Effective Systems Management for Healthcare

Similar documents
EMA Radar for Private Cloud Platforms: Q1 2013

EMA Radar for Private Cloud Platforms: Q1 2013

EMA Radar for Workload Automation (WLA): Q2 2012

EMA Radar for Workload Automation (WLA): Q2 2012

EMA Radar for Workload Automation (WLA): Q2 2012

whitepaper The Benefits of Integrating File Integrity Monitoring with SIEM

IT Optimization through Predictive Capacity Management

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Ecora More Attractive to Large Enterprises with Auditor Pro 4.5

How To Buy Nitro Security

EMA Radar for Application Performance Management (APM) for Cloud Services: Q1 2012

Streamlining the Process of Business Intelligence with JReport

Consolidating IT Infrastructure Management: Unifying Data Center Hardware and Software Administration

EMA Radar for Application Discovery and Dependency Mapping (ADDM): Q AppEnsure Profile

White Paper Achieving HIPAA Compliance through Security Information Management. White Paper / HIPAA

Desktop Automation: Effective Desktop Operations & Management with Cloud Orchestration

Secure Administration of Virtualization - A Checklist ofVRATECH

Help Desk Demands in the Mid-Market: Pragmatic Requirements and Solutions

The Impact of HIPAA and HITECH

Beyond the Hypervisor: Optimizing Virtualization Management

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Big Data Comes of Age: Shifting to a Real-time Data Platform

How To Use Ibm Tivoli Monitoring Software

EMA Radar for Advanced Performance Analytics (APA) Use Cases: Q4 2012

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Server & Application Monitor

EMA Radar for Enterprise Network Management Systems (ENMS): Q4 2012

How To Protect Your Cloud From Attack

I D C A N A L Y S T C O N N E C T I O N

Pragmatic Approach to Data Center Management Control and Manageability

Supporting Workforce Mobility: Best Practices in Enterprise Mobility Management

Building on a Foundation for Growth: Integrating DLP with Message Security Infrastructure

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

Enterprise Lifecycle Management in a Changing World: Best Practices for Resolving Emerging Challenges in Desktop and Server Management

Log Management Solution for IT Big Data

SolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements

Managed Services. Business Intelligence Solutions

What is Security Intelligence?

access convergence management performance security

HIPAA and HITECH Compliance for Cloud Applications

SP Monitor. nfx One gives MSPs the agility and power they need to confidently grow their security services business. NFX FOR MSP SOLUTION BRIEF

Actionable Security Intelligence: Preparing for the Next Threat with a Proactive Strategy

1 Introduction Product Description Strengths and Challenges Copyright... 5

EMA Radar For Business Service Management (BSM): Service Impact Q Interlink Vendor Profile

Bringing Enterprise-class Network Performance and Security Management Together using NetFlow

EMA Radar for Application Performance Management (APM) for Cloud Services: Q1 2012

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

Splunk for VMware Virtualization. Marco Bizzantino Vmug - 05/10/2011

Monitoring Best Practices for

Achieving IT Operational Reliability and Cost Effectiveness with ITIL and other Best Practices

Enterprise Security Solutions

LogInspect 5 Product Features Robust. Dynamic. Unparalleled.

NitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

Q1 Labs Corporate Overview

Vendor Landscape: Security Information & Event Management (SIEM)

Boosting enterprise security with integrated log management

Automating ITIL v3 Event Management with IT Process Automation: Improving Quality while Reducing Expense

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

Intelligent Operations Management from Applications to Storage. VMware vrealize Operations

IBM QRadar Security Intelligence April 2013

Effective IT Operations with Data Center Infrastructure Management (DCIM)

LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled.

Service Catalog: Dramatically Improving the IT/Business Relationship

Monitoring Best Practices for COMMERCE

Optimizing Cloud for Service Delivery

SolarWinds Virtualization Manager

ITIL V3: Making Business Services Serve the Business

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Achieving Regulatory Compliance through Security Information Management

How to Secure Your SharePoint Deployment

How To Use Cautela Labs Cloud Agile.Com

Veritas Configuration Manager Profile. A Profile Prepared by EMA October 2006

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

EMA Radar for Private Cloud Platforms: Q1 2013

Minder. simplifying IT. All-in-one solution to monitor Network, Server, Application & Log Data

The Advantages of Enterprise Historians vs. Relational Databases

Security management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.

WHITEPAPER. Addressing Them with Adaptive Network Security. Executive Summary... An Evolving Network Environment Adaptive Network Security...

Metrics that Matter Security Risk Analytics

Compliance Management, made easy

A TECHNICAL WHITE PAPER ATTUNITY VISIBILITY

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Netzwerkvirtualisierung? Aber mit Sicherheit!

RSA SIEM and DLP Infrastructure and Information Monitoring in One Solution

The Advantages of Plant-wide Historians vs. Relational Databases

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE

IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems

ObserveIT User Activity Monitoring

Making Your Investment in an Executive Dashboard Count: What to Look for and Why

VDI Security for Better Protection and Performance

Total Protection for Compliance: Unified IT Policy Auditing

SANS Top 20 Critical Controls for Effective Cyber Defense

Workload Automation: The Heart of Enterprise Operations

Vistara Lifecycle Management

McAfee Server Security

ScienceLogic vs. Open Source IT Monitoring

Tivoli Automation for Proactive Integrated Service Management

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

Better Virtualization Outcomes with Citrix Essentials for XenServer and NetApp Storage

Transcription:

Effective Systems Management for Healthcare An ENTERPRISE MANAGEMENT ASSOCIATES (EMA ) White Paper Prepared for SolarWinds January 2014 IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING

Table of Contents Introduction... 1 Healthcare Specific Challenges... 1 HIPAA Compliance... 1 Storage and Data Warehousing... 2 Desktop Virtualization and Mobile Devices... 3 Healthcare Applications... 3 Conclusion... 3 How SolarWinds Fits the Bill... 4 Single Pane of Glass for Applications and Systems... 4 Automatic Detection and Remediation of Security Events... 4 Strong Storage Capabilities... 4 Rapid Deployment and Easy Management... 5 Simplicity and Usability... 5 Application-Centric Approach... 5 EMA Perspective... 5

Introduction As described in a recent ENTERPRISE MANAGEMENT ASSOCIATES (EMA ) white paper 1, application-aware systems management is a central challenge within modern enterprise IT. This application centricity is specifically important in healthcare settings, such as hospitals, specialty care centers and doctors offices. These healthcare institutions cannot afford downtime or lackluster performance, as they must optimally utilize the time of doctors, nurses and other medical staff to ensure the best possible patient care, as well as financial viability of the overall organization. Furthermore, high-dollar medical equipment, such as MRI, CT or digital X-ray machines rely on the optimal operation of the institution s medical applications and the servers, network and storage resources on which they depend. Healthcare IT environments need a pragmatic monitoring and management solution that is easy to deploy, operate and manage. This EMA white paper will explore systems management requirements derived from the specific challenges faced by the healthcare institutions today. Healthcare Specific Challenges In addition to the traditional challenges of healthcare organizations, such as the negative impact of downtime due to the high cost of medical facilities, equipment and staff, there are numerous further considerations to bear in mind when exploring optimal systems management solutions: HIPAA Compliance The Health Insurance Portability and Accountability Act (HIPAA) of 1996 prescribes a set of highly complex requirements regarding privacy and overall systems, data and facilities security. Implementing these requirements is aggravated by the lack of specific technical and technological guidance provided by this law. Therefore, HIPAA audits place a significant strain on most healthcare organizations, requiring vast numbers of staff hours for creating the reports needed to demonstrate that the following five key pillars of HIPAA compliance are adhered to: Access control and protection of patient data Controlling physical access to systems and facilities Protecting information processing and maintenance Data protection during network transmission Activity log review of all systems containing patient information Healthcare IT environments need a pragmatic monitoring and management solution that is easy to deploy, operate and manage. The Health Information Technology for Economic and Clinical Health Act (HITECH) provides HIPAA with an additional set of teeth, by increasing the legal liability for compliance violations. HITECH constitutes a strong basis for enforcement of the HIPAA law and requires healthcare organizations to ensure HIPAA compliant conduct of their business associates. It also obligates the department of Health and Human Services (HHS) to conduct regular audits. Furthermore, unauthorized use or disclosure of unencrypted patient data must be reported to the affected patients and in severe cases to HHS. Violations are now subject to fines by the Office for Civil Rights and attorney generals are suing healthcare organizations that are in violation of HIPAA and HITECH. All this increases the regulatory burden for healthcare, resulting in a more and more demanding set of systems management requirements: 1 It s All About the App: Application-Centric Systems Management, EMA http://www.enterprisemanagement.com/research/asset.php/2674/it/ s-all-about-the-app:-application-centric-systems-management 1 Page 1

Centralized control over all security- and privacy-relevant systems involved in handling patient data firewalls, antivirus, intrusion detection, and operating systems is key to ensuring comprehensive data protection and security. This centralized control enables streamlined HIPAA auditing, which is needed to quickly and automatically produce compliance reports. Proactive enforcement of antivirus, encryption (loss of strongly encrypted data is not considered a breach) and firewall policies is key to maintaining data security and ensures optimal application health. In short, in order to guarantee and document HIPAA compliance, systems management and security software should talk among each other and be able to generate a comprehensive set of audit reports. In short, in order to guarantee and document HIPAA compliance, systems management and security software should talk among each other and be able to generate a comprehensive set of audit reports. Storage and Data Warehousing MRI, digital X-ray and CT imaging cause tremendous storage requirements in healthcare, as digital copies do not only have to be produced for immediate use by medical staff, but must be archived in accordance with an ever-stricter set of government healthcare regulations, including HIPAA. Healthcare institutions today are moving to standardized software vendor-neutral archives, where images from different systems can be accessed through generic viewers. This enables doctors and other medical staff to view each other s images, without the traditional compatibility issues. In addition to images, there are electronic health records, hospital communications and large numbers of administrative files that have to be managed and archived in a compliant manner. Data warehousing plays an increasingly larger role within a hospital context, as medical staff more and more relies on advanced analytics capabilities, where patient data from a myriad of different sources is correlated to help improve care standards. Often, this means that all data has to be copied into one place, the data warehouse, where all the processing and advanced queries are executed. For queries to perform optimally, they need to be written well and have enough server, network, storage resources available to execute in a flawless manner. Healthcare applications in their entirety imaging, electronic record keeping, data warehousing etc. put a significant strain on the corporate storage infrastructure. To prevent or troubleshoot issues, healthcare organizations require the ability to map application performance to the underlying virtual machines, datastores and the storage arrays, LUNs and spindles they run on. Only when there is visibility from the application down to the storage hardware, can storage be managed in an intelligent fashion that ensures performance and reliability, without the typical waste that results from overprovisioning as an insurance policy. Following EMA research, finding the most cost-efficient home for each data type is a key challenge in enterprise IT, due to this typical lack of visibility. At the same time, storage administrators require the ability to view the application impact of the LUNs and disks they maintain on a daily basis. Only when a storage administrator knows the impact of performance degradation or downtime of a specific spindle, array or LUN, can provisioning, tiering, management and capacity planning for storage be conducted effectively. Quickly identifying slow queries causing application or database performance issues is another significant challenge. Query performance problems may not at all be related to hardware performance, but could simply result from poorly formed queries. 2 Page 2

Desktop Virtualization and Mobile Devices Medical staff, as well as administrative staff, requires mobile access to patient data at specific locations and particular points in time in order for the entire healthcare institution to provide better care, while at the same time improving financial results. Mobile device support requires backend infrastructure that is always available, resilient, secure and well performing, as every security break or systems outage results in medical staff being a lot less productive or patient confidentially being compromised. Ideally, there should be one central dashboard showing virtual machine properties together with metrics of other workloads located on the same host, as well as the actual health status of the physical host servers and the capacity and performance of the underlying storage arrays. For rapid issue resolution, the ability to quickly identify the physical host cluster of each virtual desktop is critical. Ideally, there should be one central dashboard showing virtual machine properties together with metrics of other workloads located on the same host, as well as the actual health status of the physical host servers and the capacity and performance of the underlying storage arrays. Only this level of visibility across traditional silos applications, virtual machines, physical servers and storage hardware enables effective management of virtual desktop infrastructure and mobile device access. Proactive security management for endpoints is key to preventing confidential patient data from being disclosed as well as malware from spreading within the walls of the hospital. Therefore, systems management within the healthcare sector must be able to monitor events that are created by antivirus, firewalls or intrusion detection systems. Ideally, systems management software will then be able to respond to these events in a proactive manner that goes beyond simply alerting IT operations staff. For example, when the presence of malware on a specific desktop is reported, this desktop could be automatically disconnected from the network, while all other desktops on the same network segment receive a deep malware scan. Healthcare Applications As healthcare applications custom and off-the-shelf are critical for patient care and flawless billing, a proactive approach is required that looks at systems management from an application-centric perspective. Adding application context to traditional server, storage, network and virtualization management tasks enables the entire IT department to conduct daily management tasks, troubleshooting and capacity management with the overall hospital requirements in mind. Within today s often massively heterogeneous healthcare IT environments, consisting of a myriad of storage, network and server hardware, as well as frequently relying on public cloud services, auto-discovery of new resources or configuration changes through an agentless approach is key to ensuring reliability and flexibility of systems monitoring and management. This comprehensive knowledge of the entire IT environment, in combination with the constant ability to understand the application context, brings systems management for healthcare institutions to the next level. Ideally this new approach changes the perception of IT-asa-Nuisance to medical and administrative staff viewing IT as a valuable strategic partner. Conclusion Detecting issues with a purely systems-centric approach is difficult, reactive and can take hours or days. Healthcare institutions cannot afford this type of disruption and therefore require a systems management approach that keeps an eye on the application and uses advanced analytics to correlate application performance and reliability issues with incidents at the systems hardware and virtualization and security layer. 3 Page 3

How SolarWinds Fits the Bill SolarWinds enables a proactive approach of detecting issues performance, security, compliance before they turn into actual problems affecting patient care or the financial bottom line. This approach is based on the following key components. Single Pane of Glass for Applications and Systems The integration of SolarWinds Server & Application Monitor, Virtualization Manager, and Storage Manager is at the heart of SolarWinds application-centric systems management capabilities. Today s typically very heterogeneous healthcare IT environments, with their limited financial and human resources, are presented with near-comprehensive visibility into each layer of the application stack. Application performance can be correlated with the behavior of individual systems at a granular level, which is key for rapid problem diagnosis and remediation. The integration of SolarWinds Server & Application Monitor, Virtualization Manager, and Storage Manager is at the heart of SolarWinds application-centric systems management capabilities. Automatic Detection and Remediation of Security Events SolarWinds Log & Event Manager (LEM) adds centralized monitoring and response to security and compliance relevant incidents and automates a major portion of the information system activity review process. It enables organizations to demonstrate diligence towards detecting and preventing security breaches by continually monitoring access to healthcare data and providing integrated active response capabilities to rapidly remediate threats. Its in-memory correlation processes log and event data before it is written to the database, providing real-time security intelligence and enabling immediate incident response. These responses can be completely automated to deliver hands-free 24x7 threat mitigation, including the ability to block IP addresses, detach servers and workstations from the network, lock out unapproved USB devices, or revoke user privileges via Active Directory. SolarWinds LEM also provides built-in correlation rules, including HIPAA-based rule templates and a drag-and-drop rule builder that enables systems administrators to easily create new rules or customize existing ones to their specific needs. These capabilities, in combination with pre-configured HIPAA compliance reporting packages, constitute a strong set of tools for healthcare organizations to cut through the myriad of regulatory requirements they are faced with on a daily basis. Healthcare organizations can further enhance their security and compliance efforts with SolarWinds Firewall Security Manager (FSM), which automatically audits firewall configurations against a predefined catalog of standards-based checks to identify potentially dangerous security gaps, as well as uncover policy violations. Additionally, organizations can leverage customizable security profiles to tailor audits to their unique business requirements and policies. SolarWinds FSM s ability to centrally manage and audit firewall rules, as well as generate compliance reports, can be seen as particularly vital for fluid environments that are subject to strict regulation. Strong Storage Capabilities SolarWinds Storage Manager integrates with SolarWinds Virtualization Manager through to SolarWinds Server & Application Monitor, enabling healthcare customers to proactively manage the storage required for their data warehouses, virtual desktops, imaging systems and specialized applications. SolarWinds Storage Manager provides the insights required to take charge of existing storage arrays, as well as plan the purchase of new storage, based on the software s detailed capacity analysis capabilities. 4 Page 4

Rapid Deployment and Easy Management Many of today s popular systems management tools require a tremendous amount of customization and rely on extensive deployment and configuration services. SolarWinds Virtualization Manager and Log & Event Manager are delivered as all-in-one virtual appliances, while the rest of the SolarWinds portfolio offers standard Windows and Linux installers (SolarWinds promises installation times of under one hour). This easy deployment process in combination with robust out-of-the-box support for most popular hardware and software, as well as compliance reporting templates, leads to rapid time to value. This easy deployment process is specifically vital for healthcare organizations, with their minimal tolerance for disruptive IT projects. Simplicity and Usability Healthcare IT staff typically wears many hats and does not have the time available to learn to operate and manage systems management software. The SolarWinds interface is simple, yet highly customizable, and most importantly, each screen provides access to the contextual information required to view the application impact of a specific action. SolarWinds goes even further by providing system administrators with the capability to play through what if scenarios, before committing to a specific reconfiguration action or hardware addition. Finally, it is important to mention the typically agentless approach, eliminating the need for managing, troubleshooting and upgrading operating system- and application-specific agents, which often puts a strain on lean healthcare IT environments. The SolarWinds interface is simple, yet highly customizable, and most importantly, each screen provides access to the context and information required to view the application impact of a specific action. Application-Centric Approach SolarWinds enables application-driven systems management through integration of its tools for server, network, storage, database and application management. This integration provides customers with comprehensive dashboards showing the impact of each component on application performance and overall health. To ensure rapid time to value, SolarWinds offers 150 out-of-the-box applicationmonitoring and management templates including Exchange, SharePoint, Active Directory, Oracle, and SAP, as well as the ability to create custom templates to support an entire heterogeneous application environment. The SolarWinds capabilities for monitoring and visualizing database health and performance metrics come in handy when application performance issues are caused by faulty or inefficient queries. EMA Perspective The SolarWinds portfolio includes the tools necessary to address healthcare-specific resiliency, compliance, performance and security challenges in a proactive and efficient manner. The secret sauce is the solution s flexibility and the integration between the different management software components. SolarWinds Log & Event Manager is specifically interesting within a healthcare context, as it enables real-time response to events across the entire IT environment. This cross-silo capability helps healthcare providers remediate security challenges and prevent performance and reliability issues before they turn into disruptive problems. EMA is impressed with the comprehensiveness of the SolarWinds portfolio, as well as with the strides the company has made toward providing a truly integrated and application-centric systems management toolkit to healthcare providers that surpasses the traditional players in terms of simplicity and contextual awareness. 5 Page 5

About Enterprise Management Associates, Inc. Founded in 1996, Enterprise Management Associates (EMA) is a leading industry analyst firm that provides deep insight across the full spectrum of IT and data management technologies. EMA analysts leverage a unique combination of practical experience, insight into industry best practices, and in-depth knowledge of current and planned vendor solutions to help its clients achieve their goals. Learn more about EMA research, analysis, and consulting services for enterprise line of business users, IT professionals and IT vendors at www.enterprisemanagement.com or blogs.enterprisemanagement.com. You can also follow EMA on Twitter or Facebook. This report in whole or in part may not be duplicated, reproduced, stored in a retrieval system or retransmitted without prior written permission of Enterprise Management Associates, Inc. All opinions and estimates herein constitute our judgement as of this date and are subject to change without notice. Product names mentioned herein may be trademarks and/or registered trademarks of their respective companies. EMA and Enterprise Management Associates are trademarks of Enterprise Management Associates, Inc. in the United States and other countries. 2014 Enterprise Management Associates, Inc. All Rights Reserved. EMA, ENTERPRISE MANAGEMENT ASSOCIATES, and the mobius symbol are registered trademarks or common-law trademarks of Enterprise Management Associates, Inc. Corporate Headquarters: 1995 North 57th Court, Suite 120 Boulder, CO 80301 Phone: +1 303.543.9500 Fax: +1 303.543.7687 www.enterprisemanagement.com 2812.020614

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information