4-page Case Study - Posted 2/21/2008
Views: 1877
Rate This Evidence:
Healthcare Company Simplifies Management, Boosts Protection with New Security Solution
Allina Hospitals & Clinics, based in Minnesota, is a large network of hospitals and healthcare facilities. Thousands of Allina employees use a computerized data system to access patient medical records. However, the workstations associated with this system were not well-protected against spyware and other security threats. Also, the security solution in place at Allina did not integrate with the IT environment, and administrators had difficulty determining which updates had been installed. To solve these problems, Allina deployed Microsoft® Forefront™ Client Security with Forefront Client Security Enterprise Manager. The organization can now centrally manage security and deploy Forefront Client Security on all computers, which simplifies administration and saves time. This new solution also provides Allina with improved system protection and higher IT visibility.
Situation
Allina Hospitals & Clinics, headquartered in Minneapolis, Minnesota, is a system of hospitals, clinics, and other healthcare services in Minnesota and Wisconsin. The organization has more than 23,000 employees, who work in 11 hospitals, 75 health clinics, and at other healthcare facilities.
 |
I don’t have as many manual tasks to worry about now. I am saving five hours each week on the policy management process, for example, because of Forefront Client Security Enterprise Manager.  |
|
|
Andrew Julian
Lead Operating Systems Programmer
Allina Hospitals & Clinics |
|
|
The Minneapolis-based Allina IT department has 321 employees, who manage 887 server computers and all 24,000 personal computers in the company. The IT infrastructure is standardized on the Windows Server® 2003 Enterprise Edition operating system. Allina also uses Microsoft® Exchange Server 2003 to manage e-mail messaging, as well as the Active Directory® service and Group Policy to assign policies and to apply updates across the entire network. The majority of Allina employee computers run the Windows® XP Professional operating system.
Network security is critical for Allina, particularly because of the company's electronic medical record (EMR) system. Nearly 18,000 Allina employees, including physicians, medical coders, and patient-billing employees, use computers at 100 different Allina locations to access this system. The EMR system captures important medical information during patient registration and treatment. Under strict security, doctors and nurses use the system at workstations or at patients’ bedsides to access updated data. “A doctor can use a computer to retrieve a patient’s complete history through this system,” says Brad Myrvold, Desktop Manager, Allina Hospitals & Clinics.
Making sure that the EMR system is protected from outside threats is critical for Allina, especially because the healthcare industry has stringent data protection laws and requirements. “We have confidential patient data, and we must protect that,” says Andrew Julian, Lead Operating Systems Programmer for Allina Hospitals & Clinics. Unfortunately, the computers used for the Allina EMR system were susceptible to security threats such as malicious software and spyware. “As a healthcare institution, we can be held liable for lost or stolen patient data,” says Myrvold. “It’s very important that we secure the system.”
To protect the IT environment, Allina had been using a set of security software tools. However, that software proved to be unreliable. “First of all, that solution was not aware of our Active Directory service, which was problematic for us,” says Julian. “That made it difficult to determine which updates and patches we had installed.” Additionally, the solution lacked reliable reporting capabilities.
Other problems occurred when the solution tried to scan the system for the presence of viruses. “The virus signatures, or fingerprints,
that the solution scanned for were very large files and consumed an unacceptable amount of network resources to deliver,” says Julian. “In fact, in some cases the solution slowed the entire network trying to download those signatures to the point of making the network unusable.”
Because Allina is currently acquiring several new regional health clinics, it will soon need to secure an additional 3,000 employee computers. “It was very important that we find a new solution because of this growth,” Julian says. In December 2006, Allina began to search for a solution that would prevent security threats and provide comprehensive IT management.
Solution
While searching for a new solution, Allina learned about Microsoft Forefront™ Client Security. Forefront Client Security helps to protect computers and server operating systems against spyware, viruses, worms, and malware—malicious software. The solution also gives Allina the ability to centrally manage client security and to provide automated updates and systems reporting.
|
I can do everything from one place with Forefront Client Security Enterprise Manager, whether that means deploying Forefront Client Security on new computers or setting and managing policies. |
|
|
Andrew Julian
Andrew Julian
Allina Hospitals & Clinics |
|
|
Allina was particularly attracted to the product’s ability to provide centralized management capabilities, as well as its tight integration with Windows-based IT environments. In addition, Allina was interested in taking advantage of the solution’s automated updates and systems reporting features. The organization deployed Forefront Client Security to all 23,000 client machines in January 2007.
Allina also deployed Forefront Client Security Enterprise Manager, which gives IT administrators the ability to centrally manage multiple Forefront Client Security deployments within their enterprise environment.
Allina deployed Enterprise Manager in November 2007 in a single-server topology, using the organization’s existing Active Directory service. “Deploying Enterprise Manager took less than two days,” says Julian.
During its deployment of Forefront Client Security, Allina also implemented Microsoft Operations Manager 2005, which helps administrators to monitor and manage computers that use Forefront Client Security. “With this new deployment, we installed Operations Manager 2005 connectors on the down-level server computers and pointed those to the new server computer,” Julian says.
Using Forefront Client Security Enterprise Manager, Allina can manage all 23,000 computers running Forefront Client Security from one central console. Allina IT professionals can use manage Forefront Client Security policies and to initiate enterprisewide antivirus and anti-malware scanning from this one location.
Forefront Client Security Enterprise Manager also aggregates reporting and alerting data from each configured Forefront Client Security deployment throughout Allina. This aggregated information gives Allina administrators a way to centrally view updated reports on all of the organization’s Forefront Client Security deployments.
Benefits
Allina Hospitals & Clinics received the 2007 Davis Award for health care organizations for its advanced medical records system. The award—one of the most prestigious in the industry—is presented annually by the Healthcare Information and Management Systems Society. The Microsoft Forefront Client Security solution makes several significant contributions to the supporting infrastructure of this award-winning system.
For example, by using Forefront Client Security with Forefront Client Security Enterprise Manager, Allina Hospitals & Clinics can use the one central console to easily manage all the computers protected by Forefront Client Security. The solution integrates tightly with existing Microsoft products, provides simplified administration, and reduces the time and cost spent on management overall. Forefront Client Security, combined with Enterprise Manager, also gives Allina improved protection and increased IT visibility.
Easy, Centralized Management
With the centralized management console of Enterprise Manager Allina IT employees easily manage the 23,000-plus computers that run Forefront Client Security. “I can do everything from one place with Forefront Client Security Enterprise Manager, whether that means deploying Forefront Client Security on new computers or setting and managing policies,” says Julian. He can also now more easily update the organization’s growing number of computers deployed with Forefront Client Security.
|
When we first deployed Forefront Client Security, we discovered that we had at least four times as many infections as we thought. Since then, we have seen a downward trend in the number of computers infected. |
|
|
Andrew Julian
Lead Operating Systems Programmer
Allina Hospitals & Clinics |
|
|
Simplified Administration and Integration with Infrastructure
Tight integration with the Allina Windows-based IT environment is another advantage of Forefront Client Security. “It’s integrated with our Active Directory service and other Microsoft technologies, whereas our previous solution was not,” states Julian. “That makes the overall security of the IT infrastructure easier to manage. With this environment, everything is smoother and we have much greater control than before.”
Also, with the Forefront Client Security Enterprise Manager central management console, Allina IT staff members have a simpler way to administer the Forefront Client Security environment. “By using Forefront Client Security Enterprise Manager, I only need to change policies in one place,” says Julian. Previously, Julian had to make policy changes in three separate topologies. “That redundancy is gone now,” he says. “And policy management is already automated with Forefront Client Security, so it’s much simpler to administer policy settings than before.”
Additionally, Operations Manager 2005 integrates fully with Enterprise Manager and Forefront Client Security, giving Allina more alerting capabilities. “I can use the alerts I get from Operations Manager 2005 and integrate them with tasks and configurations for Forefront Client Security,” he says. “This helps to simplify administration overall.”
Timesavings
Because Forefront Client Security uses automated features that provide security-threat analysis from multiple data sources, Allina IT employees have fewer manual, time-consuming tasks. As a result, the company is saving time that had been spent on administration duties. “I am saving five hours each week on the policy management process, for example,” says Julian.
Also, the user interface for the Enterprise Manager console is similar to that of the Forefront Client Security console, so Allina IT employees will not have to spend additional time training other staff members. “The Enterprise Manager interface is very easy to work with, because it looks and feels so much like the console we were already using,” remarks Julian. “Nothing new really needs to be learned in terms of operation.”
Increased IT Visibility and Control
Allina also has increased IT system visibility, with the aggregated reports and alerts made possible by Enterprise Manager. Allina administrators now have a central view of up-to-date reports on all Forefront Client Security deployments. “Because of Forefront Client Security Enterprise Manager, I can see how well Forefront Client Security is working overall, as opposed to having to look at individual computers,” says Julian. “From one location, I can view the number of computers that need antivirus updates, for example. I no longer need to study three different sources to add up the numbers. This really gives us higher visibility than we ever had.”
Forefront Client Security, too, contains reporting capabilities that increase visibility into the Allina IT environment. For example, the solution produces detailed security reports that are summarized in a dashboard view. . “Because of those capabilities and the centralized management of Forefront Client Security Enterprise Manager, we are really able to have better control over security threats to Allina,” says Julian.
Improved, Unified Protection
Forefront Client Security gives Allina improved protection from spyware, viruses, and other threats through regularly scheduled scanning. “When we first deployed Forefront Client Security, we discovered that we had at least four times as many infections as we thought,” says Julian. “Since then, we have seen a downward trend in the number of computers infected.” And because Enterprise Manager eases management and administration, protection is even better. “With Forefront Client Security Enterprise Manager, we have a tool that helps us to more effectively reduce the number of viruses and missing updates in the environment,” he says.
“Because of Forefront Client Security and Forefront Client Security Enterprise Manager, we can be more proactive about security at Allina,” says Julian. “Before these solutions were in place, our EMR system was frequently impacted by viruses and other threats. However, we now receive far fewer calls about such incidents.”
The desire to be proactive in keeping the hospital and clinic computers is important to Julian. So when he learned about the new Network Access Protection (NAP) feature in the Windows Server® 2008 operating system, he was intrigued. He understood that this new feature could extend security to network jacks that were located in public areas, such as conference rooms. This feature would help protect the network from the threat posed if any compromised computers connected through those jacks. So when Julian heard that Microsoft was working on a way for Forefront Client Security and NAP to work together, he signed up for a beta program.
Julian received the Microsoft Forefront Integration Kit for Network Access Protection (www.microsoft.com/fcsnapkit), and it was just what he was looking for. Allina can now create—and enforce—the policy that any computers that connect to a conference-room jack have an up-to-date installation of Forefront Client Security. All computers that fail to comply are placed into a managed network zone that provides them with Internet access, but protects the assets of the intranet. “Now, Forefront Client Security has truly given us improved, unified protection for our client computers,” says Julian. “It’s an exceptional solution.”
For More Information
For more information about Microsoft products and services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Information Centre at (877) 568-2495. Customers who are deaf or hard-of-hearing can reach Microsoft text telephone (TTY/TDD) services at (800) 892-5234 in the United States or (905) 568-9641 in Canada. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information using the World Wide Web, go to:
www.microsoft.com
For more information about Allina Hospitals & Clinics products and services, visit the Web site at:
www.allina.com
Microsoft Forefront Product Portfolio
The Microsoft® Forefront™ comprehensive line of business security products provides greater protection and control through integration with your existing IT infrastructure and through simplified deployment, management, and analysis. Forefront is a comprehensive solution that helps provide protection for the client operating system, application servers, and the network edge.
For more information about the Forefront product portfolio, go to:
www.microsoft.com/forefront
This case study is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
Document published June 2008
