How Abbots Care gained greater assurances around data security with a revamped DR and backup strategy

Case study All data is equal, but for some industries, data is more equal than others. As a result, great care needs to be taken when it comes to keeping that data secure, whether in the cloud or anywhere else.

Healthcare, across its various channels, is a classic example. Some healthcare organisations are moving with less trepidation towards the cloud. In February, for instance, a study from Nutanix found that, by 2021, more than one in three healthcare organisations polled said they would be deploying hybrid cloud solutions. At the start of this year, pharmaceutical giant Walgreens Boots Alliance selected Microsoft as its primary cloud provider, with the majority of its infrastructure moving across to Azure.

Regardless of where it is hosted, the non-negotiables for healthcare providers are that the data can be accessed to its demands and that it is unimpeachable.

Abbots Care, a home care company based in Hertfordshire, is like any responsible UK provider under the regulatory jurisdiction of the Care Quality Commission. As managing director Camille Leavold puts it, one data breach could mean the company’s licence is taken away.

Leavold therefore wanted more assurance of how secure her company’s data was – and as a result she turned to managed IT services provider Fifosys.

“About two years ago, we were at a stage where we had quite a lot of data,” Leavold tells CloudTech. “Although we were using a company that said our data was secure and safe, we actually didn’t have any way of being able to evidence that.

“Obviously we’re quite in a compliant sector, and we needed to be able to evidence it. That started us looking,” she adds. “We were also looking for a company that was 24/7, because we are too.”

Mitesh Patel, managing director of Fifosys, went through the standard detailed audit when the work originally went out to tender. Basic questions around the backing up of data, recovery times and sign-off process highlighted risks which ‘weren’t acceptable’ to Leavold, as Patel puts it. Fifosys’ solution ties in to the company’s partnership with business continuity provider Datto, whose technology, according to Fifosys technical director James Moss, is ‘effectively a mini-DR test every day.’

Fifosys runs two official recovery tests a year, with the results sent to Leavold who can then present them to the board. “It’s no longer something hidden where you’ve gone ‘okay, there’s a vendor dealing with it, we’re going to be blind to it,” Patel tells CloudTech. “The recovery process… they get a report, that’s discussed – is this timeframe acceptable? – [and] are there any tests they want to do outside of this?”

Like many healthcare providers, Abbots Care also needs a good ERP system to ensure all its strands are tied up – particularly with care workers out in the field, checking on their tablets and devices which patients they need to see, their medication, and the service which needs to be provided at that time. "There's a lot for Abbots Care that they need to have up and running, and when you're scheduling so many people out in the field, these systems need to be up," says Patel.

Another consoling aspect is that the company’s backup and disaster recovery is all in one place. “[If] you can’t answer the [audit] questions and you’ve got five or six different vendors involved in delivering your backup, your continuity, applications, recovery… it’s fine you’ve got these vendors in, but your recovery time is extended continuously,” explains Patel. “Who’s actually responsible? Whose neck is on the line in the event that something does happen?”

Outages are unfortunately a fact of life, as even the largest cloud providers will testify, but can be mitigated with the right continuity processes in place. “Continuity was a big, big part for them, and then it’s all in terms of protecting the data and having versions of it,” explains Patel.

“There are organisations who say they’ve got four sites, and [they’re] just going to replicate across those four sites and invest in the same infrastructure on all four. That’s very difficult to maintain, administer and manage,” Patel adds. “When you are testing, you find people are only testing one of their sites rather than all four.

“You should be doing four tests at least twice a year – but the time involved in doing that, many people underestimate [it] and then start compromising.”

You can find out more about the case study by visiting here.

https://www.cybersecuritycloudexpo.com/wp-content/uploads/2018/09/cyber-security-world-series-1.pngInterested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.