Tips for Healthcare Organizations to Prevent and Respond to Data Breaches – HealthTech Magazine

admin on March 6, 2022 Leave a Comment

One of the things that weve seen from traditional architectures is that most organizations have the same virtual machines. They have physical servers and databases that have grown so large that they cant protect them inside their window. In many cases, they have NAS architectures, which theyd traditionally protect using native NAS tools, but they dont necessarily provide the same level of recovery or separation from cyberattacks.

To protect these different workloads, traditional architecture had different parts and pieces, whether it was something like a master server or media server, and these server-based operating systems with applications installed on them send data to different storage devices. In many cases, weve seen these servers be compromised as part of a ransomware attack.

At Cohesity, we took all these different parts and pieces and consolidated them into a single hyperconverged architecture. Effectively, we run all those services inside our cluster as logical entities. That clustered approach gives us several big advantages. The first is that we distribute the workload across all the nodes. This allows us to back up and recover much more quickly than the traditional architectures.

The platform architecture itself gives us the ability to rapidly recover data, which is a key concern. Because its a node-based architecture, it doesnt have any things like disruption for upgrades, forklift upgrades or outage from software upgrades. We can add or remove nodes all while its up and running. We have a whole host of ransomware protection thats built into the platform, and we have storage efficiencies to help organizations reduce the amount of data that they have to store to drive down the cost.

READ MORE:Layered security is essential to healthcare systems incident response planning.

HALEY: We built an architecture designed with security in mind. It starts with a hardened architecture, where we built a platform so that it leverages technologies like encryption and immutability and has capabilities for things like write once read many (WORM), even architectures to support technologies like air gap. Weve also done a whole host of technologies to maintain and restrict access, and so we have granular role-based access control. Not everybody needs to be an administrator. We can give people the rights they need to do what they need to do without making everybody have too many rights.

We also support technologies such as multifactor authentication. My No. 1 recommendation to everybody professionally and personally is to enable multifactor authentication on everything. Anything that you care about, you should turn it on. Its a huge deterrent from several of the credential compromises weve seen. Multifactor authentication is a huge defense against attack. In addition to protecting the data, we also help people detect anomalous activity.

HALEY: We have a platform built into our Helios single pane of management consult. What were doing is looking at every object that we protect and creating a trend line for each object. The trend line shows how much data is backed up every day, how much changes and which files are being added, changed or deleted. We also look further into it so that we can understand how compressible the data is, or how eligible it is for deduplication.

What were really doing is looking for the signatures of a ransomware attack as it relates to data. The idea of creating a trend is that we understand what a normal day, a normal week or even a normal month looks like for every object in the environment. As part of the anomaly detection, whenever we see something thats out of trend, well alert you to it. We also show you the last clean backup. So, well show you where we detected the anomaly, and well show you the last nonanomalous protection point as well as a list of the files that we discovered that were affected by this.

Generally, if you see this as a challenge, you can initiate recovery right from the detection panel. If its something that you expected maybe you installed a service pack or you updated an application on the system you can simply ignore the anomaly. Weve also set this up so that it can send an alert directly to the Cohesity mobile app. Its just another set of eyes looking at the data, and were trending it using artificial intelligence and machine learning.

DISCOVER:Learn how infrastructure upgrades helped an organization survive a ransomware attack.

HALEY: We index all the data that we store. We build a searchable index. We also have an index and an inventory thats globally searchable for all the objects that we protect. We have tools in an actionable methodology. We can search for something and then act right when we find it. So, we have these to help organizations understand all the data thats being protected. If you think about it, the data protection architecture becomes an aggregation point for all the data in an environment. Its like a central repository for the data. These tools provide a great deal of power.

Our architecture is a multinode cluster, but we have this idea of the Cohesity marketplace, the idea that we can run apps and services natively on the architecture, and they spin up as Kubernetes containers. We run apps and services on the architecture that you could download and install directly into the cluster.

One example is a data classification architecture. Instead of indexing the file, server and database names, it can actually index the contents of files. Imagine being able to go through all the files youre protecting and look for patterns. Understanding where that sensitive data is allows you to better understand how to secure it.

Visit link:
Tips for Healthcare Organizations to Prevent and Respond to Data Breaches - HealthTech Magazine

Related Posts
Posted in Cloud Servers

Comments are closed.