Friday, 21st September 2018

ANSecurity helps Nottinghamshire Healthcare complete successful PKI upgrade

SHA-1 to SHA-2 migration projects accelerate across NHS following growth of BYOD and internet connected systems.

ANSecurity has given details of a successful project with Nottinghamshire Healthcare NHS Foundation Trust to move to the SHA-2 cryptographic standard to help strengthen its security posture.

With over 12,000 computing devices and 500 servers under its management, Nottinghamshire Healthcare has maintained an ongoing strategy to continually improve its security controls. Most of its systems are used internally and unconnected to the internet. However, increased use of BYOD and more interconnection has prompted the IT department to instigate a migration of its PKI infrastructure to the newer SHA-2 (Secure Hash Algorithm 2), a set of cryptographic hash functions that is widely used in security applications and protocols, including TLS and SSL, PGP, SSH, S/MIME, and IPsec.

“SHA-1 has been depreciated in terms of its security capability, however not all our applications or servers natively supported SHA-2 which meant we needed to consider the upgrade with the context of a wider application server upgrade,” explains Andy Spencer, System Team Leader for Nottinghamshire Healthcare, “It is a significant project that we felt could benefit from dedicated security expertise for which we turned to ANSecurity.”

ANSecurity helped the Trust to overcome the complexity of its legacy PKI, along with dependencies on existing services including mobile device onboarding and remote access control. As Jason Parry, Network Security Architect for ANSecurity explains, “We discussed at length with Andy and his team the merits of several deployment scenarios to determine the best course of action. Next, we agreed a process with various business groups who consume PKI and once ratified completed our standard scope of works documentation with pre-requisites to streamline the deployment.”

The actual project was driven by the Nottinghamshire Healthcare’s IT department under guidance from ANSecurity to ensure high levels of knowledge transfer. The entire migration project including legacy operating systems migration and remediation of weaknesses within the SHA-1 signatures took just 3 days, leading to improved security posture without any disruption to its 24/7 operations.

“Any organisations with a legacy windows PKI environment need to perform something similar,” Parry explains, “This may not require a wholesale replacement and in many cases, it might be applicable to perform a simpler migration to new servers along with an upgrade that renews existing PKI infrastructure.”

ANSecurity have performed dozens of these projects over the last 24 months and has a significant number planned for the next year. “The NHS with its large number of legacy systems is a sector that is rapidly moving to SHA-2,” says Parry. “Busy IT staff that may have overlooked these types of projects due to the complexity of legacy applications servers should not be overly concerned as the process for migration is relatively straightforward and uses a well understood process.”

ManageEngine, the real-time IT management company, is launching Browser Security Plus, a browser ma...
Industry veteran Roy Pickard has joined Flashpoint as channel sales manager for Europe, the Middle...
Exabeam and SecureAuth + Core Security have formed a collaborative relationship to secure enterpris...
Thycotic has released the findings from its 2018 Black Hat conducted survey of more than 300 hackers...
Tenable's  research team has discovered a zero-day vulnerability which would allow cybercriminals to...
Organisations say protecting client information is the highest priority.
Banca di San Marino safeguards its private and corporate banking operations with Juniper Networks’...
Through ongoing integration development with RapidFire Tools, Kaseya also announces Kaseya Complian...