Dartmouth College Protects Healthcare Research with Secure Storage from Decru and Network Appliance

Redwood City and Sunnyvale, Calif. - May 10, 2004 -- Decru, Inc., the leader in networked storage security, and Network Appliance, Inc. (NASDAQ: NTAP), a leading provider of enterprise network storage solutions, today announced a secure storage solution developed for the Center for Evaluative Clinical Sciences (CECS) at Dartmouth. The CECS has deployed Decru DataFort™ E-series storage security appliances with NetApp® FAS storage, ensuring the privacy and integrity of over 7TB of sensitive and regulated healthcare data. Dartmouth chose Decru DataFort because of its strong, wire-speed encryption, its reliability, and its ability to transparently integrate with high-performance NetApp storage systems.

The Center for Evaluative Clinical Sciences is comprised of scientists and clinician-scholars from Dartmouth's medical and graduate schools who conduct cutting-edge research on critical medical and health issues. The objective of this research is to provide a foundation for measuring, organizing, and improving the U.S. healthcare system. To fuel its research, Dartmouth obtains Medicare data from a number of sources, including insurance companies and government organizations. Because Medicare data falls under the stringent privacy requirements put in place by the Health Insurance Portability and Accountability Act (HIPAA), the CECS has invested in an IT infrastructure and process to meet and exceed these data security regulations.

"With approximately $1.5 million in annual grant funding tied into the use of Medicare claims data, we needed the ability to protect the integrity of the data while allowing appropriate access by research units and staff," said Vincent J. Fusca III, project manager, Dartmouth Atlas of Health Care, and operations director, CECS. "Decru DataFort provides the ultimate security solution by adding a critical layer of defense against inappropriate external and internal use of data. NetApp provides a scalable, reliable, and high-performance storage platform for our growing research data. The combined Decru and NetApp solution came together simply and seamlessly to address security and compliance needs for CECS."

CECS currently maintains about 7TB of this highly sensitive data in its storage network, containing clients based on Linux®, Dell file servers, and networked storage from NetApp. Each Linux desktop communicates to the servers using an encrypted VPN link, securing data in flight. Access to the data is tightly controlled via firewalls and Linux IP tables, so connections to the NFS servers are only allowed from a select group of clients.

The data itself is secured using a cluster of Decru DataFort E-series appliances. DataFort appliances combine secure access controls, authentication, storage encryption, and secure logging to provide unprecedented protection for sensitive stored data. By locking down stored data with strong encryption and routing all access through secure hardware, DataFort dramatically simplifies the security model for networked storage.

"Leading organizations such as the CECS at Dartmouth are building security directly into their storage infrastructures, ensuring the privacy and integrity of sensitive patient data," said Patrick Rogers, vice president of Marketing at Network Appliance. "The NetApp and Decru solution provides maximum performance and security, combined with seamless interoperability and simplicity. We're very pleased to support the CECS in its research efforts."

Dartmouth chose Decru DataFort appliances because of their transparent deployment, easy integration, and strong security features. Key features that will be utilized by Dartmouth include:

Strong AES-256 Encryption: DataFort is deployed between the clients and the NetApp storage systems, encrypting data as it is written to disk and decrypting it when requested by authorized users. All encryption keys are managed and maintained in DataFort's secure hardware, ensuring key security while removing complexity for users and administrators. Additionally, because data is encrypted in primary storage, data is also secure when backed up to the CECS tape library, ensuring true end-to-end protection.

Transparent Deployment: DataFort natively supports both CIFS and NFS storage protocols, so CECS did not need to modify its existing environment to install DataFort. CECS was also able to easily integrate DataFort into its infrastructure for access controls and user authentication.

CryptoShred™ Secure Deletion: When data is encrypted on disk or tape, media can be sent for repair or disposal without compromising data privacy. Furthermore, encryption simplifies the process for permanent data deletion. By deleting a centrally stored encryption key, CECS can permanently render all copies of a given piece of data unreadable.

"Data is the fuel that feeds research, and research organizations face unique challenges when it comes to data security. Not only does the CECS deal with huge volumes of data regulated by HIPAA, but their funding relies on their ability to maintain the integrity of this information," said Kevin Brown, vice president of Marketing for Decru. "Decru is pleased to work with NetApp and Dartmouth to build a trusted storage infrastructure for vital healthcare research."

About CECS

The Center for the Evaluative Clinical Sciences (CECS) at Dartmouth, established in 1989, is a locus of scientists and clinician-scholars from Dartmouth's medical and graduate schools who conduct cutting edge research on critical medical and health issues with the goal of measuring, organizing, and improving the health care system. Their collective research has important implications for medical practice and economics. At the macro level, the evaluative clinical sciences provide the basis on which to make rational policy choices and resource allocations; at the micro level, they hold the promise of reforming the doctor-patient relationships through shared decision-making and of improving the quality and value of clinical care.

About Decru

Decru, headquartered in Redwood City, CA, develops storage security solutions to address a range of business needs for enterprises and government, including intellectual property protection, regulatory compliance, privacy, and internal controls. Decru DataFort protects the core of the storage network with a layer of strong encryption, authentication, access controls, and compartmentalization. Decru DataFort appliances can be deployed transparently in SAN, NAS, DAS, and tape backup environments, with no changes to servers, desktops, applications, or user workflow. Decru was founded in 2001, and has raised more than $45 million in venture financing from Benchmark Capital, Greylock, New Enterprise Associates, In-Q-Tel and others.

About Network Appliance

Network Appliance is a world leader in unified storage solutions for today's data-intensive enterprise. Since its inception in 1992, Network Appliance has delivered technology, product, and partner firsts that continue to drive "The evolution of storage.™" Information about Network Appliance™ solutions and services is available at www.netapp.com.

Press Contacts:

Jaime Leigh Le
Network Appliance, Inc.
(408) 822-3761
jle@netapp.com


V. J. Fusca III, MMS
Operations Director, CECS
(603) 650-1355
Vincent.J.Fusca.III@Dartmouth.edu


Michele Borovac
Decru
(650) 413-6757
michele@decru.com