Red flags - Internet Security

Communications News,  March, 2003  

• E-mail
• Print
• Link

Security concerns are the current "red flags" for many network and IT managers, and at the top of their "to do" lists. Preventing unauthorized access to enterprise networks from external or internal sources, and dealing with the problems associated with more sophisticated and diverse networks, as well as more sophisticated intruders, has increased the task difficulty for these managers. There seem to be as many solutions as there are challenges, especially where the Internet is concerned. Here are some of the solutions implemented successfully in enterprises.

Michael Knocke was a man on a mission. As applications manager at Via Christi Regional Medical Center, a multicampus acute-care facility based in Wichita, Kan. Knocke needed to provide about 1,000 physicians access to digitized radiological, film-less images. Via Christi had been incurring up to $70,000 monthly in film and courier costs and, in an effort to reduce that expense, decided to go digital.

Knocke wanted a way to extend physician access beyond the walls of the center's secure internal network. "Strong security and easy access were primary requirements," he explains. "It was important to pre serve the cost savings from going film-less, while enabling remote access, and critical to safeguard our network, while positioning it for the Health Insurance Portability and Accountability Act (HIPAA)." HIPAA sets national standards to protect privacy in electronic transactions in the health sector.

"We decided to go with a virtual private network (VPN) but it didn't take long before we realized that wasn't feasible," says Knocke. "The support issues became increasingly difficult. The physicians' own networks and firewalls were wreaking havoc on our VPN clients and we weren't staffed to support it."

Knocke estimates the VPN deployment would have cost about $60,000 annually. In addition, Knocke's six-person team was dedicating precious time it did not always have to the project.

Via Christi also was investigating how to provide its 4,000 Kansas-based employees secure remote access from any standard Internet browser to the corporate intranet, including email, human resources and other business-critical applications.

"When we began looking at ways to deliver our intranet outside the walls of the institution," Knocke says, "we came across Whale Communications, and realized we might be able to transmit the digital images through its remote-access product."

Knocke brought Whale's e-Gap Remote Access Appliance product in house to test and, after a month, Via Christi began implementing the solution. "We discovered that we could eliminate the (VPN) client altogether and provide technology that leveraged any regular Internet browser," he says. "But while the product allowed access to our intranet, in order to get a clear return on our investment we had to show that it would work just as well with digital images."

With the appliance in place, the physicians gained access to a portal specifically tailored to their needs, which includes digital images, lab results, clinical documentation and other patient information. Employees also can gain remote entry to the intranet. Both types of access are granted while adhering to the healthcare's stringent security requirements.

"Usability for the physicians was important, but what we really liked about the solution were the security features," offers Knocke. "The appliance limits the scope of what someone can access. The physicians can be any place they have Internet access and get the information they need."

The appliance solution is server--rather than client-based. It resides on the network's perimeter and required no changes to the healthcare system's infrastructure. The solution also leveraged Via Christi's existing strong authentication procedures.

"Because the appliance allows us to be physically disconnected from the outside world, we were even able to close some of the holes we had poked through our firewalls," adds Knocke. "And, the product is constantly filtering all communications to ensure that only legitimate URLs are processed."

The appliance, which physically disconnects the Internet from the LAN via an air-gap switch, allows applications to be accessed without connecting them to the Internet. This is accomplished by shuttling application-level data over the air gap in real time via dedicated hardware. This architecture, in addition to positive-logic rule sets that allow only expected URLs to pass, mitigates application--and network-level attacks to the corporate network.

Knocke estimates that after a onetime cost of $67,000 for the appliance, he is already saving $40,000 monthly in film and courier costs. "In addition, having a server-based solution makes it simple for us to add and manage users, freeing up our IT team to focus on other issues," he says. "And, the physicians now have 24/7 access to the information they need to serve their patients better."

For more information from Whale Communications: www.rsleads.com/303cn-252

COPYRIGHT 2003 Nelson Publishing
COPYRIGHT 2003 Gale Group