With strict health insurance portability and accountability act compliance guidelines looming, Vincent Fusca had to find a way to keep 7 terabytes of confidential data secure.
Fusca, operations director for the Center for the Evaluative Clinical Sciences at Dartmouth College, in Hanover, N.H., decided to rely on Decru Inc.s DataFort E-series appliances to ensure the security of the data under his care.
Using two clustered DataFort E510 appliances, Fusca got more than justHIPAA-compliant encryption, however: The DataFort devices also saved time and storage costs, and they enhanced security in several ways. Fuscas experience shows how other organizations might reap additional benefits from their storage security products. (Fusca declined to provide a time frame for a return on the centers investment in the DataFort E510 devices, which list for $30,000 each.)
CECS was created by Dartmouth College as a research group to provide a foundation for measuring, organizing and improving the nations health care system. For their research, CECS scientists and scholars obtain Medicare data from a variety of sources, including insurance companies and government organizations. This data must be secured according to HIPAA guidelines.
The centers storage network consists of Linux clients, Dell Inc. file servers and NAS (network-attached storage) units from Network Appliance Inc.
Fusca said downtime is a major concern for CECS, so he needed a solution that could be implemented easily and would not make the centers storage infrastructure overly complex.
"We didnt want to invest in a system that would cause us to alter our environment," Fusca said. "The Decru DataForts compatibility with our current systems has been superb."
The DataFort E510 natively supports CIFS (Common Internet File System) and NFS (Network File System), and Fusca said he had a fairly easy time plugging the product into his network, although it wasnt quite plug and play. Deployment to the centers network took a couple of hours, he said.
Complementing CECS firewall and VPNs, the DataFort appliances ensure that data sitting on the centers NAS and file servers is encrypted while giving IT staff and researchers access control management and secure logging.
Besides the added security, the DataFort appliances have enabled Fusca to segregate the data residing on his systems using the appliances group policy management and auditing to simplify data flow.
Organization Center for the Evaluative Clinical Sciences at Dartmouth College
Location Hanover, N.H.
Issue CECS had to implement additional security to protect its file and NAS servers and ensure that stored Medicare data was secured to HIPAA standards; the center also needed encryption to ensure that data wasnt compromised when equipment was sent off-site for repairs
Tools Decrus DataFort E510 appliances
Whats next CECS is investigating whether to use Decrus storage VPN capabilities to allow off-site researchers to access secure files over the Internet
Source: eWEEK Labs reporting
"We have three or four levels of data usage profiles. With DataFort, we could create [access] levels for the different research staff and faculty without changing key codes and other software-based encryption hassles," Fusca said.
The DataFort E510s CryptoShred function provides peace of mind for Fusca when equipment must be sent out for repairs due to defects or warranty agreements. CryptoShred deletes the keys for unlocking the data, effectively making encrypted data unrecoverable.
This is a handy capability also because some of the data used by CECS expires after a few years and must be disposed of properly. Data on NAS units is backed up to tape in an encrypted format by default, enabling the CryptoShred function to assist CECS with tape media destruction. Previously, CECS had to physically destroy 40 to 50 tapes at a time, which could be very time-consuming. Today, the simple destruction of the recovery key (and the log verifying it) is enough to wipe out tape media.
In addition to disposal issues, the DataFort devices may in the future help transport critical information. Currently, CECS must send all files through the mail because there are HIPAA issues with electronic transmissions outside the centers closed networks, Fusca said. Duplicating and sending data in this way is expensive and raises security concerns.
Therefore, CECS is investigating using the DataFort appliances new WebDAV (Web-based Distributed Authoring and Versioning) and storage VPN functionality to enable off-site researchers to access files securely over the Internet. Senior Analyst Henry Baltazar can be reached at email@example.com.Check out eWEEK.coms Storage Center at http://storage.eweek.com for the latest news, views and analysis on enterprise and business storage hardware and software. Be sure to add our eWEEK.com storage news feed to your RSS newsreader or My Yahoo page: