NHS Blood and Transplant deploys advanced endpoint security solutions to protect sensitive data

Published by Craig@Context for Context Public Relations Ltd in Health

NHSBT secures laptop and desktop PCs against data loss, theft and other threats to comply with new Government information security directives

9 March, 2009 – Integralis, leading IT security service provider, today detailed a project with NHS Blood and Transplant to protect data across its laptops, PCs, USB devices and other portable media. The project, which commenced earlier in 2008, is part of the organisation’s effort to meet a new Government directive to ensure that information across multiple devices is secured against malware, data loss and theft. The project has combined the consulting expertise of Integralis with best of breed solutions from Check Point to meet the directive guidelines and enable secure remote access to corporate networks.

NHS Blood and Transplant collects, processes, stores and issues 2.1 million blood donations per year from its 15 blood centres in England and north Wales, as well as managing the sourcing of organs for transplantation across the UK. Part of the project involved securing a key application which allows staff across England, Scotland, Wales and Northern Ireland access to data that speeds up provision of organs to patients waiting for transplants.

In addition to deployment of Check Point's Endpoint Security, the project has been helped by the upgrade of RSA to version 7.1 of its authentication solution, to enable easier access to the network. The sensitive nature of the personal data involved in the process of organ donation means that information security is of paramount importance.

“With 1,000 laptops across the UK there are multiple security requirements ranging from maintaining firewalls, intrusion detection, email and web content filtering to name a few. Due to the very nature of our operations we needed a solution that would be easy to manage and as simple as possible to use, ensuring there are no delays in accessing critical information,” said Adam Ataar, Network Security & Operations Consultant, NHS Blood and Transplant. “By having a single contract with Integralis we have been able to meet the Government’s strict deadlines.”

According to Ataar, a key issue is providing access to documents and emails that users are working on when away from the office, without compromising security. “Users shouldn’t be given the responsibility for deciding what should and should not be encrypted, or to maintain security policies. These policies have to be enforced by products, as transparently as possible from the user’s viewpoint.”

Check Point Endpoint Security was chosen for its ability to deliver comprehensive security in a single software agent, and for the ability to manage the complete solution from a single management console. Adam Ataar says that both deployment and ongoing management have been easy for users and the IT team.

“The very nature of the Service’s work means that flexible remote working is an essential requirement,” commented Graham Jones, managing director at Integralis UK. “However, as we’re all aware this is far from ideal given the sensitive nature of information being handled. By analysing and updating the process and policies we have been able to provide a granular level of control, ensuring that data can flow in a traceable and secure manner while enabling users to work as efficiently and effectively as possible.”

Part of the solution also means that members of staff are given their own fully-encrypted 2GB USB drive but use of all other removable media is blocked. Check Point Endpoint Security also reports on the security status of each laptop and PC, enabling any required upgrades or policy issues to be identified and addressed quickly from the central management console.

###