INTEGRIS Health, a not-for-profit corporation founded in 1983, is Oklahoma’s largest health system with hospitals, rehabilitation centers, physician clinics, mental health facilities, independent living centers and home health agencies throughout much of the state. The corporation is also one of the state’s largest private employers with approximately 9,000 employees. Collectively, the entities within INTEGRIS Health maintain more than 1,500 licensed beds and have medical staffs that number approximately 1,400 physicians.
As INTEGRIS Health planned to consolidate close to 50 separate electronic medical record systems spanning its healthcare network into a centralized Epic system, Senior Systems Engineer Jason Hayes and his team faced a major challenge. “Epic requires a Linux back-end environment, so we needed to expand to about 60 Linux servers fairly quickly,” Hayes explains. “Previously, we primarily utilized AIX and Solaris, but to accommodate the growth for the Epic project, we planned to deploy most of the systems on the Red Hat Linux operating system.”
Approximately 400 application design, support and admin personnel as well as medical personnel that would consult on the Epic user-interface system would eventually need access to the Linux servers. Given that INTEGRIS Health must operate under HIPAA compliance regulations, the security and policy controls that would manage the Linux servers would play a major role as the organization must always be prepared for potential audits.
To take on this challenge, Hayes and his colleagues closely examined Powertech Identity & Access Manager (BoKS) from HelpSystems as well as Centrify and BeyondTrust. For the new server control solution that would help manage and protect the Epic servers running on Linux, INTEGRIS Health sought several key capabilities:
- Integration with Active Directory for both users and groups.
- Discreet privilege escalation management across multiple systems—with the ability to specify commands and options.
- Compatibility with the security-enhanced Linux kernel module for supporting access control security policies. Compliance with HIPAA regulations.
- Controls over local accounts and domain accounts
“The product demonstrations provided by each software firm and a review of the capabilities that each solution offered differentiated Powertech Identity & Access Manager (BoKS) as the only one that met all the requirements,” Hayes reveals.
“The solution also streamlines the process for adding local accounts to systems and controls the adding of the access route for the local accounts,” Hayes adds. “This is a critical security feature as it prevents someone from using an account with root access to create a new account with privileges.”
Hayes also particularly appreciates the privilege escalation management feature offered by Powertech Identity & Access Manager (BoKS). This eliminates the need to manage a sudoers file on every single system. “We were so impressed during the demonstration that we did not need to run any on-site tests,” Hayes says.
After working through the initial accelerated deployment, Hayes and his team have benefited from the day-to-day capabilities that Powertech Identity & Access Manager (BoKS) provides in managing the Linux server environment. “Privilege escalation management and centralized sudo management are particularly huge benefits,” Hayes emphasizes.
On an almost daily basis, Hayes and his team receive requests for a group of users to gain privileged access to one or more systems. Rather than having to manually edit the sudoers file on each system every time there’s a change, they can go into the Powertech Identity & Access Manager (BoKS) console and add any program group that is needed.
The team can also set the duration for how long the group will be active and the specific users for which each system is activated. The granted access is then automatically pushed out to all the pertinent systems, and the users can instantly connect.
“Gaining this capability means we no longer have to log into each server and edit the sudoers file, keep track of the changes, and then remember to undo the access after the duration expires,” Hayes adds. “This probably saves us about 30 minutes per system every time we need to make such a change—and usually we need to do this for anywhere from 6-30 systems. All that time adds up.”
Powertech Identity & Access Manager (BoKS) is also a big time saver any time Hayes and his team roll out a new system. “We just add the system, note the correct groups, and all the accounts that are needed for that system are automatically added,” says Hayes.
See Powertech Identity & Access Manager (BoKS) in action. Schedule a demo now.
ACCELERATED DEPLOYMENT OF USERS AND USER GROUPS ONTO LINUX SERVERS.
DECREASES TIME TO ASSIGN USERS AND ADD NEW SYSTEMS TO THE SERVER NETWORK
HELPS IDENTIFY AND MITIGATE SYSTEM VULNERABILITIES.