog, data backup for your organization is the furthest thing from your mind.  During this time of the year when businesses experience a shorter IT staff, or in incident of weather-related issues which prevent personnel from making it to the facility to respond and recover operations, the need for a secure remote backup company is important.  An offsite backup service provider ensures those accommodations are accounted for within minutes.

When you have multiple servers at a site, the conventional method used by many businesses would be to set up a central backup server with a tape library.  The problem with this solution is that it creates a bottleneck and a single point of backup failure within your network.  Also, with slower backup and recovery speeds, no quick 24/7 access to data recovery, human error and the manual intervention required to get data offsite, tapes have proved to be an unreliable method.  This often cumbersome and lengthy process as a means of data protection can negatively impact the business recovery time and recovery point objectives (RTO and RPO) for your company, and compromises critical business practices such as complying with regulatory requirements.  For the same reasons that mp3 players are more commonly used today while music tapes are pretty much obsolete, remote backup is a better and more advanced solution for protecting your business-critical data.

In the event of a disaster, if employees are on vacation, managing a data center can pose a major challenge.  Remote backup solutions can be specified as a managed service to be installed into the existing infrastructure of your company ran by IT administrators.  If personnel are inaccessible during a critical time such as a server crash, an offsite solution is the guaranteed means of business continuity and disaster recovery.

Trivia Question:  What percentage of companies experiencing significant data loss goes out of business within five years?

Answer:  Posted in our upcoming blog.