City and County Healthcare Group (CCH) is one of the UK's largest providers of support services to help people live independently in their own homes. Over the past few years, the company has experienced rapid expansion which has been achieved through a combination of organic growth and acquisition.
CCH had initially operated only in and around the London area, but following major growth through acquisitions and organic contract wins, its geographical reach now extends across England and Northern Ireland. While of course this represents a great opportunity for the business, it also means it has faced a number of major IT challenges; not least with securing its growing disparate networks across the businesses.
Prior to its expansion, CCH had 12 branches located relatively close together in the South East and its IT strategy reflected that. With expansion, it was quickly apparent that to be able to continue the secure and smooth running of its IT systems as well as keeping its IT support team as lean as possible, things would need to change to avoid significant management costs.
Today, the strategy has adapted and is now very much based on having centralised systems. Following a detailed review in 2010, a centralised IT platform was
chosen based on Microsoft technologies - Windows for file and print services, Exchange for email and SQL Server as the basis for a new web-based care management application, PeoplePlanner.
The potentially sensitive nature of its work and the service user information it holds means that data protection is a major consideration for CCH, so it also took the opportunity to review its approach to security and the technology deployed. Along with the highest levels of security, CCH identified a solution that could be easily deployed across branches but be centrally managed to ensure security policies are implemented across all the branches.
With the help of specialist IT reseller Great Benefit, CCH selected nextgeneration unified threat management (UTM) appliances from WatchGuard and has already deployed an XTM 530 for its main datacentre; another XTM 530 at its HQ in Wembley; an XTM 25-W at a second datacentre that hosts a disaster recovery server for the core system; and around 50 XTM 22-W and XTM 25-W appliances deployed across its regional branch offices. The rollout of additional XTM 26-W appliances is occurring during early 2013.
With up to 3.5 Gbit throughput, the powerful WatchGuard XTM 530 appliances combine firewall/VPN support with powerful security features including full packet inspection,
VoIP support, optional application control and a suite of flexible easyto-use management tools. The XTM 2 Series wireless appliances are designed specifically to provide affordable security for small businesses or branch offices that want secure wireless connectivity. Dual-band 802.11/n technology provides greater wireless speed and responsiveness. In the case of CCH, these appliances also act as endpoints for connecting a secure VPN tunnel back to the WatchGuard XTM protected network.
The 22-W, 25-W and 26-W all have multiple wireless transmitters so CCH has deployed a secure guest wireless network in each office along with an internal wireless network. They use the same SSID broadcast names and staff are able to connect seamlessly at any branch without the need to select a new wireless hotspot.
With between 3 and 25 staff in each of the CCH branch offices using either MS Outlook or Outlook Web Access, the XTM 2 Series wireless appliances secure the Microsoft environment, as well as use of the core browser-based application PeoplePlanner. Access to the shared data file areas on the Storage Area Network (SAN) in the datacentre is delivered through the creation of a branch VPN.
"Following a detailed review process, we selected WatchGuard appliances because they offered the best features and represented great price/performance" said Clement Solis, IT Manager at CCH. "Ongoing management has proved to be easy and straightforward through the WatchGuard management server which was an essential requirement due to the geographic spread of our offices and lean IT team. Because we use the full security suite on all of the appliances, it has significantly reduced our costs for other services
such as virus and spam filtering."
Most of the CCH branches are as a result of acquisitions, so the WatchGuard appliances replaced a wide variety of other manufacturers' boxes. With a small IT team and disparate offices, WatchGuard's swap out feature has proved to be very valuable and cost-effective.
"Essentially, WatchGuard now gives us a single security system for all of our offices, with a very good ongoing cost of ownership," said Clement Solis. "Deployment proved easy as we preconfigured them using the management server and then it was just a case of a simple install on site. The centralised management tools mean it is also really easy to manage updates across all our appliances as they become available."
The WatchGuard solution allows CCH to create its own internal network through the use of branch VPNs, using the most appropriate type of line available for each location and from a combination of telecom suppliers. In addition, all the boxes have the Pro feature and 3G CradlePoints to enable the use of multiple ADSL lines and wireless for resilient failover.
"By working with WatchGuard we are able to offer our customers best-in class unified security; including WatchGuard's innovative cloud-based Reputation Enabled Defence system that stops threats in the cloud before they ever reach the network," said Ian Jones at Great Benefit. "But it is not just about the technology, the on-going support we get from our team at WatchGuard has helped us to deliver a strong, secure and robust system to CCH".
Because WatchGuard recognises that no one vendor can be the best at everything, along with its own software, XTM appliances incorporate security services from leading providers. This includes antivirus software from AVG. CCH also runs an alternative software solution on its desktops so has coverage from two vendors. The WatchGuard spamBlocker is powered by Commtouch's patented Recurrent Pattern Detection technology that has a 99 percent detection rate. Websense powers the WebBlocker tool and BroadWeb is used for the Intrusion Prevention Service and Application Control.
All of this means CCH benefits from the most comprehensive threat management possible and with WatchGuard's LiveSecurity Service, it is always up-to-date.
With more acquisitions being made, the plan is to continue to deploy WatchGuard across all new branches. With CCH also growing organically at around 8%, it is key to be able to integrate these new offices easily. With the hub/spoke set up for branches connecting to the datacentre and HQ, WatchGuard provides the ideal solution for maintaining a lean IT team and keeping costs down without compromising security. Other projects coming in the near future mean that field based staff will need to integrate securely into the corporate network for certain applications along with telemetry data being received from equipment located at our customers' homes. "With WatchGuard, we know that we can securely add these services in the future, segmenting their network access to only services they need to communicate with along with a robust authentication and validation mechanism" added Clement Solis.
Learn more about CCH.
Learn more about Great Benefit.