Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Governance, Risk and Compliance, Compliance Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Network care: Case study

When a care provider supplied laptops to its roving employees, it added a security solution to enable efficient collaboration. Greg Masters reports.

There's no arguing with the fact that new technology has enabled workers on the go to perform many of their tasks with efficiency and convenience. However, while most likely are little concerned that their communications are at risk of being intercepted, those charged with protecting enterprise information certainly are. In the health care field, owing to federal laws regulating the exchange of personal information, this is of particular concern.

Comfort Care Services (CCS) provides supported housing and rehabilitation services for vulnerable adults with enduring mental illness, learning disabilities, substance/alcohol misuse and other complex needs. Headquartered in Slough, England, the firm distributes services to more than 55 sites across the U.K. It also works with over 19 local and regional authorities.

Due to the organization's disparate geographical locations, the majority of its employees are remote workers and make multiple visits to clients each week. In order to streamline the process of creating, editing and sharing the documents its staff creates during these house visits, the specialist care organization issued laptops to about 250 of its mobile staff. 

OUR EXPERTS

  • Gee Bafhtiar, operations director, Comfort Care Services 

  • Anthony Foy, CEO, Workshare

The laptops were configured with virtual desktops that didn't permit document interchange outside of CCS's virtual desktop infrastructure (VDI) environment. Interchange was limited to a few select staff who acted as a security filter and gatekeeper for data. 

However, while this security worked well for documents produced and shared within the company network and using company-supplied devices, CCS management was concerned about the potential risks associated with case documents being produced outside the company network using standalone and personal devices. 

CCS has 350 employees. There are two core IT staff who are supported by an outsourced partner. “We take the view that our core competence and focus is to deliver first-class social care, and as such we should partner with companies whose core competence and focus lays in IT,” says Gee Bafhtiar, operations director at Comfort Care Services. 

Indeed, following deployment of the company-supplied laptops, management started getting feedback from employees that they found them cumbersome, intrusive and intimidating for use with service users. It was reported that partners often found them to be a distraction when its employees were taking case notes or entering data about care plans. In addition, employees found that having a blanket policy that prevented data interchange with parties outside its VDI network, unless through select employees, frustrating which lead to a dip in productivity. As a result, 30 percent of the laptops deployed were under-utilized. When management investigated the problem, it became clear that employees preferred using familiar hardware, and in particular their own devices, with document-specific security settings that enabled cross-network collaboration, all within a secure environment. 

The challenge became finding a way to promote the use of IT-sanctioned applications to ensure uniformly secure data at a document level while enabling staff productivity and cross-network collaboration through device familiarity – without a significant reinvestment in hardware and security software technology. 

CCS also needed it to support a rapidly growing environment. “Our biggest challenge was to preemptively take control of information exchange, while accommodating staff's preferences for mobile collaboration,” he says. “We knew we needed to deploy a secure, file-sharing alternative that was easy to use but gave us full auditability over who accessed files and what changes had been made to different versions of documents.”

Addressing CCS's existing collaboration structure was essential in order to help geographically dispersed teams work together more effectively, he says. Most staff members said they would be more comfortable using their own devices for work and Bafhtiar realized that, without formally allowing BYOD, the company as a whole would inadvertently promote work-arounds and wouldn't achieve productivity gains. 

Yet, allowing BYOD and permitting the use of consumer-grade file-sharing services didn't allow for secure, real-time collaboration. Additionally, as is typical with all organizations in the health care sector, CCS needed to ensure that confidential information was kept secure. “The files that our employees develop, collaborate on and share are care plans and case notes and they often need to share them with external parties,” says Bafhtiar. “For instance, there are times when staff must share data and reports with government authorities and other health care professionals outside of the company. We needed to ensure that these records were secure both inside and outside the firewall.” 

The search begins

Bafhtiar heads up the IT department at Comfort Care. Together with outsourced IT partners, he began a search for a solution. They looked at several offerings for collaboration and file-sharing but – as the firm wanted to enable BYOD for users and IT alike – none provided the granular control CCS needed at the time. 

“From my perspective, it was a matter of finding a solution that would best meet our employees' preferences and work habits, while also accommodating our security requirements,” Bafhtiar says. 

The search uncovered a solution from London-based Workshare (U.S. headquarters in San Francsico). “Only Workshare provided this capability,” says Bafhtiar. “The easy-to-use interface and extensive collaboration features were similar to consumer-grade applications, but its robust security functionality made it ideal for the enterprise.” 

Part of the selection process involved a technical/user review and Bafhtiar's IT team conducted a small proof of concept, which impressed the team, particularly with the support it received. “We rolled out the application to our employees and within a two-week period they were able to self-provision and learn how to use the applications themselves, which was a significant advantage. We were amazed with how quickly our staff took to the new software solution.”

Workshare is a secure file-sharing, synchronization and collaboration application that enables efficient collaboration on high-value content and protects against unauthorized content disclosure, says the company's CEO Anthony Foy. “Workshare enables workers to securely access files whether they are online, at their desktop or on the road on their iPad or any mobile device. It supports multiple file types and is available on any browser-enabled device.” 

The solution identifies metadata, such as tracked changes and hidden comments, and tables in Excel, PowerPoint, PDFs and Word, eliminating the risk of inadvertently exposing sensitive information, says Foy. Integrating with clients' email infrastructure, Workshare can clean email attachments in a single click, or set a policy to do it automatically based on criteria like the appearance of sensitive information, credit card numbers or the word “confidential” appearing in the body of the document. 

“This cloud-enabled, centrally managed and policy-driven service means our IT department can maintain tight control of sensitive content and reduce data leakage concerns across all email users, from Outlook to webmail to mobile,” says Bafhtiar (left).

Users can even set policies to replace every email attachment with a PDF or a secure link to the document online, complete with user-defined permissions, Foy points out. Administrators can manage access to specific documents and define which employees can edit, comment, download or share content inside or outside the firewall. Additionally, users can request return receipts, require an authenticated login and set expiration dates for document access. 

“All transactions within the Workshare environment must be executed from the context of a personal, authenticated user account, while SSL encryption and application-layer security offers further security benefits,” says Foy. “Mobile device management ensures that devices are tamper-proof. If an incorrect password is entered three times into a lost or stolen device, access will be denied.”

Foy attests that Workshare has an unparalleled heritage in document-comparison technology and has been entrusted to protect sensitive documents in semi- and highly regulated sectors for 15 years. Further, he attests, when Workshare merged with SkyDox in 2012 to bring these capabilities to the cloud, it never lost sight of its commitment to secure collaboration. “With the continued adoption of BYOD strategies and the impact of consumerization of IT across all sectors, only Workshare offers organizations a tried and tested way of protecting documents outside of the corporate network.” 

The implementation of the Workshare solution has exceeded all of CCS's expectations, Bafhtiar says, and he offers up the results to prove it. “When we deployed Workshare, I was excited to see our staff accessing and comparing documents with a click of a button, all within a tight and secure online environment. The role of our gatekeeper staff has largely become obsolete allowing them to add value to service users as opposed to administration.” 

CCS has enabled the Workshare sync and share features to allow specific staff to do this both online and offline, anywhere, at any time. “We've also seen that user productivity has improved since using Workshare,” says Bafhtiar. The amount of time needed to turn around documents has been reduced by as much as 50 percent, he says. “It's always clear which document version is correct, and approval can be given with a click of button.” 

Another benefit is that CCS staff can provide feedback while on the move, says Bafhtiar. Historically, staff members were only able to use laptops, which meant that they were restricted to giving feedback only when connected to the internet. With Workshare's mobile and desktop sync capabilities, authorized staff can make comments when they are offline and their feedback is automatically synced across devices as soon as they are online again. This process, he says, saves valuable time. 

Compliance aid

As a health care organization in the UK, CCS is subject to many compliance mandates, such as those within the General Data Protection Act, which regulate all data across all industries. It also deals with the National Health Service and local government authorities, which have their own codes of conduct enforcing stringent data controls, says Bafhtiar. “While we don't hold patient data on the system, one of the cornerstones of our business is privacy and discretion. With Workshare, our service users can be confident that our systems prevent data loss.”

That is because Workshare ensures all channels of communication are secure as data is encrypted in transit and at rest – with password protected access. “It ensures that communication takes place in a secure environment with the ability to revoke access to specific documents or from specific devices at any time, with full audit capabilities (who accessed what, when and what's changed),” says Bafhtiar. This negates the need for users to rely on email to send files, which is often unsecure and hard to control. 

Further, he says, Workshare provides granular access control while enabling online collaboration, allowing secure collaboration between internal teams and external parties by invitation. “Together with our VDI environment and Workshare, users have increased their productivity while the company has enhanced data security.”

CCS also has the option to decide where its data resides and, therefore, under which jurisdiction it is subject. The firm's data resides in a European data center, so complies with EU and UK legislative mandates.

The Workshare deployment reaches across CCS's entire network and secures its desktop and mobile users. “Our staff can access and make tagged comments on documents, even if they don't have the document's native application installed on their computer,” Bafhtiar says. “They can compare two documents with a single click and roll back to previous versions at any time.”

Presence indicators and real-time alerts keep everyone up-to-date, he adds. To ensure that employees do not inadvertently share confidential or sensitive documents, there are user-defined permissions and managed access. Workshare's mobile applications enable staff to compare multiple versions, create new workflows and share content on the move from their iOS and Android devices. “This was particularly important for our teams, and we were impressed by the speed and accuracy of the mobile comparisons,” says Bafhtiar.

When CCS users are not on the move, they use Workshare Desktop Sync, which integrates with both Windows and Mac operating systems and, as with Workshare's mobile application, gives real-time insight into all updates and comments. “Desktop Sync lets our staff work online or offline without losing changes,” says Bafhtiar. 

CCS is still in the early stages of implementation, but staff uptake is a resounding success, says Bafhtiar. “There is clear internal demand for the combined VDI network, BYOD and Workshare solution.” 

The right balance

Against the backdrop of BYOD, CCS is primarily concerned with finding the balance between an open exchange of information and security. Whereas its security priorities once revolved around preventing device theft and protecting information within the company's four walls, it now has to find ways to manage information in the cloud and on mobile devices, says Bafhtiar. “At the same time, our security measures shouldn't limit how and when employees access applications or data.”  

With its employees more tech-savvy than ever, the CCS IT team is now more focused on protecting against the risks associated with consumer-grade applications and providing secure alternatives. For instance, Bafhtiar points out, there have been multiple Dropbox breaches in the news – from breaking authentication protocols to stealing logins from third-party sites. These incidents are preceisely why CCS went looking for an enterprise-grade alternatives and chose Workshare. Bafhtiar says it offers the same ease of use but with more stringent security standards. “All transactions with Workshare must be executed from within the context of a personal, authenticated user account,” he explains. Document owners can assign folder-level permissions and managed access and sharing, preventing confidential or sensitive files from being downloaded or passed on to those without access authorization. They can also get a return receipt and enable time-limited file access. In addition, CCS has access to full audit trails. “Ultimately, Workshare offers more security and auditability – not to mention more powerful features – than other vendors.”  

Additionally, the cost of data breaches is significant and becoming more punitive with each breach, says Bafhtiar. And, at the same time, he adds, the market is seeing downward price pressure. “This means that we have to use technology to enable improvements in quality and speed of action in a scalable solution.” That's because adding support staff is no longer viable, he says. “We believe that Workshare has allowed us to take a major step forward in creating a secure, scalable environment that leverages our staff's BYOD preferences to enable productivity improvements.” 

It's been an added benefit to work with Workshare because its support staff are so focused on the end-user, says Bafhtiar. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.