Network Security
Healthcare benefits firm accesses VPN benefits
Centralized policy management and strong endpoint security are among features.
Benelogic, a
developer of proprietary online benefit
management platforms designed to streamline
the collection and transfer of benefits
data, is bound by data and security
standards set by the Health Insurance
Portability and Accountability Act (HIPAA).
If Benelogic employees are to access
customer and insurance data remotely, the
company must not only provide a secure means
to connect, but other restrictions need to
be in place.
The ability to
print or download sensitive data, for
example, opens up security holes that could
compromise identities or other sensitive
information. Other substantive security
risks also needed to be addressed, such as
compromised endpoints data loss,
man-in-the-middle attacks, as well as other
forms of threats to home or remote users’
networks.
The Benelogic IT
team needed to replace an old virtual
private network (VPN) with a mobile user VPN
to allow employees to remotely connect to
their desktops from remote locations. They
needed an application that simplified
administration and allowed the IT team to
enforce restrictions mandated by HIPAA by
utilizing the remote desktop protocol (RDP)
feature to enforce control over user groups.
Benelogic prefers
to continuously update its technology as
more robust applications emerge in the
marketplace. To address the challenge of
providing remote access while meeting or
exceeding HIPAA standards, Tom Jenkins,
Benelogic’s director of IT operations, had a
lengthy list of criteria that had to be met,
including:
- robust management
features to maximize control over user
groups using RDP;
- easy administration;
and
- multiple browser
platform support, including Internet
Explorer and Vista Reporting options.
Benelogic’s IT
team configured a WatchGuard SSL VPN 500
appliance with their existing hardware. A
dozen employees were selected, based on
their technological knowledge, to test the
integration capabilities of the product.
Among the options the WatchGuard SSL VPN 500
provided:
Centralized
policy management.
Benelogic’s IT administrators can manage
users and user groups with RDP. They can
define how incoming and outgoing requests
are handled, assign granular policies to
determine which users and groups have access
to specific resources and applications, and
control which devices gain network access
through built-in endpoint security checks.
Strong
endpoint security.
WatchGuard SSL VPN provides remote access to
critical resources without compromising the
Benelogic network. Endpoint health and
compliance status is verified before
allowing network access by checking device
attributes. Client software keeps track of
all activities and wipes everything clean
when sessions end, while session timeouts
protect corporate information from
unauthorized users.
Web-based
administration. The VPN
provides client and clientless access for
broad device and platform support so
administrators can have an in-office
experience no matter where they are.
Broad platform
and device support.
Benelogic users can connect from numerous
platforms and devices, providing flexibility
and convenience to its mobile workforce.
Jenkins reports
that in addition to providing secure remote
access, another benefit of using SSL VPN 500
and RDP is greater insight into user
behavior and activities. Most importantly is
the ability to report on potential intrusion
attempts. Other enhanced reporting features
his team benefits from are verification of
who is accessing their desktops, and for how
long.
The management
features of this product provides employee
productivity reports, including usage
patterns and log in-out times. “Having
in-depth reporting is an absolute
requirement – not just for the IT
department, but for the senior managers who
want to know about their staff’s working
habits,” says Jenkins.
One bonus the
application provides, Jenkins says, is the
high degree of branding customization an
administrator can employ, so end-users
easily identify the sign-on as being
specific to the company. The SSL 500’s
administrative feature can set up groups and
limit access to only certain network
segments.
“There are no
issues of latency or performance when a user
accesses their system from a remote
location,” Jenkins states. “Because the SSL
VPN 500 is configured to only open the RDP
ports between our network and the remote
user, we have a much more restricted network
connection, giving greater protection to
Benelogic’s network. This means my remote
employees can be more productive.”
For more information
(click here)