Shared service model improves security and accessibility while dramatically reducing licencing costs and management complexity.
ANSecurity has given details of a successful project involving all of the NHS operating groups within Lincolnshire that has moved from an expensive legacy remote access solution to a new platform that has dramatically reduced licencing costs while improving access to more sites, across a wider range of devices with simplified management requirements.
The unified remote access service deployed by ANSecurity is shared within a community of interest network (COIN) between the United Lincolnshire Hospitals NHS Trust (ULH), Lincolnshire Community Health Services NHS Trust (LCHS) and Lincolnshire Partnership NHS Foundation Trust (LPFT) serving over 2000 users at 111 sites spread across the county.
The transformational implementation in late 2016 was delivered by ANSecurity for ULH as a multi-phase project to redesign parts of its core infrastructure to improve the flexibility of its secure remote access and reduce costs. ANSecurity’s “Co-Driver” approach means that through the solution design phase and on-going management process, both groups agree to take responsibility for different aspects such as failover testing, configuration management, bespoke training and supporting ULH in meeting its compliance requirements.
The project uses a high availability deployment of Pulse Secure ‘Connect Secure’ virtualised appliances that includes a license server to enable the organisations to define additional licenses as either Network Access Control (NAC) or Secure Socket Layer (SSL) connections to ensure future flexibility. The licensing server is based on concurrent users which allow the COIN to scale its licence requirements to better reflect the shift based working patterns within the NHS. The service based offering also includes a two factor authentication feature that is now available as a smartphone based App to further reduce management overheads associated with handling physical two factor authentication tokens.
“Our legacy solution was temperamental in terms of reliability and had difficulty working with some of our sites and was not liked by our users,” explains Ian Baldam, Deputy Director of Informatics at Lincolnshire Partnership NHS Foundation Trust, “The licensing model also meant that it was proving expensive to maintain and grow to meet the needs of our staff. We had looked at what ANSecurity and United Lincolnshire Hospitals NHS Trust had done for its users and based on a detailed evaluation – it looked like a perfect fit for our needs and our colleagues at LCHS.” Ian Baldam estimates that the new service will generate significant savings in licencing fees alone.
The jointly financed service is available to NHS staff across Lincolnshire and provides secure access to administrative and clinical systems such as Datix (incident reporting), Lilie (sexual health), expenses and the employee staff records and network shared drives. The service uses an SSL VPN authenticated by Network Access Control plus local device checking to ensure that users are logging in from devices that have an authorised operating system version along with ensuring each device uses encryption.
“From our point of view, we have a lot more remote workers who need access on the move and the old solution struggled to provide access in a reliable fashion,” explains Dan Dring, Acting Head of IM&T for Lincolnshire Community Health Services NHS Trust, “We are using more IT systems than ever before across the NHS and we need to be able to offer our staff reliable access to all applications 24 hours a day.” Dan Dring calculates that the move to the shared model will save LCHS between £30,000 and £40,000 a year in licensing and support costs.
Pulse Secure appliances are deployed at two separate sites for resiliency and maintained by the IT team at United Lincolnshire Hospitals NHS Trust who lead the project. “ANSecurity has been with us every step of the way in this project and the results have been fantastic,” says Jon Hill, Senior Network Engineer at ULH, “They have given us advice when we needed it, got people on site to help with implementation and training and made sure that we created a service that best serves our needs.”
Jon Hill notes that alongside much higher levels of satisfaction from users, reduced licensing costs and a wider range of supported devices and sites; management overheads have also significantly reduced. “Across the three organisations, we have fielded just two level 2 support calls in the last month in respect of the remote access services and both of those were resolved quickly with minimal effort.”
For the future, Jon Hill plans to adapt the local device checking policies to strengthen its security stance to combat threats such as Wannacry as well as moving the Pulse appliances to a clustered mode to allow it to scale up services to more users as added.
“For an organisation striving to make life easier for our staff, while also trying hard to ensure value for public money – it’s these types of projects and partners like ANSecurity that provide tangible savings while offering a real-world benefit that we need more of. We hope that other NHS organisations that are in a similar position to us can benefit from our experience and that other shared secure access services can deliver similar types of results,” Jon Hill adds.