With the 2015 completion of its $430m Midland Public and Private Hospitals on the horizon, Perth-based St John of God Health Care is repackaging hundreds of corporate applications and adding location-based intelligence to its device management to maintain consistent security controls over information no matter where its mobile users are located.
With revenues of more than $1 billion annually and over 10,500 staff spread across 230 sites, device management has long been crucial at St John of God, which has long used the Novell ZENworks management platform to manage its 3500 PCs and the applications installed on them. Of these, around 200 satellite sites have no local server infrastructure – and are supported from larger facilities.
“Mobility is really important,” network systems manager Aaron Le Saux told attendees at Novell’s recent Brainshare Technology Forum in Melbourne. “People working in remote offices and pathology collection centres still need the same access that a caregiver would have in one of the hospital’s laboratories.”
To deliver this level of equity, Le Saux’s team has been working to package nearly 300 ‘global’ applications and nearly 1000 others that are only used within operating divisions – ranging from modern tools to aging 16-bit apps “that we should probably have gotten rid of a long time ago” – for delivery to a range of devices that is rapidly expanding to include smartphones and tablets as well as traditional desktops and laptops.
A key part of that shift is ensuring that broader mobile usage doesn’t compromise the integrity of the group’s data – and this requirement is being met by the location-aware access rights enforcement built into the latest version of ZENworks.
This capability has integrated the detection of a remote device’s location – and its associated risk profile – into the core of the network management platform rather than leaving it at the edge device. This makes a device’s location a fundamental part of its network identity – and, said Novell ZENworks product manager Chris Gacesa, network-security administrators can enforce controls over the data itself.
For example, location-based policies might prevent a remote device from copying information to a USB drive, or from allowing information to be written to a device that’s connected to a public WiFi network. Contractors can be given time-limited access to certain applications, with location capabilities allowing them to be locked out of those applications once they’ve physically left the corporate network.
“With that important information about the device’s location, I can allow certain things to occur,” Gacesa said. “There are all sorts of criteria that can define how an application gets distributed down to the machine, how it gets installed and how it gets run. Since we can enforce security levels via a policy, we can ensure that when machines and users move about, the content, data and applications will still be presented in a secure manner.”
This level of protection – backed by full audit, patch management, encryption, time-limited access and other capabilities – has become a core part of the upgrade process for St John of God, where the application-packaging exercise is part of a broader shift, from a thin-client remote-access model to one in which applications are dynamically delivered to any device according to users’ access rights and current situation.
Le Saux expects the massive effort will take six months as the team “systematically works through the bundles” and develops standards for management of those bundles, but notes that the “biggest holdup” is delays around streamlining bundle testing and sign-off by divisional heads.
“A lot of work goes into creating standards in the environment,” he says. “We want them to be able to move between facilities and still be managed as if they’re on the LAN. Repackaging our applications allows us to do that, but creating those standards is the only way you ever get any efficiency out of information systems.”
“Obviously, the instability of an IS system shouldn’t hold up the care of a patient, so we need to jump through a lot of hoops to make sure our environment is signed off and ready before we move a department onto it.”