A Tale of Two Hospitals—How Dynamic Healthcare Economics in Belgium Hastens Need for Modern IT Efficiency

Transcript of a discussion on how two Belgian hospitals are adjusting to dynamic healthcare economics by leveraging the multilevel benefits of composable infrastructure and pay-as-you-go buying options for data centers.

Listen to the podcast. Find it on iTunes. Get the mobile app. Download the transcript. Sponsor: Hewlett Packard Enterprise.

Dana Gardner: Hello, and welcome to the next edition of the BriefingsDirect Voice of the Customer podcast series. I’m Dana Gardner, Principal Analyst at Interarbor Solutions, your host and moderator for this ongoing discussion on digital transformation success stories. Stay with us now as we learn how agile businesses are fending off disruption -- in favor of innovation.

Gardner

Our next data center agility interview explores how two Belgian hospitals are adjusting to dynamic healthcare economics to better compete and cooperate. We will now learn how a regional hospital seeking efficiency -- and a teaching hospital seeking performance -- are meeting their unique requirements, thanks to modern IT architectures.

Here to help us understand the multilevel benefits of composable infrastructure and software defined data center (SDDC) in the fast-changing healthcare field are our guests, Filip Hens, Infrastructure Manager at UZA Hospital in Antwerp, Belgium. Welcome, Filip.

Filip Hens: Thanks.

Gardner: We’re also here with Kim Buts, Infrastructure Manager at Imelda Hospital in Bonheiden, Belgium. Welcome.

Kim Buts: Thank you.

Gardner: What are some of the top trends disrupting the healthcare industry in Belgium? Filip, why do things need to change? Why do you need to have better IT infrastructure?

Hens: That’s a good question. There are many up-and-coming trends. One is new regulations around governance, which is quite important. Due to these new rules, we are working more closely together with other hospitals to share more data, and therefore need better data security. This is one of the main reasons that we need to change.

Hens

In Belgium, we have many hospitals, with some of them only a few kilometers apart. Yet there have been very few interactions between them.

New demands around augmentation of services means patient data are a growing concern. So it’s not only the needs of new governance but also the demand for providing better medical services across hospitals.

Gardner: Kim, how are the economics of healthcare -- of doing more with less -- an ongoing requirement? How are you able to conserve on the costs?

Buts: We are trying to do everything we can across the financial possibilities. We are constantly looking for good solutions that are affordable. The obligation to work in a [hospital] cluster provides us with a lot of new challenges.

A major challenge for us was around security. We have invested hugely in security. Many of the new applications are now shared across the hospital cluster. So we chose to take on the role of innovator. And to continue innovating, we have to spend a lot of money. That was not foreseen in the annual budget. So we took advantage of Hewlett Packard Enterprise’s (HPE’s) new financial services approaches, to make things happen much faster than usual.

How HPE Digital Solutions
Support Healthcare
And Life Sciences

Gardner: We’ll get back to some of those services, but I’d like to help our readers and listeners better understand this interesting combination of needing to compete -- that is to attract patients -- but at the same time cooperate and share data across hospital cluster. Filip, tell us about UZA and how you’re unique compared to a regional hospital. What makes you different?

Sharing is caring, and saving

Hens: Our main focus remains patient care, but for us it is not necessarily general medicine. It is more the specialist cases, for such things as specialized surgery. That is our main goal. Also we are a teaching hospital, so we have an emphasis on learning from patients and from patient data.

Gardner: You have unique IT and big data requirements from your researchers. You have more of an intense research and development environment, and that comes with a different set of IT requirements?

Hens: Yes, and that is very important. We are more demanding of the quality of the data, the need to gather more information, and to provide our researchers a better infrastructure platform.

That is one difference between a general hospital and a university hospital. A teaching facility has more complex patient analytics requirements, the need for complex data mining and stuff like that.

Gardner: Kim, how are you in your healthcare cluster now able to share and cooperate? What is it that you’re sharing, and how do you that securely to creating better healthcare outcomes?

Buts: A big difference for us is financial. Since we are a smaller hospital, we must offer a very broad portfolio of treatments. That means we need to have a lot of patients to then have enough income to survive. The broad offering, that portfolio of treatments, also means we are going to need to work more together with the other cluster members.

Buts

We are now trying to buy new IT equipment together, because we cannot afford to each buy for every kind of surgery, or for every kind of treatment. So we have combined our budgets together and we are hosting different things in our hospital that are then used by the other cluster members, too.

Financially, due to the regulations, we have less income than a university hospital. The benefits of education funding do not get to us. We only get income from patients, and that is why we need to have a broad portfolio.

Hens: Unlike a general hospital, we have income from the government and we also have an income flow from scientific research. It is huge funding; it is a huge amount. That is really what makes us different. That is why we need to use all of that data, to elaborate on scientific research from the data.

If not an advantage, it is an extra benefit that we have as university hospital. In the end, it is very important in that we maintain and add extra business functionality via an updated IT infrastructure. 

If we maintain those clusters well -- the general hospitals together with university hospitals -- then those clusters can share among themselves how to best meet patient needs, and concentrate on using the sparest amount of the budget.

Robust research, record keeping, required

Gardner: You are therefore both trying to grapple with the use and sharing of electronic medical records (EMR) applications. Are you both upgrading to using a different system? How are you going about the difficult task of improving and modernizing EMR?

Buts: One big difference between our hospitals is our doctors; they are working for the hospital on a self-employed basis at Imelda. They are not employees of the hospital as at UZA. The demands of our doctors are therefore very high, so we have to improve all of our facilities -- and our computer storage systems -- very fast.

We try to innovate for the doctors, so we have to spend a lot of money on innovation. That is a big difference, I think, between the university hospitals because the doctors are employees there.

Gardner: How does that impact your use of EMR systems?

How HPE Digital Solutions
Support Healthcare
And Life Sciences

Buts: We are in the process of changing. We are looking for a new EMR system. We are discussing and we are choosing, but the demands of the doctors are sometimes different from the demands of the general hospital management.

Gardner: Filip, EMR, is that something you are grappling with, too?

Hens: We did the same evaluations and we have already chosen a new EMR. For us, implementing an EMR is now all about consolidation of a very scattered data landscape, of moving toward a centralized organization, and of centralizing databases for sharing and optimization of that data.

There is some pressure between what physicians want and what we as IT can deliver with the EMR. Let’s just say it is an opportunity. It is an opportunity to understand each other better, to know why they have high demands, and why we have other demands.

That comparison between the physicians and us IT guys makes it a challenging landscape. We are busier with the business side and with full IT solutions, rather than just implementing something.

It is not just about implementing something new, but adaptation of a new structure of people. Our people rethink how everybody’s role is changing in the hospital, and what is needed for interaction with everybody. So, we are in the process of that transformation.

Gardner: What is it about the underlying IT infrastructure that is going to support the agility needed to solve both of your sets of problems, even though they are somewhat different?

Filip, tell us about what you have chosen for infrastructure and why composable infrastructure helps solve many these business-level challenges.

Composable confidence

Hens: That is a good question, because choosing a solution is not like going to the supermarket and just buy something. It is a complex process. We still have separation of data storage and computing power.

We still separate that kind of stuff because we want to concentrate on the things that really bring added value, and that are also trustworthy. For us, that means virtualization on the server and network platforms, to make it more composable.

A more software-defined and composable approach will make us more independent from the underlying hardware. We have chosen for our data center the HPE Synergy platform. In our opinion, we are ready because after many years as an HPE customer -- it just works.

For me, knowing that something is working is very important, but understanding the pitfalls of a project is even more important.

And for me, knowing that something is working is very important, but understanding the pitfalls of a project is even more important. For me, the open discussion that you can have with HPE about those pitfalls, of how to prepare for them and how to adapt your people to know what’s to come in the future -- that is all very important.

It’s not only a decision about the metal, but also about what are the weaknesses in the metal and how we can overcome that -- that is why we stick with HPE, because we have a good relationship.

Gardner: Kim, what are you doing to modernize, but also innovate around those all-important economic questions? How are you using pay-as-you-go models to afford more complex technology, and to give you advancement in serving your customers?

One-stop shopping

Buts: The obligations of the new hospital-cluster regulations had a huge impact on our IT infrastructure. We had to modernize. We needed more compute power and more storage. When we began calculating, it showed us that replacing all of the hard drives at one time was the best option, instead of spreading it over the next three to four years.

Also the new workload demands on the infrastructure meant we needed to replace it as fast as possible, but the budget was not available at our hospitals. So HPE Financial Services provided us with a solution that meant we could replace all our equipment with very short notice. We exchanged servers, storage, and our complete network, including our Wi-Fi network.

So we actually started with a completely brand new data center thanks to the financial services of HPE.

Gardner: How does that financing work? Is that a pay-as-you-go, or are payments spread over time?

Buts: It’s spread over the coming five years. That was the only solution that was good for us. We could not afford to do it any other way.

Gardner: So that is more like an operating costs budget than an upfront capital outlays budget?

We actually started with a completely brand new data center thanks to the financial services of HPE. We could not afford to do it any other way.

Buts: Yes, and the other thing we wanted to do was do everything with HPE -- because they could offer us a complete range of servers, storage, and Wi-Fi networking. That way we could reduce the complexity of all our work, and it guaranteed us a fast return on the investment.

Gardner: It is all more integrated, upfront.

Buts: Yes, that is correct.

Gardner: At UZA, what are you doing to even further modernize your infrastructure to accommodate more data, research, sharing, and security?

Hens: It is not about what I want to deliver; it is about what the business wants that we can deliver, and what we can together deliver to the hospital. So, for me, the next step is the EMR program.

So, implementing the EMR, looking for the outcomes from it, and offering something better to end-users. Then those outcomes can be used to further modernize the infrastructure.

That for me is the key. I will not necessarily say that we will buy more HPE Synergy. For me, the key to the process, as I just described, that is what will set the margins of what we will need.

Gardner: Kim, now that you have a new data center, where do you take it next in terms of people, process or even added technology efficiencies? Improved data and analytics, perhaps?

Cloud in the Cluster?

Buts: That is a difficult one because the cluster is very new for us. We are still looking at good ways to incorporate and decide where the data is going to be placed, and what services are going to be required.

It is still brand new for us, and we have to find a good way to incorporate it all with the different hospital cluster members. A big issue is how are we going to exchange the critical patient data, and how we are going to store it safely and securely.

Gardner: Is cloud computing going to be a part of that?

Buts: I do not know. Everything is “cloud” now so, maybe. I am not a huge fan of public cloud. If you can stay in a private cloud, yeah, then okay. But public cloud, I do not know. In a hospital, regulations are so strong and the demands are so high.

Gardner: Maybe a shared private cloud environment of some sort?

Buts: Yeah. I think that could be a good solution.

How HPE Digital Solutions
Support Healthcare
And Life Sciences

Hens: For public cloud in general, I think that is a no-go. But what we are doing already with our EMR, we can work together with a couple of hospitals and we can choose to build a private cloud at one of the sites at our hospitals.

You do not need to define it as a cloud. Really, it’s like public Internet cloud, but you have to make your IT cloud-aware and cloud-defined inside the walls of your hospital. That is the first track you need to take.

Buts: That is why in our hospital cluster, we chose to host a lot of new applications on the new hardware. It gave us the ability to learn and adapt quickly to the new innovations. And for the other hospitals, we are now becoming a kind of service provider to them. That was for us a big change, because now we are more a service level agreements (SLA)-driven organization than we used to be.

Gardner: I’m afraid we’ll have to leave it there. We have been exploring how two Belgian hospitals are adjusting to a dynamic healthcare and economics environment. They are both competing and cooperating. And we have learned how multi-level benefits of composable and software-defined data centers are helping them to meet many of their transformation requirements.

So please join me in thanking our guests, Filip Hens, Infrastructure Manager at UZA Hospital in Antwerp. Thank you.

Hens: Thank you also.

Gardner: And Kim Buts, Infrastructure Manager at Imelda Hospital in nearby Bonheiden, Belgium. Thank you.

Buts: Thank you very much.

Gardner: And a big thank you as well to our audience for joining us for this BriefingsDirect Voice of the Customer digital transformation success story. I’m Dana Gardner, Principal Analyst at Interarbor Solutions, your host for this ongoing series of Hewlett Packard Enterprise-sponsored interviews.

Thanks again for listening. Please pass this content along to your IT community, and do come back next time.

Listen to the podcast. Find it on iTunes. Get the mobile app. Download the transcript. Sponsor: Hewlett Packard Enterprise.

Transcript of a discussion on how two Belgian hospitals are adjusting to dynamic healthcare economics by leveraging the multilevel benefits of composable infrastructure and pay-as-you-go buying options for data centers. Copyright Interarbor Solutions, LLC, 2005-2018. All rights reserved.

You may also be interested in:

• How VMware, HPE, and Telefonica together bring managed cloud services to a global audience
• Retail gets a Makeover Thanks to Data-Driven Insights, Edge Computing, and Revamped User Experiences
• As enterprises face mounting hybrid IT complexity, new management solutions beckon
• How a large Missouri medical center developed an agile healthcare infrastructure security strategy
• How The Open Group Healthcare Forum and Health Enterprise Reference Architecture cures Process and IT ills 
• Get ready for the Post-Cloud World
• Philips teams with HPE on ecosystem approach to improve healthcare informatics-driven outcome 
• Inside story: How Ormuco abstracts the concepts of private and public cloud across the globe
• How Nokia refactors the video delivery business with new time-managed IT financing models
• Inside story on developing the ultimate SDN-enabled hybrid cloud object storage environment 
• How IoT and OT collaborate to usher in the data-driven factory of the future 

How a Large Missouri Medical Center Developed a Comprehensive Healthcare Infrastructure Security Strategy

Transcript of a how a large Missouri medical center developed a comprehensive healthcare infrastructure security strategy from the edge to the data center and everything in between.

Listen to the podcast. Find it on iTunes. Get the mobile app. Download the transcript. Sponsor: Bitdefender.

Dana Gardner: Welcome to the next edition of BriefingsDirect. I’m Dana Gardner, Principal Analyst at Interarbor Solutions, your host and moderator.

Healthcare provider organizations are among the most challenging environments to develop and implement comprehensive and agile security infrastructures. These are usually sprawling campuses with large ecosystems of practitioners, suppliers, and patient-facing facilities. They also operate under stringent compliance requirements, with data privacy as a top priority.

At the same time, large hospitals and their extended communities are seeking to become more patient outcome-focused as they deliver ease-of-use, the best applications, as well as up-to-date data analysis to their staffs and physicians.

This BriefingsDirect security insights discussion examines how a large Missouri medical center developed a comprehensive healthcare infrastructure security strategy from the edge to the data center -- and everything in between.

Yarbro

To learn how healthcare security can become more standardized and proactive with unified management and lower total costs, please join me now in welcoming Phillip Yarbro, Network and Systems Engineer at Saint Francis Healthcare System in Cape Girardeau, Missouri. Welcome, Phillip.

Phillip Yarbro: Hi, thanks for having me. It’s a pleasure to be here.

Gardner: When it comes to security nowadays, Phil, there’s a lot less chunking it out, of focusing on just devices or networks separately or on data centers alone. It seems that security needs to be deployed holistically -- or at least strategically – with standardized solutions, focused on across-the-board levels of coverage.

Tell us how you’ve been able to elevate security to that strategic level at Saint Francis Healthcare System. 

Healthy digital record keeping

Yarbro: As a healthcare organization, we have a wide variety of systems -- from our electronic medical records (EMR) that we are currently using, to our 10-plus legacy EMRs, our home health system, payroll time and attendance. Like you said, that’s a wide variety of systems to keep up-to-date with antivirus solutions, making sure all of those are secure, especially with them being virtualized. All of those systems require a bunch of different exclusions and whatnot.

With our previous EMR, it was really hard to get those exclusions working and to minimize false positives. Over the past several years, security demands have increased. There are a lot more PCs and servers in the environment. There are a lot more threats taking place in healthcare systems, some targeting protected health information (PHI) or financial data, and we needed a solution that would protect a wide variety of endpoints; something that we could keep up-to-date extremely easily, and that would cover a wide variety of systems and devices.

Gardner: It seems like they’re adding more risk to this all the time, so it’s not just a matter of patching and keeping up. You need to be proactive, whenever possible.

 Being proactive is definitely key. We like to control applications to keep our systems even more secure, rather than just focusing on real-time threats.

Yarbro: Yes, being proactive is definitely key. Some of the features that we like about our latest systems are that you can control applications, and we’re looking at doing that to keep our systems even more secure, rather than just focusing on real-time threats, and things like that.

Gardner: Before we learn more about your security journey, tell us about Saint Francis Healthcare System, the size of organization and also the size of your IT department.

Yarbro: Saint Francis is between St. Louis and Memphis. It’s the largest hospital between the two cities. It’s a medium-sized hospital with 308 beds. We have a Level III neonatal intensive care unit (NICU) and a Level III trauma center. We see and treat more than 700,000 people within a five-state area.

With all of those beds, we have about 3,000 total staff, including referring physicians, contractors, and things like that. The IT help desk support, infrastructure team, and networking team amounts to about 30 people who support the entire infrastructure.

Gardner: Tell us about your IT infrastructure. To what degree are you using thin clients and virtual desktop infrastructure (VDI)? How many servers? Perhaps a rundown of your infrastructure in total?

Yarbro: We have about 2,500 desktops, all of which are Microsoft Windows desktops. Currently, they are all supplied by our organization, but we are looking at implementing a bring-your-own-device (BYOD) policy soon. Most of our servers are virtualized now. We do have a few physical ones left, but we have around 550 to 600 servers.

Of those servers, we support about 60 Epic servers and close to 75 Citrix servers. On the VDI side, we are using VMware Horizon View, and we are supporting about 2,100 virtual desktop sessions.

Gardner: Data center-level security is obviously very important for you. This isn’t just dealing with the edge and devices.

Virtual growth

Yarbro: Correct, yes. As technology increases, we’re utilizing our virtual desktops more and more. The data center virtualization security is going to be a lot more important going forward because that number is just going to keep growing.

Gardner: Let’s go back to your security journey. Over the past several years, requirements have gone up, scale has gone up, complexities have gone up. What did you look for when you wanted to get more of that strategic-level security approach? Tell us about your process for picking and choosing the right solutions.

Yarbro: A couple of lessons that we learned from our previous suppliers is that when we were looking for a new security solution we wanted something that wouldn’t make us experience scan storms. Our previous system didn’t have the capability to spread out our virus scans, and as a result whenever the staff would come in, in the morning and evenings, users were negatively affected by latency because of the scans. Our virtual servers all scanned at the same time.

We have a wide variety of systems and applications. Epic is our main EMR, but we also have 10 legacy EMRs, a picture archiving and communication system (PACS), rehab, home health, payroll, as well as time and attendance apps.

So whenever those were set to scan, our network just dragged to a halt.

We were looking for a new solution that didn’t have a huge impact on our virtual environment. We have a wide variety of systems and applications. Epic is our main EMR, but we also have 10 legacy EMRs, a picture archiving and communication system (PACS), rehab, home health, payroll, as well as time and attendance apps. There are a wide variety of systems that all have different exclusions and require different security processes. So we were hoping that our new solution would minimize false positives.

Since we are healthcare organization, there is PHI and there is sensitive financial data. We needed a solution that was Health Insurance Portability and Accountability Act (HIPAA)-compliant as well as Payment Card Industry Data Security Standard (PCI DSS)-compliant. We wanted a system that made a really good complement and that made it easy to manage everything.

Our previous ones, we were using Trend Micro in conjunction with Malwarebytes, were in two consoles. A lot of the time it was hard to get the exclusions to apply down to the devices when it came time to upgrade the clients. We had to spend time upgrading clients twice. It didn’t always work right. It was a very disruptive do-it-yourself operation, requiring a lot of resources on the back end. We were just looking for something that was much easier to manage.

Defend and prevent attacks

Gardner: Were any of the recent security breaches or malware infections something that tripped you up? I know that ransomware attacks have been on people’s minds lately.

It's been a great peace-of-mind benefit for our leadership to hear from Bitdefender that we were already protected (from ransomware attacks).

Yarbro: With the WannaCry and Petya attacks, we actually received a proactive e-mail from Bitdefender saying that we were protected. The most recent one, the Bad Rabbit, came in the next day and Bitdefender had already said that we were good for that one as well. It’s been a great peace-of-mind benefit for our leadership here knowing that we weren’t affected, that we were already protected whenever such news made its way to them in the morning.

Gardner: You mentioned Bitdefender. Tell me about how you switched, when, and what’s that gotten for you at Saint Francis?

Yarbro: After we evaluated Bitdefender, we worked really closely with their architects to make sure that we followed best practices and had everything set up, because we wanted to get our current solutions out of there as fast as possible.

For a lot of our systems we have test servers for testing computers. We were able to push Bitdefender out within minutes of having the consoles set up to these devices. After we received some exclusion lists, or were able to test on those, we made sure that Bitdefender didn’t catch or flag anything.

We were able to deploy Bitdefender on 2,200 PCs, all of our virtual desktops and VDI, and roughly 425 servers between May and July with minimal downtime, knowing that the downtime we had was simply to reboot the servers after we uninstalled our previous antivirus software.

We recently upgraded the remaining 150 or so servers, which we don’t have test systems for. They were all of our critical servers that couldn’t go down, such as our backup systems. We were able to push Bitdefender out to all of those within a week, again, without any downtime, and straight from the console.

Gardner: Tell us about that management capability. It’s good to have one screen, of course, but depth and breadth are also important. Has there been any qualitative improvement, in addition to the consolidation improvement?

Yarbro: Yes. Within the Bitdefender console, with our various servers, we have different policies in place, and now we can get very granular with it. The stuff that takes up a lot of resources we have it set to scan, maybe every other day instead of every day, but you can also block off servers.

Bitdefender also has a firewall option that we are looking at implementing soon, where you can group servers together as well as open the same firewall roles, and things like that. It just helps give us great visibility into making sure our servers and data center are protected and secured.

Gardner: You mentioned that some of the ransomware attacks recently didn’t cause you difficulty. Are there any other measurements that you use in order to qualify or quantify how good your security is? What did you find improved with your use of Bitdefender GravityZone?

It reduced our time to add new exclusions to our policies. That used to take us about 60 minutes. It's down to five minutes. That's a huge timesaving.

Yarbro: It reduced our time to add new exclusions to our policies. That used to take us about 60 minutes to do because we had to login to both consoles, do it, and make sure it got pushed out. That’s down to five minutes for us. So that’s a huge timesavings.

From the security administration side, by going into the console and making sure that everything is still reporting, that everything still looks good, making sure there haven’t been any viruses on any machines -- that process went down from 2.5 to three hours a week to less than 15 minutes.

GravityZone has a good reporting setup. I actually have a schedule set every morning to give me the malware activity and phishing activity from the day before. I don’t even have to go into the console to look at all that data. I get a nice e-mail in the morning and I can just visually see what happened.

At the end of the month we also have a reports setup that tells us the 10 highest endpoints that were infected with malware, and we can be proactive and go out and either re-educate our staff if it’s happening with a certain person. Not only from the security administration time has it saved us, it also helps us with security-related trouble calls. I would say that they have probably dropped at least 10 percent to 15 percent on those since we rolled out Bitdefender hospital-wide.

Gardner: Of course, you also want to make sure your end-users are seeing improvement. How about the performance degradation and false positives? Have you heard back from the field? Or maybe not, and that’s the proof?

User-friendly performance

Yarbro: You said it best right there. We haven’t heard anything from end-users. They don’t even know it’s there. With this type of roll out, no news is good news. They didn’t even notice the transition except an increase in performance. But otherwise they didn’t even know that anything was there, and the false positives haven’t been there.

We have our exclusion policy set, and it really hasn’t given us any headaches. It has helped our physicians quite a bit because they need uninterrupted access to medical information. They used to have to call whenever our endpoints lost their exclusion list and their software was getting flagged. It was very frustrating for them. They must be able to get into our EMR systems and log that information as quickly as possible. With Bitdefender, they haven’t had to call IT or anything like that, and it’s just helped them greatly.

Gardner: Back to our high-level discussion about going strategic with security, do you feel that using GravityZone and other Bitdefender technologies and solutions have been able to help you elevate your security to being comprehensive, deep, and something that’s more holistic?

Multilayered, speedier security

Yarbro: Yes, definitely. We did not have this level of control with our old systems. First of all, we didn’t have antivirus on all of our servers because it impacted them so negatively. Some of our more critical servers didn’t even have protection.

Just having our entire environment at 100 percent coverage has made us a lot more secure. The extra features that Bitdefender offers -- not just the antivirus piece but also the application blocking, device control, and firewall roles control just adds another level of security that we didn’t even dream about with our old solutions.

Gardner: How about the network in the data center? Is that something that you’ve been able to better applying policies and rules to in ways that you hadn’t before?

Yarbro: Yes, now with Bitdefender there is an option to offload scanning to a security server. We decided at first not to go with that solution because when we installed Bitdefender on our VDI endpoints, we didn’t see any increased CPU or memory utilization across any of our hosts, which is a complete 180-degrees from what we had before.

But for some of our other servers, servers in our DMZ, we are thinking about using the security server approach to offload all of the scanning. It will further increase performance across our virtualized server environment.

Gardner: From an economic standpoint, that also gives you more runway, so to speak, in terms of having to upgrade the hardware. You are going to get more bang for your buck in your infrastructure investments.

With servers-level security, it doesn't have to send that file back or check it again -- it already knows. That just speeds things up, almost exponentially.

Yarbro: Yes, exactly. And with that servers-level security, it’s beneficial to note that if there’s ever an upgrade for software or patches, that once a server checks into it first, if another server checks in or another desktop checks in, it already has that exclusion. It doesn’t have to send that file back or check it again -- it already knows. So it just speeds things up, almost exponentially, on those other devices.

Gardner: Just a more intelligent way to go about it, I would think.

Yarbro: Yes.

Gardner: Have you been looking to some of the other Bitdefender technologies? Where do you go next in terms of expanding your horizon on security?

One single pane of secure glass

Yarbro: The extra Bitdefender components that we’re kind of testing right now are device control and firewall, of being able to make sure that only devices that we allow can be hooked up, say via USB ports. That’s critical in our environment. We don’t want someone to come in here with a flash drive and install or upload a virus or anything along those lines.

The application and website blacklisting is also something that’s coming in the near future. We want to make sure that no malware, if it happens, can get past. We are also looking to consolidate two more management systems into just our Bitdefender console. That would be for encryption and patch management.

Bitdefender can do encryption as well, so we can just roll our current third-party software into Bitdefender. It will give us one pane of glass to manage all of these security features. In addition to patch management, we are using two different systems; one for servers, one for Windows endpoints. If we can consolidate that all into Bitdefender, because those policies are already in there, it would just be a lot of easier to manage and make us a lot more secure.

Gardner: Anything in terms of advice for others who are transitioning off of other security solutions? What would you advise people to do as they are going about a change from one security infrastructure to another?

Slow and steady saves the servers

Yarbro: That’s a good question. Make sure that you have all of your exclusion lists set properly. Bitdefender already in the console has Windows, VMware’s and Citrix’s best practices in their policies.

You only have to worry about your own applications, as long as you structure it properly from the beginning. Bitdefender’s engineers helped us with quite a bit. Just go slow and steady. From May to July last year we were able to do 425 servers. We probably could have done more than that, but we didn’t want to risk breaking something. Luckily, we didn’t push it to those more critical servers because we did change a few of our policy settings that probably would have broken a few of those and had us down for a while if we had put it all in right away.

Gardner: I’m afraid we’ll have to leave it there. You’ve been listening to a sponsored BriefingsDirect discussion on how a large Missouri medical center developed a comprehensive healthcare infrastructure security strategy -- from the edge to the data center, and everything in between.

And we’ve learned how security at this major healthcare organization has become more standardized and proactive thanks to a unified management approach. They have delivered better results to their end users. So please join me now in thanking our guest, Phillip Yarbro, Network and Systems Engineer at Saint Francis Healthcare System. Thank you, Phillip.

Yarbro: Thank you. Thanks for having me.

Gardner: I’m Dana Gardner, Principal Analyst at Interarbor Solutions, your host and moderator for this ongoing series of BriefingsDirect discussions. A big thank you to our sponsor, Bitdefender, for supporting these presentations.

Follow me on Twitter @Dana_Gardner and find more security-focused podcasts at BriefingsDirect.com. Again, thanks to our audience for joining. Please pass this content along in your IT community, and do come back next time.

Listen to the podcast. Find it on iTunes. Get the mobile app. Download the transcript. Sponsor: Bitdefender.

Transcript of a how a large Missouri medical center developed a comprehensive healthcare infrastructure security strategy from the edge to the data center and everything in between. Copyright Interarbor Solutions, LLC, 2005-2018. All rights reserved.

 

You may also be interested in:

• Kansas Development Finance Authority gains peace of mind, end-points virtual shield using Hypervisor-level security
• How IT innovators turn digital disruption into a business productivity force multiplier
• How standards help protect healthcare security and privacy 
• How a Florida school district tames the Wild West of education security at scale and on budget
• The next line of defense—How new security leverages virtualization to counter sophisticated threats
• Cybersecurity standards: The Open Group explores security and safer supply chains
• How the Citrix Technology Professional Program Produces User Experience Benefits from Greater Ecosystem Collaboration
• DevOps and Security, a Match Made in Heaven
• Expert Panel Explores the New Reality for Cloud Security and Trusted Mobile Apps Delivery
• Cybersecurity crosses the chasm: How IT now looks to the cloud for best security
• Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cyber Security Across Application Lifecycles