By Don Boxley, DH2i
With no signs of slowing, the COVID-19 pandemic is forcing virtually every industry to reevaluate their data protection, availability, and disaster recovery (DR) strategies — or reap the consequences. Chief among those taking a hard look at whether they need to make changes to how they safeguard data is the healthcare industry.
DR in the cloud is an ideal strategy for many organizations, but especially healthcare, which has both corporate data and patient data to worry about. DR in the cloud can not only ensure business continuity but save time and money. Its key advantage is the ability to use off-site backups, which are invaluable should a physical disaster occur on company premises. Because of this, it also helps to keep IT costs down and eliminate the complexity that would otherwise be required to manage DR sites on-site — both vital considerations for healthcare organizations.
When using cloud-based DR, some companies still rely on a virtual private network (VPN). Yet VPNs have several clear disadvantages when it comes to security and DR, starting with the fact that they are quite complex to configure and increase a healthcare organization’s risk by requiring everything from dedicated routers to access control lists and firewall policies. VPNs also create frightening security vulnerabilities that healthcare companies can ill-afford since users essentially have access to a slice of the network, which creates an unprotected attack surface. There is also no ability for VPNs to reduce these attack surfaces since networks are less protected without application-level segmentation.
A safer and more cost-effective alternative that circumvents these VPN limitations is software-defined perimeters (SDP). SDP allows the healthcare industry to keep overhead low and store data cheaply, saving money by not needing to maintain physical infrastructure. In short, SDPs allow healthcare firms to take advantage of cloud DR while leveraging both on-site and cloud-based deployments.
SDP achieves this with a few key features, starting with micro-tunnels at the application level that decrease the threat of network attacks. This is achieved by SDP solutions setting strong limits on remote users, allowing them access only to specific needed services. And SDP doesn’t require management of access control lists or firewall policies.
Another way that SDP beats out VPN is that its gateways communicate with one another using the User Datagram Protocol (UDP). With UDP, secure connectivity is achieved by using randomly generated non-standard UDP ports for the on-demand micro-tunnel communications. This requires only one UDP message channel between gateways, unlike with VPNs. This helps secure servers with no open ports, virtually eliminating any surfaces that could be vulnerable to network attacks.
If you’re thinking about cloud-based DR, there are also free capabilities that healthcare professionals may already be entitled to and have yet to take advantage of. As Kevin Farlee wrote on Microsoft’s SQL Server Blog on June 29, 2020, it’s possible to unlock your free Azure replica for SQL server license in the cloud for DR. This is because of licensing benefits that were recently announced, and as Farlee notes, a third-party offering can facilitate this process for configuration setup.
“Availability benefits for SQL Server Software Assurance customers now include up to three free SQL Server license for secondary replicas, including high availability, disaster recovery, and disaster recovery in Azure,” Farlee writes, adding that free Azure replicas for DR help organizations relocate their backups offsite to promote easy recovery in the event of a disaster — a necessity given the sensitive nature of healthcare data for both companies and customers.
Farlee also calls SDP “a better way” than VPN to connect on-site primary backups to secondary backups in Azure. Healthcare organizations that are ready to move their DR to the cloud can learn more about this free Azure benefit here.
About The Author
Don Boxley Jr is a DH2i cofounder and CEO. Before DH2i (www.dh2i.com), Boxley spent more than 20 years in management positions for leading technology companies, including Hewlett-Packard, CoCreate Software, Iomega, TapeWorks Data Storage Systems and Colorado Memory Systems. Don earned his MBA from the Johnson School of Management, Cornell University.