HSA strengthens network security

Healthcare firm restricts employee use of USB devices

Healthcare company HSA is strengthening its network security to protect sensitive data from theft and interference.

The company is installing identity management and end-point security software to stop staff plugging USB devices and iPods into the corporate network.

HSA is working with security firm Centennial Software to install the DeviceWall product on 1,000 computers at offices across the UK.

The software, which stops unauthorised use of portable devices and wireless access, has been deployed at most of HSA’s offices, and by the end of March will be installed on 250 machines at two final locations, in Bristol and Manchester.

‘Someone could come along with an iPod and download several gigabytes of customer data,’ said Kevin Quinn, operations manager at HSA. ‘This is something we want to prevent.’

The company has also recently upgraded from Windows NT to XP, and is using Microsoft’s ActiveDirectory to manage employees’ computer login details and user profiles.

The DeviceWall software links into ActiveDirectory so that the security policy is linked to the user profile rather than to a PC.

This means that only the company’s executives and mobile salesforce, who have been given appropriate permissions, can use PDAs and USB memory sticks.

The software will also help HSA to comply with security regulations set out by the Financial Services Authority and the Data Protection Act, says Quinn.

‘Depending on who you talk to, 70 to 80 per cent of security breaches are internal,’ he said.

HSA has reduced IT administration costs by deploying the DeviceWall software over its network remotely, rather than having engineers visiting each site individually.

By restricting the use of memory sticks and other portable devices, HSA hopes to ensure it is protected from employees downloading unlicensed software onto its network.

‘If someone downloads software for an iPod and puts it onto a company computer, then in theory we could be held responsible for that unlicensed software,’ said Quinn.