Abstract: Techniques are provided for multi-cloud data protection using threshold-based file reconstruction. One method comprises obtaining a file comprising metadata and data for storage in a cloud environment; generating a plurality of encrypted file portions from the data; and uploading each of the encrypted file portions with the metadata as cloud objects to multiple different cloud environments. A threshold number of the encrypted file portions are needed from at least two different cloud environments to reconstruct the file. For file reconstruction, the threshold number of encrypted file portions can be validated, merged and decrypted.

Abstract: Methods and systems for securing data are disclosed. To secure data, signed tokens may be used to authenticate operations to be performed by storage arrays. The operations may modify data stored in the storage array and/or provide copies of stored data. The signed token may specify limits on the authority of various entities to invoke various functions of storage arrays, and include cryptographic data usable by the storage arrays to authenticate the tokens. By requiring that tokens be included with operations to be performed by storage arrays, the storage arrays may be less likely to perform undesired operations.

Abstract: An apparatus comprises at least one processing device that includes a processor and a memory coupled to the processor. The at least one processing device is configured to receive storage access protocol commands directed by one or more host devices to storage devices of a storage system over a storage area network, to generate statistics relating to the received storage access protocol commands, to process the generated statistics in a machine learning system trained to recognize anomalous access patterns to the storage devices over the storage area network, and to generate an alert indicative of an access anomaly based at least in part on the processing of the generated statistics in the machine learning system. A multi-path input-output (MPIO) driver of the one or more host devices may be provided with the alert and configured to initiate one or more remediation actions responsive to the alert.

Abstract: A storage system comprises a plurality of storage devices, and is configured to establish a production drive group comprising a first subset of the storage devices, using a first firmware-level configuration process, and to establish a stealth drive group comprising a second subset of the storage devices, using a second firmware-level configuration process, the storage devices of the stealth drive group thereby being separated at a firmware level of the storage system from the storage devices of the production drive group. The storage system is further configured to copy data of one or more logical storage volumes from the production drive group to the stealth drive group, and responsive to completion of the copying of the data of the one or more logical storage volumes from the production drive group to the stealth drive group, to initiate a firmware-level reconfiguration process for the storage devices of the stealth drive group.

Abstract: An apparatus comprises at least one processing device that is configured to control delivery of input-output operations from a host device to a storage system over selected ones of a plurality of paths through a network. The at least one processing device is further configured to generate a plurality of authentication tokens over time utilizing seed information of the host device, and for each of one or more of the input-output operations, to incorporate a particular one of the authentication tokens into the input-output operation, to send the input-output operation to the storage system, and to receive an indication from the storage system, responsive to the input-output operation sent to the storage system, as to whether or not the authentication token incorporated into the input-output operation matches a corresponding authentication token generated by the storage system. The at least one processing device illustratively comprises at least a portion of the host device.

Abstract: An apparatus comprises at least one processing device that is configured to control delivery of input-output operations from a host device to a storage system over selected ones of a plurality of paths through a network. The at least one processing device is further configured to generate a plurality of authentication tokens over time utilizing seed information of the host device, and for each of one or more of the input-output operations, to incorporate a particular one of the authentication tokens into the input-output operation, to send the input-output operation to the storage system, and to receive an indication from the storage system, responsive to the input-output operation sent to the storage system, as to whether or not the authentication token incorporated into the input-output operation matches a corresponding authentication token generated by the storage system. The at least one processing device illustratively comprises at least a portion of the host device.

Abstract: A storage system comprises a plurality of storage devices, and is configured to establish a production drive group comprising a first subset of the storage devices, using a first firmware-level configuration process, and to establish a stealth drive group comprising a second subset of the storage devices, using a second firmware-level configuration process, the storage devices of the stealth drive group thereby being separated at a firmware level of the storage system from the storage devices of the production drive group. The storage system is further configured to copy data of one or more logical storage volumes from the production drive group to the stealth drive group, and responsive to completion of the copying of the data of the one or more logical storage volumes from the production drive group to the stealth drive group, to initiate a firmware-level reconfiguration process for the storage devices of the stealth drive group.

Abstract: Techniques are provided for multi-cloud data protection using threshold-based file reconstruction. One method comprises obtaining a file comprising metadata and data for storage in a cloud environment; generating a plurality of encrypted file portions from the data; and uploading each of the encrypted file portions with the metadata as cloud objects to multiple different cloud environments. A threshold number of the encrypted file portions are needed from at least two different cloud environments to reconstruct the file. For file reconstruction, the threshold number of encrypted file portions can be validated, merged and decrypted.

Abstract: An apparatus comprises at least one processing device that includes a processor and a memory coupled to the processor. The at least one processing device is configured to receive storage access protocol commands directed by one or more host devices to storage devices of a storage system over a storage area network, to generate statistics relating to the received storage access protocol commands, to process the generated statistics in a machine learning system trained to recognize anomalous access patterns to the storage devices over the storage area network, and to generate an alert indicative of an access anomaly based at least in part on the processing of the generated statistics in the machine learning system. A multi-path input-output (MPIO) driver of the one or more host devices may be provided with the alert and configured to initiate one or more remediation actions responsive to the alert.

Abstract: A method for using a health information exchange system which stores patient record data regarding a multiplicity of patients, to serve a first plurality of EMRs each interacting with an EMR community including a set of at least one EMR, the method comprising: for each individual EMR within the first plurality of EMRs, performing a computerized context interception process using a processor to intercept context from the individual EMR and to identify therewithin an event whereby a health provider using the individual EMR calls up an individual patient's record from said individual EMR; and responsive to identification of the event, using a computerized output device for providing patient record data, pertaining to the individual patient, to the health provider.

Abstract: A health information exchange system comprising ontological apparatus for defining and storing ontological link elements ontologically linking between individual health care information items within a first population of health care information items; apparatus for receiving a second population of health care information items and for associating at least some individual items in the second population, with corresponding individual items within the first population of health care information items; and apparatus for responding to queries regarding particular information items in the second population including translating the particular information items into items in the first population corresponding to the particular information items and using link elements linking the items in the first population corresponding to the particular information items to generate data pertaining to the particular information items in the second population.

Abstract: A system for a unified management of queries in a distributed environment that includes plurality of nodes interconnected through a communication network. A query initiating node which can be a query processing node being configured to receive or place a query in respect one or more subjects. The query processing node includes a processor and communication and is associated with a database having given characteristics. The database stores information on subjects. The node is further associated with demographic index and query catalog. The processor and communication being configured to perform the following, including: placing or receiving a query in respect of one or more subjects, accessing the demographic index and query catalog for determining a remote node in the network, if any, such that the database of each one of the nodes stores information on the subjects and determining a query format that meets the respective data characteristics of the database of each node.