Tuesday, December 20, 2016

Encryption of healthcare SAN/NAS

I ran this poll a couple of weeks ago on Twitter.  I was looking to back up a theory of mine with some data, however bad my sample set is (people who follow me on Twitter).  In the end, I got some data, but I'm not sure how valid it is.  


The problem with this poll is that even though it got 53 replies (which I'm super thankful for), I don't know how many of these respondents really work in healthcare.  People also have a tendency to tell you what they think you want to hear.  I think that's going on here too.  People know that HIPAA requires encryption for data in transit and portable devices.  I think they are extending that to the SAN/NAS example here.

I can't imagine many likely scenarios where you would invest money in a SAN/NAS (where performance is key) and then lose performance (money) on disk encryption.  Full disk encryption protects primarily against physical attacks and your SAN/NAS should be in a secure environment.

This was cross posted from my Peerlyst account.  I'm really interested in people's perspectives on this, but I've had to largely disable comments in the blog due to blog spam.  If you have something to contribute, hop on over to Peerlyst and comment there. I'm really interested in perspectives on this issue.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.