In 2001, the government of British Columbia restructured the province’s health care system into six regional authorities. Interior Health serves 687,000 British Columbians in the southeast of the province, a swath from Williams Lake 500 km south to the U.S. border, and from the Fraser River 350 km
east to Alberta — about a quarter of the land mass of the province. The authority manages a budget of $1.1 billion across 183 medical sites, employing 1,200 doctors and a total staff of 17,000. Patient records and operational data — about six terabytes worth of it — were stored in 40 data centres, according to Roy Southby, director of technology services for the authority.
Security of a data store may be important to a business, but for a health authority, it’s absolutely critical. Federal legislation — the Personal Information Protection and Electronic Documents Act, or PIPEDA — has a particular impact on the handling and security of patients’ health records. And there are medical considerations — X-ray records, for example, must be stored for at least seven years. “”The health records of patients have become very important,”” says Southby.
Interior Health has shifted 80 per cent of that data to a pair of storage area networks — one in Kelowna, one in Kamloops — in an ongoing centralization project. It isn’t simply a matter of
efficiency. “”This was done largely from a security point of view,”” says Southby.
Centralizing data allows a sharper focus on securing the contents. But new technologies for storage centralization pose security challenges, too, because users aren’t clear on the differences between securing network resources and securing storage, according to Nancy Marrone, analyst with the Enterprise Storage Group.
“”Storage security is more of an issue today than in the past due to new trends in the way storage resources are being used,”” Marrone wrote in a ESG report. “”Consolidation of storage in a networked environment opens up a number of potential security risks that should cause users to re-address their storage security policies.””
Unlike a direct-attached storage environment, a storage area network or network-attached storage environment has multiple points-of-entry to allow access by a variety of different machines, using different operating systems and authentication protocols.
It’s important to isolate the storage network from the general corporate network, says Burton Group lead analyst Bill Terrill, based in Seattle.
“”Fibre Channel in many ways gives you better security,”” Terrill says. It’s unfamiliar to most users and inaccessible from the company LAN. But it’s also often managed over Ethernet using simple network management protocol (SNMP).
“”The one area people tend to forget is the management network,”” Terrill says. If the management channel is compromised, an intruder can change
access rules, LUN masking (which assigns resources to one or more servers) and zoning boundaries (which isolate parts of a SAN to prevent them from causing each other to fail.) Essentially, the intruder has the run of the SAN.
“”They can do pretty much whatever they want,”” Terrill says.
On the NAS front, it’s pretty much wide open, Terrill says. Everyone on the network needs access to the filer.
The operating systems are often Windows-based, with similar vulnerabilities to an NT system. But the streamlined, storage-optimized installations of those operating systems — whether they’re Windows, Linux or proprietary — may be their saving grace.
“”In the NAS world, most of the vendors are using very stripped-down operating systems,”” says Terrill.
They’re very bare-bones — nothing but file-sharing and authentication code. Missing functionality also means missing vulnerabilities.
Inventure Solutions Inc. uses a layered security strategy to protect the 2 TB of banking, customer relationship management and operational data it stores. Inventure is the information technology subsidiary of the Vancouver City Savings Credit Union, formed in 2001 to provide IT services to the VanCity portfolio and other credit unions.
The first layer of security is control of access to the company network, says vice-president of technology infrastructure Tony Fernandes. Within the network, there are controls over what user can access what data.
Down further into the system, only specific computers can see the disks in the SAN.
Within applications, business roles define what access and functions are available to what user.
The raw data can’t be read without the application that created it, except by the technology department, so only passwords and the like are encrypted on the disk, Fernandes says.
“”We’re more concerned about the data as it travels outside our private network,”” Fernandes says, and all financial and personal information is protected in transit. After all, if it’s only the technology department that has access to the raw data, and that department’s responsible for encryption, the encryption won’t protect that data from an insider bent on using it.
“”Most of the frauds happen with the people you’ve given the keys to,”” Fernandes says.
Terrill notes that “”in most SANs and in most NASs, data isn’t encrypted.”” Where it’s critical to encrypt data is in its archived version on tape.
“”If that data is put on tape (unencrypted) and somebody walks off with that tape, you’re cooked,”” he says.
There is a performance trade-off when using software-based encryption. “”There’s a hit on your servers, and even on the workstations,”” says Fernandes. “”There’s some complexity that gets added.””
Terrill agrees there’s some latency in the software encryption model, but hardware encryption devices work at near wire-line speed and are coming down in price, he says.
“”Performance is less of an issue than it was last year,”” Terrill says.
The encryption debate aside, a properly planned and administered networked storage system does offer the potential for a more secure environment for an organization’s data stores.
Inland Health’s system is “”built like a Sherman tank,”” says Southby.
There are three power supplies. The contents are mirrored on the two SANs, linked by a Gigabit Ethernet LAN. If one of the SANs is down or lost — something that became a distinct possibility with this summer’s unprecedented forest fire activity in the B.C. Interior — the authority could run off the remaining network.
There’s a single gateway to the Internet that is heavily firewalled. Like Inventure’s system, there’s protection by virtue of the application — Interior Health’s Meditech application runs on its own operating system, Magic.
“”As storage trends move to a more centralized environment, front-end security is no longer sufficient,”” notes Marrone.