Wired and wireless access across a 26-acre campus and more than 100 buildings and 30 WAN sites; 2,500 students, 1,000 residents, and 12,000 employees.
Unrestricted Access Threatens Network Security, Compliance
A unique combination of hospital, academic institution and research center, the Medical University of South Carolina (MUSC) understands the importance of Network Access Control (NAC). With 15,500 students and employees requiring secure access in more than 100 buildings across a 26-acre campus, it was critical that MUSC – the state’s largest teaching hospital – know who and what was connecting to the network at all times.
In spite of this requirement, network access was virtually unrestricted; anyone could plug in to one of the network’s 43,000 ports.
Ensuring endpoint compliance was also a challenge. In addition to common devices such as PCs and phones, MUSC also requires network connectivity for medical devices, such as IV pumps, which are moved from room to room across the 700-bed facility and need to be connected to the appropriate VLAN from each location.
“With Network Sentry, tasks that used to require six staff members now can be completed by two.” – Michael Haschker Network Systems Team Lead
Healthcare Environment Requires High Availability, Flexibility
MUSC had been evaluating NAC solutions for some time, and had even implemented a solution from a traditional NAC vendor. When that attempt limited availability and raised privacy concerns among network users, MUSC took the system out of production and reevaluated its NAC requirements.
The IT team determined they needed a scalable, flexible solution that could be implemented in phases, and that would be unintrusive to users. “We needed to balance high availability with minimal end-user impact. Ensuring excellent patient care is paramount, and disrupting the use of any medical device could be problematic,” explains Michael Haschker, network systems team lead at MUSC. “We needed to be able to deploy our new NAC solution one building at a time to evaluate the effect it would have in each area.” After the failure of their first NAC deployment, the MUSC team understood that an out-of-band solution, which would require fewer appliances and wouldn’t affect patient care by causing network disruptions, was the best choice for their environment.
In addition, “We wanted a solution that could integrate into our environment without requiring reconfiguration or upgrades,” says Patrick Lazorchak, MUSC network engineer. “It needed to be compatible with our existing multivendor technology so that we would have the flexibility to deploy whatever infrastructure components work best.”
Network Sentry Solution, with Network Sentry Foundation, Access Manager and Device Profiler.
“Network Sentry provides us with an increased sense of security. It’s given us total visibility into what and who is connected to our network, and that’s made all the difference.” – Patrick Lazorchak, Network Engineer
Overall, Network Sentry helped reduce MUSC’s Total Cost of Ownership (TCO) for NAC by more than $100,000 annually, due to the lower cost of Network Sentry versus MUSC’s previous NAC solution, reduced administrative overhead and lower hardware requirements. In addition, “Because Network Sentry is an out-of-band system, and we rolled out in phases, our implementation was much simpler this time around,” notes Haschker.
- Minimized the time and effort required to identify users and devices; fewer personnel are needed to identify and resolve issues.
- Reduced the total cost of ownership by more than $100K; the out-of-band Network Sentry solution requires fewer appliances for additional cost savings.
- Ensures compliance with HIPAA, JCAHO, and PCI mandates