The Center for Data Innovation spoke with Chris Downie, CEO of Peak 10, an information technology infrastructure company based in Charlotte, North Carolina. Downie discussed the unique challenges healthcare organizations have with data management, as well as how Peak 10 was able to operate uninterrupted during Hurricane Matthew.
This interview has been edited.
Joshua New: Peak 10 works with several different healthcare providers. Could you discuss how well you think this industry is taking advantage of newer data technologies? What seems to be the major stumbling blocks to greater utilization of these services?
Chris Downie: When it comes to technology adoption, healthcare has been extremely slow to catch up with other industries. While it is an industry that desperately needs to get up to speed on newer technology models, the idea of switching over thousands of electronic health records (EHRs) to a new system is something no hospital executive or administrator wants to deal with, especially when they factor in the complex compliance issues that would need to be considered.
At Peak 10, we work with a wide variety of healthcare organizations, ranging from inpatient and outpatient providers, healthcare systems, hospital systems, physician and skilled nursing practices, long-term care facilities, insurance providers, healthcare service providers and many others. These companies rely on Peak 10 to support their mission-critical business systems and applications, including electronic health and medical records, disaster recovery (DR) for EHRS, revenue cycle management, virtual desktops and mobile devices, data analytics, and e-commerce for hospitals.
The majority of our hospital customers typically have a legacy data center in the basement of their facility. With the growing volume of data needed to run and operate a hospital there is only so much physical space you can build out before you run out of room. The cost to maintain and refresh infrastructure hardware can also be quite overwhelming for organizations. Peak 10 gives healthcare customers a way to alleviate these concerns by providing them with secure, state-of-the-art data center facilities to ensure fast, reliable data movement and access.
Beyond maintenance and operations challenges, hospitals are also concerned with issues tied to EHR downtime and compliance. In fact, according to an EMC study, healthcare organizations lost a total of 2.3 terabytes of data last year, which cost 22 hours of downtime for each incident and a total of $900,000 on average. This downtime also increases safety concerns since conveniences such as calculating dosages and looking up drug interactions are suddenly unavailable, placing greater pressures on everyone in the hospital to not make mistakes. The extra pressure may expose the reality that many caregivers rely too much on computers instead of humans to deliver patient care. It is not an extraordinary assumption that if an EHR or computer system is down, there could be a higher likelihood of sentinel events—events that result in serious harm or the death of the patient unrelated to their illness.
Another issue is compliance. Peak 10’s portfolio of cloud services is structured to ease the burden on customers seeking compliance, specifically regarding the Health Insurance Portability and Accountability Act (HIPAA), to optimize security and performance. Combining enterprise-class infrastructure, physical security, and a variety of technical controls, Peak 10’s cloud features multiple layers of protection to help keep protected health information and other sensitive data secure, limit access to it and monitor, defend against, and mitigate cyber threats.
Simply put, the healthcare industry is ripe with opportunity for the introduction of new technologies to enhance care delivery and the overall patient experience, streamline operations, and more. These opportunities also open the door to the potential for more cyberattacks and lost or stolen data. It is past time for healthcare information technology (IT) professionals to review privacy and security policies and procedures. Healthcare organizations should also insist that their service level agreements (SLAs) with a technology provider specify agreed upon security objectives and outline processes for ensuring compliance. It’s not a cure-all, but it can help facilitate more effective data loss prevention.
New: Peak 10’s data centers in Florida were hit pretty badly by storms during Hurricane Matthew in October 2016. How do you prepare for these kind of natural disasters?
Downie: Hurricane Matthew did come uncomfortably close to our data centers in Fort Lauderdale and Jacksonville last year. It was a strong storm that did a lot of damage to Florida’s east coast. Our data centers did not experience any damage or a single second of downtime, and the reason for that is much more than just ensuring redundancy.
Peak 10 has been around for nearly two decades, so we’ve seen natural disasters happen around a number of our data centers over the years. We urge all of our customers to have DR plans and to test them regularly, and we do the same for our company. Our long operating history has given us a chance to hone these DR plans and processes so that we can seamlessly execute when we’re faced with a natural disaster such as Hurricane Matthew.
Sure, we have the redundancies in place that you would expect of a data center. To sustain an uninterrupted power supply, we utilize redundant uninterruptible power supply (UPS) systems and generators—each with N+1 configurations, meaning each component has at least one backup. Multiple computer room air conditioning (CRAC) units with N+1 configurations maintain a sufficiently regulated IT environment if one cooling system goes down.
We also employ a comprehensive preventative maintenance program. This regular maintenance is performed on key emergency systems including generators, UPSs, cooling systems, fire detection and suppression systems, and other critical systems to ensure they are ready when needed. We also monitor our network and facility 24/7/365 to safeguard operations. This level of ongoing attention supports the efficient mitigation of issues.
Our emergency response plan outlines policies and procedures needed to manage these types of volatile situations and we have a Peak 10 “Go Team” that regularly tests our own readiness through live exercises conducted during normal operations. This geo-diverse team consists of highly trained and experienced experts in network and data center operations and emergency response. In advance of Hurricane Matthew, they traveled to Fort Lauderdale and Jacksonville to manage the data center and support our customers while our local employees went home to take care of their families. It’s our due diligence and care for our people that I think sets us apart.
With almost 200 customers declaring disaster and checking into their disaster recovery (DR) suites during Hurricane Matthew, Fort Lauderdale was inundated with customers and our Go Team was there to support their needs. Since all Peak 10 data centers are uniformly designed and utilize the same technology, the Go Team seamlessly transitioned into Fort Lauderdale and Jacksonville operations without losing critical time to a learning curve.
New: Peak 10 offers something called “encryption as a service.” How does this work?
Downie: Cybercrime is a $400 billion global enterprise, and that number is increasing daily. Working as a reliable last line of defense for protecting sensitive data—essentially scrambling information and rendering it inaccessible to those without the keys—encryption has become a critical tool for any organization’s security posture.
In March 2016, the research team at Peak 10 surveyed a sample of 183 enterprise decision makers, all facing a myriad of complex regulatory pressures. We asked them about their specific compliance requirements, current and predicted usage of encryption services, and gauged the perceived importance of encryption and budgetary concerns among them. The findings allowed us to identify a number of major trends which can help an organization assess its own security posture and understand the changing tides of cybersecurity. For example, we found that 30 percent of businesses plan to increase spending on security such as encryption, but only one third of those businesses may already be using encryption to protect their data.
This study led us to offer our Encryption as a Service (EaaS), a complete solution for business data security. Our EaaS offering allows customers to encrypt their data at rest, where the majority of breaches occur. It also ensures the protection of a company’s data while allowing the organization full control over keys and policies.
Peak 10’s Encryption as a Service allows businesses to protect critical customer and proprietary data, while retaining complete control over encryption keys, which means only they control who can decrypt data. Additionally, the solution offers privileged user controls and policies that dictate access to data as well as full audit logs.
EaaS allows customers to benefit from previously inaccessible business advantages, including faster to-market time, increased agility and a considerable reduction in costs. Additionally, EaaS is compatible with existing applications and appliances, giving customers full access to their encryption keys and data assets.
New: How does the increasing ubiquity of the Internet of Things change how you do business? Can data from connected devices be treated the same as other kinds of data, or does it require different kinds of services?
Downie: There is no doubt that widespread adoption of the Internet of Things (IoT) will vastly increase the challenges to servers, network, and applications. The volume of network traffic is increasing exponentially, and it will only continue to grow as more connected devices come into play. While these trends have changed how we live today, this influx of new data can cause businesses issues such as vulnerable security and slow operations.
More specifically, IoT will absolutely have a hand in limiting availability. Poor availability can cause business applications to run slowly, or perform poorly, which in turn can affect revenue. Slow transactions can cause a reduction in conversion rates. Reduced conversion rates, in turn, may affect your company’s reputation.
A leading concern from businesses around the Internet of Things is security. Through the evolution of IoT, billions of devices will be connected to the Internet, and every single device is a potential opening into its manufacturer’s IT infrastructure, company information, or personal data of the user. Many companies are making progress with recognizing security issues and figuring out how to respond to problems and prevent them from happening in the future.
IT departments should be applying security monitoring, certification, and testing efforts to IoT devices, and collaborate with vendors to ensure patching, tracking, and protection. We work hand in hand with customers, offering up solutions and expertise to help them shore up their security practices as it relates to the Internet of Things.
New: You’ve held senior leadership roles at data center companies for almost a decade now. What has surprised you the most about how the industry has changed over the years?
Downie: The pace of adoption of third party data center environments has been much faster than anyone could have imagined. This quickened pace is driven by the scale of new software-as-a-service application adoption and its impact on differentiation and competitive advantage. This phenomenon is forcing enterprises to come out from behind their firewalls, which in turn is causes them to realize that orchestration of external IT resources is not their core competency.
Another interesting reality is that while virtualization is occurring at a torrid pace, this pace is arguably increasing due to physical, non-virtualized infrastructure—the data center, the network, and the people. Demand is huge and as it grows in scale, its scope and form become less uniform and more complex, which drives the need for service providers who can manage a vast and varied set of requirements.
