McAfee Case Studies Adventist Health System Case Study

Edit This Case Study Record

	Adventist Health System Case Study McAfee

Adventist Health System Case Study

McAfee

Technology Category	Cybersecurity & Privacy - Cloud Security Cybersecurity & Privacy - Database Security Cybersecurity & Privacy - Security Compliance
Applicable Industries	Healthcare & Hospitals
Applicable Functions	Business Operation
Use Cases	Cybersecurity Remote Collaboration
Services	Cloud Planning, Design & Implementation Services Cybersecurity Services
Challenge	Adventist Health System, a healthcare network with 45 hospital campuses, was faced with the challenge of enforcing strict HIPAA compliance requirements to protect personal health information. During a large initiative to migrate all of their users from a legacy, on-premises Microsoft Exchange system to Exchange Online, they were presented with additional Office 365 opportunities and services in addition to email. One of the value-added services made available to users was OneDrive, which gave them cause to consider their security, compliance and risk, not just for Office 365, but for all cloud services. They lacked visibility into cloud service providers and needed additional security controls for the 70,000+ users who were migrated from on-premises Exchange to cloud-based Office 365. Read More
About Customer	Adventist Health System is a healthcare network with 45 hospital campuses. The organization is headquartered in Altamonte Springs, Florida. As a healthcare provider, Adventist Health System must follow strict HIPAA compliance requirements to protect personal health information. The organization has over 70,000 employees and generates an annual revenue of $7.6 billion. During a large initiative to migrate all of their users from a legacy, on-premises Microsoft Exchange system to Exchange Online, they were presented with additional Office 365 opportunities and services in addition to email. Read More
Solution	Adventist Health System implemented Skyhigh for Shadow IT to gain visibility into current cloud usage. They found that they had over 2,000 cloud services in use throughout the organization. The team at Adventist Health System started by running reports from Skyhigh on the cloud services in use by category, starting with file sharing providers; followed by social media, and collaboration providers. This visibility provided the information needed to start administering policies around acceptable use, via a combination of coarse-level blocking and just-in-time education, leveraging the organization’s firewalls and proxies. The goal of these efforts was to coach users away from unsanctioned file sharing services in use and direct them to the corporate standards, which are Office 365 and OneDrive. Once Shadow IT usage was controlled, the next step was to enforce security, compliance, and governance policies around their sanctioned cloud services, such as Office 365. As a large healthcare organization it was imperative for the team at Adventist Health System to know exactly where their data was going in order to ensure compliance with HIPAA and HITECH. Read More Log in to view content
Contents

Technology Category

Cybersecurity & Privacy - Cloud Security

Cybersecurity & Privacy - Database Security

Cybersecurity & Privacy - Security Compliance

Applicable Industries

Healthcare & Hospitals

Applicable Functions

Business Operation

Use Cases

Cybersecurity

Remote Collaboration

Services

Cloud Planning, Design & Implementation Services

Cybersecurity Services

Challenge

Adventist Health System, a healthcare network with 45 hospital campuses, was faced with the challenge of enforcing strict HIPAA compliance requirements to protect personal health information. During a large initiative to migrate all of their users from a legacy, on-premises Microsoft Exchange system to Exchange Online, they were presented with additional Office 365 opportunities and services in addition to email. One of the value-added services made available to users was OneDrive, which gave them cause to consider their security, compliance and risk, not just for Office 365, but for all cloud services. They lacked visibility into cloud service providers and needed additional security controls for the 70,000+ users who were migrated from on-premises Exchange to cloud-based Office 365.

About Customer

Adventist Health System is a healthcare network with 45 hospital campuses. The organization is headquartered in Altamonte Springs, Florida. As a healthcare provider, Adventist Health System must follow strict HIPAA compliance requirements to protect personal health information. The organization has over 70,000 employees and generates an annual revenue of $7.6 billion. During a large initiative to migrate all of their users from a legacy, on-premises Microsoft Exchange system to Exchange Online, they were presented with additional Office 365 opportunities and services in addition to email.

Solution

Adventist Health System implemented Skyhigh for Shadow IT to gain visibility into current cloud usage. They found that they had over 2,000 cloud services in use throughout the organization. The team at Adventist Health System started by running reports from Skyhigh on the cloud services in use by category, starting with file sharing providers; followed by social media, and collaboration providers. This visibility provided the information needed to start administering policies around acceptable use, via a combination of coarse-level blocking and just-in-time education, leveraging the organization’s firewalls and proxies. The goal of these efforts was to coach users away from unsanctioned file sharing services in use and direct them to the corporate standards, which are Office 365 and OneDrive. Once Shadow IT usage was controlled, the next step was to enforce security, compliance, and governance policies around their sanctioned cloud services, such as Office 365. As a large healthcare organization it was imperative for the team at Adventist Health System to know exactly where their data was going in order to ensure compliance with HIPAA and HITECH.

Impact #1	Gained visibility into over 2,000 cloud services in use throughout the organization.
Impact #2	Administered policies around acceptable use, via a combination of coarse-level blocking and just-in-time education, leveraging the organization’s firewalls and proxies.
Impact #3	Coached users away from unsanctioned file sharing services in use and directed them to the corporate standards, which are Office 365 and OneDrive.

Impact #1

Gained visibility into over 2,000 cloud services in use throughout the organization.

Impact #2

Administered policies around acceptable use, via a combination of coarse-level blocking and just-in-time education, leveraging the organization’s firewalls and proxies.

Impact #3

Coached users away from unsanctioned file sharing services in use and directed them to the corporate standards, which are Office 365 and OneDrive.

Benefit #1	Reduced risk to the organization by training users to use the appropriate applications.
Benefit #2	Limited risk of data loss and compliance violations by adding additional visibility to 70,000+ users in Office 365.
Benefit #3	Reduced costs through consolidation of cloud services.

Benefit #1

Reduced risk to the organization by training users to use the appropriate applications.

Benefit #2

Limited risk of data loss and compliance violations by adding additional visibility to 70,000+ users in Office 365.

Benefit #3

Reduced costs through consolidation of cloud services.

Download PDF Version

Overview

Adventist Health System Case Study

Operational Impact

Quantitative Benefit