Increase in healthcare data breaches highlight need for improved storage solutions

/in , , , /by

While much of the news on cybersecurity and data breaches has been focused on attacks aimed at retail stores, security experts are increasingly warning healthcare organizations that hackers are more frequently going after targets in this $3 trillion industry.

In the underground market where cybercriminals sell their stolen goods, medical information can go for more than 10 times what credit card numbers are worth. Due to the high price medical records can fetch, attacks are increasing at an alarming rate. Just last month the FBI warned healthcare providers to be on high alert after Community Health Systems, one of the U.S.'s largest hospital operators was hacked and the information of 4.5 million patients was compromised. A recent study by the Ponemon Institute found that the number of healthcare organizations reporting a data breach is rising, with 40 percent of providers reporting an intrusion in 2013 as opposed to 20 percent in 2009.

Lack of awareness makes healthcare great target
As opposed to retail data breaches or personal identity theft, fraud involving medical information is rarely detected in a timely manner, making it more worthwhile for hackers to go after healthcare records instead of credit card numbers.

"As attackers discover new methods to make money, the healthcare industry is becoming a much riper target because of the ability to sell large batches of personal data for profit," said Dave Kennedy, CEO of TrustedSEC LLC in an interview with Reuters. "Hospitals have low security, so it's relatively easy for these hackers to get a large amount of personal data for medical fraud."

According to an FBI estimate, one medical record can sell for as much as $50 in an underground marketplace, in stark contrast to the few dollars a stolen credit card might bring in. Stolen medical information commonly on sale on the black market includes names, dates of birth, billing information, diagnosis codes and policy numbers. This data is then used by cybercriminals to create fake IDs in order to purchase prescriptions or medical equipment that can be resold, or to make phony insurance claims.

Low funding, high risk
One of the major drivers in the increase in healthcare data breaches is the recent switch to electronic medical records. In an interview with the Boston Globe, Beth Israel Deaconess Medical Center CIO John Halamka said that IT departments in the healthcare industry commonly receive between only 2 and 3 percent of an organization's budget, compared with the 20 percent offered to those in retail and financial industries, yet organizations are being forced to rely on technical solutions. Perhaps because of the lack of funding, a recent study by security firm BitSight Technology found that healthcare providers respond more slowly to data breaches than any other sector, compounding the problem.

The Ponemon Institute report found that the healthcare industry loses $5.6 billion a year due to security incidents. As cybercriminals continue to find more sophisticated attack methods and target larger amounts of information, healthcare providers will have to find a more secure way of storing their electronic medical records. A reliable way to protect patient data is to utilize cloud storage services. Data saved in the cloud can be easily encrypted and kept in a separate place from other enterprise information. Business continuity procedures are also improved by keeping health records in the cloud, as duplicate data can be stored offsite and kept safe in case a system is compromised or a disaster were to occur. Cloud services are a cost-effective storage option as they are highly scalable and require healthcare providers to only pay for the amount of service being used. This allows cash-strapped organizations to protect sensitive information without breaking the bank. 

Recent Postal Service data loss highlights need for disaster recovery solutions

/in , , /by

It was discovered in a recent government audit of the U.S. Postal Service that the agency lost sensitive data after the device containing both the original and backup copies of the information suffered a hardware failure. The machine that crashed contained the database for the Computer Incident Response Team, which was "used to record and monitor computer incidents." The database was lost in April after an unspecified malfunction occurred. The information was considered essential, meaning it was necessary to the maintenance of daily operations.

"…[T]he Postal Service did not ensure all database backups were being stored on separate hardware," stated the audit report. 'Specifically, the CIRT database was lost due to a hardware failure and the data was not recovered due to the absence of a backup on a separate piece of hardware."

Currently, the security standards for the Postal Service do not require separate devices for storing backup and original files to maintain information resources. Ironically, the USPS was given an award by CSO Magazine earlier this year for innovative use of online security. The award was accepted by the CIRT's Information Systems Security Manager Andrew Kotynski.

Disaster recovery: More important than you think 
​While it may seem like what happened to the USPS was just an embarrassing oversight, hundreds of companies make the same mistake each year. Even if duplicate copies of information aren't stored together, they can still be lost if the appropriate disaster recovery and business continuity policies aren't implemented. A recent survey conducted by Forrester found that 33 percent of companies have declared a disaster in the last five years. Four years ago, that number was 20 percent. The study also found that the downtime caused by disasters can be extremely expensive, with respondents reporting costs of up to $3.5 million.

When putting disaster recovery and business continuity plans in place, it is important for organizations to consider where documents and important information are currently stored and how employees access them. For critical information that is used frequently and by many different people, cloud storage services are the best choice.

Using content management systems and cloud-based solutions allow companies to store important data in an easily accessible place that will stay safe during a disaster and keep business running as usual. Employing managed services also lets small- and medium-sized businesses enjoy the same benefits as large companies while having lower costs and the security of a fully redundant, reliable data center.

NASA successfully completes first phase of cloud migration

/in , , /by

A massive move to transition NASA's websites and applications to a cloud platform has successfully completed its first phase, migrating more than 1 million files so far.

The agency's huge amount of information made the move quite an undertaking. NASA has more than 1,500 public-facing websites and thousands of applications and networks on top of the agency's huge data offerings and holdings. Sites being moved to the cloud include the internal NASA Engineering Network, which contains the documents of 3 million engineering projects, and NASA.gov. In all, the first phase of the move included more than 100 sites and applications and took 22 weeks to complete, according to NextGov.

Making sure applications 'don't go dark'
During the initial migration to the cloud infrastructure, the NASA.gov portal – which itself contains multiple sites – was redesigned to make the transition smoother. The rest of the websites were moved as-is so NASA could still save on infrastructure, according to Raj Ananthanpillai, who is overseeing the migration.

The applications and sites being moved to the cloud were previously housed in a commercial data center where redundancy and uptime were a top priority, so it was important to the agency that nothing fell through the cracks. In an interview with NextGov, Ananthanpillai likened migrating multiple, dispersed sites running on proprietary systems to changing a tire on a moving car. He stressed the importance of the sites being able to stay online, saying that none of them could go dark.

The Office of Management and Budget's federal cloud-first policy was a driving force behind NASA's move to a cloud platform. At the same time, the agency's own Open Government Initiative, which dealt with the utilization of open-source projects to consolidate internal and external websites, fit in nicely with the OMB's policy. NASA's cloud migration allowed the agency to introduce open-source components to overhaul technology in a cost effective way, while also employing new content management systems within the agency's enterprise tool kit.

Overall, the use of cloud storage services has already generated cost savings of 40 percent, according to Roopangi Kadakia, web services executive with NASA's office of the CIO. Looking to the future, the infrastructure is projected to cut the agency's monthly operations and maintenance costs by about 25 percent.

Universities increasingly look to the cloud for data storage solutions

/in , , , /by

The demand for access to data at large universities is increasing at an incredible rate with the advent of online classes, analytics services and expanding levels of research. In an interview with TechTarget, Michigan State University CIO Joanna Young explained that the current influx of data is posing a challenge for universities in regards to how best to store information and retain records in the most secure, efficient way possible.

Young noted that it's important for schools to be able to keep up with the growing demand for the multimedia content teachers share in class to be available to students online at anytime. As professors start to offer more content to students that is based somewhere besides a textbook, schools need to become more effective and efficient in their use of data storage and the cloud is an especially helpful solution. At the same time, cloud storage is almost a necessity for universities looking to offer online education options, according to Young.

"Because the video requirements for these online classes are huge – every week, two to four hours or more worth of video content – that would have quickly overwhelmed the storage we had on campus," Young said.

The cloud as a recruitment tool
In her interview with TechTarget, Young mentioned that data storage options can also be a helpful tool in incentivizing professors to come to the university to perform groundbreaking research or start important programs.

"As a CIO, the trick is to say to people…'You don't have to worry about storage. You don't have to worry about servers. Here's how we can provide that for you in a way that's easy for you to use, is going to give you enough space and access that you need, and the type of speed set is OK for you,'" explained Young. "[You] become a partner and get them to align with you, because I find particularly in higher education, you've got to stick with the carrot approach."

The increased ability to conduct advanced research provided by the cloud has even gotten the attention of the National Science Foundation. The NSF recently announced that it would be launching two $10 million projects to create test beds for cloud computing at universities. The aim is to enable the academic research community to pursue and develop new ways to utilize the cloud for next-generation applications used in medical devices, power grids and transportation systems. The first cloud program will be colocated between the University of Chicago and the University of Texas Austin, while the second will be a joint project with a large-scale, distributed infrastructure shared between the University of Wisconsin, Clemson University and the University of Utah.

With cloud platforms growing larger and more complex, Young noted that it can become impractical to solely purchase cloud storage services at such great volumes. In her previous role as CIO for the University of New Hampshire, she looked into software-as-a-service offerings that included storage as a package deal as a way to reduce costs. She also mentioned the need for schools interested in implementing a cloud infrastructure, especially large universities, to have a strong network and reliable broadband service.

Top 4 benefits of cloud storage services

/in , , , , /by

As technology becomes an increasingly important part of business, many companies are looking for solutions that will provide the most advantages for the least amount of money, time and complexity. One technology that is growing in popularity is cloud computing, and specifically cloud storage services. While there are many benefits to storing sensitive documents and information in the cloud, keep reading to find out the top four.

1) Cost-Effectiveness:
Backing up data can be extremely expensive, especially when considering the necessary equipment and hardware. Labor costs become an issue too, as manual backups are time-consuming and complicated. Cloud storage solves these problems by leaving the maintenance and equipment costs to a third party provider. Cloud storage solutions are easily scaled, allowing businesses to only pay for the amount of storage necessary for their business and making it simple to increase or reduce space as client needs change.

2) Security:
Storing information in the cloud is much more secure than keeping paper documents or using physical devices for file storage. Hard drives and USBs can be stolen or lost, while information in the cloud will always stay put. At the same time, security is not a core competency for many companies, but it is for cloud service providers. Because of this, providers who are mainly focused on data security are much more adept at keeping information protected than a business with an IT team focused on dozens of projects and problems at once.

Cloud storage also creates an extra layer of security between privileged data and cybercriminals. Backup files are kept separate from originals so hackers cannot steal everything at once.

3) Disaster Recovery:
In the same way that it is safer to keep duplicate files away from the originals to protect them from malicious actors, it also helps to protect against natural disasters. After a storm or fire, regular systems may not be accessible, but information stored in the cloud will be.

4) Accessibility:
Professionals are using more devices than ever before and cloud storage allows files to be accessed from any of them. Sharing is also made easier with this increased flexibility, as files can be put in the cloud and then accessed by any authorized party. This helps to increase collaboration between in-house and remote employees, as well as improving productivity.

Small businesses increasingly utilizing the cloud, studies find

/in , , , /by

As technology becomes an increasingly important part of conducting business, companies are starting to hone in on what really works and what doesn't. A growing number of small and medium-sized businesses are realizing that one technology that is worth their time is cloud computing. Cloud computing essentially democratizes business technology, reducing costs and increasing ease-of-use. The cloud makes it cheaper and easier to start a business or create a new product, as well as providing access to technology and capabilities that were once solely the domain of large companies.

Because of the benefits offered by the cloud, more and more small businesses are adopting it. A recent study on SMB cloud use projected the global market for cloud services to expand to $95 billion over the next year and SMB Group estimates the number of small and medium-sized businesses using cloud computing will grow to 44 percent by 2015.

"I think eventually every business has to have somewhere in its portfolio and go-to-market approach a range of cloud services," said IBM Midmarket Business General Manager John Mason in an interview with Forbes. "This is changing the landscape for small and midsize businesses by allowing them to focus on their own innovations and making them more competitive with larger, established companies."

Mason went on to say that the cloud, along with other innovative business tools, has three distinct impacts on SMBs.

  • It makes it possible for companies to go to market with products much quicker by removing large, upfront investments in technology and personnel.
  • Cloud dramatically increases scalability and allows for greater flexibility.
  • It removes geographic strains holding organizations back and offers the ability to work collaboratively with anyone from anywhere.

Reasons for cloud use vary, but all find benefits 
​A new report conducted by Intuit and Emergent Research has also highlighted the benefits the cloud offers SMBs, as well as some of the driving factors behind why companies are adopting the technology. 

"Today, the U.S. and global economy is going through a series of shifts and changes that are reshaping the economic landscape," said Steve King, a partner at Emergent Research, in an interview with Small Business Trends. " In this new landscape, many people are using the power of the cloud to re-imagine the idea of small business and create new, innovative models that work for their needs."

The study projected that 78 percent of small business will have adopted a cloud platform over the next six years. Research from the two companies also found specific types of cloud use among SMBs. Hives, for instance, are small businesses that are able to work together through the cloud and rarely meet in person. Another group, plug-in players, are organizations that utilize cloud services to handle back-end tasks so they are able to stay focused on tasks and processes that are more critical to the business. This group implements solutions such as cloud storage services and applications for accounting, marketing or human resources.

Data center networking market to reach $22 billion

/in , , , , /by

A recent study by research firm MarketsandMarkets projects the global data center networking market to reach $21.8 billion by 2018. According to the report, North America is expected to hold the largest share of it over the next five years.

The study noted the dramatic market potential created by the demand for cloud technologies and software-defined networking in data centers. The increased use of mobile, driven by bring-your-own device policies, and the use of cloud services have caused data center providers to shift their network offerings from traditional models to those more capable of providing the flexibility necessary to quickly transfer workloads between servers.

This shift in data center architecture was originally driven by the demand for virtualization, but a variety of new changes in the market have persuaded providers to favor faster and flatter models over traditional core-distribution-edge designs. Some of the new challenges facing data center managers include heavy inter-server traffic, burst speeds faster than 1 gigabit and the shift from fiber channels to Ethernet networks.

Data centers can no longer be built the way they were even just a few years ago, as the fundamental structure of enterprise applications have changed and with them the needs of users. The adoption of new, more advanced hardware is placing greater demands on data center networks and fueling a boom in the market.

"Data center networks are being re-architected as part of a transition to the next generation of data centers, reimagining how applications and data centers are built," wrote Biztech Magazine contributor Joel Snyder. "This change extends from the power and cooling to the servers and storage, as well as the networking."

As new data centers are built and their designs continue to shift, requirements for increased security and greater distributed and managed services will be front of mind. Other factors will help to shape the creation of the next generation of data centers, including higher speed, reduced latency, layer 2 flattening and high availability. Demand for the installation of new virtualization and storage equipment will offer data center providers the opportunity to rethink facility design and create truly modern data centers.

New USB-based malware means big trouble for businesses

/in , /by

A pair of security researchers recently discovered a major vulnerability present in nearly every USB-connected device. Karsten Nohl and Jakob Lell created the BadUSB malware as a proof-of-concept virus that they are presenting at the Black Hat security conference in Las Vegas this week. According to the duo, the malware shows that malicious software attacks on the firmware of USB devices can remain undetected for long periods of time through the use of reformatting techniques that enslave devices including smartphones, keyboards, mice and thumb drives.

Nohl and Lell discovered the vulnerability when they realized that the controller chips used in common USB devices aren't protected against malicious reprogramming. The firmware of a thumb drive can be reformatted to make it execute malicious commands without a user knowing anything is wrong, meaning that the BadUSB malware won't just infect just a user's computer, but any device the USB is plugged into. Most people don't realize that connecting a USB to a computer is more complicated than simply allowing a connection. It opens a portal that allows connected devices to have nearly unlimited access to hardware and software, creating a major security concern.

When plugged into an infected computer, Android smartphones can be exploited and turned into compromised network cards, fooling the computer into visiting malicious pages that pose as popular sites like Facebook and Google. An infected device could also impersonate a keyboard and type commands that could lead to a variety of issues, including installing more malware and deleting important files from a hard drive. BadUSB is embedded directly into the firmware of USB devices, making it nearly impossible for an average user to remove the malware from the device. Extreme measures would have to be taken to fully disinfect the firmware, such as disassembling and reverse-engineering a compromised device.

"The next time you have a virus on your computer, you pretty much have to assume your peripherals are infected, and computers of other people who connected to those peripherals are infected," said Nohl.

No help in sight
Unfortunately, there doesn't seem to be any effective ways of preventing a BadUSB-type attack, or removing the malware from an infected device. The anti-virus software used by most companies can't scan the firmware of a device and the firewalls of USBs aren't able to block devices with this kind of infection, according to the researchers. The malicious software associated with BadUSB can infiltrate a computer's embedded USB devices or compromise the PC's basic input-output system inside the motherboard, meaning it can't be removed simply by reformatting a hard drive or reinstalling an operating system.

According to Nohl and Lell, the best way to protect systems in the short-term is to only use thumb drives and other USB-connected devices that have been used only in a secure environment and never connect a device to an unknown computer or share it with an unknown user.

"If you put anything into your USB [slot], it extends a lot of trust," Nohl said. "Whatever it is, there could always be some code running in that device that runs maliciously. Every time anybody connects a USB device to your computer, you fully trust them with your computer. It's the equivalent of [saying] 'here's my computer; I'm going to walk away for 10 minutes. Please don't do anything evil.' "

Alternatives to USB
This new vulnerability poses a major problem for enterprises that share files between employees on thumb drives. It's a convenient method for collaboration, but one that can create drastic cybersecurity issues. One way to avoid falling victim to a BadUSB infection is to utilize cloud storage services. Enterprises that keep documents in the cloud can offer employees easy access to files while still ensuring security. The cloud storage allows documents to be accessed from anywhere with an Internet connection without having to connect a strange device and expose a system to malicious activity.

FBI in search of cloud storage services

/in , , /by

The FBI announced this month that it is seeking ideas and suggestions from the private sector about how to construct and implement large-scale cloud infrastructure. The agency's Criminal Justice Information Services Division- which manages the criminal background check system, crime statistics and fingerprint services- is hoping to transition its systems and databases to a cloud environment.

Experts say the move could help cut costs and make the agency's operations more efficient. According to industry expert Trey Hodgkins, the FBI could enhance its mission by transferring services and applications to a cloud platform. In an interview with Federal Times, Hodgkins said that FBI systems and databases would be able to run more efficiently and at a lower cost than legacy systems that frequently run in to trouble when trying to connect to new technology.

"Building a cloud infrastructure gives the FBI the flexibility to decide how much they want to use and what controls and authentications they want to deploy," Hodgkins said.

The cloud environment employed by the FBI must be based between two data centers at least 1,500 miles apart, be able to scale to 2.3 petabytes of memory and replicate data between the two facilities. The platform should also be able to support a wide range of services, including pay-as-you-go policies, scalability and the ability to access all stored information securely and in real-time. The agency also requires the infrastructure to include the use of virtualization, rapid elasticity, resource pooling, continuous monitoring and centrally managed multi-site operations.

The FBI is hoping to make a five year commitment with a contractor to help create and run the public cloud system.

New study finds companies increasingly utilizing cloud for disaster recovery

/in , , , , /by

 

As technology becomes more prevalent in business and companies increasingly rely on massive amounts of data to complete work, the need for a secure backup service and disaster recovery plan is more necessary than ever. In a recent webinar sponsored by Microsoft, Forrester analyst Noel Yuhanna recommended that enterprises strategically implement public cloud services for disaster recovery to ensure business continuity.

According to Yuhanna, more than 70 percent of enterprises currently have to manage at least two terabytes of data, but at the rate new information is being created that could become petabytes in just a few years. In the webinar, Yuhanna praised the cloud for its ability to automate the data backup process and include encryption while not requiring staff to manage the day-to-day operations of the servers and storage platform.

Forrester recently conducted a survey of more than 200 database backup and operations professionals on three continents and found that 15 percent of companies are currently utilizing the cloud for database backups. This number has doubled in the last year, according to Yuhanna. The report also found that users were driven to the cloud for backup and disaster recovery services due to the need for constant application availability, cost savings and organizational agility.

Cloud offers multiple DR benefits
The cloud is ideally suited for disaster recovery because it is able to replicate data that resides in a physical location without having to create a redundant facility to house it. It is also a cost-effective option, as backups and archived data often sit unused for years at a time with few updates and don’t need to be stored in an expensive physical facility. The cloud therefore creates a dual benefit of storing information in a cost-effective environment that is also offsite in case of a disaster.

The Forrester survey also discovered that the key reasons companies utilized the cloud for backup and disaster recovery services were the ability to save money on data storage and administrative costs and provide more frequent backups.

“You could almost be guaranteed that if you decide to put some data in the cloud that, whether it’s an archive or backup, the next year it’s going to be cheaper to store it there,” explained Forrester principal analyst Dave Bartoletti.

Finally, the report found that 57 percent of respondents reported the use of cloud backup and disaster recovery services actually helped to improve their company’s service level agreements, as processes and systems become more reliable with the cloud.