Combining tight security and remote access can be tough. When a medical center was faced with this problem, it
found that a Secure Sockets Layer virtual private network (SSL VPN) was the answer it needed.
The Via Christi Regional Medical Center in Wichita, Kan., was unable to provide its 5,000 employees with the kind of remote e-mail access many of them wanted. It used a traditional VPN, which meant that people could only access their e-mail from devices that had the VPN client installed.
But doctors and executives on the road often did not have company laptops and found themselves caught in the lurch. "I got tired of people complaining that when they were at conferences they were the only ones that couldn't get their e-mail," said Mike Knocke, applications manager for Via Christi.
Managing all of the clients on the 1,000 physicians' computers in remote offices was also proving to be costly and challenging.
Knocke began looking around for more flexible approaches that would provide the high level of security required for messages that might contain confidential patient information but which would be flexible enough to provide access from any device. He found Whale Communications Ltd.
The Fort Lee, N.J.-based security company offers an SSL VPN that provides Web-based access to internal information. SSL VPNs don't use a client-server model but instead allow access from any client via an SSL encryption-enabled browser to a device that sits behind the firewall.
Whale's e-Gap product is a server that intercepts incoming requests on the public side of the network and then copies those requests to the inside of the network. No data travels directly from outside to inside the organization, said Judah Aspler, an engineer with Whale. The data is pulled out of the packets copied across the gap, where the packets are reconstructed and sent on.
This is a unique approach, said Richard Stiennon, research director for network security at Stamford, Conn.-based Gartner Inc. While other companies are beginning to introduce clientless SSL VPNs, none of them have the physical break that Whale's product offers. He said that it is an elegant solution without many drawbacks.
Knocke thought so as well. Unfortunately, he couldn't justify the cost for simply allowing occasional remote e-mail access. But at the same time that he was tackling the e-mail issue, the medical center was evaluating another very expensive problem.
It was transferring all of its X-rays, CT scans, MRIs and other images from film to a picture archiving communication system (PACS). With this system, all those images would reside on a storage area network (SAN). No hard copies would need to be produced, saving the hospital hundreds of thousands of dollars a year in film and printing costs. With an online system, the hospital could save on courier fees and make huge gains in productivity because physicians would be able to access images when they needed them instead of waiting for someone to dig up hard copies.
The trouble was finding a way to make those images accessible to physicians in remote offices while maintaining a high level of security.
Knocke said that he quickly realized that Whale's product could work for images as well as e-mail. It would provide a secure Web-based means of allowing physicians to access these images from any machine.
The deployment took just four days, and Knocke is very happy with the results. Remote access to the company's Lotus e-mail system works flawlessly, he said. Users simply type in the proper URL and plug in their user IDs and passwords. The system works with existing authentication schemes, so users keep the same IDs and are allowed access to the same information over e-Gap as they have at their desktops.
Because of the complexity of the PACS system, access to those images is taking a bit longer to be fully functional, but Knocke is confident that it will soon work for everyone.
The only drawback, Knocke said, is that the SSL VPN only works for applications that can be Web-enabled. If you cannot use the application on a browser, you cannot access it with Whale's system.
FOR MORE INFORMATION: