Toronto’s Sunnybrook Health Sciences Centre was looking to be more proactive around meeting audit compliance requirements, when it decided to centralize the monitoring of its security server logs.
Following implementation of Microsoft Corp.’s System Center Operations Manager 2007 and third-party management pack, Compliance and Security Suite, by Secure Vantage Technologies Inc., Sunnybrook did away with an archaic process based on multiple disparate systems that produced massive amounts of security and maintenance log reports.
“The time required to go through logs to find anything was enormous. Manpower was one [issue], and timely response was another,” says Tony Carnevale, technical advisor/specialist at Sunnybrook Health Sciences Centre.
Sunnybrook conducts academic research and education in the area of womens’ health.
Although still in pilot phase, Sunnybrook’s revamped IT environment has already lightened the load on staff by eliminating time-consuming processes, says Carnevale. “We now have a way to fulfill the auditor’s requirements and can monitor and view logs in one location rather than looking at multiple devices, logs, and tools to find information.”
Part of the audit requirements was to report unusual activity recorded on server logs, which the implementation now performs by selectively alerting users to potential security issues as they arise, he says.
A barrage of e-mail alerts is a thing of the past, as is the arduous process of wading through data for occurrences that may not necessarily be easily identified, says Carnevale. “We used to be inundated by information, to the point that we would begin to ignore it – which is not a good thing.”
Another bonus was server manageability, says Carnevale, which allowed IT to proactively identify system problems that might have otherwise resulted in down time. “We have 200 odd servers in the organization, and being able to stay on top of the latest and greatest fixes, patches, updates, and best practices can be daunting,” says the technical specialist.
“In most cases, we can have the resolution in place before anything goes really bad.”
Once the pilot phase is complete – which Carnevale anticipates will be in the next month or so – Sunnybrooke plans to take advantage of other third-party add-ons to extend manageability to other areas, such as network devices.
Scalability should not be an issue for Sunnybrook given available third-party vendor management packs out there, according to Derek Cullen, vice-president of Toronto-based CMS Consulting Inc. “The technology has really taken a step forward in terms of being a true data centre, and a systems and operations management tool for monitoring your whole environment.”
CMS Consulting, a provider of security-focused IT consulting, managed the implementation that took a mere 10 days. The quick deployment, says Cullen, was courtesy of the operations manager “fast track” program designed to facilitate speedy deployments in environments such as health-care that typically can’t afford system down time.
It’s not unusual, says Cullen, for health-care organizations to regard products such as System Center Operations Manager as “icing on the cake.”
“Many hospitals in the past two years have got their IT environments up to snuff. They’re now thinking, ‘let’s monitor and manage this stuff effectively.’ ”