Employees in most companies want basically two things from their IT infrastructure: They want it to work, and they want it to interfere as little as possible with the way they do their jobs.
These twin desires have driven software makers all-out effort to make their applications simple to use and efficient. But the focus on ease of use has come at the expense of security in many cases, and in an environment such as Torontos bustling Mount Sinai Hospital, that is a trade-off that just cant happen.
Tight regulations dictating precisely how patient information must be handled are the main considerations when it comes to choosing new applications at the hospital. So when the hospital began searching for an authentication solution, the security of employees credentials and the integrity of patient data were at the top of the list of requirements.
The hospital already was using RSA Security Inc.s SecurID tokens, but Steve Noyes, director of information and communication technology at Mount Sinai, needed a solution that would let doctors and nurses float among a variety of shared workstations and mobile devices without having to restart their sessions each time they used a new machine.
Working with CryptoCard Corp., a smart-card vendor based in Ottawa, Noyes said he was looking for a solution that would provide rock-solid security while letting employees move freely among devices. The solution also had to integrate seamlessly with Mount Sinais existing infrastructure, which includes a Citrix Systems Inc. environment and multiple directories.
The result of this collaboration was Crypto-Server 6.1, an all-new version of the companys flagship token authentication offering. The system, as installed at the hospital, works like most token authentication systems. To log in to a workstation or mobile device, a user inserts his or her smart card into the device and then enters a PIN. The system generates a random, unpredictable one-time-use password, which the user then enters to gain access to his or her protected applications and files.
But through the use of a plug-in for Citrix MetaFrame Access Suite, Crypto-Server 6.1 also has a feature known as “follow-me computing,” which enables a doctor or other highly mobile employee to start a secure session on one machine, log off and resume the session on another machine exactly where he or she left off. That functionality was the clincher for the hospitals IT staff, given that doctors and medical personnel often are called away from their PCs and cant walk away and leave patient records exposed, Noyes said.
Noyes rolled out Crypto-Server 6.1 in a pilot test with 25 users in March and April and, after having success with this initial phase, decided to expand the program. About 400 users will use the system by the end of next month, and as many as 1,000 will be on it by the time it is fully deployed next summer.
In addition, if the security system had been too intrusive or time-consuming, doctors and nurses would have pushed back and rejected it. “That was it for us—that was the icebreaker,” Noyes said. ´
Mount Sinais CryptoCard deployment includes:
- Two-factor authentication via token and one-time password
- Flexibility of follow-me computing
- Lower price point
- Integration with Citrix environment and multiple directories
Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page: