AWS Case Study: DiskAgent

DiskAgent develops solutions for companies concerned about data protection. Healthcare providers, in particular, are attracted to DiskAgent for their aggressive data security controls, low-cost services, and solutions that help companies with HIPAA-compliance. DiskAgent, developed by Spearstone LLC, is a software service that provides continuous online data backup, data loss prevention and protection against identity theft. DiskAgent not only safeguards data in the event of a hardware failure, but also protects data in the event of theft, using a remote seek and destroy capability to locate missing hardware and remotely delete sensitive information.

DiskAgent uses Amazon Simple Storage Service (Amazon S3) as its scalable storage infrastructure. Using Amazon S3, customer data is replicated across multiple, remote data centers. “AWS provides DiskAgent users with enterprise-level reliability and scalability, at prices small businesses can easily afford. As a storage partner, Amazon S3 allows us to concentrate on what we do best—protecting our customers’ data.” said Spearstone CEO, Hayden Hartland.

Spearstone has extensive in-house expertise that helped to ensure DiskAgent’s compliance with HIPAA (Health Insurance Portability and Accountability Act). Prior to founding Spearstone, CEO Hayden Hartland spent two years managing one of the world’s largest dental electronic insurance claims clearinghouses, NIS, DENTRIX’s eServices subsidiary. While there, Hayden had responsibility for HIPAA compliance and regulatory requirements. When Hayden and his team began to develop DiskAgent, they knew that choosing the right web and data services partner would be key in meeting HIPAA’s rigorous security requirements.

Hayden Hartland explains, “The AWS environment helped Spearstone quickly meet and exceed the HIPAA security requirements for transmitting and storing electronic private health information (EPHI). HIPAA’s governing body requires that EPHI be transmitted and stored in an encrypted format. We conducted months of rigorous in-house and beta testing to ensure our encryption and transmission protocols exceed HIPAA requirements.”

Citing HIPAA provisions, DiskAgent documents how they are meeting and exceeding these stringent controls. For example, HIPAA’s administrative safeguards require a data backup plan and that entities operating under HIPAA implement systems to store and ultimately retrieve exact copies of health records. By using Amazon S3, DiskAgent helps ensure that health records and other sensitive information are stored to be HIPAA compliant.

According to HIPAA standards, covered entities must have a contingency plan, and: “Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.” (HIPAA, Section 164.308(a)(7)(i)).

DiskAgent protects their healthcare industry customers against physical systems damage by storing backed-up records offsite, in multiple Amazon data centers. Even complete destruction of the healthcare provider’s facility would not result in the loss of patient records.

Another HIPAA standard requires covered entities to: “Allow access only to those persons or software programs that have been granted access right.” (Section 164.312(a)(2)(1)). Furthermore, covered entities must: “Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.” (Section 164.312(e)(1)). These provisions also require that backups be encrypted to control access to the data, and that the encryption occurs before any data has been transmitted from a computer to its backup location.

DiskAgent protects backup files with 256 bit AES encryption (adopted as an encryption standard by the U.S. government) before they leave the customer’s machine. Backup files are protected during transmission with DiskAgent’s 256 bit SSL encryption. All access to backed-up data requires unique user authentication, and no passwords are stored in clear text.

Using Amazon S3, DiskAgent is able to deliver a comprehensive data protection service at a fraction of the cost of traditional backup providers. “AWS makes enterprise-class infrastructure inexpensive to acquire, easy to use, and quick to scale,” said Hayden Hartland. “Companies no longer need to invest heavily in data storage hardware or worry about capacity planning and can instead focus on other mission critical information technology projects.”

Founded in 2004 in Salt Lake City, Utah, Spearstone LLC is led by industry veterans in information security and data storage who have provided enterprise customers such as Wells Fargo, Baker & McKenzie, Mountain America Credit Union, SoftWise and Pearson Education with robust software solutions that help them preserve data integrity and security. Spearstone’s DiskAgent offers military-level security and a software as a service business model that helps small and medium businesses reap the software benefits large enterprises enjoy at a fraction of the cost.

For more on DiskAgent and Spearstone, go to http://www.diskagent.com This link will launch in a new browser window or tab.