Going Beyond PCI Compliance: McAfee Sets the Standard for its Customers

This McAfee customer is a fully integrated medical system with more than 2,500 employees, serving the healthcare needs of patients in the suburban communities of a large Midwestern city. The healthcare system is comprised of four entities, including a 336-bed, nationally recognized, award-winning hospital with leading programs in heart care, cancer care, neurosurgery, and orthopedics.

More Comprehensive Protection for Mobile Users
The healthcare system has three ongoing objectives for its security program: compliance with HIPAA, PCI, DSS, and FTC regulations; improving operations through automation of security tasks; and data loss prevention. Meeting these objectives has become more complex with the exploding popularity of mobile devices such as smartphones and tablet computers which certainly enable employees to be more productive, but yet introduce new security endpoints into the system. “The ability to manage [Apple] iPhones and [Microsoft] Windows Mobile devices was one of the pitfalls identified in our risk assessment with regard to data loss prevention,” said a spokesperson with the company’s IT department. “With many employees needing to access the corporate network from their cell phones and other mobile devices, we needed a security solution that could be centrally managed and provide protection for mobile devices, including built-in enforcement of compliance policies.”

A Logical Extension to the Security Infrastructure
A longtime McAfee customer, the healthcare system built its enterprise security platform on McAfee® Total Protection™ for Endpoint, Advanced, including McAfee VirusScan® Enterprise, Site Advisor® Enterprise, McAfee Network Security Platform, and McAfee Network Access Control. The company also relies on the McAfee ePolicy Orchestrator® (McAfee ePO™) platform to provide a centralized hub for managing all other McAfee solutions and protection status at each endpoint. For its latest initiative to extend the security framework to employees’ mobile devices, the company chose the McAfee Enterprise Mobility Management (McAfee EMM™) solution.

“For many years, McAfee has been our partner to meet our evolving security requirements—so it made sense to turn to them for a mobile solution that could seamlessly integrate into our existing [McAfee] ePO console,” said the spokesperson. “Based on cost, ease of deployment and integration, [McAfee] EMM was far superior to similar offerings that we evaluated, and the McAfee team provided superior service and support throughout the procurement and deployment phases.”

Smooth and Painless Deployment
Working with McAfee, the healthcare system chose a simple yet elegant design for its deployment of the McAfee EMM solution that uses a single server within the network to control all mobile devices by communicating with the company’s Microsoft Exchange servers. The pilot application was deployed in a virtual machine environment using VMware’s Fusion system. “The pilot was fairly simply because we have a comparatively small mobile footprint and used a fairly simple design and architecture. The policies are very intuitively laid out, so we only needed a day for design and testing to achieve what we wanted to with the system,” said the spokesperson. “Thanks to McAfee support, we had an overall painless deployment experience.”

Based on cost, ease of deployment and integration, [McAfee] EMM was far superior to similar offerings that we evaluated, and the McAfee team provided superior service and support throughout the procurement and deployment phases.

Spokesperson, Healthcare System

Comprehensive Protection for Mobile Devices
The McAfee EMM platform provides robust data loss prevention for employees who need to access the healthcare system’s corporate network using a range of devices including iPhones, Blackberries, Windows Mobile phones, and Android devices. Altogether, more than 1,950 endpoints, including mobile devices, are under the protection of McAfee software. All endpoints are running McAfee VirusScan Enterprise and McAfee AntiSpyware, and some devices are running SiteAdvisor Enterprise along with McAfee Host Intrusion Prevention.

Most of the mobile devices in the company’s network are employee-owned. “We have recently received accreditation as a teaching hospital, and we have many young interns and residents coming straight out of college who want to be able to use their own iPhones, [Apple] iPads, and other devices to access their work email. One of the reasons we purchased McAfee EMM is that it gives us the control we need to allow those devices to hook securely into our corporate environment,” said the spokesperson. “We have received great feedback from our employees on the flexibility of the system and the policies and workarounds that it supports.”

A Single Point of Access for All Security Services
An important aspect of the healthcare system’s McAfee EMM installation is its seamless integration with McAfee ePO software. “Now, with a single sign-on to the [McAfee] ePO console, we can get access to [McAfee] EMM as part of all of our McAfee services. That means we have full visibility and control over all iPhones, Android and Windows Mobile devices, and Web OS devices, in addition to all the laptops, desktops, and servers in our data center, and we can get unified compliance reporting as well,” said the spokesperson. “We can also do ad hoc queries on those endpoints through the [McAfee] ePO console. Since [McAfee] ePO is the master console for all endpoints, both fixed and mobile, we can manage our entire security environment comprehensively and efficiently.”

Reduced Risk and Enhanced Policy Enforcement
Working in tandem with the company’s Microsoft Exchange 2003 mail server environment, the McAfee EMM platform brings the same level of control to mobile devices that McAfee systems provide to the company’s laptops and desktops, including secure mobile application access, strong authentication, high availability, scalable architecture, and seamless compliance reporting.

“With McAfee EMM, we can configure each mobile device in accordance with corporate security policies and enforce compliance via network access control, and McAfee ePO lets us remotely manage the devices and efficiently perform tasks such as wiping and encryption. In this manner, we’ve been able to mitigate the risk of allowing personal mobile devices into our network, which helps us stay in compliance with our own policies as well as regulations such as HIPAA,” said the spokesperson. “McAfee EMM has proven to be a simple and yet powerful solution, which is very cost effective to implement and quick to deploy, giving us an excellent risk mitigation strategy with a large return on our investment.”

Major Healthcare System

Customer profile

Suburban medical provider with more than 2,500 employees

Industry

Healthcare

IT environment

More than 1,950 end-user platforms, including mobile devices

Challenges

Extend data loss prevention measures to mobile devices to enforce policies

McAfee solution

  • McAfee Enterprise Mobility Management
  • McAfee ePolicy Orchestrator for centralized management
  • McAfee Total Protection for Endpoint, Advanced

Results

  • Optimizes mobility management of corporate data
  • Protects corporate data from the data center to the mobile device
  • Sets mobile policies that work while providing flexibility to users
  • Provides central dashboard for controlling entire security environment