Encryptor and Protector to lock down data on the move

About Frimley Park NHS Trust
Frimley Park Hospital is a 720 bed NHS Foundation Trust employing approximately 3,500 staff and serving a catchment population of over 400,000. The Trust is a single-site organisation for in-patient activity and also provides out-patient facilities at three satellite sites in the local health community in Aldershot, Farnham and Fleet.

The Challenge
In 2008, following a number of high profile data breaches within the public sector, the Department of Health wrote to all Chief Executives in the NHS mandating that all mobile data be secured. The risk to the Trust from failing to provide adequate security measures for mobile data was extremely serious.

The Government's Information Commissioner has the power to investigate and fine organisations up to £500,000 for failure to comply with the latest directives.

Frimley Park NHS Foundation Trust required a solution, which could be deployed within the short timeframes required by the new mandates, which was easy to manage and deploy and would not impact on the productivity of medical staff and administrators.

Jonathan Spinks, Head of IT at the Trust comments: -Maintaining the protection of sensitive information is at the heart of our operations and ensuring that the patients, clinicians and the public at large have absolute confidence in the integrity of data is of paramount importance. We needed to find a comprehensive, strategic security solution which would enable us to meet all of the requirements of the mandate, without requiring huge changes to working practices or placing an additional management burden on the IT department .-

The Solution
Having evaluated a number of solutions, including one from McAfee/SafeBoot, (which at the time was centrally procured by the NHS), the Trust decided that the Safend solution was the best fit in terms of manageability and performance.
Jonathan comments -Safend was chosen because of its comprehensive integrated suite of endpoint security tools, including reporting, port control and disk and media encryption. The other major criterion for the selection was the need for a centralised solution with minimal management overheads and the need for a system that was largely transparent to the user.'

To this end, Frimley Park Hospital deployed Safend Encryptor and Safend Protector which form part of Safend's Endpoint Data Protection Suite (DPS). Safend Encryptor transparently encrypts the Trust's PCs and laptops so that sensitive data cannot be read by unauthorised users in the case of loss or theft. To minimise the risk of operating system failure, and reduce performance impact, the solution encrypts data files, while avoiding unnecessary encryption of the operating system and program files. The Trust has also deployed Safend Protector which provides centrally enforced removable media encryption for storage devices, external hard drives, CDs and DVDs, as well as comprehensive port and device control. This offers reliable, tamper-proof endpoint monitoring as well as device identification and blocking based on administrator-defined policies.

The Benefits
The initial roll-out began in December 2009 and the Trust is already beginning to see the benefits of its encryption solution. Jonathan comments: - We have been particularly impressed with the early successes, such as the encryption of all Trust laptop computer hard drives. This was an early mandatory requirement and we were under considerable pressure to deliver a quick solution, which could be managed centrally. We've also been pleased with the ease of endpoint monitoring and reporting. The centralised management console has benefited the IT Department and will not require any additional resources to manage the system once the project is completed. -

The end result is that the Trust has an endpoint and mobile data security system that is largely invisible to the user but which provides full assurance that it has satisfied its obligations in securing mobile data.

The IT department also needed to incorporate differing requirements across different areas of the business where unusual or complex medical devices are in use. This issue was overcome by the flexibility and granularity of the Safend solution, with a phased roll-out of the policies on a 'by department' basis. This ensured that a consistent machine-based policy could be implemented on most PCs with the occasional custom machine-based policy for unusual medical equipment and custom user-based policies layered on top to address individual needs.

The Future

Such has been the success of the initial deployment that Frimley Park now plans to make further use of Safend solutions to enhance its data security processes. Every PC now has a Safend client installed and the Trust plans to leverage its investment in Safend by exploring the additional tools available for mapping, filtering and classifying sensitive data stored across the network and on organisational endpoints. It is expected that these tools will help the Trust achieve further success in its drive for improved Information Governance and data security.