A merger of two Trusts sparked the decision to design a new state-of-the-art, consolidated network – previously run by four different service providers – serving thousands of staff operating across more than 150 sites around the South of England. Southern Health NHS Foundation Trust is using Trustwave SIEM to collect, analyse and assess security events proactively for rapid identification, prioritisation and response.
“We started using mail and web filtering from Trustwave, so extending this to log and event management was a sensible choice, especially since their portfolio contains complementary technologies and services. We also received excellent service and support from Infinigate and Caretower who provided these products, which was an important factor for us” said Anthony Guethert, Head of IT Architecture and Design Authority for the trust.
“Trustwave offers us a security safety net that helps protect our networks, patients and stakeholders from potential data loss or theft of sensitive clinical or patient records,” said Adam Newman, Infrastructure and Security Architect/Interim Security Manager at Southern Health NHS Foundation Trust. “It is a core part of our ‘defence in depth’ strategy allowing us not only to monitor and pre-empt security breaches but also act as a vital source of forensic data should the worst happen.”
A key requirement of the new infrastructure was to adhere to UK security guidelines, known as Good Practice Guide 13 (GPG 13), that government organisations must follow if they wish to connect to the UK government’s Extranet. The Trust also wanted the ability to permit the secure remote working of health workers, allowing them to access the central network from patients’ homes or while on the road.
“Security was a key priority for us, and we initially drew up a set of priorities that would accommodate the needs of the Trust today and into the foreseeable future,” added Newman, who was one of the team of three charged with designing the network and consolidating them into two core data centres in Basingstoke and Havant, as well as three secondary locations. “Key to this was incorporating all the existing 9,000 users and critical apps as well as those hosted on the NHS N3 cloud network, which provides email, accounting, purchasing and RIO, the Patient Administration System to Trust employees.”
According to Newman, “Of paramount importance to us in choosing Trustwave SIEM was the option to have either an on-site or fully-managed service by the vendor. This was critical given the shortage of security staff with the experience and skill to manage and interpret the security intelligence created by the system.”
Consideration of regulatory matters such as the European Union Data Protection Law was also crucial in planning for the future. Both GPG 13 and EU regulations stipulate minimum requirements for the maintenance of logs on network moves, additions, changes and deletions, which needed to be stored for forensic analysis in the event of a breach. The availability of pre-configured report templates and on-device storage on the SIEM also offered vital hardware and manpower cost savings to the Trust.