Tuesday, October 09, 2018

How a Widely Distributed Dental Firm Protects Sensitive Data While Making It Highly Available

Transcript of a discussion on how a rapidly growing dental services company combined hyperconverged infrastructure with advanced security products to efficiently gain data availability, privacy, and security.

Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: Bitdefender

Dana Gardner: Welcome to the next edition of the BriefingsDirect  podcast series. I’m Dana Gardner, Principal Analyst at Interarbor Solutions, your host and moderator.

Gardner
Modern dentistry depends on more than good care. It also demands rapid access to data and applications. For a rapidly growing dental services company -- consisting of hundreds of dental offices spread across 10 American states -- the task of managing all of its data availability, privacy, and security needs started out as complex and costly.

The next BriefingsDirect security innovations discussion examines how Great Expressions Dental Centers found a solution by combining hyperconverged infrastructure (HCI) with advanced security products.

Here to share the story of how to best balance data compliance and availability requirements via modern IT infrastructure is Kevin Schokora, Director of IT Operations at Great Expressions Dental Centers in Southfield, Michigan.

Welcome to BriefingsDirect, Kevin.

Kevin Schokora: Thank you, Dana.

Gardner: What makes Great Expressions Dental Centers unique? How does that impact your ability to deliver data wherever your dentists, staff, and patients need it with the required security?

Schokora
Schokora: Our model is based on being dispersed in multiple states. Across those sites, we have many software packages that we have to support on our infrastructure. Based on those requirements, we were afforded an excellent opportunity to come up with new solutions on how to meet our patients’, doctors’, and customers’ needs.

Gardner: You have been in business since 1982, but you have really expanded a lot in the past few years. Tell me about what’s happened to your company recently.

Schokora: We found our model was ripe for success. So we have experienced tremendous growth, expanding to 275-plus sites. And going forward, we expect to expand by 62 to 100 new sites every year. That is our goal. We can do that because of the unique offerings we have, specifically around patient care and our unique software.

Gardner: Not only do you have many sites, but you allow your patients to pick and choose different sites -- if they need to cross a state border or move around for any reason, but that wide access requires you to support data mobility.

Snowbird-driven software

Schokora: It does. This all came about because, while we were founded in Michigan, some of our customers go to Florida for the winter. Having had a dental office presence in Florida, they were coming to our offices there and asking for the same dental care that they had received in Michigan.

So, we expanded our software’s capabilities so that when a patient has an appointment in another state, the doctor there will have access to that patient’s records. They can treat them knowing everything in the patient's history.

Gardner: Who knew that snowbirds were going to put you to the test in IT? But you have come up with a solution.

Schokora: We did. And I think we did well. Our patients are extremely happy with us because they have that flexibility.

Gardner: In developing your solution, you leveraged HCI that is integrated with security software. The combination provides not only high availability and high efficiency, but also increased management automation. And, of course, you’re able to therefore adhere to the many privacy and other compliance rules that we have nowadays.

Tell us about your decision on infrastructure, because, it seems to me, that’s really had an impact on the end-solution.

We were able to go from five server racks in a co-location facility down to one -- all while providing a more consistent services delivery model. We have been able to grow and focus on the business side.
Schokora: It did, and the goal was always to set ourselves up for success so that we can have a model that would allow growth easily, without having huge upticks in cost.

When we first got here, growing so fast, we had a “duct tape solution” of putting infrastructure in place and doing spot buys every year to just meet the demands and accommodate the projected growth. We changed that approach by putting a resource plan together. We did a huge test and found that hyperconverged would work extremely well for our environment.

Given that, we were able to go from five server racks in a co-location facility down to one – all while providing a more consistent services delivery model. Our offices have been able to grow so that the company can pursue its plans without having to check back and ask, “Can the IT infrastructure support it?”

This is now a continuous model. It is part of our growth acquisition strategy. It's just one more check-box where we don't have to worry about the IT side. We can focus on the business side, and how that directly relates to the patients.

Gardner: Tell us about the variety of data and applications you are supporting for all 275 sites.

Aligning business and patient records

Schokora: We have the primary dentistry applications, and that includes x-rays, patient records, treatment plans, and all of the various clinical applications that we need. But then we also have cumbersome processes – in many cases still manual – for coordinating that all of our patients’ insurance carriers are billed properly. We have to ensure that they get their full benefits.

Anywhere we can, we are targeting for more provider-payer process automation, to ensure that any time we bill for services or care, it is automatically processed.  That level of automatic payments eliminates the touch points that we would have to do manually or through a patient.

And such automation allows us, as we scale and grow, to not have to add as many full-time employees. Our processes can scale in many cases by leveraging the technology.

Gardner: Another big part of the service puzzle is addressing privacy and compliance issues around patient information. You have to adhere to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Payment Card Industry Data Security Standard (PCI DSS) nowadays. What were your concerns were when it came to balancing the availability of data with these compliance requirements?

Schokora: We had to ensure from an infrastructure perspective that we afford all of our customers -- including the software applications development team -- a platform that they can have confidence in, and we had to earn their trust. To that end, the HCI approach allowed us the capability to use encryption at rest, which is a huge component for compliance for HIPAA, PCI, and things of that nature.

The other benefit was to move our entire environment -- what I call a forklift of our entire data center. That allowed us to then review what I would call the sins of our past to ensure that any of that cobbled-together infrastructure is built with the security needed to meet all of the requirements of the customer. We can now plan on a top-down basis.

We just completed this project and we have made a lot of changes to that model to support a better and more secure infrastructure.

Gardner: Before you had a Swiss army knife approach to security. What was the problem with that approach? And what kind of performance tax came with that?

HCI scalability adds value

Schokora: To meet the needs of the business at the time, the Swiss army knife approach took us far. But as we ramped up our acquisition strategy and expanded Great Expressions, we found that this was not scalable to achieve our new business needs.

We needed to look at a couple of key pieces. One was automation, and two was how we revolutionized how we do things. Once we looked at HCI and saw the differences in how we used to do things – it was an easy decision.

We put our new plan through a proof of concept (POC) test. I had some people who were heavily invested in our former technology, but they begged for this new technology. They wanted to use it. They saw how it translated into a value-add for the customers.

Gardner: What was the story behind the partners and technology you chose?

The one thing that really stood out for us with Nutanix was their customer approach, their engagement, and how they ensured that they are a partner with us. They were there hand-in-hand with us.
Schokora: We looked at three different vendors. We were an existing VMware customer, so we looked at their solution. We looked at Hewlett Packard Enterprise (HPE) SimpliVity, and we looked at Nutanix. They were all very similar in their approach, they all had their strengths.

The one thing that really stood out for us with Nutanix was their customer approach, their engagement, and how they ensured that they are a partner with us. They showcased this through the POC process, throughout testing the equipment and environment. They were there, hand-in-hand with us, responding to our questions -- almost ad nauseam. They ensured that customer experience for us, just to make sure that we were comfortable with it.

They also had their own hypervisor, what all their virtual machines rest on; same as VMware has their own. There were some benefits in moving with that, and it also aligned into our backup strategy, with the product we use called Rubrik.

So given all of this, as a complete package, we felt that this was an opportunity that could not be passed up on. When we wrote the business case -- and this was the easy part at that point, showcasing the benefits over five years -- this solution easily won out from a cost perspective and aligned with the business requirements of growth. That alignment supported our whole business, not just IT. That was also critical.

Gardner: How quickly were you able to do the migration? How did it go across 275 sites and 4,000-plus workstations, laptops, and other client devices?

Well-managed migration

Schokora: This required a lot of testing. This was about us going through with planning, with the test migrations, working with our users to have maintenance windows, so that once we did move we could execute a fully developed test plan to ensure that our customers also signed off on, “Okay, yes, this works for me, this meets my requirements.” I thought that was key as well.

Going through it, we did experience some hiccups, things that impacted project events, and so we had to adjust our timelines. We still finished it before we thought we would. We were on a pace to beat our timelines by half.

Gardner: Wow.

Schokora: Yeah. It was great. We were moving at this rapid pace and then we discovered that there were some issues or some errors happening in some of our virtual servers and some of the ones that were rather big, and this kind of showcases that support from Nutanix.

So we had Nutanix on the phone. They were with us every step of the way. They took our logs and they evaluated them, and they quickly issued out patches to address some of the things that they noticed that could be better within their migration tool. So we had a positive effect on Nutanix as well, recognizing some of their opportunities and them quickly addressing them.

Once we implemented this new tool that was provided to us, we were able to move some of our extremely large systems over without impacting the customer outside of our maintenance windows. And we are talking, not necessary petabytes, but very close to it, with database servers and customer entry points into our dental software.

Gardner: And this is for 2,400 employees, but you only have an IT staff of 30 or so people?

Schokora: Correct. And you will hear the A word a lot: Automation. While we had some late nights, given the tools and some of the automation techniques that the vendors use, specifically Nutanix, we were able to get this done with limited staff and with the result of our board of directors personally thanking us, which was great.

Gardner: Not only did you consolidate and modernize your infrastructure, but you in a sense consolidated and modernized your approach to security, too. How did the tag team between Nutanix and your security vendor help?

A secure solution

Schokora: From a security perspective, we chose -- after a lengthy process of evaluation -- a Bitdefender solution. We wanted to attack our endpoints and make sure that they were protected, as well as our servers. In addition to having a standardized methodology of delivering patches to both endpoints and to servers, we wanted an organization that integrated with Nutanix. Bitdefender checked off all of those boxes for us.

So far the results have been fairly positive to overwhelmingly positive. One thing that was a positive -- and was a showstopper with our last vendor -- was that our file server was so big. We needed to resolve that. We couldn’t run our antivirus or anti-malware security software on our file server because it made it too slow. It would bog down, and even as we worked with the vendor at the time we could not get it passed to “green.”

With Bitdefender, during our POC, we put it on the [file server] just to test it and our users had no impact. There were no impacting events, and we were now protected against our biggest threats on our file server. That was one of the clear highlights of moving to a Bitdefender solution.

Gardner: And how important was Bitdefender’s integration and certification with Nutanix?

The integration between Nutanix and Bitdefender put them ahead. Leveraging encryption at rest was a huge win for us from a compliance standpoint.
Schokora: It was one of the strengths listed on the business case. That integration between Nutanix and Bitdefender was not a key decision point, but it was one of those decision points that if it was close between two vendors it would have put Bitdefender ahead. It just so happened, based on the key decision points, that Bitdefender was already ahead. This was just another nice thing to have.

Gardner: By deploying Bitdefender, you also gained full-disk encryption. And you extended it to your Windows 10 endpoints. How easy or difficult was it?

Schokora: Leveraging encryption at rest was a huge win for us from a compliance standpoint. The other thing about the workstations and endpoints was that our current solution was unable to successfully encrypt Windows 10 devices, specifically the mobile ones, which we wanted to target as soon as possible.

The Bitdefender solution worked right out of the box. And I was able to have my desktop support team run that project, instead of my network operations team, which was hugely critical for me in leveraging labor and resources. One team is more designed for that kind of “keep the lights on” activity, and not necessarily project-based. So I was able to leverage the project-based resources in a more efficient and valuable way.

Gardner: It sounds like you have accomplished a lot in a short amount of time. Let’s look at some of the paybacks, the things that allowed you to get the congratulations from your board of directors. What were the top metrics of success?

Timing is everything

Schokora: The metrics were definitely based on timing. We wanted to be wrapped up by the end of June [2018] in support of our new enterprise resource planning (ERP) system. Our new ERP system was going through testing and development, and it was concluding at the end of June. We were going for a full roll-out for our Michigan region at that time. The timing was critical.

We also wanted to make sure there were no customer-impacting events. We wanted to ensure that all of our offices were going to be able to provide patient care without impact from the project that was only going to be deployed during scheduled maintenance hours.

We were able to achieve the June timeframe. Everything was up and running on our new Nutanix solution by the third week of June. So we even came in a week early, and I thought that was great.

We had no large customer-impacting events. The one thing we will own up to is that during our IT deployment and maintenance window, the applications development team had some nightly processes that were impacted -- but they recovered. All cards on the table, we did impact them from a nightly standpoint. Luckily, we did not impact the offices or our patients when they wanted to receive care.

Gardner: Now that you have accomplished this major migration, are there any ongoing operational paybacks that you can point to? How does this shakeout so far on operational efficiency measurements?

Schokora: We now have had several months of measurements, and the greatest success story that we’ve had on this new solution has been a 66 percent cut in the time it takes to identify and resolve incidents when they happen.

If we have slow server performance, or an impacting event for one of our applications, this new infrastructure affords us the information we need to quickly troubleshoot and get to the root cause so we can resolve it and ensure our customers are no longer impacted.

That has occurred at least five times that I can recall, where the information provided by this hyperconverged solution and Bitdefender have given us the ability to get our customers back on track sooner than we could on our old systems.

Gardner: And this is doing it all with fewer physical racks and fewer virtual servers?

Schokora: Yes. We went from five racks to one, saving $4,000 a month. And for us that’s real money. We also do not have to expand personnel on my network operations team, which is also part of infrastructure support piece.

Now, as we’re preparing for even more expansion in 2019, I’m not going to have to ask for any additional IT personnel resources. We are now attacking things on our to-do lists that had always been pushed back. Before the “keep the lights on” activities always took priority. Now, we have time back in our days to proactively go after those things that our customers request from us.

Gardner: Because you have moved from that Swiss army knife approach, are there benefits from having a single pane of glass for management?

Know who and what’s needed

Schokora: Based on having that single pane of glass, we are able to do better resource evaluations and forecasting. We are better able to forecast availability.

So when the business comes back with projects -- such as improved document management, which is what’s currently being discussed, and such as a new learning management system from our training department -- we are able to forecast what they will demand from our systems and give them a better cost model.

From an automation standpoint, we are now able to get new virtualized servers up within seconds, whereas it used to take days. We have a window into more metrics, and are in a better place as we migrate off of legacy systems.
From an automation standpoint, we are now looking at how to get new virtualized servers up within seconds, whereas it used to take days. From a support of legacy systems standpoint, now that we have a window into more metrics, we are in a better place as we migrate off. We are not having lingering issues when we are moving to our new ERP system.

All of these things have been the benefits that we have reaped, and that’s just been in two months.

Gardner: Looking to the future, with a welcome change in emphasis away from IT firefighting to being more proactive, what do you see coming next?

Schokora: This is going to directly translate into our improved disaster recovery (DR) and business continuity (BC) strategies. With our older ERP system and that Swiss army knife approach, we had DR, but it was very cumbersome. If we ever had a high-impact event, it would have been a mad scramble.

This new solution allows us to be able to promise our customers a set schedule, that everything will be up in a certain number of days or hours, and that all critical systems will be online to meet their requirements. We never really had that before. It was hopes and prayers without concrete data behind how long we would need to get back up.

From a business continuity standpoint, the hyperconverged solution affords us the flexibility to leverage a hybrid cloud, or a secondary data center, in a way that my technicians feel, based on their testing, will be easier than our older approach.

Now, we haven’t done this yet. This is more for the future, but it is something that they are excited about, and they feel is going to directly translate into a better customer experience.

Being able to have Bitdefender provide us that single pane of glass for patching and to get critical patches out quickly also affords us the confidence in our compliance. For the latest assessment we had, we passed with flying colors.

There are some gaps we have to address, but there are significantly fewer gaps than last year. And other than some policies and procedures, the only thing we changed was Bitdefender. So that is where that value-add was.

Gardner: Any words of advice now that you have been through a really significant transition -- a wholesale migration of your infrastructure, security, encryption, new ERP system, and moving to a better DR posture. What words of advice do you have for other folks who are thinking of biting off so much at once?

Smooth transition tips

Schokora: Pick your partners carefully. Engage in a test, in a POC, or a test plan. Ensure that your technicians are allowed to see, hear, touch and feel every bit of the technology in advance.

Do yourself a favor and evaluate at least three different solutions or vendors, just so that you can see what else is out there.

Also, have a good relationship with your business and the business representation. Understand the requirements, how they want to accomplish things, and how you can enable them – because, at the end of the day, we can come up with the best technical solutions and the most secure. But if we don’t have that business buy-in, IT will only fail.

Gardner: I’m afraid we will have to leave it there. You’ve been listening to a sponsored BriefingsDirect discussion on how Great Expression Dental Centers combined hyperconverged data centers with advanced security products to solve their security and data-availability needs.

And we’ve learned how balancing compliance and availability requirements with new modern IT infrastructure can provide for greater automation, IT staff productivity, and allow for broad improvements in a very short amount of time.

Please join me in thanking our guest, Kevin Schokora, Director of IT Operations at Great Expressions Dental Centers in Southfield, Michigan. Thank you so much, Kevin.

Schokora: Thank you.

Gardner: I’m Dana Gardner, Principal Analyst at Interarbor Solutions, your host and moderator for this ongoing series of BriefingsDirect discussions.

Do follow me please on Twitter @Dana_Gardner and find more security focused podcasts at briefingsdirect.com. A big thank you also to our sponsor, Bitdefender, for supporting these presentations. A big thank you as well to our audience for joining. Please pass this on to your IT community, and do come back next time.
 
Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: Bitdefender

Transcript of a discussion on how a rapidly growing dental services company combined hyperconverged infrastructure with advanced security products to efficiently gain data availability, privacy, and security. Copyright Interarbor Solutions, LLC, 2005-2018. All rights reserved.

You may also be interested in: