- It’s one thing for a healthcare organization to offer a blanket statement that claims it encrypts all of its critical data. But the “how” and the “where” elements are often left out of the equation. At Geisinger Health System, not all data is virtual and maintaining and securing physical disk drives is a major part of its operation. With a focus on securing data at the physical layer, HealthITSecurity.com caught up with Will Sanders, Senior Technology Specialist and Storage Architect at Geisinger to discuss his priorities when encrypting data at rest.
Geisinger Health System is a 19,000-employee system that spans 41 Pennsylvania counties in Pennsylvania and serves 2.6 million patients. Efficient disk storage and transportation with clear security assurances is important to the organization because it ships as many as 2,000 drives each week off-site for reasons such as software or hardware failures or because they may be leased. Many storage vendors do preemptive disk replacements and replace them before there’s a true failure. A few years ago Geisinger began asking what happens to the disks and how can it best protect patient data.
From the data at rest [encryption] point, we looked at putting it at the fabric or the array and there weren’t a whole lot of array-based solutions for the large enterprise, as most said they had a specific small array that they could offer. For our purposes, storage area network (SAN)-based solutions put some limiters on the way we do things and we would’ve had to have created work-arounds.
Since all of these drives are filtering in and out of Geisinger each week, it wanted to improve drive storage and reliability, so Sanders and Geisinger started shopping around for various storage products and chose EMC VMAX with Data at Rest Encryption (DARE). EMC, a pivotal figure in the enterprise storage space, built data at rest encryption into the product and saved Geisinger the hassle of wiping the great volumes of disks prior to replacement.
The biggest thing it gives us piece of mind on is shipping drives back, as we have multiple 40K [drive infrastructure] and 20Ks on the floor. Now we’re not worried about a drive getting lost because UPS loses it or the person who comes to replace the drive throws it in the back of their vehicle and forgets about it. Those things haven’t happened, but they are no longer concerns for us.
Geisinger leases a lot of its equipment and generally has about a a 3 ½ year equipment cycle. At the end of the cycles, instead of going through a lengthy erasure process where it has to spend a lot of time erasing disks, it doesn’t need a separate key management system and can now tell EMC to destroy the keys, because they have a certificate, and dispose of the disks.
Back in April 2012, EMC announced that VMAX DARE was Federal Information Processing Standards (FIPS) 140-2 compliant and validated by the Cryptographic Module Validation Program (CMVP), part of a collaboration with the National Institute of Standards and Technology (NIST). So there is peace of mind from a HIPAA perspective for Geisinger in the instance a drive is lost or stolen. But Sanders was also quick to say that hardware level encryption isn’t necessarily a cure-all and it’s important to be granular with encryption because organizations have to understand what they’re encrypting and where they’re encrypting it.
Each level of encryption protects against something specific. We understand what data at rest encryption protects against, but at the same time we know that it’s not going to protect data all the way up the stack. If you have it encrypted at the array, but not at the application or file-system level and someone breaking into a machine or downloading a file who has access to a file system, there’s no way for me to protect against that [from an encryption at rest standpoint].