Temple Health, a Philadelphia-based academic health system, needed an identity threat detection and response (ITDR) system that would help them comply with the myriad healthcare industry regulations for protecting patient health information (PHI).
Temple’s information security team initiated the adoption of Semperis Directory Services Protector (DSP).
“But we also wanted a sound solution for Active Directory forest recovery,” said Sean McIlvried, lead systems engineer at Temple Health.
He works closely with the infosec team to implement the identity roles they request and harden access policies in a collaborative effort. But his team has primary responsibility for the organization’s AD forest recovery strategy.
“The simplicity of ADFR made it a lot easier for the staff to use,” he said. ADFR eliminated the painstaking process of conducting a manual recovery. “It’s a lot more streamlined than what we were used to.”
McIlvried said that the team’s first AD recovery test gave them confidence that they could meet their recovery objectives.
“It took an hour and 10 minutes versus, in most places, a week to three weeks to even months, depending on the size of the environment.”
Streamlined AD forest recovery and security hardening
Implementing DSP and ADFR helped Temple Health:
- Manage identity roles to comply with healthcare security requirements
- Harden access policies and continuously monitor AD for new vulnerabilities
- Simplify AD forest recovery
The simplicity of ADFR made it a lot easier for the staff to use. It’s a lot more streamlined than what we were used to.
Sean McIlvried, Lead Systems Engineer, Temple Health
Speaker: Sean McIlvried, Lead systems Engineer, Temple University health System As we are a hospital, we don’t have everything in the cloud. We are exploring those options, but at this time, we’re primarily an on-prem site, but with hybrid capabilities. And because of PHI and the standards that are out there, it’s the most difficult part. Normally, I would refer to our InfoSec team primarily—in that that’s their realm and their specialty—implement the roles that they are asking for, and harden those policies in a collaboration effort. We have mandatory trainings that we have to make sure we have compliance, security, encryption—along those lines—to protect the patient, the doctors, and their healthcare information. So this was an initiative with the Infosec team. They started enrolling with DSP, and then we also wanted a sound solution for Active Directory Forest Recovery. So, we ended up trying that out about a year ago now, and my team now has taken this roll over. And the simplicity of the product made it a lot easier for some of the not fully trained staff yet to get caught up and use this type of technology, with many people being able to know the pains of doing a forest recovery. It’s a lot more simplistic and streamlined than what we were used to. Very basic in the level…[compared to] doing a Rubrik or a Veeam backup, and then a recovery from that, along with those certain specific files that we would need, and then it would be a painstaking manual process—versus a more automated and fluid product. We haven’t had to have a disaster. Thank god. But, with the … we actually just did this about three weeks ago to do a recovery test. It took an hour and ten minutes versus most places, a week to three weeks to even months, depending on the size of your environment.
