Security

The changing face of business continuity

There has long been an understanding that a contingency plan needs to be in place to protect operations in the event of calamity. Indeed, this thinking forms the basis of the insurance industry, which originated in Babylonia around 1750 BC. There, early merchants insured loans against the risk of their shipments being stolen by pirates.

Perhaps more than any other sector, healthcare demands something more than recompense in the event of disaster. It is vital to keep a hospital up and running in order to deliver effective patient care at all times. The risk, both to the patient and to the reputation of a trust, as well as the financial implications of any calamity, are too great to be ignored. Furthermore, the nature of the threats involved is expanding in scope with the potential to affect ever larger physical areas. In an increasingly litigious society, too, there is always the pressure of legal action from patients who may suffer as a result of disaster another area in which our Babylonian predecessors had an easy ride.

Whereas pirates or storms were the ancient Babylonians principal concerns, todays NHS trusts must be concerned with both natural and man-made disasters on a scale that would have made the minds of members of that ancient civilisation boggle. Although natural disasters are as much of a problem as ever, the increased reliance on digital information and on networks (which provide the backbone for most modern healthcare services) means that there is a new breed of threats that need to be considered those that affect patients and operational data. As the nature of risks changes, so must the nature of our contingency measures.

A proactive approach

Whats the worst that could happen? is the first question an NHS trust should ask when devising a business continuity plan. Although the nature of the risks may vary across trusts, the consequence of any lapse in critical functions is likely to be a service outage. The question has to be asked, if your trust had a complete stop put on all activities from surgical operations to administrative functions how much would that cost the trust financially, in patient-care terms and in reputation?

Potential threats

Disasters on the scale of the 7 July London bombings are thankfully extremely rare but do need to be planned for nevertheless. The range of potential man-made threats, for example, is far greater than in the past. The possibility of a dirty bomb in an urban centre, though slim, will often foil contingency plans, as it could wipe out an entire urban area and cause problems for all those organisations where the backup data centre is within a few miles of the primary site. The loss of IT systems and applications at the very time a hospital would be at its busiest would severely hamper emergency care.

Similarly digital threats malware, denial of service attacks and user error can result in hospital servers, clinics and even trust data centres being completely out of commission for a number of days or even weeks.

Some of the same measures that protect against the man-made physical threats can be implemented for security against more mundane threats. For example, a power outage within a certain range of a trusts primary data centre might also affect its backup centre if the two are too close together.

If a trust locates its backup some distance away, possibly in a completely different city, it would achieve a further measure of security. Cisco, for example, has two data centres, one located on the west coast of the United States, and the other on the east coast in cities more than 2,500 miles apart. Its disaster-recovery system ensures that, in the event of one data centre going down, the other will keep staff, partners and customers at US and other global sites up and running.

The potential of natural disasters to devastate systems should similarly be actively considered. While hurricanes in the UK are few and far between, floods are less rare. Snow, meanwhile, has been known to knock out power supplies and to isolate urban areas and the threat of a natural epidemic putting an area into quarantine, though unlikely, should also be considered by disaster planners.

Technology supporting planning

The historical need for data centres to be adjacent was due both to the prohibitive cost of creating high-speed links between primary and backup data-centre sites over large distances and to the technical challenges of replicating data over great distances.

The former has been resolved by a reduction in data network costs, while the latter has been resolved by the increased availability of storage area networks (SANs). SANs can support fibre channel over IP (FCIP), a technology that enables the separation of storage networks and their storage devices over thousands of kilometres. Cisco uses FCIP to extend the storage infrastructure between its two US data centres.

Further to this, new wide-area application services technology (see jargon buster) can allow hospitals, clinics and GP surgeries within a single NHS trust to consolidate their data and applications into centrally located facilities, enabling more straightforward business continuity planning. Whereas manual server backup at a local hospital can prove complex to administer and offer slow restore times, maintenance of central facilities means that the hospital can use a backup site to restore its IT operations very quickly.

With the need to provide ongoing patient data protection, advanced technologies integrated into the storage network enable continuous, transactional backup of data to the backup site.

Careful security planning is needed to protect the integrity of the networks on which this data circulates. Central infrastructure supporting applications critical to a particular trust must always have sufficient intelligence to defend that trusts systems against fast-evolving digital threats.

In summary

Business continuity planning is not about frightening an organisations board into approving a budget to defend against unlikely probabilities it is about taking a realistic assessment of the cost of downtime, and putting proportionate measures in place for security against those risks (whether they originate from man-made or natural disasters, physical or digital threats, or are made necessary as a result of regulatory requirements).

New technologies, including FCIP, continuous data replication, self-defending networks and wide-area application services make long-distance separation and consolidation of data into secure data centres more straightforward and cost-effective than was previously possible supporting a new breed of business-continuity solutions to protect against the new breed of threats that the healthcare sector is now facing.

Ian Bond, Consulting Systems Architect, Cisco Systems UK & Ireland