News
NHS South of Tyne and Wear secures portable devices to meet
government data security guidelines
14 July 2009
NHS South of Tyne and Wear has set up a data security system to
control users’ rights to transfer data to and from mobile devices such
as USB memory sticks.
It has selected the DeviceWall endpoint security system as part of a
layered approach to meet government guidelines on the treatment of
sensitive data.
NHS South of Tyne and Wear is a management structure that covers
Gateshead Primary Care Trust, South Tyneside Primary Care Trust and
Sunderland Teaching Primary Care Trust. It is responsible for a large
amount of personal data as it provides health services to approximately
600,000 residents across the area. The IT team provides services to 3200
users at 260 sites across the three PCTs.
As a result of a number of high profile public-sector data breaches,
the government has recently put in place a framework dictating targets
and behavioural guidelines with regard to data security. There are two
elements to this framework. The first is the encryption of data in
transit and the second is the restriction of which users are allowed to
transfer data to those encrypted devices.
“We’re taking our responsibility to keeping sensitive data safe very
seriously,” said Darren Piper, technical project manager at NHS South of
Tyne and Wear. “The data breaches that have been in the media recently
have damaged the public’s confidence in the public sector’s ability to
safeguard data but we are taking every possible step to ensure this
confidential information remains secure.”
Having looked at a number of other products, NHS South of Tyne and
Wear selected DeviceWall to enforce the second aspect of this framework
and will be using it alongside Mcafee Endpoint Encryption and SanDisk
Cruzer Professional USB Encrypted memory sticks as part of a suite of
security products in place to meet these guidelines.
The organisation has replaced 800 memory sticks with encrypted
devices and once port control across all endpoints is enabled, staff
will only be able to use those devices they are authorised to use.
Darren Piper says: “We selected DeviceWall because it was the most
mature of the products we considered. It provides high levels of
functionality but at a cost-effective price point and will allow us to
control users’ access to USB removable storage and removable media, in
turn enabling us to meet the government’s regulatory requirements.”
DeviceWall is currently rolled out across NHS South of Tyne and Wear
and is due to go live in mid-July. In the meantime, the team is
investing time in an awareness campaign to educate employees regarding
the new restrictions. This ensures that all employees will understand
how access to removable storage and removable media will work moving
forward, to ensure that any impact this change will have on the business
is minimised, whilst ensuring data security.
As a default policy, no users will be allowed to transfer data to
non-approved external storage devices. Employees will then have to prove
the business case for allowing them to do so and then access will be
granted only if it is deemed appropriate.
Matt Fisher, Director at FrontRange Solutions said, "By implementing
a layered approach to security that not only encompasses several
distinct technologies, but also a strong user education programme, NHS
South of Tyne and Wear has shown a high level of commitment to the issue
of protecting sensitive information.
"DeviceWall’s ability to effortlessly define and enforce different
policies for different groups of users depending on criteria such as
their job roles and seniority will make it easier for Gateshead, South
Tyneside and Sunderland Teaching PCTs to achieve their security goals."
|