Visibility, security and access drives NHS to NAC solution
Visibility, security and access drives NHS to NAC solution

Around 2,000 of the 36,000 users who accessed Sussex's Health Informatics Service (HIS) were doing so from unmanaged mobile devices.

Speaking to SC Magazine, Peter Ward, senior client devices engineer, IT services at Sussex HIS, said that offering services to NHS trusts, hospitals and others in the county meant it needed to be flexible to people's needs and secure third party access.

Deploying network access control (NAC), and selecting ForeScout's CounterAct solution, Ward said this technology allowed him to have visibility of who and what was connecting to its large WAN, more than the intrusion prevention system that he said "sent a report once a week and was reactive but not proactive".

He said: “We offer NAC-as-a-service so users can work with our community network and offer secure access in real-time. I think that we have to be restrictive with access so we are taking baby steps since we put this in to remediate devices and do an assessment of access control.

“We are also making sure that our partners are at a secure standard. It is not only devices; but so many things are connected, from a CT scanner to a dictaphone, so if we didn't highlight these things it could have dire consequences. NAC will highlight what the system will see.”

Ward said that data can be collected to create a trusted network of users, and he was currently working on a mobile device management system to integrate with the NAC.

Asked if mobile access was a challenge for the HIS, he said that it had detected that 2,000 unmanaged mobile devices were connecting to the network. “It is not much when you think about it, but when you think about what they are trying to access and also they cannot connect without Active Directory, so we like to know what devices are connecting,” he said.

“Some are corporate-owned, while others are personally-owned, so with the NAC we can move it into a third-party space to manage access so it is a lot more secure.”

Ward said that it doesn't offer ‘bring your own device' (BYOD) and it saw allowing mobile and tablet devices to be a sensible move, but better control and visibility was needed, which it got with NAC rather than IPS.

He also explained that it needed to be flexible to partners' needs, as if they were not they could use another service under a changed rule, so it needed to listen to what customers wanted and tailor services accordingly.

“Sometimes data needs to be accessed in under a minute, so it presents an interesting challenge for IT to balance security with spend and to trade-off risk, visibility and cost as if you do not get it right, there are potentially dire consequences,” he said.

ForeScout CounterAct provides Sussex HIS with visibility of all IP devices and users on its network and the ability for deeper inspection to highlight issues and potentially unwanted applications on those devices.

John Hagerty, EMEA sales director for ForeScout, said: “Healthcare environments incorporate a diverse range of hardware such as PCs, laptops, network infrastructure, medical equipment, as well as users that change daily.

“CounterAct enables organisations like Sussex HIS to monitor, in real-time, who and what devices are connecting to their network while also checking the compliancy of all endpoints and remediating any problems without disruption to service or end-users.”