Case Studies: Government

Home

Products

Solutions

Case Studies

Partners

News & Events

About Us

Case Studies

Home » Case Studies » Government

Government

Client:		A Large Military Health Care Provider

Solution Type:		Compliance Solutions Secure Remote Administration

Government Case Studies

A Large Military Health Care Provider

Situation

Our client, a large military health care provider, was in the midst of deploying their electronic health kit to their field hospitals that support troops in battle, along with important medical applications still using Telnet as the primary means of protocol for their communications. The Telnet protocol transmits data in clear text, which is not very secure, and is not permitted as the communications protocol by the Department of Defense (DOD). DOD has mandated that other security measures must be taken to be compliant. Our client needed a solution that would enable the local doctors at these sites to access these applications while maintaining the DOD-mandated security posture, and also to achieve their Authority to Operate (ATO) with the Electronic Health Record System.

Our client was also seeking a more effective way to remotely support and sustain the deployed infrastructure, all of which is overseas, with most located in active war zones. While there are onsite administrators that manage the overall infrastructure at the sites, experts that must manage the central records database are located in the U.S., and there was no existing remote management capability that met the strict security and compliance policies of the DOD.

Challenges

To resolve security issues without the involvement of Xceedium, the primary medical application using Telnet would require a lengthy and costly overhaul in order to upgrade it and remove the Telnet dependency. Xceedium was asked to address the following challenges:

To achieve their ATO, our client would need to find a solution that met all of the government standards for security and encryption as well as being able to communicate with the back-end application via Telnet, without passing Telnet across the firewall.
For hospital sites in active war zones, on-site travel is not only limited and costly to arrange, with significant lead time, but travel to, from and in-between these sites puts military support personnel and contractors at great risk. A remote solution for managing and supporting the infrastructure was preferred.
Equipment deployed into the harsh conditions of the war zone – extended exposure to high temperatures, sand/silica getting on the electronic components, etc. – needed to function correctly and reliably, and be capable of traveling within mobile "fly away" kits,.
The solution must meet the certification requirements of the DOD and Army. These requirements included a minimum of being Common Criteria EAL-2 Certified, FIPS 140-2 Certified, PKI/CAC Tested and IPV6 Compliant.
The Xceedium GateKeeper solution needed to be tested and certified as an approved ARMY Security Product and listed on the Army Information Assurance Approved Product List (AIAAPL).

The Xceedium Solution

The Xceedium GateKeeper was bundled into the "fly away" kits, which are in mobile hardened cases that would be delivered to all of the required hospital sites with the electronic health record server infrastructure and applications. Before the actual purchase and deployment, the client ran an extensive battery of tests on the GateKeeper, including heat tests, drop tests and filtering capability for sand/silica, to ensure it would operate efficiently in the harsh desert conditions of current theatre operations. Xceedium GateKeeper passed all tests.

The initial deployment enabled the client to create user accounts for the doctors who would authenticate to the GateKeeper, and receive secure encrypted SSL access to the back-end medical application only. Xceedium provided the client with a protocol conversion utility to serve an SSH connection through the SSL tunnel and convert it back to Telnet within the secure enclave of the hospital, meeting their exact needs for securing the Telnet protocol, and enabling our client to receive their ATO for the deployed solution.

The client is now implementing phase two of the project, which includes setting up the remote operations management capabilities for their internal IT Staff and 3rd party vendors who support the infrastructure remotely. The Xceedium GateKeeper will not only provide the necessary compartmentalized access to specific applications and protocols, but will also provide a containment model that prevents leapfrogging from authorized devices to unauthorized systems within the infrastructure.

Benefits

Implementing the Xceedium solution resulted in the following benefits:

The ability to quickly meet strict security and compliance requirements using the Xceedium GateKeeper enabled our client to receive their ATO for their Phase 1 deployment in a timely fashion, and allowed them to focus on deploying additional enhancements to their medical suite, including upgrades that would have been delayed significantly if the initial ATO had not been received.
With the implementation of their Phase 2 deployment and use of the Xceedium GateKeeper for secure remote IT administration, system outages and down time due to travel-related delays have been reduced significantly.
By reducing the need for site visits, both the risk to our troops and operational expense have been significantly reduced, enabling them to access systems safely from wherever they are in real-time, eliminating costly and time consuming travel.