IAG technology: gateway to security
Like their commercial counterparts, NHS trusts need to provide fast, controlled and secure access to data for their increasingly mobile workforces. Microsoft’s Intelligent Application Gateway (IAG) provides them with a solution that also extends the life of existing IT investments.
Whale Communications, which was acquired by Microsoft in June 2006, is a leading developer of solutions for extending the availability of network resources.
Its Intelligent Application Gateway (IAG) is an “edge” solution that gives mobile and remote workers secure and controlled access to data over an Internet connection.
Inside the Whale
"IAG enables us to provide remote access services to several trusts."
“Essentially, the IAG sits on the perimeter of a network and provides access to applications and information to people outside it, for example third party contractors and people working from home,” says Andrew Lintell, IAG business manager, Europe, Middle East and Africa.
As its name implies, these include securely managing access to applications and resources from any connected device in the world, providing a flexible working environment with maximum information availability to today’s distributed workforce.
“It does this by using the secure socket layer (SSL) of a web browser; effectively, it lets you create an encrypted link [between an application and a device], using a web browser.”
What differentiates IAG from similar remote access technologies, is the concept of contextual-based access. The IAG platform will tie together and enforce a policy based on who you are, where you’re coming from and the type of application you want to access. This “intelligent access” is formed from a series of policies which relate to an individual’s role, the device they are accessing from and the application they want to use. These three main factors will then decide which specific parts and tasks within these applications the user is able to interact with.
IAG also provides a framework for IT administrators to control who has access to applications and information and what they can do with it. Mr Lintell argues that this is particularly useful for NHS trusts.
“What a consultant needs to see may well differ from what an anaesthetist or ward sister needs to see,” he says. “You can also set a policy so that, for example, a ward sister can edit a document while the nurses working with her will only be able to read it.”
"IAG is also a scaleable platform. This means that organisations can steadily increase the number of applications it works with - which do not have to be from Microsoft - and add new services and features."
Indeed, administrators can control the “look and feel” of applications. Users who have limited rights within a particular system may not see some of its functions, or have them “greyed out”.
Working assets
IAG also knows what is going on inside IT systems and “learns” which user instructions are safe and which are not - which is why it’s called an “intelligent” gateway. This means it can quickly work alongside a trust’s existing computer applications.
“Trusts get more value from the IT they’ve already bought,” says Mr Lintell. “NHS trusts are realising that they need to ‘sweat their assets’ a bit more, and this helps them do that. Instead of making endless changes to the applications they already have, they can change what people can do with them.”
IAG is also a scaleable platform. This means that organisations can steadily increase the number of applications it works with - which do not have to be from Microsoft - and add new services and features.
“You end up with a kind of mushroom effect, where the solution is initially bought for one application or department and ends up being used throughout the organisation.”
Working smarter
Other factors are making NHS trusts increasingly interested in mobile working. These include the government’s push to offer flexible working to employees and the imperative to deliver care closer to - or even in - patients’ homes.
"The technology is also included within Microsoft’s enterprise agreement (EA) with the NHS."
Brian Dunleavy, NHS business manager at Eurodata Systems, a leading integrator of the Microsoft IAG solution in the healthcare community, says: “IAG enables us to provide remote access services to several trusts."
“This means that, for the first time, medical professionals can use their organisation’s IT services from home as effectively as in their place of work.”
Compliance with government guidelines
However, any solution of this kind must comply with government and NHS guidelines on connectivity and security. Microsoft IAG meets the standards set by the NHS code of connection.
It has also received a CCT (CSIA claims tested) mark from the Central Sponsor for Information Assurance (CSIA), a unit of the Cabinet Office set up to safeguard IT and telecommunications.
The mark, as its name suggests, provides assurance that products do what they say they do: and Microsoft IAG is the only SSL VPN solution to have one.
No data left behind
Products must have various security features in place to meet such standards. Mr Dunleavy says a key one is “to prevent any residue remaining on local discs”; in other words, to ensure that no data is left behind on users’ devices.
IAG does this by “screen scraping.” No storable information is sent from inside the network to a users’ device: it cannot be “cached” (saved locally) for retrieval later. And at the end of a session, the information is “scraped” from the device that has been used to view it.
Mr Lintell says this is another feature of IAG that trusts should find particularly reassuring. “We worked with one trust that had set up a wireless network but found its staff were quite forgetful about the devices they used over it,” he says.
“We set up IAG so they had access to information on their ward, but when they left the ward the information was wiped. If they left their devices in their cars or in the pub, they would at least have no patient-identifiable information on them.”
Related Links