Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


08:05 AM

Harvard Steps Up to Data Protection

Juggling data, devices, and medical records creates multiple challenges

BOSTON -- StorageWorld -- From dealing with thousands of online attacks a day to overseeing a major storage and disaster recovery overhaul, John Halamka, CIO of Harvard Medical School has his hands full.

"Harvard and Harvard Medical school are attacked every seven seconds, 24 hours a day, seven days a week," he explained, during his keynote speech here today, adding that the bulk of the attacks come from Eastern Europe. "It is a constant battle -- we have to innovate faster than the hackers," he added.

The exec also prompted laughter from the audience when explaining that he also has to cope with online attacks from eastern Cambridge, home of MIT. "Give these guys more homework or something!" he quipped.

As well the usual slew of intrusion prevention and detection systems, Halamka explained that he has had to go an extra mile to secure the medical school's systems. "We have locked down our environment -- ninety-plus percent of all our devices are 'ten-dot addressed' at this point," he said.

"Ten-dot addressing" is a method of adding additional binary code to an IP address, making it more difficult for hackers to access internal systems.

Additionally, the medical school employs three full-time staff solely to check logs. "We're constantly looking at audit logs for evidence of badness," he added.

Encryption is also high priority for Halamka and his team. "We encrypt everything on the wire to ensure that it never travels from device to device unencrypted." But, he explained, the school does not encrypt the data at its source, explaining that at the moment, it's simply too complex.

The exec, in addition to his Harvard role, is also CIO of healthcare firm The CareGroup, which oversees three Massachusetts hospitals, including the university's Beth Israel Deaconess facility, Mount Auburn Hospital, and New England Baptist Hospital.

This, explained Halamka, brings its own set of storage challenges, as the organization shifts around 100 Tbytes of data through 8,000 end-user devices every day. Then there are the retention issues to address. "I have to store every medical record for 9 million people for 30 years. Of course, this makes storage companies really happy," he said.

The exec is using information lifecycle management (ILM) as a way round this problem, despite some skepticism from other users about the technology. (See Users Cite ILM Shortfalls.) EMC's Symmetrix DMX hardware is the CareGroup's primary storage tier, with Clariion devices providing the secondary and tertiary levels. Centera hardware is used as an archive, with StorageTek PowderHorn devices handling backup tapes at a facility some 35 miles from Boston.

The exec, however, is looking to change his firm's reliance on offsite tapes. "If suddenly we have a catastrophic event, it's pretty hard to get a recovery time objective of 15 minutes if the tapes are offsite," he said.

At the moment, the Care Group relies on a single Boston data center to handle all this data, which is an additional disaster recovery risk. "If I have a catastrophic loss of this building, then I have a catastrophic loss of my storage assets," said Halamka.

To address both these problems, Halamka has focused his attention on an old data center some two miles away from his primary site. "We're repurposing a legacy data center that we had closed down some years ago," he said, explaining that he is building gigabit Ethernet links between the two sites. "The reality now is that we can virtualize storage across two disparate locations. We can say, 'Let's put a tape silo here and a tape silo there,' " he explained.

The exec, who already uses VMware to virtualize his 200 Wintel servers, told Byte and Switch that his secondary data center will be up and running sometime next year.

— James Rogers, Senior Editor, Byte and Switch

  • EMC Corp. (NYSE: EMC)
  • Storage Technology Corp. (StorageTek)
  • VMware Inc. (NYSE: VMW)


    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 7/6/2020
    Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
    Stephen Ward, VP, ThreatConnect,  7/1/2020
    Lessons from COVID-19 Cyberattacks: Where Do We Go Next?
    Derek Manky, Chief of Security Insights and Global Threat Alliances, FortiGuard Labs,  7/2/2020
    Register for Dark Reading Newsletters
    White Papers
    Current Issue
    Special Report: Computing's New Normal, a Dark Reading Perspective
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    The Threat from the Internetand What Your Organization Can Do About It
    The Threat from the Internetand What Your Organization Can Do About It
    This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2020-07-07
    An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
    PUBLISHED: 2020-07-07
    Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field.
    PUBLISHED: 2020-07-07
    A memory leak in Openthread's wpantund versions up to commit 0e5d1601febb869f583e944785e5685c6c747be7, when used in an environment where wpanctl is directly interfacing with the control driver (eg: debug environments) can allow an attacker to crash the service (DoS). We recommend updating, or to res...
    PUBLISHED: 2020-07-07
    Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.
    PUBLISHED: 2020-07-07
    A SQLi exists in the probe code of all Connectwise Automate versions before 2020.7 or 2019.12. A SQL Injection in the probe implementation to save data to a custom table exists due to inadequate server side validation. As the code creates dynamic SQL for the insert statement and utilizes the user su...