Harvard CIO Herds Large File Transfers

E-mail file attachments stymie servers at the Harvard Medical School and Beth Israel Deaconess Medical Center, so IT professionals put a file transfer product into action.

What happens when professors need to exchanging large files securely? Some academics who find their e-mail inboxes too small have turned to MySpace, gmail and blogs. Thats not a good thing, especially when files might contain confidential patient information.

John Halamka, CIO of Harvard Medical School and Beth Israel Deaconess Medical Center, says he enjoys being a cheerleader for technologies that could provide potentially big solutions.

Among other things, hes made headlines for having an RFID chip implanted in his arm. Should Halamka arrive unconscious without identification in an emergency room, an identification number on the chip will help medical personnel find his health information on an online database.

That assumes, of course, that the department has the right scanning equipment.

Now, Halamka is excited about a technology that hes already put to use at his hospital and medical school where he works. Users feel like they are simply attaching large files to e-mail messages, but in fact the files are moving through a separate secure server that tracks revisions and uploads.

Despite the stereotype of a lone, mad scientist, medical science is hugely collaborative, and researchers at separate institutions tend to collaborate by exchanging huge files, files way too large for an institutions e-mail system to handle safely.

Halamka says he started searching for a solution when he realized how many requests his IT personnel were getting to increase the size of their e-mail inboxes and the files they could receive.

At first, Halamkas team decided to set up FTP servers along with user names and passwords for each collaborator. That meant that researchers who wanted to send out large files had to go through IT first, and that proved a hassle for everyone.

Fed up with all the security precautions, some researchers decided to go outside the system, using personal e-mail or even MySpace to share data with colleagues.

Thats a problem because these files, which often contain sensitive data, are less secure. In some cases, they might even be archived by Web crawlers, allowing unauthorized people to stumble across them accidentally.

"None of the solutions worked," Halamka said. Then he learned of a product called Accellion Courier Secure File Transfer Appliance one day on the Web and decided to try it.

Halamka says the solution went up smoothly at both the hospital and the medical school. "We installed it, and within a week, it was actively being used by the research community, and they liked it."

Researchers who want to share files with collaborators feel like they are simply putting an attachment to an e-mail. Instead, they are actually downloading the file or folder to a separate, secure appliance with its own IP address. Recipients of the e-mail receive a Web link, where collaborators can download it and upload revisions.

The same authorization systems used for e-mail systems allows the links to work, and the links are automatically set up to expire in 30 days. That keeps the appliance from getting cluttered with too many files. In addition, the appliance logs everything thats received, keeps a copy of each version, and tracks whether files actually arrive.

/zimages/1/28571.gifClick here to read more about security threats.

Halamka, who says he has no financial relationship to Accellion, says he first read about it on the Web, and that his team had investigated four or five external solutions for sending large files.

A separate server seemed to be the best solution. He said CIOs need to be wary of products that allow for "easy hacks."

Say a person gets the URL for an authorized file, if the URL is largely numerical (3333), he could readily access unauthorized files just by stepping through the numbers (3334, 3335).

With Accellion, he said, the only real worry is a large, sudden spike in usage that doesnt give his team time to acquire additional storage space.

"The concern is, what if it became so popular that you have 5,000 researchers sending multiple terabytes, you could run out of storage space."

The hospital has been using the system for several months now, he says, and there hasnt been a problem. Still, he said, it cant hurt to keep an eye on big grant deadlines.

/zimages/1/28571.gifCheck out eWEEK.coms for the latest news, views and analysis of technologys impact on health care.