Medical University of South Carolina (MUSC) is one of the top research universities in the United States. More than 17,000 people, including physicians, students, and researchers, access the MUSC network. They rely on e-mail supported by Microsoft Exchange Server 2007 to stay in contact and use Microsoft Office SharePoint Server 2007 to collaborate and to grow their professional network. Though MUSC relied on another vendor’s security products to keep its network healthy, it responded to up to 30 malicious software incidents daily and spent hours re-imaging infected computers and medical devices. It implemented Microsoft Forefront Protection 2010 for Exchange Server and Forefront Protection 2010 for SharePoint and, as a result, helped improve patient care, enhanced security of its collaboration environment, improved network protection, and reduced costs.
Founded in 1824, Medical University of South Carolina (MUSC) is one of the top health-sciences centers and has one of the top 10 cardiovascular centers in the United States. MUSC comprises a 700-bed medical center and six colleges; has 13,000 full-time employees, including physicians, researchers, professors, and administrative staff; and trains 2,600 medical students annually.
The role of information technology at MUSC is that of a facilitator. The IT department’s goal is to improve scholarship and healthcare by using technology to support advances in knowledge discovery, knowledge transfer, and patient care. As part of its responsibilities, the IT department maintains the systems that hold sensitive data, such as students’ personal information, patients’ medical histories, and credit card numbers used for tuition and healthcare. It also supports the 12,000 managed and unmanaged desktop and portable computers that access its network. More than 17,000 people access the MUSC network, including part-time staff and students.
||Forefront is the life support of our security environment and we … are now providing [people] with the collaboration and messaging environment they need to continue to give unparalleled care to patients.
Endpoint Security Engineer, Medical University of South Carolina
The IT department at MUSC also manages the university’s messaging and collaboration environment. It uses the Microsoft Exchange Server 2007 e-mail messaging and collaboration software as a foundation to connect physicians, researchers, professors, and staff. These users access e-mail and calendars through the Microsoft Office Outlook 2003 or Office Outlook 2007 messaging and collaboration client, or, for remote workers, through Microsoft Office Outlook Web Access with a Web browser. In addition, MUSC is upgrading to Microsoft Exchange Server 2010. In April 2010, the university supported 3,000 users on Exchange Server 2010 and planned to upgrade across the entire university by the end of 2010.
To further achieve its mission, MUSC implemented Microsoft Office SharePoint Server 2007 collaboration software. With Office SharePoint Server 2007, people can search by author, last-modified date, and document contents and find relevant results almost immediately. The entire medical university uses Office SharePoint Server to share critical information: the IT department manages work schedules, project documentation, and its knowledge base; colleges use it to post classroom resources, such as syllabi; and researchers use it to share the latest medical research that benefits the greater medical community and, in the end, plays a part in saving people’s lives. MUSC plans to continue to enhance its critical collaboration environment by upgrading to Microsoft SharePoint Server 2010 by the end of 2010.
Despite having a critical messaging and collaboration solution in place, the IT department at MUSC faced security challenges that put its rich technology solutions at risk.
To resolve malicious software (malware) incidents, the network security team at MUSC would send a field engineer to the infected computer and re-image the machine. Re-imaging was a slow process that could take up to two hours for the engineer to resolve, a time-consuming process that not only took employees away from their tasks, but also, in the case of a medical device, could leave physicians and nurses without the critical equipment they use to improve patients’ health. With up to 30 incidents each day, MUSC lost up to 120 hours daily to resolving malware incidents.
In addition, though MUSC had in place a security solution that could scan and block content, such as executables in e-mail messages, it sought a solution that would offer enhanced protection against other e-mail–based threats. In one instance, the IT department found that a phishing URL was circulating via e-mail messages, so the department had to manually search its e-mail environment to track down the 500 instances of the URL reaching inboxes.
The IT department at MUSC sought a solution that would help protect its collaboration and messaging environment from malware and other threats; it wanted to prevent specific content or file types from being uploaded and spread across its network. “Having a solid environment where people can collaborate and share knowledge is the center of our goal in the IT department,” says Robbie Townsend, Team Leader for the Managed Desktop and Endpoint Security Teams at MUSC. “But the thing about collaboration is that if it’s not a secure environment, what you end up with is people sharing viruses and other malware. This not only poses significant threats to intellectual property and opens the door to plagiarism, but it also poses tangible threats to our entire network.”
Medical University of South Carolina signed an Enterprise Client Access License (CAL) agreement with Microsoft, which includes licenses for Microsoft Forefront client security products at no additional cost. “Even though Forefront products are included in our CAL agreement, it really goes beyond money and comes down to ‘does it work?’” explains Clay Taylor, Endpoint Security Engineer at MUSC. “After seeing Forefront in action, the answer is ‘yes it does.’” In July 2008, the company also joined the Microsoft Forefront Technology Adoption Program, began testing several Forefront products to help strengthen its messaging and collaboration environment, and eliminated the other antivirus vendor’s products that it was using for security.
The IT department at MUSC implemented Microsoft Forefront Protection 2010 for Exchange Server, which it uses to provide malware protection across servers that run Exchange Server 2007. With Forefront Protection for Exchange Server, MUSC can block out-of-policy content and can quickly and effectively detect and quarantine spam and malware before it reaches the network. It will also use Forefront Protection for Exchange Server to help protect servers that run Microsoft Exchange Server 2010, which the university is currently evaluating.
The university also deployed Microsoft Forefront Protection 2010 for SharePoint to help protect its SharePoint sites that are critical for collaboration. Because Forefront Protection for SharePoint integrates multiple scan engines from industry-leading vendors and content controls, MUSC can protect its collaboration environment by preventing documents that contain malicious code, confidential information, or inappropriate content from being uploaded to SharePoint sites hosted on its network.
||With Forefront, we are able to more quickly respond to malware incidents. And we have the highest confidence in the scan engines.
Team Leader, Managed Desktop and Endpoint Security Teams, Medical University of South Carolina
Deploying both Forefront Protection for Exchange Server and Forefront Protection for SharePoint was simple and straightforward. “Everything was wizard-based,” explains Townsend. “We used the wizards, quickly configured some rules—including disallowing executable files—and configured alerts for end users. That was all it took to get us up and running to secure our messaging and collaboration environments.” MUSC deployed Forefront Protection for Exchange Server and Forefront Protection for SharePoint across its entire environment, serving all 12,000 of its managed computers.
MUSC uses Active Directory Domain Services, running on the Windows Server 2003 and Windows Server 2008 R2 operating systems with 64-bit support, to control identity-based access to its SharePoint sites. The IT department populates the Active Directory service with its SharePoint security groups, which defines which users have access to which workspaces, documents, and other resources on SharePoint sites—helping ensure that the right people have access to the right information. To further protect access and maintain the integrity of its security-enhanced collaboration environment, MUSC is testing Active Directory Rights Management Services, which it will use to automatically apply and enforce encryption policies through configurable administrator definitions.
Because MUSC has both managed and unmanaged client computers that access its network, the university also implemented Microsoft Forefront Threat Management Gateway 2010, using it as a Web proxy to help protect servers that run on Exchange Server and Office SharePoint Server from Internet-based attacks. “We keep it as simple as possible,” says Townsend, “so all Exchange Server and SharePoint Server traffic, whether inside or outside of the network, goes through Forefront Threat Management Gateway.”
As a result of implementing Forefront Protection 2010 for Exchange Server and Forefront Protection 2010 for SharePoint, along with Forefront Threat Management Gateway, Medical University of South Carolina has improved the care it offers its patients in its medical facilities. At the same time, MUSC provided a security-enhanced collaboration environment for users, enhanced network protection, and reduced costs. “Forefront is the life support of our security environment and we are confident that we are now providing physicians, nurses, researchers, and students with the collaboration and messaging environment they need to continue to give unparalleled care to patients,” says Taylor.
Improved Patient Care
By reducing malware incidents, MUSC staff do not have to take away valuable time spent with patients and can, in turn, provide even better patient care. MUSC IT personnel are able to better protect the network from malicious code that can take over a client computer or a medical device, which ensures that critical systems stay up and running. “We use electronic patient records, so the computer is everything,” explains Taylor. “If a computer is down for re-imaging because of a malware infection, that physician or nurse might have to go back to paper records on a temporary basis, or walk further down the hall away from the patient to process a record—that’s critical time away from our patients. The healthier our network, the more we can improve patient care, and Forefront helps us do that.”
As a result of implementing Forefront Protection for SharePoint, the IT department at MUSC is able to fulfill its mission and facilitate an environment where nurses, doctors, staff, and students can collaborate and collectively provide top-quality patient care and make positive contributions to the latest in medical research. The IT department is confident that it is providing a rich collaborative environment and, that by using Forefront Protection for SharePoint, has eliminated a potential source of malware. At the same time, end-users are confident that their research and other critical information are better protected.
Enhanced Network Protection
By taking advantage of multiple scan engines in Forefront Protection for SharePoint, MUSC is able to detect viruses and other malware more accurately and consistently, whereas previously, the organization responded to 30 incidents each day. “With Forefront, we are able to more quickly respond to malware incidents,” explains Townsend. “And we have the highest confidence in the scan engines. It says a lot when a company brings together the best scan engines, even from third-party vendors—it gives us the confidence that we’re doing everything we can to protect our collaboration environment.” With faster detection rates, IT personnel at MUSC are able to quickly detect potential threats and take immediate action to thwart attacks before they threaten the network.
MUSC has also reduced its malware incidents, which, at 30 incidents each week previously, had a significantly negative impact on IT efficiency, employee productivity, and network performance because IT personnel had to re-image each computer every time there was a malware incident. MUSC has reduced malicious software incidents by 45 percent to save about 108 hours each month for IT personnel who can now focus on more strategic initiatives.
MUSC has reduced costs as a result of implementing Forefront products for its security-enhanced messaging and collaboration environment, as well as its broader security strategy. By significantly reducing malware incidents from spreading through the servers that run Exchange Server and Office SharePoint Server and then onto client computers, MUSC saved 108 person hours each month, in addition to support costs. This includes overtime for IT personnel who previously had to work after hours and on the weekend to triage and resolve malware incidents.
In addition, by taking advantage of its Enterprise CAL agreement with Microsoft and replacing its other vendor’s licenses with Forefront products, MUSC will save U.S.$200,000 annually on licensing costs.
Microsoft Forefront Product Portfolio
The Microsoft Forefront comprehensive line-of-business security products provides greater protection and control through integration with your existing IT infrastructure and through simplified deployment, management, and analysis. Forefront is a comprehensive solution that helps provide protection for the client operating system, application servers, and the network edge.
For more information about the Forefront product portfolio, go to:
For More Information
For more information about Microsoft products and services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Information Centre at (877) 568-2495. Customers who are deaf or hard-of-hearing can reach Microsoft text telephone (TTY/TDD) services at (800) 892-5234 in the United States or (905) 568-9641 in Canada. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information using the World Wide Web, go to:
For more information about Medical University of South Carolina products and services, call (843) 792-2300 or visit the Web site at: