More control for controle network administrators
A secure ICT environment with reliable network access controls. For its employees and patients, the Maasziekenhuis Pantein was on the lookout for an application for safeguarding the balance between functionality and security. ICT manager Charles Eringfeld says, “Tesorion Immunity leads the user automatically to the correct network segment. Exactly what we needed.
Charles Eringfeld, ICT manager Maasziekenhuis Pantein
The summer of 2010 saw a computer virus outbreak in the old Maasziekenhuis, which was part of Pantein. Fast and effective action was urgently needed, and that is what ﬁrst brought Charles Eringfeld, ICT manager at Pantein, into contact with Tesorion. “We were looking for a party who could help us quickly turn things around,” he explains. “What we needed was an application that could detect viruses straight away.” To get on top of the virus, the hospital used the Tesorion Immunity detection component. “It turned out that around forty devices were infected. Thanks in part to the effective action taken by Tesorion, we quickly got the virus outbreak under control.”
Not long after the virus outbreak, the Maasziekenhuis Pantein relocated to the Sterckwijk care campus. The relocation was the main reason for implementing all functionalities of Tesorion Immunity at the 3,500 switch ports and access points throughout the hospital.
That is why we attach so much value to any solution in which different groups of users are assigned different rights.
Eringfeld opted for Tesorion Immunity, as it automatically segments different groups of users according to their rights and privileges. “Obviously, we regard it as vitally important that medical data is securely safeguarded. That is why we attach so much value to any solution in which different groups of users are assigned different rights. We now work in a clientless environment, which has built-in network access control. That means giving the network administrators more control.”
Separating functional groups
Through a switch or access point, Tesorion Immunity ensures that users are guided automatically to the appropriate VLAN. In total, the hospital uses around thirty VLANs. Eringfeld continues: “The medical staff are categorised into various groups. Surgeons, for example, have access to almost all medical data. Nursing employees, meanwhile, have fewer access rights. By putting users into groups, and by assessing what level of security is needed for each group, you achieve the ideal balance between functionality and security.”
The design of the network and access control is the result of a working partnership between Tesorion, Pantein, and BAM Techniek – ICT. “Contact between the three parties was excellent. There may have been some aspects of the communications that could have been improved upon – after all, that kind of triangular operation is always challenging. But one very pleasing feature was that Tesorion stuck rigidly to the timetable. Everything went as agreed, and that was especially satisfying.” Eringfeld also thinks highly of Tesorion thanks to its knowledge of networks. “It is very clearly a University of Twente spin-off. Thanks to their expertise, our employees’ own knowledge has also grown. And I suspect that BAM Techniek – ICT’s knowledge has improved too, as a result.”
Supporting the care sector
Whether users work with laptops or tablets, or log into medical equipment or request information from a bedside terminal, they are always taken to a secure environment that is not linked unnecessarily to sensitive information. “And for us, that is essential. We have great gadgets, but they have to serve care needs. I believe that is now exactly what we have.” Eringfeld is now looking at the possibility of rolling out Tesorion Immunity in other Pantein Zorggroep divisions. “As well as the product itself, we are also very impressed with the quality of their services. Tesorion is largely responsible for monitoring, back-ups, and updates. This all takes place in the background, without us noticing. That is obviously a good sign, of course.”