Snapshots and Business Continuity
By Stephen Trout, , HIPAA Blog, HIPAA Hosting, Resources, Security, Uncategorized

The third in our series on business continuity for healthcare. 

by Stephen Trout

On the old adage, “a picture is worth a thousand words,” there seems to be a thousand variations on a theme. 

Take the Russian writer, Ivan Turgenev: “The drawing shows me at one glance what might be spread over ten pages in a book.”

Or Napoleon Bonaparte, who said, “A good sketch is better than a long speech.”

Or even Leonardo da Vinci, who suggested that a poet would be “overcome by sleep and hunger before [being able to] describe with words what a painter is able to [depict] in an instant.”

But it was Edsger Dijkstra – one of the founding fathers of computing science – who put a different twist on the phrase when he said: 

“A picture may be worth a thousand words, a formula is worth a thousand pictures.”

– Edsger Dijkstra

As a healthcare provider, you surely have your “thousand pictures” (or more): X-rays and scans, records and results; each is valued because a real person’s welfare is attached to them. You need access to any one of them at a moment’s notice.

The question comes, however: do you have “a formula” to recover those “thousand pictures” if disaster strikes and your vital data is lost?

We’ve mentioned how the HIPAA Security Rule’s Contingency Plan requires this – but do you?

The answer is “Yes” – if a snapshot of your system has been taken.  

What is a Snapshot?

We’ve all seen time-lapse film, shot during the course of a single day. All the day’s changes – the position of the sun as it travels across the sky, the swaying of trees, and the movements of people and cars – are captured continuously.

At any moment, the film could be stopped to give an accurate picture of events at that time. Now compare that to a single photo taken at the end of a day. Hardly a record of the day’s changes, right?

Similarly, standard backups of systems – while valuable – are generally performed too infrequently to capture an accurate “picture” of your data at a given moment. 

The reason for this is that backups are usually run at the end of a day, so as to not impact critical resources during production hours.

In contrast, snapshots can incrementally back up data from your persistent disks as often as you need, without impacting production. This is ideal for healthcare.

Since a snapshot captures the most up-to-date state of a disk – which can be created from disks even while attached to running virtual machines (VMs) – you can actually use it to restore data to a new disk if anything were to go wrong. No need for extended downtime.

This, of course, is a strong reason not to keep your “thousand pictures of backups” on a local storage device. You don’t want them destroyed if a disaster strikes locally, or to have them eating up your primary storage capacity.

This need for resilience is a major advantage offered in the Google Cloud, where storing “multiple copies of each snapshot across multiple locations with automatic checksums to ensure the integrity of your data” is standard practice. (Get a more detailed picture of Google’s snapshots, here).

Redundant systems also mean your data is there when you need it, offering the true high availability of data necessary for healthcare.  

How Snapshots Excel

Snapshots are an ideal means of preserving business continuity, therefore, for three reasons especially:

  1. Snapshots are fast.

The ability to have an almost instantaneous copy of your dataset makes for a superior solution – exactly what you need for environments with tighter RTOs (recovery time objectives). 

Healthcare enterprises can’t afford to lose data, and rapid, consistent copies can help keep your practice going should a disaster or malicious attack (such as ransomware) strike.   

  1. Snapshots are more frequent.

A system-based snapshot will capture the most recent configurations and disk data that flow through your servers. Successive (incremental) snapshots contain only new or modified data occurring since the previous snapshot.

Whereas backups are typically run after hours – as we noted – so as to not impact resources during production hours, snapshots can run more frequently throughout the day, offering more up-to-date protection. Production systems will be unaffected.

  1. Snapshots can be retained and deleted regularly as needed, preserving resources.

Retention of snapshots (or defining how long to keep them) is an individual requirement based on client needs.  

For example, you could have a snapshot taken every 3 or 4 hours, or before a particularly dangerous operation is attempted. A snapshot of Cloud SQL (a managed database on the Google Platform) could also be performed daily, or even more frequently.

You could decide to have snapshots retained for a day, 7 days, or even 14 or more, depending on your preference. Storage costs will be a consideration, as replications of snapshots to other zones and regions will consume cloud capacity.  

You Need a Strong Backup Plan

In conclusion, snapshots and backups are an integral data protection and compliance resource, each offering a point-in-time data copy should your dataset be negatively impacted. 

Snapshots offer unique advantages, including tighter intervals for restoration purposes, and more accurate data to treat your patients. HIPAA Vault will work with you to meet your specific RTO requirements. 

In the end, having a formula that’s “worth 1000 pictures” is about stronger business continuity and the welfare of your patients – and that’s truly worth having.

Questions about how snapshots can benefit your business continuity? Give us a call (760-290-3460), or chat with us online at www.hipaavault.com.