As 2016 kicks off, data security and encryption feel like a very fitting topic. Let’s start here: no one wants to experience a data breach. But it happens. That said – do you know how much an average data breach costs a company?
$3.5 million. That’s the average.
You absolutely read that right, and smaller organizations should take note that your data is just as much at risk as some larger shops. IBM’s 2014 Cost of Data Breach Study showed how the average cost to a company was $3.5 million in US dollars and 15 percent more than what it cost last year. The report went on to say that the cost of a data breach is on the rise, that most countries saw an uptick in both in the cost per stolen or lost record and in the average total cost of a breach, and – for many countries – malicious or criminal attacks have taken the top spot as the root cause of the data breaches experienced by participating companies.
As we examine security considerations going into 2016, let’s take a quick snapshot into what’s been happening in the IT security world. For this snapshot – we look at healthcare. In the past, if a file or two were stolen – the impact of the breach could still be limited. Now, with a single server housing potentially millions of patient records modern-day healthcare data breaches have huge implications.
In just a brief, month-long look, into 2015 – we saw a lot of healthcare data become compromised:
- Anthem, Inc. March 13
Affected Individuals: 78.8 million (possibly even more outside of the Anthem network)
- Premera Blue Cross, March 17
Affected Individuals: 11 million
- Virginia Department of Medical Assistance Services (VA-DMAS), March 12
Affected Individuals: 697,586
- Georgia Department of Community Health, March 2
Affected Individuals: 557,779
- Georgia Department of Community Health, March 2
Affected Individuals: 355,127
- Advantage Consolidated LLC, March 18
Affected Individuals: 151,626
With all of this in mind, it’s important to mention one very important note – data security is usually only as good as you design it. That said, let’s look at some ways you can be more proactive within your storage infrastructure and integrate security into your environment.
- Utilize the virtual layer. Software-defined technologies are a great way to add an additional layer of security and data encryption. But don’t hold on for SDS to do this – extensions within your own hypervisor can help already. New technologies allow you to integrate entire security engines into your hypervisor layer. These are virtual tools that sit on your hypervisor and proactively scan data for malicious content. You can even incorporate DLP. At the virtual layer you can also set up some very granular logging and monitoring capabilities. More than ever before your ability to abstract and control data allows for greater security to be delivered.
- The cloud can be your friend. Remember, new regulations are allowing you to take data and storage directly into the cloud. For example, a recent change to HIPAA (the Omnibus Rule) now allows for the creation of a business associate. This can be any organization that has more than just transient access to data, such as FedEx, UPS, or the US Postal Service. An example of this kind of service would be Citrix ShareFile Cloud for Healthcare. This kind of solution lets healthcare organizations collaborate with their data both on the premises and in the cloud. Providers like AWS, Rackspace and many others have also jumped on this bandwagon. So what does this mean to you? If you’re a small organization or a business concerned about their data look up to the cloud for help. Pricing is a lot more competitive than it was before and security solutions within the cloud are really advancing.
- Enabling security policies and best practices. This is going to be a bit long-winded so bear with me. I was working with a medium-sized organization who had a healthy storage environment consisting of a few physical storage solutions. They had some really cool next-gen security controllers running several advanced threat protection policies. They were also testing some SDS tools as well. Built into both the physical and logical technologies that they had running were powerful encryption tools for data-at-rest within their storage environment. This feature would have been perfect for a very specific storage repository that really needed this kind of protection. It wasn’t enabled. Why? They had no idea the feature was there. The point here is that new storage solutions come embedded with a lot data encryption and security features. They key is creating the right security policies against the proper storage repository. Of course we don’t want additional overhead or latency – but some workloads simply require more security. In working with your existing systems, take the time to explore all of your security features. Even a software update may include something additional. Some of the best advices around best practices revolves around securing the systems you already have. Start there.
It’s almost impossible to guarantee 100 percent security capabilities. The best you can do is to stay proactive, test your own systems, and continuously monitor your workloads. DDoS attacks are on the rise, hackers are analyzing very specific targets within an environment, and an attack could come from anywhere at any time. In 2016 -take the time to look at your own storage and security environment and make sure to incorporate best practices across the entire infrastructure.